Alone, connected… and safe?

One of the great attractions of the ultra-trail is to be confronted with solitude and nature. In any case, I think it attracts those who have a fiber of exploration. But it’s not about satisfying this impulse by forgetting that there are things that are much more important. I remain connected to my loved ones during these trials, thanks in particular to my Garmin watch. With the right address on the internet, everyone can follow my progress on a map in real-time. Only then, five days after my ultra-trail around the Beaufortain massif (July 17-18), Garmin is under a major cyber-attack (July 23), and I wonder afterwards: what does this mean for the user that I am? More broadly, I believe that this cyber-insecurity episode is interesting even outside the world of sports entertainment.

 

1. The choice of the Garmin opening

Two years ago, I welcomed the successful transition to the organization opened by Garmin, the geolocation services company:

Garmin has made the digital shift perfectly. And the starting point of the digital turn is not data. It’s the user experience. The rest follows almost naturally.

At the time, I wasn’t wondering to what extent this openness could reduce cybersecurity performance.

 

2. Cyber-attack on Garmin

Let us first recall the facts. On July 23rd, Garmin is subject to a cyber-scan: the attacker encrypts Garmin’s database and demands payment to perform the decryption. For users of Garmin Connect, Strava, inReach, and flyGarmin, it is impossible to update their account, use the Garmin website, the helpdesk, and even reach Garmin by email. Garmin ends up paying the ransom.

 

3. The previous Strava

However, this is not the first time that a cybersecurity problem has arisen in connection with sports applications. In 2018, the Guardian reported that the sports social network Strava indirectly revealed the location of some secret U.S. military bases, particularly in Afghanistan. In effect, Strava was providing public access to the routes of its users, which in some areas have few non-military users.

 

How to combine openness and cybersecurity?

Finally, we sometimes think we’re alone in nature when we’re actually revealing sensitive information to spies. I don’t know about you, but it’s enough to awaken my pirate instinct! But of course, these sports activities are only one way to form a social network. Not to mention the rise of remote working, which has only multiplied the surfaces exposed to cyber-attacks. The digital transformation has now reached the point where the appetite for openness must imperatively be reconciled with the need for cybersecurity. Hence our report this month, which we produced for: