One Friday evening, about 15 years ago, I arrived home from an out-of-town cybersecurity conference to find a letter from my cardiologist's office that simply said: "Aortic aneurysm detected, please call."
You're probably wondering what this has to do with Cybersecurity Awareness Month, and to be honest, it will take about half a dozen paragraphs for me to get to the connection, but please stick with me (we are now on Day 18 and it's a Sunday, so I'm feeling particularly reflective).
I don't know how familiar you are with human biology, but when I got that letter I was in my early fifties and less medically knowledgeable than I should have been, despite more than a decade of treatment for high blood pressure and being under the care of a cardiologist. My point is this: the words aortic aneurysm sounded deeply scary to me, but at the same time I didn't know what they meant.
My first thought was to call the cardiologist's office, but of course nobody was there because it was Friday evening, so I left a message to call me back ASAP, knowing that I probably wouldn't get a call any sooner than Monday.
The next thing I did—as you can probably guess—was google aortic aneurysm. The results only added to me growing sense of dread, for example:
Aortic Aneurysms: The Silent Killer
Abdominal aortic aneurysms are the third leading cause of sudden death in men over age 60. Aneurysms are often called a “silent killer,” ...
Aortic Aneurysm - Cause Of Death For George C. Scott
Abdominal aortic aneurysms are the 13th leading cause of death in the U.S. Rupture of an abdominal aneurysm is a catastrophe. It is highly lethal and is usually ...
"Fortunately, at least 95 percent of these aneurysms can be successfully treated if detected prior to rupture. Finding and treating an aortic aneurysm before the aneurysm ruptures is vital for patient survival."
- If criminals get your Social Security number and decide to abuse it, the effects can be very upsetting and potentially costly. That's why you need to protect such information.
- If criminals acquire your credentials for the network at the hospital where you work, the effects can be very upsetting and potentially deadly. That's why it's important such protect such information.
- If an adversarial nation state actor acquires your credentials for the network at the power plant where you work, the effects can be very upsetting and potentially trigger regional destabilization that leads to armed conflict. So be sure to protect your network login.
- Don’t write material that feels threatening or fear-based
- Avoid painting scenes like cyber-criminals waiting at every online intersection ready to steal social security numbers
- Promote practical, empowering steps people can take
My initial reaction to seeing those guidelines was concern that they did not align with the sense of urgency that I feel about the need for humans to do better at cybersecurity. But on reflection—remember I said this was a day of reflection—I think they strike the right balance for messaging to the general population.
There are indeed practical steps that people can take to reduce the odds of becoming a victim of cybercrime, and we should make sure everyone is aware of them. That is what cybersecurity awareness is about. The work that needs to be done to get politicians and policy makers to address cybersecurity with greater vigor than they have so far, that is something else.
Finally for today, if you're still wondering—and I hope you are—what happened with the aortic aneurysm alert that kicked off this article, here's the short version. After a less than happy weekend, I saw the cardiologist early the next week. He told me the aneurysm was relatively small but I needed to keep my blood pressure low, eat less salt, and more bananas (for the potassium). When I asked him how I could tell if the aneurysm was becoming a serious problem he said: "You'll just feel a sharp pain in your back but it won't last long because you'll soon be dead."
Shortly after that I got a second opinion, from the Mayo Clinic. The cardiologist there told me I didn't have an aneurysm and I would probably be fine if I avoided all alcohol and chocolate, kept my blood pressure low, ate less salt, and consumed more bananas (for the potassium). I cut back on most chocolate and all alcohol (ironically, just before going on a trip to Moscow with Winn, but that's another story).
I also quit my somewhat stressful job as Chief Security Execute for an Internet provider (to help with the blood pressure and take stock of my life). Then, after about five years—during which we had to struggle hard to survive the Great Recession and my atrial fibrillation got worse—I went back into cybersecurity, working for a company that had an excellent health plan.
So I saw a cardiologist about my AFib and, after a failed attempt to reboot my heart in the hopes of restoring a normal rhythm, he said there was nothing else he could do for me ("just keep taking the potassium pills"). That motivated me to figure out the underlying cause of all my heart problems. Turns out it was a condition called primary aldosteronism, which can sometimes be corrected with surgery, and in my case it was. I still have a wonky heartbeat, but my blood pressure is fine without any medications or added potassium.
And that's why, when it comes to dealing with risks, early awareness and accurate information are important, as is an appropriate level of motivational fear. However, when you're trying to reduce risk, there's nothing like addressing root causes.
Do your part, #BeCyberSmart
Good article. Sound observations.
ReplyDeleteSO WELL written... love the tech mixing...
ReplyDelete