We told you the top cybersecurity myths that you need to forget immediately; now we are going to let you in on the shocking reality that is the cyber realm. From insidious Russian viruses to the vast amount of simple human error, nothing is what it seems in the digital age!
Link: Top 50 Cybersecurity Statistics, Figures and Facts
Hosts: Blake, Dwight, and Erin
Support the show - Call 877-468-2721 or visit https://petronellatech.com
Please visit YouTube and LinkedIn and be sure to like and subscribe!
NO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.
Support the Show
Please visit https://compliancearmor.com and https://petronellatech.com for the latest in Cybersecurity and Training and be sure to like, subscribe and visit all of our properties at:
We told you the top cybersecurity myths that you need to forget immediately; now we are going to let you in on the shocking reality that is the cyber realm. From insidious Russian viruses to the vast amount of simple human error, nothing is what it seems in the digital age!
Link: Top 50 Cybersecurity Statistics, Figures and Facts
Hosts: Blake, Dwight, and Erin
Support the show - Call 877-468-2721 or visit https://petronellatech.com
Please visit YouTube and LinkedIn and be sure to like and subscribe!
NO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.
Support the Show
Please visit https://compliancearmor.com and https://petronellatech.com for the latest in Cybersecurity and Training and be sure to like, subscribe and visit all of our properties at:
Welcome to another PTG podcast today. It is myself, Aaron, and we also have Blake and Dwight. And as we mentioned yesterday yesterday we went over the top cyber security myths that we see out there. So today we're going to go over the top security statistics, figures, and facts. So
Blake:We got some good stuff,
Erin:we do, we do have some good stuff. We're getting this from comp Tia. It was just published a couple months ago. So it's probably going to be extremely relevant.
Blake:fresh, fresh out of the bakery.
Erin:Fresh relevant, something that you should definitely take note of. So I guess let's just go ahead and hop right into it. starting out, we have cyber security trends to watch for Blake, do you want to maybe pick out some interesting statistics?
Blake:Yeah. So this is the one that stuck out the most to me, but according to Microsoft nearly 80% of nation state attackers, targeted government agencies think tanks and other NGOs.
Erin:Wow.
Blake:That, to me, it was like, explosion, brain, explosion.
Erin:it also kind of shows how the future of warfare is probably going to be cyber warfare. minus the crazy attack on ukraine.
Blake:We were throwing the idea around if war will exist cyber warfare takes over. can imagine it's cheaper. Who would think, tanks are millions and millions and millions of dollars and you can pay some 28 year old kid with beer and cigarettes and maybe$20,000 to hack some colonial pipeliners of that who knows.
Erin:Yeah. I was also thinking that probably also be less deadly, but if you attack the power grid, that could actually be more deadly or I don't know, that can be really bad, obviously.
Blake:Yeah. Think about what would happen. We all have refrigerators. We all got food stored there. People may not be able to eat or store food, obviously get on the internet. We might not be able to do a podcast. I might lose my income. People working from home might lose their income, be pretty devastating.
Erin:During the dead of winter or the heat of summer people could not have electricity or heat,
Blake:Oh yeah.
Erin:I live on a boat, so it probably wouldn't affect me as much as other people,
Blake:You might just wash away because the power grades gone,
Erin:hopefully not.
Blake:Dwight is ready to say something. I feel it.
Dwight:oh, loss of power would be major. everything from your home appliances, internet goodness, what else? What do we use? It doesn't require a power. Very little.
Erin:transportation. You can have gas or whatever, but
Dwight:Yeah, but you think about the gas pumps, right? A lot of those there's electric. They need the electricity at gas pumps and stuff like that. So,
Erin:people wouldn't be able to travel.
Dwight:we might be able to drive, but you're going to get a tank of gas to go. So what happens after that? it would have a major impact for sure.
Blake:I've been seeing all the people that have been flexing their Teslas and they're smart cars. And now they ha people that have gas cars LOL, you guys are the ones paying the price. Now, yeah, that would totally change. If the power grids went down, they would never be able to drive again.
Erin:And who knows how long it would take to get it back up?
Blake:Yeah. wonder if we set the payer electrical bills.
Erin:Nobody writes checks anymore. If they expect us to walk over and kill them,
Blake:Okay. Online banking
Erin:man. Yeah,
Blake:especially me since I locked my debit card every two seconds, I won't even be able to go to an ATM.
Dwight:It would be devastating. I think it would be devastating. It would have a major impact on people and it's not a real war, but it would be
Erin:It would be devastating.
Dwight:Yeah, definitely. We will be blind.
Erin:Oh, it would be a mess. it's really interesting coming from, a lifestyle where I've lived in houses, my whole life going on a boat. Sometimes we don't really have a lot of power. We've got issues with the internal electric. So we bypass it, but didn't really have access to a lot of electricity, especially in the beginning. And it is crazy how much you rely on energy and you just don't even realize it. You can't even charge your phone if you don't have electricity. It's just stupid little stuff like that. You can't turn on lights. We are using our phones is flashlights, you don't realize how dependent you become on electricity until you lose it. So I think that definitely something to keep in mind.
Blake:just to think about it.
Erin:It is. the threat of nuclear war is bad enough, but to take down the power grid I think about that kind of stuff. there's got to be bad actors all up in our power grid. There's no way that the power companies are more secure. just feel like people aren't taking cybersecurity and they need to
Blake:Yup. I think that's what we preach every podcast. If we could say a couple sentences and just not do podcasts, it would be take cyber security. Seriously.
Erin:Take cyber security Seriously.
Blake:Don't be a low hanging fruit, be a cybersecurity onion.
Erin:Yes,
Blake:That's what we were talking about.
Erin:exactly. It's something that you found interesting in the cybersecurity trends to watch for.
Dwight:I was just looking to spin off of what you were taught with Microsoft. The first one that Blake brought up in the supply chain attacks, I think there are already happening right now. I'm thinking we're getting a lot of that right now. So interruption of food, interruption of everyday needs requirements, what about pharmaceutical needs and stuff like that the supply chain.
Erin:oh gosh. Yeah.
Dwight:And that's happening right now. So looking at list again I would say identity theft that's a big one too now. there's lots of people. I hear it. even from people in my immediate sphere of influence that, oh yeah, I had this happened to me and I had my bank and I had to go in and say, I wasn't this person, or I had to go and reset all my information. And that's a big thing now, too. So identity theft, and that's gonna continue to climb, I think and people are impacted in a big way there, because if you can't get ahold of your information, it's very traumatic and it's very disruptive when somebody loses their identity.
Blake:Yeah,
Dwight:I'm just looking at the graphs you can see it in a year, two years, things are inching up and especially in 2020 things, seem to have jumped quite a bit, almost 40%.
Blake:you have 42.
Dwight:Yeah. That's a lot.
Blake:Wow. What sticks out to you on this list?
Erin:you're probably not going to be surprised. The one that sticks out to me, Blake but where it says social media is likely to see enhanced oversight of information. I obviously believe in freedom of speech, But the problem comes in where people use that freedom of speech to manipulate other people and lie. And also it's important to keep in mind too, that social media platforms are not the government. So people get really upset about freedom of speech and things like that. But any business is allowed to have their standards. And I feel like. If there's lies going out there, misinformation campaigns needs to be shut down.
Blake:I think this would be an interesting time to bring up the fact that Elon Musk just made a huge offer for Twitter.
Erin:Gosh, I saw that$42 billion.
Blake:I saw a timeline of Elon Musk and he's coolest troll international, but I guess it made some suggestions to Twitter about how they can improve their social experience or their And then they offered him a seat on the board and then he bought the company and then he declined the seat on the board and they bought 9% or something. Declined that seat on the board. And then now the SOC holders of Twitter sued Elon Musk for the earnings report going out with. And now Elon Musk offered to buy the whole company in cash
Dwight:Yeah. just looking at the news on that 43 billion to purchase.
Blake:in cash.
Erin:Yeah, I think he owns 11% of Twitter. So.
Blake:It was nine if I'm not mistaken, but, was thinking about how detrimental this would be to our world. He clearly is an advocate of freedom of speech, freedom of information. He is anti-censorship and it'd be interesting to see what would happen, especially if it's privatized what would truly happen. Cause that's the big reason why apparently it's trying to buy it, to turn it into a private entity and I guess desensitize it or whatever.
Erin:I don't know. I'm a real big proponent was freedom of speech, honestly, but if there's Russian trolls trying to Persuade Americans to vote a certain way by just spreading complete lies. That should be taken down because people clearly can't be trusted to source their own sources. They believe whatever comes out and it's frustrating. I don't really know what to do.
Blake:It frustrates me so much. I was scrolling through Instagram today, and somebody posted an article about, they said 980 professional sports athletes have died in heart-related events since COVID and they've had the jab, and they're mostly talking about soccer players and cricket players and people from the UK and all this anyways here I started doing a little bit of research. First of all, the publishing sources, the stupidest name I've ever heard, this is like, Hey, don't share my news articles.com because this is fake news.com, dot org fake news, that order, you know what I mean? Why are you sharing this when you have no grounding on this information? I started looking up some of the soccer players, just out of curiosity and a huge portion of them are still alive. So, why are people sharing this?
Erin:why are people sharing it?
Blake:Why aren't people scaring people.
Erin:I don't know. That's a good question.
Dwight:I think it's important to keep it open. Yes. we're going to get people, bad actors in there and stuff like that. we got to give people credit. I think a lot of people go and get your sources of news from a lot of different areas. Anyone that focuses on one particular source of news, I think those days are gone, especially now with all the stuff that's out there. think it's better to have false information coming from Russians and false information period in general, coming in or ability to limit people because they say something so, basically. Muting speech based upon what a company CEO or board thinks is proper is wrong. So we have to be vigilant on our side, platforms should be wide open and of course with that, there's going to come a lot of different misinformation on one side truth on the other side. And it's up to us, right?
Erin:I hear what you're saying, but the problem with that is that historically that doesn't happen. people believe whatever they read. I spent a lot of my time probably way too much of my time trying to, fight this information, things and being like, look, this isn't true, blah, blah, blah. nobody it. Even the people that I'm directly responding to, stuck in their cloud of cognitive dissonance and they just refuse to accept actual facts. So that's the problem to me is that a lot of people don't take the time to look it up. I feel like I do. I listen to lots of different news sources to make sure that I understand what's going on and that I'm not being lied to. Or if I am being lied to that, I can spot it, don't do that. They just refuse to do it. I'm not going to go into political stuff, it's crazy what people believe.
Dwight:Yeah, no, I hear you understand that don't have an answer for that one
Erin:I don't, either. I don't like the idea of limiting speech. I don't. like that idea, but at the same time, I don't like the idea of people buying into something because of wise, the thing is that I would say let them be right. But what they believe does have an impact on everyone because they'll vote for certain things based on lies and. That impacts my life and it can impact my life negatively. So unfortunately does matter.
Dwight:I hear you.
Erin:It's frustrating. There's no easy solution.
Dwight:I think it comes down to in our day and age, cause I'm, quite a bit older, I'm 56 years old. I remember back 20, 30 years ago when news was news people just reported it, whatever was happening, truth. There was no bias. There is no spin put on anything. And then people took that and good or bad if you like it, but you knew it was right and proper. And what was coming in was it was accurate as far as what was happening those days are gone. Now it's all a lot of opinion. I personally, like I said, it all depends how you grow up and your values and stuff like that. But like you said, it's hard to get into something like that. Would it give them the politics?
Erin:It is
Dwight:I value free speech for sure. Because that's, what democracy is built on. And there's so many countries in this world and people that are wanting to take that away from us, especially here in north America where we have that. And we pride ourselves on that. I don't think we can really get any more can. Yes. But now it's become so skewed that it's horrible. To put bluntly
Erin:I was just going to say, I have a slightly different view, I think, than you do about the platforms, because people are allowed to write whatever they want. That's freedom of speech, but as a platform, if what they write, doesn't align with your values, you shouldn't have to keep that up. think about the whole thing. I'm not going to get into the debate here necessarily. I feel like if I was asked to create something that I didn't necessarily believe in, I don't think I should necessarily be forced to do it. And that's kinda how I feel too, with these platforms. Platforms are companies, they're not the government, so they're allowed to have rules and standards and codes of conduct and things like that. And if people break those, then I think that they should be Or I think that if things are to be false, I don't see why that shouldn't be removed. It can still be out there. You can still publish it, but you just can't put it on a platform that doesn't want to spread fake news.
Dwight:Yeah, I hear ya. I hear ya.
Erin:But, it does get into a slippery slope
Dwight:yeah, it is hard. It is she ever would, everybody had the same level of integrity and stuffed and wanting to share, information and stuff that they would stick to what they know. But like I said, unfortunately, that's not the case. So how, I don't know. There's some real conundrum too, even just to think about it makes your head
Erin:and it just spins. I feel like it just spins and it just comes back to the same place. And to me the same places, I don't know. I don't have an answer to this.
Dwight:No.
Blake:We just have to figure it out. As a unravels
Erin:It's the whole thing where if you don't. The code of conduct at Twitter or Facebook, you're more than welcome to start your own kind of thing.
Blake:Yeah. I've seen have tried that and it hasn't been good. It hasn't been good for our government. It hasn't been good for the people and it's a spread more hate and people are angry these days, sadly, I'm sorry for everybody. That's angry out there, but Don't know. Don't know how to help you.
Dwight:No, the world needs a lot more love that's for sure.
Blake:Yeah.
Erin:that's so true.
Dwight:And I tried to do that myself, even with differences of opinion or stuff like that, try to keep a positive spin on things. And because when we start distancing ourselves from people and people develop grudges one towards another, and that just blocks the free transfer of information Because people just isolate themselves in order to have families or whatever, because they don't want to participate or they don't want to Candid discussion about things. think that in all the bottom line is to have to be willing to listen to people. Other people, you don't have to agree with them, but to be able to listen, to see where people are coming from and have that open communication is key. I think it was any society to functioning. When we were closed off and people get angry because they don't like the way things are, no, nobody likes, but doesn't mean you have to become about it. We have to stay positive to move forward. And with being negative comes all kinds of emotions and problems with your digestion. And there's so many. Things that can happen because we develop a negative attitude and it's like going down a rabbit hole. You start off with this bad attitude. All of a sudden you're getting headaches next. You could have indigestion problems. So I'm going to attack you personally, your health and then people start doing stuff outside too, like attacking people or you get these random acts of violence. So escalates, it's a real Pandora's box for sure.
Erin:That's kind of why sometimes I do block people. I've locked a lot of people in the past few years. I used to never block people, but I feel like my time and energy are important and I have a hard time dropping things or letting them go. And so instead of continuously hitting my head against a brick wall, I'll just block people. Though, when people are actively not listening or not open-minded about things or not willing to see that they might be incorrect because, if I'm wrong, I want to know that I'm wrong because I don't want to make that same mistake over and over again. But for other people admitting that they were wrong. It just majorly wounds their psyche and they just can't bring themselves to do it. when I run up against people like that, that's when I'm just like I can't talk to you. If you're willing to talk and listen and be open, I'm willing to talk and listen and be open. But I can't keep doing this.
Dwight:I think being in the it field, if you're not humble I think being an it in general, it keeps you humble because there's such a pile of information out there and there's so many ways to do things. And if you get really prideful or thinking, you're all, y'all, it all, or a lone ranger, I've seen lots of people like that. And I think we even know some clients that may be like that, past customers, present customers, stuff like that. So, I think being humble is a big part of, living in society today. Just being able to say, yeah, I'm open and saying, no, I'm wrong. And you're right,
Erin:Yeah, that's huge. have so much respect for people who have the ability to acknowledge that they're wrong it's hard. It is so hard, but it's something that. I live by, if I make a mistake, which it really never happens, but if I do make a mistake I do like to acknowledge it and move on.
Dwight:Yes. And moving on....
Erin:Yeah. Speaking of moving on I think we're on the same train there.
Blake:that was a rabbit hole guys. That was a rabbit hole.
Erin:it was a rabbit hole.
Dwight:No problem.
Blake:love rabbit holes here. They're dangerous though. Dangerous,
Erin:We do love rabbit holes. They are, but I feel like we need to carry ropes with us or maybe have Dwight, pull us up from a rabbit hole
Blake:I was, scanning this list, something that made my brain explode is according to purple sec, 98% of cyber crime rely on social engineering to be successfully accomplished
Erin:Wow. That's a lot.
Blake:crazy inside jobs. Humans have to interact. There has to be some interaction with their target. people that are scamming, you may know you.
Dwight:inadvertently passed on information about you, right? to party or whatever.
Erin:Yeah, exactly. If you didn't have humans, then you wouldn't have successful hacks.
Blake:another one in here that stuck out is obviously they're going to be a greater governance around cryptocurrencies in the coming years. I'm kind of interested to see Dwight stake do you have cryptocurrency?
Dwight:I do not something that I never got into. guess the reason being is because when it first started, I saw the massive requirements for it and all that, as far as data centers go and consumption of electricity and power in general. And so I guess you could say, just kicked it to the curb, but it's still out there and I don't know. What's your take on it?
Blake:I love it. I love cryptocurrency There's two ways you can acquire it, right. Mining it or buying it. So trading a Fiat currency a cryptocurrency or not going, or, something of those natures, but really am. Excited about the future of cryptocurrency. is amazing. The things you can do on the Ethereum blockchain. It's going to open a lot of doors. think that in the future banking transactions will be done on the blockchain. We're institutionalized banking transactions will be done on the blockchain and I guess we'll see, I hope cryptocurrency, I, mine cryptocurrency, you know, a little bit. And yeah, I really like it, Aaron.
Erin:yeah. So another one that I thought was really interesting that I think is good to point out is although healthcare wasn't among the most targeted industries, which is actually really surprising. security breaches cost the healthcare industry, 6 trillion. Dollars in 20, trillion. And I think that that is so important to understand, because as we have mentioned before, the thing is, is that if you're a hospital or some sort of medical center and your equipment or some, devices are you're locked out of your data, you're going to have to pay. Especially if you don't have backups and things like that, you have to pay because people's lives are on the line. And that's why it's so important, especially for people in that industry to really work on their cybersecurity. Because if a hacker can get in, they will do it.
Blake:I clicked in to read a little bit more about that. You guess, how many breaches happened to produce that$6 trillion song? Just take a wild guess.
Erin:Gotta be a lot. Right?
Dwight:A billion, maybe a billion breaches. Does global, right?
Blake:yeah, no, sorry. This is in the U S
Dwight:Oh, just in the U S
Blake:Since 2009. by the end of 20, trillion in damages number of breaches,
Dwight:oh, not that many, actually. Right. 22,550.
Erin:If the average is 3 million,
Blake:2,100
Erin:That's it?
Blake:That's it.
Dwight:But they're big they're major,
Blake:they're huge.
Erin:Wow.
Dwight:right? It doesn't take a lot of big breaches to make up big dollars.
Blake:Yeah. And some more crazy stats, 18% teaching hospitals. I don't know what a teaching hospital is, but anyways, 6% were pediatric hospitals, 75 points, 6% chance of breach of at least 5 million records just within the coming year. And 34% of health care data breach is compromised, unauthorized access or some type of disclosure.
Dwight:What comes to mind here to me is not so much the privacy people's records going, but what about these research, medical research, The us and north America, we have some major research, healthcare and research going on related to vaccines, stuff like that. And then you think about the center for disease control and all this stuff. So that stuff there I don't even see that mentioned here. But it is a part of that healthcare. Can you imagine if somebody was to get in there maybe mess with some information, change something around it could, have. Catastrophic effects. And especially when it comes to a pandemic or anything like that. So I don't see that mentioned here, but all it would take is just for one hack to happen, like CDC or John Hopkins university or Pfizer, to get in and get some of this pertinent, just really critical, sensitive information related to some kind of research that's happening and stuff like that. I don't see, it mentioned anywhere here, do you believe? I just thought about that. Listen, I'm not minimizing personal information loss, but when it comes to something like that, research on new products and stuff like that and that information to go out and then get manipulated or whatever. The myriad of things can happen to that. And we get competitiveness between companies. we have bad actors from outside the country. We have countries that want to hurt us and north American in general. And what better way to try to do that than to get at some of the research information. And manipulate that that would be it just makes my eyes spin. It makes my hurt her to.
Blake:2021 was such a huge year for breaches. We had LinkedIn 700 million records June to August, 2021, Facebook 533 million accounts just in March of 2021. Healthcare-related in Brazil the ministry of health, they had 223 million, 223 million records just in January of 2021 in Pakistan. They have an Uber equivalent air, 400 million records just in November. is crazy.
Erin:And Nunez too. So I clicked on that link as well about the health care data breaches which we'll link in the podcast. So in the description, another interesting fact. 88% of healthcare workers opened phishing to add on top of that, here's the reason why it's because healthcare industry invests less than 6% of his budget on cybersecurity.
Dwight:And for the past two years, they've been fighting a pandemic. So the stress that's on that particular group, the health care. So that's a contributing factor there too, right? People are maxed out stressed to the limit. People are dropping off their healthcare. I know lots of nurses and healthcare, people that have just kind of dropped out of the scene altogether. So that has a major impact to over good it etiquette and stuff like that when you're just maxed right out. everything else goes down on the scale of importance. So what better area to target than healthcare, because we know everybody's maxed out and stressed out, so they're not going to pay too much attention to this email. I'm going to send them
Erin:Okay,
Blake:not only that, but especially in the healthcare industry, they have a decision. can either use their budget towards life saving medicine, technology, or secure people's data.
Dwight:Exactly.
Blake:How can you decide between those two. I'd hate to be the person makes that decision.
Dwight:know anything about Hippocratic goals and stuff like that people take, the doctors have that. I don't know what the nurses have and everything else, but these people are in there for the save people's lives. I think we kind of know where the decisions are going to go, what are we going to tilt towards? And somebody has to pick up the slack where there's government agencies to go in and say, not only say what you can't just tell healthcare to do this, do that something else, because they're, so over-matched over stretched. Somebody has to step in and say, we will help you We will help you get this stuff secure. And I think that's probably what needs to happen. And probably the best thing to do would probably be, with government government help some third party agencies that are respected vetted to go in and help some of these larger healthcare that identify and say, we haven't had the time to do this and we need some help. Right. That makes sense.
Erin:Yeah.
Blake:It makes so much sense of scary,
Erin:It's funny because I just remember this one particular place I went to is a place. And I saw when I walked into the room, there's a computer in the room and it was open, could click on anybody's name, the list was up, and I was just like, such a HIPAA violation. You can see their first names and last name.
Blake:the serious.
Erin:didn't say anything, maybe I should have, but I'm like, oh my gosh. If somebody walked in here right now, not only could they get in so much trouble, but they could also, gosh, they could access to all the medical files on the information and just send it out if they wanted.
Blake:there's a simple solution to something like that, or proximity, token,
Erin:Exactly.
Blake:gatekeeper call gatekeeper. They take such good care of their clients. We've talked to them before on our podcast a little while back and
Erin:Yeah. Jamal he's been on there twice.
Blake:yeah. And what they're doing over there is amazing. Just tell them that we sent you and they will work wonders for you. but yeah, proximity, token,
Erin:I feel like every medical center should have the token.
Blake:seriously. Cheap. cheap. cheap.
Erin:Why wouldn't you and convenient?
Blake:It's like you need an ID card to enter certain areas of the hospital. Why would you not have a proximity token to get on the computer? And those are cheap. Those are probably cheaper than your ID cards.
Erin:And you're probably right. This was a few years ago, so I didn't know about, gatekeeper back then, but yeah, if you're a medical center, you need proximity token. We can say that.
Blake:yeah, another alarming status, super alarming, and this kind of leads more into compliance, but of organizations do not have an incident response plan.
Erin:Oh my goodness. And that all that does is add to the cost of a breach,
Blake:if something happens, you have to know what to do.
Erin:yeah.
Blake:If you break your arm, what are you going to do? You're going to go to the doctor or the hazard incident response plan, or if you twist your ankle, you're going to go home and ice it and rest it. That's your incident response plan kind of in a way
Erin:Yeah.
Blake:you need to have this
Erin:It's so important.
Blake:it's inexcusable.
Erin:What'd you say that was 77%
Blake:77%. I need to pause and let you guys think about that.
Erin:You have, an incident response plan? Probably not, but maybe, they are listening to this podcast.
Blake:just Google it guys. Just Google it. There's templates out there for that stuff.
Erin:Yeah. Even in basic plan is better than nothing.
Blake:You just need to know what to do. You need to know where the data lives it's really important to, for when you're putting together a system security plan that you have an inventory of all your assets, all your devices, their IP addresses, what type of information they store is really important. And it's not really that difficult.
Erin:Not say I told you so, but according to this, it says with COVID-19 cybersecurity statistics, one report purple sec showed that cyber incidents road. How much do you think, did you look at it? How much do you think cybersecurity incidents rose during the pandemic
Blake:I think I heard this one or I think I read this. Guys, there's so many facts here on this page. So many stats think it was a hundred plus percent. I wasn't mistaken.
Erin:multiply that by six,
Blake:600%.
Erin:600%. I was running blogs back then and I remember every blog, it was like, be careful they are coming at you. They know that you're not secure and they are going to really go at it. And so to see that 600%. that's huge. And as a 64% of organizations, world wide, we're most likely to experience a data breach as a result of cOVID-19.
Blake:I felt like the transition from people working in an office environment to going home and working at home, just kind of brought all the lazy or maybe the hackers admin sitting around for a while, or maybe they just saw the window of opportunity, just swing right. Open
Erin:Yeah. They were probably super excited when it was like, everybody's going home and they're like,
Blake:RA boys let's get to work. Let's get to work. Let's get paid.
Erin:yup. And they did
Blake:That's a shame. Another one that's sucked out here is 93% of healthcare organizations experienced a data breach in the past few years.
Erin:3%.
Blake:93. 7% of the health organizations you have attended. I don't know where our listeners are at, but 7% of the hospitals and healthcare organizations that you have visited, haven't had a breach. That's crazy.
Erin:And sane
Blake:That is crazy.
Erin:stuff like this brings me back to that. Robert Mueller quote, I am convinced that there are only two types of companies, those that have been hacked and those that will be, and even they are converging into one category companies that have been hacked and will be hacked again, pretty much is what that's saying.
Blake:this is a fun one. So the government, how many records were breached? Government records were breached in 2018 to guess, while guess
Erin:6,000,006
Blake:that is so low. 30 million. Thirty. Try 1.2 billion.
Erin:is that surprising that? Shouldn't be surprising, but it's surprising
Blake:And anytime I see a bee, as in billion, I'm just jaw drop
Erin:bad.
Blake:1.2 billion
Erin:Oh God. That's how much?
Blake:just in the U S government. And just in one year
Erin:maybe we should talk a little bit now about the top cybersecurity, threats and trends so people can know what to look out for us. They know how to protect them.
Blake:segue.
Erin:Yeah, so it says, first of all the pandemic, as we mentioned, presented lots of new cybersecurity issues and companies are working to ensure that they're prepared. So expect to see the following enhanced software supply chain security CMMC ransomware will become more of a problem for businesses. Of course it will because why wouldn't they do it and why wouldn't the hackers try to do something for quick, easy money. Companies are transitioning from a zero trust framework, a transition to a zero trust framework for cybersecurity, which is good. Also. There's going to be increased scrutiny on the cybersecurity measures of third party providers, because I want to spend taking a second for that. At least with CMMC, if you work with the subcontractor and if they're not, up to snuff, then you can get in trouble for having them as a subcontractor. So the government is putting more pressure on the actual contractors. And then you can also expect to see a rise in cyber insurance to offer further protection for businesses. But what's important to note about cyber insurance. Dwight, what do you think is important for them to note about insurance
Dwight:The thing is you have to have compliance in order to get your cyber insurance. So that's a kind of a two pronged stab at you. Take your pocket book. But yeah, no, you definitely have to be compliant. They're just not going to give you insurance. If you don't have an internal audit done, lot of these companies, now you have the audit, you got to show proof that you can pass these audits and before they'll even, bring the contract or even come see or even talk to you. So that's a big factor there. Anybody that's contemplating cyber insurance. We should also look at, getting compliant too, especially for whatever your business is. If you could deal with healthcare, like your HIPAA, you're dealing with government and government agencies, what the requirements are there. And it's not hard information to find. And of course, then we have companies like ourselves who can help with that So we can provide you internal scans guidance, remediation and get you all compliance so that you can speak to a cyber insurance company with confidence, get the plans you need to get the coverage you need. And then you'll feel a lot better as a company now you that then you're kind of protected, insurance is not a be all and end all of anything, but at least having that in place would if something happens and you've got some coverage,
Erin:no, exactly. That's really important cause people, oh, we don't need to worry about cybersecurity. You can just get cyber security insurance. Now. It doesn't work that way.
Dwight:it doesn't work that way. No,
Blake:In cybersecurity insurance, isn't like health insurance is totally different. So obviously you will get health insurance, no matter what, if you have pre-existing conditions or whatever,
Erin:Well, now you will. It used to not be like that, but
Blake:yeah, yeah. you know, you will get health insurance because of newer regulations that were passed. Not, crazy long ago, but yeah, have the opportunity and the rights to get health insurance a right now. And even if you have pre-existing conditions you can still get it. But in cybersecurity, especially cybersecurity insurance providers. if you can't show a supporting evidence where you can't pass a pen test or, you're not up to par and you can't pass these audits, you just don't get it. You can't,
Erin:yep.
Blake:can't get insurance. And that's sad
Erin:they want to make money to insurance companies and they know that if you don't have anything, you're likely going to get hacked.
Blake:it was like this preexisting conditions you just can't do it.
Erin:Or the life insurance, a lot of times they will do different tests and you have to get medical tests done
Blake:Physical.
Dwight:same thing. You got to get a business medical test.
Erin:Yeah, exactly. I imagine too that the worst, your cybersecurity, the higher your premiums are going to be. So that's another thing to think of.
Dwight:Most cases just totally denial of providing any service. Because the thing is, it's such a high risk now. And you're talking to millions of dollars and these insurance companies can't, there's no in-between and Saudi, you have it all, or you don't have anything. So it's not like we can just get this, this, this, and that and forget it with that. No, you have to have all this. It has to pass, all these checklists, all these aspects of the compliance. And so, it's an all or nothing thing.
Erin:Exactly. And there's a reason for this, right? Because according to what we're looking at here, there's an average of 20 6,000 incidents, cyber incidents every
Dwight:Oh,
Erin:And one study by the university of Maryland indicated that there's a cyber attempt every 39 seconds, which actually I'm surprised it's not like 39, every one second. That's why they're requiring you companies to have certain measures in place because they know how. Prevalent these attacks are. And if you're not concerned about your cyber security, you're going to get hacked.
Dwight:So now as it providers, we're now in providing it services, we're helping to prevent and mitigate a lot of this stuff. So feel good about that being a part of that, let's help kind of thing because it's important, right? It's very important. What we do here at Petronellis act,
Erin:Absolutely. Securing the world. Basically the new world.
Blake:I feel like a superhero for working here. do.
Erin:You're a superhero Blake.
Blake:Aww, thank that this is such a misunderstood industry. It really is. And we're here to set the record straight,
Dwight:And educate people. And people take the time to listen and try to keep things, simple to them and just give the information out so that people become aware, educated, and that empowers them then to do the right thing. At least they have the information. We can bring the horse, to the water, but we can't make them drink
Erin:Oh, I can't make him drink
Blake:all it takes is just step and the right direction to change almost everything, and of course the willingness to change,
Dwight:That's the thing is having an open mind and saying, you know what? I don't know. a lot about this stuff. I think it's serious. My business may be at risk. I need to get some consultation,
Blake:It just takes just what you just said
Erin:Educate education is so important, especially but with your employees, can't expect them to know something that you don't tell them.
Blake:yeah.
Erin:employees are the leading cause of data breaches a lot of them are not doing it on purpose though. They just don't know. So you have to educate them. If you want to protect yourself.
Blake:the most important thing, hopefully I can this into somebody, at least just one listener. There's nothing wrong. There's nothing wrong with needing help in this industry. There's nothing wrong with it. Nobody's going to hang you up a dry. No service provider is going to, laugh at you. You should be willing to swallow your pride cause a lot of the companies that I've talked to that we've worked with, when we oppose a question and know that the answer is no to that, oh, do you have a system security plan? And they were supposed to be self attesting to this 801 71, for example, or do you have a system security plan now we don't
Erin:I've never even heard of that.
Blake:or, they say I'm not sure, you don't and that's okay.
Erin:ashamed because you're not alone. In fact you're in the vast middle.
Blake:the fact that that automatically disqualifies you your government contract. I hate to say that, you should have read the fine print before you took millions of dollars or hundreds of thousands or whatever you took.
Erin:That's the thing is that people at our contractors right. now since I think what 2017, they've been attesting, that they have these security measures in place.
Blake:right.
Erin:if you took money from the government since 2017 or 2018, then you have told them that you're doing these things. And the thing is though, they weren't really enforcing it. So nobody really took it seriously. But I think there is an average of$6 trillion.$6 trillion is, stolen from the U S by, cyber attacks.
Blake:Yep. you took that money, you said to the government that you had SSP,
Erin:Yup.
Blake:you said that, And you don't
Erin:And you could get in trouble for it. Are you going to probably not, but hopefully not.
Blake:who knows
Erin:Yeah. Especially if you call us.
Blake:I think Craig was telling me about some of the big ones, some of these big contractors that had to return their grants but I think it's two and a half times the award or something like that, two times.
Erin:Yeah. The, false claims act. There's been at least three that I know of. three big contractors that lost their cases because they lied. one company had tried to get their compliance officer life for them and He turned them in and said, they're trying to get me to live for them. NA NASA.
Blake:what's crazy is the compliance industry is so amazing. Of course, nobody's going to lie for you, it's such a warm industry. And what I mean, when I say that is everybody is here to help you. There's nothing wrong with not being compliant. we expect you guys. For the most part, we expect you to not be compliant
Erin:We would be shocked if somebody walked in and they work
Blake:if you're a compliant. Wow. okay.
Erin:In the top 1%.
Blake:Yeah. You're the 1% of the 1%.
Erin:Right.
Blake:In the future Aaron and I talked about doing a podcast of cyber security regulations that you are likely subject to, but you may not even know. That's going to be a good one, there's nothing wrong with saying you need help. And even don't contact me, Aaron or Dwight or Greg or anybody in our company, we're doing this for you guys, we're here spending our time, every single bang, trying to put some information, some positive information out there, the right information to help you. And the fact that you can reach out to us and get more, answers customize answers or something. I don't know if that's the right word for, but you can get an answer to your question.
Erin:Tailored solutions.
Blake:Tailored solutions. Yeah. We're not going to make you take the red pill of their blue pill.
Erin:Not yet.
Blake:We're, gonna, figure out what's going on
Erin:And, speaking of which actually I think a good ending to this would be to talk about the recommendations that comp gives to protect yourself from cyber attacks. I feel like we talk about this a lot in the podcast, but I think it's always good to, reiterate that, And if you don't mind, Dwight, do you see that section, how to protect yourself from cyber attacks?
Dwight:Yes. I think we always have to end off on a positive note.
Erin:I agree.
Blake:please.
Dwight:listen, if we're giving you all this negative information not negative, but, and a lot of it's realistic.
Erin:It's scary though.
Dwight:Yeah, it is. Backing yourself from cyber attacks often evolves the right education, big thing right away. Don't be afraid to learn as noted above most cyber incidents evolved by way of human error, a failing in technology. So educating people, your staff, yourself included is a big part of it. So first point, educate your people, right? Train your staff, to recognize different types of attacks, such as phishing and email stamps. It doesn't take a whole lot of effort to do that. And we can help with that. We can put together a training program it can be presented in person virtually or whatever.
Erin:and also I want to add to that. we created our own CMMC training because we couldn't find anything out there that would fulfill the training requirements. Yeah. So we have the ability to help you with that.
Dwight:Thanks for that, Aaron. And then a second point, Naval multifactors indication. A lot of people still don't use this. This is something very easy to implement. It takes seconds. Well, a couple of minutes, if not seconds. for those that don't know what that is, basically it means we're authenticating or there's a second level of authentication to protect you. And it involves something that's removed from you're in. for instance, your bank account, you use your phone as the second form of authentication. You get a text message, so you can try to log in and it'll pop up. Oh, we got to send a code to your phone to verify who you are. So for bad actors, that's not going to work, but for you, it will work because you set up your two factor and you have your mobile phone in hand. And the number three. Penetration testing. That's something we do here as well. And that's important to see how vulnerable a particular application network and or work environment may be. And then number four, monitor threat intelligence. So providing just lots of different, Program software and a hardware that's available out there to monitor your existing network for emerging threats, like vulnerabilities and applications. Adobe for instance, is famous for all its vulnerabilities, right? For elevation attacks and stuff like that. So, nothing to put down on Dolby, but they have quite a few incidents and of course there's many other applications too. So there's programs and software out there that can help with that. And so that's all four points how to protect yourself from cyber attacks. Anything you want to elaborate? Blake career.
Blake:Yeah. when you talked about threat intelligence, the first thing that sprung into my mind is XDR, it's new, it's exciting. Think, and I think all of us here think, and that's the reason why we talk about it all the time, but I think it's the future of cyber security.
Erin:It is such the future. It really is. Where else can it go? It marries AI with, humans you've got humans watching, but you also have AI learning the different viruses and setting up different honeypots to try to capture anybody that's dwelling in your computers. Sounds so creepy because it kind of is, but you can't beat it. And if you are business. And you know about XDR and you don't have it. I don't know what to say to about that. To me, it's just so crazy because it's such a efficient solution. It's just an efficient solution. It's not the only solution.. Because all of these other things are extremely important, but even if somebody or a threat actor is able to get through everything else, all the other layers, right. This is the final boss XDR is like the final boss. It's going to be really hard to damage if you have XDR
Dwight:Yeah, because it's got that Bill's AI and it looks at, patterns and stuff like that. So, yeah, it's very trendy, but yet it's very effective
Erin:yeah. A human and a AI together. Do you know.
Dwight:combination of both. Yeah.
Erin:Yeah. doing what they do and you don't have to pay for the monitoring. That's the other thing with XDR and this is deemed a commercial, you're going to plan on talking about XDR, but It's just so important. You have your own team, you have your own team watching. They're watching other people's systems too, but that's what they do all day. They sit there and they watch for trouble. I also want to, say before we leave, multi-factor authentication is another thing, if you have multi-factor authentication, it's 90 plus percent, you're not going to get hacked versus. People that don't. You think about it, Right If you're a robber and you're trying to break into a house, Are you going to break into a house that has, one door locked or are you going to go door where they have a security system, a dog, all their doors locked.
Dwight:Yep. path, the least resistance, right?
Erin:Yeah. They're going to give up, they're going to give up if they don't have access to your phone
Blake:The keypad is locked, but the deadbolt is not.
Erin:Exactly.
Blake:that's something that you can do yourself,
Erin:Yeah.
Blake:and you don't have
Dwight:Yeah.
Blake:call us.
Erin:And it's slightly inconvenient, but it's not that big of a deal.
Blake:really especially, I'm sure some of you guys have the Google authenticator app. And am I using that
Erin:Oh, yeah,
Blake:have a tear. We gotta use it. just connect your Google authentication app to all the, to have is that supported and bam, you log in to that and it gives you like a million codes to pop up for the app you're using. You needed
Erin:Use it. It's so easy and
Blake:Or even a hardware token
Erin:Yes. hardware tokens. I love my gatekeeper. I love it. It's so convenient.
Blake:Yup.
Erin:I don't have the token. I have the app on my phone.
Blake:Have a YubiKey, which is pretty awesome.
Dwight:Maybe
Blake:pretty great. Yeah. It's cheap, popular. gave it to me. It's like a gift one time and I was dude, this is so, so awesome. and yeah, it's something like that. It's super cheap. And for those of you who don't know what a YubiKey is, essentially, it's just a hardware token. And before you access different parts of your computer you have to have, or software or files or whatever. Have to have this key plugged in folders, directories and things like that. So it's really helpful, especially if you've got company financial data or employee social security number. Those are really important data set data points that to keep secure,
Erin:That's another really good point too. We did a podcast on this. but wait bad cyber hygiene, this is the name of the of the podcast, but your bad cyber hygiene does impact other people, or it can impact other people, especially if you're a business
Blake:for Sure
Dwight:Sure does.
Erin:if you don't do it for yourself, do it for your customers, do it for the employees. Don't be selfish.
Blake:We say this, we say this every time, every podcast, I think I say this, I beat this home, but you can spend 20 years growing your business. And one incident can take you down
Dwight:Yep.
Blake:and this is not fearmonger cause we just literally had such a positive comeback.
Erin:we did.
Blake:this is, not a fearmonger, but it's just the truth.
Dwight:letting you know how easy it can happen. You're right. It going to happen quite easily.
Blake:Yeah.
Erin:But making It positive, right. Just doing these small little things it's not perfect, but it will help so much. So just be mindful, just be mindful, be mindful of your surroundings. Be mindful of your employees and people that you care about, and if you think about it that way, some people care more about other people than they do about themselves.
Blake:yeah,
Erin:about it that way
Blake:the way to wrap this up is you're not alone. And there are people out here that care, like Aaron said, there are people that genuinely care about helping you. And I like to sit on that board, that board of directors, That care
Erin:Absolutely. I think that was really good guys. I think that we gave our listeners some really good information to chew on and think over again, I will go ahead and post the links in the description. So if you guys want to see this, this is also stuff that we've talked about, but I think it's important to hear it from a different source. We're not just making this stuff up, really important.
Blake:Definitely the people that put together these resources especially for this podcast and the last podcast. Those are the MVPs, there's a lot of citing these articles there's a lot of research that goes into it and we're just bringing it to light
Erin:exactly.
Blake:and, yeah, happy Easter, everybody.