Mat Honans hacking horror story is barely two weeks old, but already its been something of a catalyst for change when it comes to cloud-based computer security.
Using Amazon and Apples password reset loopholes to take control of the Wired writer and longtime technology correspondents Google, Twitter and iCloud accounts, hackers wiped the memory from several of his devices and used his public profile to broadcast hateful messages. It was a deft combination of social engineering and, as Honan concedes, personal security failures.
After thoroughly documenting the exploit, follow-up reporting from Wired revealed the tech companies are taking steps to shore up their security flaws. And publications from The Huffington Post to PC World have offered suggestions on how to prevent such a devastating attack from happening to us.
Its valuable advice. Back up your valuable information. Take advantage of advanced security options like two-step verification. Avoid linking your accounts with the same email addresses and passwords.
Everyone who read about Honan and takes this advice has a better understanding of worst-case scenarios when it comes to our personal data. But to make this lesson stick, there needs to be a fundamental attitude shift when it comes to buying electronic devices or signing up for cloud services.
As consumers, our expectations right now are high. Apple co-founder Steve Jobs captured that perfectly in a 2011 keynote at the companys Worldwide Developers Conference when describing the main draw of iCloud: It just works, he said to applause.
If were smart, well reject this tempting slogan. If were smart, well start expecting our devices to fail.
This philosophy isnt a completely alien one to most consumers.
When we buy a car or a house, we pair it with insurance. Were making a bet that in the lifetime of these purchases, something catastrophic is going to happen. Were so sure of that fact that we shell out hundreds of dollars a month to protect ourselves, considering it part of the price we pay.
Paul Rosenberg, owner of the Chapel Hill shop Love Your Computer, uses a similar analogy when explaining repairs like hard drive replacements to customers.
This is like your cars 100,000-mile service, Rosenberg said. Almost every computer will have at least one hard drive replaced and at least one malware attack in its lifespan. Thats just part of owning the machine now.
Admittedly, my analogy is flawed. Insurance on homes and cars is often mandated by law, and buying it helps us protect investments that can cost hundreds of thousands of dollars. This isnt the case with a $600 laptop or a $200 smartphone.
But weve got to start accounting for the hidden costs of certain failure not because of the relatively inexpensive hardware, but because of the priceless data they store and access.
Ultimately, their machines and their phones are no longer really relevant. What matters is all the data theyre accumulating, Rosenberg said. If one computer dies, the next one will provide that data as well as the first one did.
Security will get marginally better. Horror stories like these will play a role in creating more savvy consumers. But as the inevitable migration toward cloud services continues, new threats will pop up to assault our data and evade our best efforts to prevent them.
The risks are only going to increase as we put more and more of our lives online and become dependent upon services provided by organizations we assume have already figured out all the hard technical stuff needed to keep it safe, Jeff Crume, IBM IT security architect and author of the blog Inside Internet Security, told me in an email. Many of these services are free, yet we fail to think about the realities of the underlying business model and how that could ultimately affect us.
The answer isnt despair or resignation its good preparation. Its fine to take reasonable steps to protect yourself and hope for the best, but figuring out the best way to rebuild quickly is an essential part of that planning.
Because when you know theyre coming, disasters dont seem quite as bad.
Send technology questions to firstname.lastname@example.org. Please include your name, city and daytime phone number. Sorry, we cant answer every question.