 |
| Photo: author |
A long time ago, somewhere in the 1980s, I was on holiday in Italy with my parents. We visited many places, including Padua. There, we wanted to see an ancient university building, but it was just closing. The friendly caretaker gestured that we were welcome to accompany him on his locking-up round. And so it happened that, moments later, we found ourselves standing at the lectern of Leonardo da Vinci.
Have you
ever been somewhere where it felt like you weren’t really supposed to be there,
yet the moment felt magical? That’s how it felt back then, and I felt it again
this week, when I went to get a cup of hot water for tea at the office. The
machine showed a red bar. Not a good sign. The screen no longer displayed the
usual options for every imaginable type of coffee, but choices such as
‘remote-controlled measures’ and ‘ingredient management’. And in the top left
corner was the most important label of all: ‘machine administrator’. With,
right next to it, a ‘log out’ icon. So yes, we were logged in as administrator.
Let me
speculate for a moment about what might have happened here. The machine had a
malfunction, as evidenced by the red light (on the adjacent machine, that bar
glowed white). A maintenance engineer had been called in, but couldn’t
immediately fix the problem. For a moment it looked as if various things simply
needed refilling, but there was more going on; the bottom message on the
display read ‘middle grinder empty’, yet that container was absolutely brimming
with coffee beans. So the engineer must have left to fetch spare parts, and
forgot to log out.
Colleagues
from my meeting stood there, grinning. Stumbling into something like this while
a security officer happened to be visiting – well, that was rather perfect. I
see this more often: people smile sheepishly, feeling a kind of second-hand
embarrassment. Someone hasn’t followed the rules and a security officer has
caught them red-handed. Oops. Here comes trouble!
Coffee
machines fall well outside my official jurisdiction, but I can of course use
this example to highlight the broader issue. And that issue isn’t so much that
people occasionally forget to lock their workstation – you get that, don’t you –
but rather the more general picture that security isn’t always top of mind.
When it really should be.
Recently, I
was in a discussion about AI. It was about how you’re not allowed to include
personal data in your prompts; for example, you can’t just paste in an entire
letter and ask the system to analyse it. A manager said that one of his
employees had approached him with a brilliant idea: ‘I’ll just ask AI to remove
the personal data first!’ The employee was sent away with the instruction to
think very carefully about what he had just said. Hopefully by now he has
realised that you shouldn’t ask Cookie Monster to keep the cookies safe before washing
the cookie jar.
Look, I
understand that you don’t share my professional deformation of seeing risks
everywhere. But surely a certain level of basic hygiene is not too much to
expect, right? You don’t have to be a Leonardo, but don’t be a Cookie Monster
either.
And in de big bad world…
- browser extensions are turning out to be a serious problem.
- the Dutch government is investing in security for small and medium-sized businesses. [DUTCH]
- the NCSC is issuing urgent warnings about the risks posed by the AI model Mythos. [DUTCH]
- thecompetitor, too, turns out to have an AI model considered too dangerous forbroad release.
- your travel data may have been leaked via booking.com.
- the Cybersecurity Act and the Act on the Resilience of Critical Entities have been passed by the Dutch House of Representatives. [DUTCH]
- vishing can now be handed over to AI as well.
- the chief privacy officer of Logius fears US interference with DigiD. [DUTCH]
- our national privacy watchdog will start preventive audits of ICT suppliers. [DUTCH]
- once again, a fake text message about a parcel is doing the rounds. [DUTCH]
No comments:
Post a Comment