On April 26, 1986, there was a large and highly destructive steam explosion in the number 4 Nuclear Reactor of the Chernobyl Nuclear Power Plant. This steam explosion ruptured the reactor core and caused an open air reactor core fire. This open air reactor fire went on for 9 days and spread a considerable amount of radioactive contamination over parts of the former USSR and Europe.
The loss of life is and was undetermined, because of the both the secrecy of the USSR during this time and the lack of a distinct way for the medical professionals of Europe to pinpoint how many people developed cancer from this specific event. However, we do know that 2 deaths happened in the initial explosion. Twenty-eight more died in the days and weeks afterward due to acute radiation syndrome. It is considered the worst nuclear disaster in history.
In March and April 2019, a massive data breach occurred with Capital One. Thousands of users personal information, social security numbers, and bank account numbers were stolen. This breach was not discovered by Capital One until July 17, 2019, when the individual who stole the information tipped off Capital One that it happened.
According to statements by Capital One, “the individual responsible was able to take advantage of a configuration vulnerability to steal sensitive records stored with Amazon Web Services”. The configuration vulnerability was a misconfigured firewall that the hacker obtained access to. 30 GB of Capital One’s sensitive information was downloaded.
What makes this situation stickier, if not terrifying, is the hacker was an employee of Amazon Web Services from 2015 through 2016. It has been theorized that the hacker had some inside knowledge of how best to gain this access. According to multiple reports, this kind of breach is not uncommon with companies using a web base cloud storage option. Companies are not changing their security procedures to match with the rapid change in the usage of the cloud.
At this point you might ask, in what way are these two events similar or linked? The answer is not much. At least on the surface. For me personally, I just happened to watch a Chernobyl documentary on the same day I read of this data breach. It got my mind turning, as I researched and looked at both events.
They were both disasters, but on totally different scales. One was a major environmental and human disaster, while the other will only affect people monetarily. However, if you dig deeper you can see one major theme with both events. There was a human element of mistakes due to not following proper procedures (and in some respects sheer arrogance). In both cases, awareness, understanding, and fixing the issues took way too long. This caused further damage to the millions that were affected.
Seeing these similarities in such starkly different circumstances was eye opening for me. It caused me to do an introspective look at my personal and professional life.
If I know the procedures to avert issues and disasters, does everyone around me know?
Am I prepared to believe the impossible is possible, and change my way of thinking to ensure an issue does not grow into a larger disaster?
How will I react when something does happen, will I panic or will I have a practiced triage process that I can move right into?
How will this affect my family, my friends, my co-workers, and my work in general?
You get the point. A wholesale look from top to bottom. Not surprisingly, I did find things that I can change/improve. New ways where I could be more open. I discovered several things that I did not think about before. In the end, it was refreshing and helped alleviate stress built up that I did not even know I had.
I have promised myself that this is something I will do on a regular basis going forward. At this point in my long running internal dialog, I came to the realization that this is how customers must feel when a particularly well executed assessment is done. Or when their projects for a new backup/DR site come online. Or maybe when they change their entire IT outlook to safer, modern, and proactive technologies.
Our customers, instead of waiting around for something to happen, are proactively changing the landscape to avert disasters. We as a solution provider are not changing the world, or averting disasters for millions, or developing plans for when accidents/disasters strike. It is actually our customers who are.
For me, that is a really powerful thought. How wonderful is it to think that we can be there, side by side, as they work to ensure data breaches are not happening. Or how Zunesis can bring up a new video surveillance system that will ensure better security for our customers and their customers? The answer to these questions is not just wonderful, it is humbling.