Dreams are weird. Sometimes they’re totally off-the-wall and crazy. Other times they can approach meaningful; but most often … they’re just weird.
Because I work in cybersecurity and privacy education, my dreams tend to bend toward these topics. Cybersecurity and privacy are serious issues right now, but that doesn’t make my dreams any less weird.
Lately, however, I’ve found some of them kind of significant; almost like I’m seeing into the future or something. Let me share a few, and you can be the judge.
1. We Solve Phishing and More!
I step onto the stage. I’m bathed in so much light from the TV cameras that I can barely see. I announce that my team of researchers has finally cracked the code to the #1 scourge of global business and the leading cause of data breaches.
That’s right: we’ve finally and permanently eradicated phishing. With funding from Google and Microsoft, and the enthusiastic support of all the phishing simulation vendors who have grown weary of endlessly promoting their ability to drive down your click-through rate, we have developed a form of AI that can be deployed—for free!—into every email product. This new AI will ensure that nothing remotely false or malicious can ever present itself via email. Hold for applause. But it gets better.
We’re also on the brink of developing filters that will guarantee that we can trust absolutely everything that comes at us through electronic communications: no more lip syncs at halftime, no more 3-out-of-4-doctors recommend, no more fake news. We will filter out all fakery!
I was just getting into this one when my wife prodded me. “Quit mumbling,” she said.
2. Passwords Are Over—We All Get Chipped!
It’s so liberating! Every time I come to a place where I need to authenticate, all I do is double-tap my right temple and whammo, I’m in! Power up my computer, double-tap, signed in. Bank website, double-tap, account access. Walk up to my back door, bingo. Car, same thing.
You want in on this? Ditch the password managers and two-factor authentication and YubiKeys, all you need to do is get “chipped.” Just head down to the Chip Truck—no appointment necessary—and they’ll insert one for you in a few minutes. It’s parked near the food trucks, but it’s much cleaner. The installation stings a little, but think of how much time you’ll save. Tap-tap!
Maybe the best part: it’s free—subsidized by credit card companies, payroll providers, and other companies who introduced the new global standard. Where’s the downside? What could possibly go wrong?
I woke myself up at 2 A.M. during this one after whacking myself in the head.
3. People Rise Up to Take Back Control of Their Personal Data
I finally do it: I quit Facebook and LinkedIn and all the other social sites I’d joined. A big group of friends—some of whom I hadn’t seen in years—showed up at my front door and said, “Tom, join the movement! We’ve taken back ownership of our data.” And I did it: I just cancelled my accounts (oddly, it went super fast!) and joined them as we marched downtown and sat in the open square and laughed and caught up.
We were all super fired-up debating opt-in vs. opt-out and the importance of data minimization. Who knew these topics could be so exciting? I felt that I was part of a big, powerful community of people with common interests. It kind of looked like Portland, but with no advertisements.
When I was getting dressed for work that morning I found my birth certificate, Social Security card, and for some reason my vintage concert t-shirt from Journey’s 1981 “Escape” tour stuffed into my laptop bag. Weird.
4. Congress Passes an Omnibus Data Protection Law
Did you hear the news!? Congress came together to pass a strong, universal data protection standard that applies to every American business. The pictures show President Trump on CNN signing the bill, wearing his trademark red hat that reads: “Make America Cybersecure Again!”
In a major press conference, corporate leaders rallied around the new law: “Sure, we’ll have to spend extra to build in rock-solid security,” says Jeff Bezos, “but it’s worth it.”
“People’s data is valuable,” boasts Mark Zuckerberg, “and we’ll provide real compensation for every like and share.” Is that Tim Cook there, too, smiling?
I wake up right after Bezos slaps Cook and shouts out “nyuk nyuk” while Zuckerberg pokes Bezos in the eyes, calling him an “imbecile.”
What Dreams May Come
Goofy. Unrealistic. Weird. These dreams aren’t real, but I think in some way you’ll admit these dreams are ours. They reflect our longing for certainty and clarity in a complicated world.
We’re all buried in phishing email, fake news, new forms of malware, changing regulations. There’s just so damned much information to sort through. It’s hard to tell what is fake and what is real, what to pay attention to, what to ignore. We wish there were simple, sweeping solutions. Hell, I dream about them! But there aren’t—not yet anyway.
So after these dreams, once I get through my second cup of coffee, I come back to the difficult comforts of reality. We don’t have foolproof technical defenses against phishing or authentication protocols. We still have to scrutinize our email for warning signs, still have to juggle passwords. There’s no single regulatory standard.
The truth is, we humans still have to navigate a sea of information and choices. And we will remain prone to mistakes and moments of inattention that put us at risk to bad actors who want our money or our ideas.
Those of us who believe that humans can prevail even in these conditions will keep trying to help our colleagues, our friends, and our families navigate the complexities of the information age. With humor, a dose of reality, and hopefully with imagination, we in the security awareness and privacy awareness profession will keep trying to keep our employees safe and our organizations secure. At least until these four dreams become reality. OK, maybe not these dreams … but you know what I mean!