The Garmin Hack: We Don't Negotiate With Terrorists


Manage episode 270016080 series 2733759
由Player FM以及我们的用户群所搜索的Ben Garves — 版权由出版商所拥有,而不是Player FM,音频直接从出版商的伺服器串流. 点击订阅按钮以查看Player FM更新,或粘贴收取点链接到其他播客应用程序里。

I recently watched the movie Air Force One, partially to reminisce on a classic Harrison Ford movie and partially to reminisce on what it was like to have a badass president. One of the most iconic lines from the 1997 blockbuster, which also features the likes of WIlliam H. Macy, Gary Oldman, and Glenn Close, is when President Harrison Ford practically looks at the camera and forces out a decisive, “we will not negotiate with terrorists.”

Well, ironically, if you haven’t been following it, Garmin (the fitness tracker and GPS company) has recently negotiated with hackers to release systems under attack by ransomware. That’s basically where someone gets access to your system and password-protects everything so you can’t do anything unless you pay them to either remove their software or give you the new password. Miserable? Yeah.
I had slated for an upcoming episode to talk about if you should get a fitness tracker, but this seemed more fun to talk about. If you’re a company trusted by hundreds of millions of customers with their private heart rate, GPS, and other personal information, what price tag do you put on the security of that data? What risk versus reward analysis do you do when it comes to investing in security and praying you don’t get caught with your pants down?

To Garmin, that price tag was to the tune of an estimated $10 million payment for access back to their systems. It has me asking two sets of questions:

First, what price would have been too high? At what point would a ransom for our information have been too expensive for a company to pay? And, not if, but when will the next hack happen to a company slacking on their protection of our data? Potentially a worse one than Garmin. Like Experian. Oh, wait, that’s already happened.
The second set of questions is simple. How much money could Garmin have saved if they had properly protected our data in the first place? And, how many times to companies have to watch these failures of their peers and what penalties will be harsh enough that they’ll finally learn the lesson to stop taking risks with our data?

Side note: get off my plane.

Thanks for listening to the Ben Garves podcast. Please be sure to rate, review, and subscribe. It’s free to you and it means the world to me. Until tomorrow, behave yourselves out here.