Context Matters

Something that keeps crossing my consciousness is the importance of context.

Ironically it's been appearing across contexts.

First, over the last couple of weeks I was working on a whitepaper based on an SME (subject matter expert) interview where the expert mentioned the important role of context in cybersecurity research (the paper ended up just shy of 5,000 words and is out for stakeholder review).

Then, in my own research into social engineering I’ve now encountered 1/2 dozen expert comments on the importance of context when assessing risk.

And third, I'm reading a bio/memoir of sorts (Stephen Batchelor's Confession of a Buddhist Atheist, it's quite good). Batchelor was an ordained Buddhist monk for more than a decade, with many years being spent in a retreat center in a small Swiss town. He talks about how conspicuous he felt there and contrasts that with the years he spend as just one of many robed monks at the monasteries where he trained.

Edit: some time between starting this draft and finally getting it touched up to publish, I found myself sitting through a meeting about adaptive MFA (multi-factor authentication) and what do you know...the importance of context formed an entire segment of the presentation.

So, what do I take away from all this, other than the sheer, unadulterated excitement that is my day-to-day? Simply that context matters. I mean, I already knew that as a writer, but having it driven home in areas as diverse as life as a buddhist monk and cybersecurity was eye-opening for me.

The SME I was interviewing made several interesting comments about the role context plays in his job when designing the systems that assess whether a login attempt is legitimate or not. For example, there's something called "the impossible travel scenario" that the product the company I write for makes uses when determining how to use MFA (hence the 'adaptive' used earlier). Say you live in Seattle (I know, quite a stretch coming from a Seattleite), and the last 12 logins to your account were from the same IP assigned to your local ISP. Then, 5 minutes after your last login, there's an attempt made from Paris. Since there's no way for you to have hopped continents in 5 minutes, that's impossible travel and the system throws up a CAPTCHA or prompts a text message to verify ID.

Context.

In the world of social engineering — which blends roughly equal amounts of psychology, technology, and espionage — context is absolutely crucial. Whether in terms of situational awareness when spotting someone trying to piggy-back into a secure office space or in terms of double-checking the "sent from" address for typos to help spot phishing emails. It astounds me how many data breaches could be cut off at the knees if just one person had noticed just one thing that didn't look right.

Take the Twitter hack last year. The kid who just pled guilty called took advantage of the work from home situation to call Twitter employees pretending to be internal IT and told them he needed their passwords in order to work on an issue. Had these employees stopped and assessed that request, they could have used the internal IT systems to verify that it was a legit request (it wasn't), coming via an approved medium (it wasn't), to work on a known issue (strike 3). Instead, this clown made his way into multiple high-profile accounts and used them to run a cyber currency scam.

Context.

Situational awareness is a term that comes from the military, but has multiple uses in the civilian world. That's especially true in security. A relative spent some time helping out an executive security firm locally during their interview process. She's a very average looking white woman in her 30's, so in no way does she stand out in a crowd around here. Her job was to turn up at 4 locations the interviewee was supposed to be protecting the executive at and just...hang around, acting suspicious. Out of 12, not a single one picked her out. They saw her in 4 different, random places over a short period of time, and not one realized it. Pattern recognition failed them and not one was hired.

Context.

Steven Batchelor writes about how after he de-robed, married a former nun from his order, and moved back to England, he was reflecting on the path that brought him to that point. As an academic, he was tasked with translating several ancient Pali texts along with some writings of his own teacher that were in Tibetan, into English. That meant spending most of his waking hours locked in study on the grounds of his monastery, surrounded only by other monks. Then, he was tasked with accompanying his teacher as he set up a new retreat center in Switzerland. This plopped him down in a purely western town, surrounded by all that entails, and for the first time since taking his oath, making him feel extremely exposed and out of place.

Nothing about him had changed. Nothing about his teacher or others at the center had changed, they were all still robed, shaved-headed monks just like before. But the context around him had changed dramatically, and his interactions with those around the center showed that difference quite starkly. Ultimately, he de-robed but has remained a Buddhist scholar and teacher based in France.

Context.

I'm interested to see how this new level of awareness of context will translate to my own day-to-day. I'm someone who is already acutely aware of some aspects of context, mainly around pattern recognition and other people's emotional state. If you're aware of the idea of someone being a Highly Sensitive Person (HSP) that you have an idea what I mean. If not, that's for a whole 'nother post. Or series of posts. Or maybe a book. In the meantime, I'm going to keep my eyes open for how context interacts with my daily live and will report back.

Maybe you do the same and let me know what you discover?