Elephants, Pigeons, and Anchovies
Riverbank Ruminations; Observations from The Banks of The Technology River
Tom Evans ~ Ashton Engineer Emeritus
The Psychiatrist was escorting a patient from one Psychiatric Hospital to another. They were traveling by train, and the Psychiatrist was intrigued to see the patient tearing up bits of paper and throwing them out of the window.
“What are you doing that for?” asked the Psychiatrist.
“It’s to keep the elephants away !” answered the patient.
“But there are no elephants in Surrey,” pointed out the Psychiatrist.
“Effective, isn’t it?” was the logical answer. (https://www.medical-jokes.com/its-to-keep-the-elephants-away/ )
On a totally different note, B.F. Skinner experimented on pigeons. He found that the pigeons, who were fed on an arbitrary schedule, would develop habitual patterns of movement as if they could somehow influence when they would get fed. Their actions in no way influenced the feeding schedule, but the pigeons acted like they could initiate feeding by repeating some action.
Both of these situations brought to mind one of the basic rules that we used to apply regularly when I was on the help desk: “Correlation is not causation”. If you have ever worked in support you are familiar with the oft-repeated situation where you move a person’s monitor from the left side of their desk to the right side and then you get a call saying because you moved the monitor, now Excel does not work properly. Moving the monitor was not the cause of the Excel problem, but to the user, the move corresponded to the start of the problems, so it must be the cause.
Defend Your Network
With all the news about data breaches, phishing scams, ransomware, and other digital disasters, how many of you have reviewed how you defend your digital kingdom? Years ago the mantra was ‘Get a good anti-virus program installed’. Years ago, that was an effective approach. It doesn’t take much research or even casual reading to see that anti-virus, while not totally useless, has migrated down the list of effective countermeasures.
You may be one of the fortunate businesses that have not lost productivity and perhaps cash to ransomware. In fact, you may not even personally know anyone whose company has been hit by ransomware. You may have the feeling that you are too small a target to be on the bad guy’s radar.
If so, your situation may be much like the anchovy. They are not very big, but they are the prey of many fish. They hope to survive by forming bait balls, huge swirling masses of fish that promise some protection by sheer numbers. Watch this video to see how well that works for them. Some do survive, otherwise there would be no anchovies.
Similarly, businesses that are using the same techniques to protect digital assets that they used 10 years ago may say “Well, we haven’t been compromised so what we are doing must be working”. In reality, they are much like the man tearing up paper or Skinner’s pigeons. No, they haven’t been compromised, but not because of what they are doing. As the saying goes ‘Their number hasn’t come up yet’. This article from 2019 stated, “The Verizon report shows that almost a third of small businesses (29 percent) experienced at least one mobile security breach in 2018 — nearly double the 15 percent from the year before.” So in 2018, there was about a 1 in 3 chance of your business being breached. With the increase of Ransomware-as-a-Service since then, the odds certainly have not gotten better.
Take The Simple Precautions
Sadly, when breaches are analyzed, root causes can be painfully basic. Poor password control, lack of policies for remote access, lack of patching, outdated software, and many other basic things. Succumbing to phishing attacks still is a major cause of network compromises, from the largest corporations to the small business owner.
If you are not updating your network defenses to cope with the latest threats, why haven’t you? Do you feel there is no payback for investing in security? Is that the reason employees are not trained regularly to assist in protecting the network? This article mentioned:
- Forty-three percent of cyberattacks are aimed at small businesses, but only 14% of small businesses are prepared to defend themselves, according to Accenture.
- These incidents now cost businesses of all sizes $200,000 on average, reveals insurance carrier Hiscox.
Tearing up paper won’t keep the bad guys away. Turning 2 complete left-hand circles won’t keep them away. The bad guys have been attacking networks as a career. They spend all their time working at it. If they can’t do what they want to do, they get help, hire someone, or use a service. There is no reason why small businesses can’t do the same. If you are still tearing up paper, find someone to help you find out what should be done. Don’t keep making left-hand circles and hoping your data is safe. The sharks are out there looking for anchovies, don’t be the one that gets caught. Call Ashton Technology Solutions at 216 397-4080 to protect your network and your data.