Cybersecurity with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001

Historically Significant Hacks and How YOUR Business Can Avoid This List

Petronella Cybersecurity

We've all seen the news and read the headlines - Hackers aren't going anywhere anytime soon! In fact, quite the opposite is true...

So what can YOU do to keep your company's name out of the papers? Listen in and find out!

Hosts: Erin and Blake



Support the showCall 877-468-2721 or visit https://petronellatech.com

Please visit YouTube and LinkedIn and be sure to like and subscribe!

Support the show

NO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.

Support the Show

Please visit https://compliancearmor.com and https://petronellatech.com for the latest in Cybersecurity and Training and be sure to like, subscribe and visit all of our properties at:

Erin:

Welcome everybody to another PTG podcast today. We have two of us again, or is it just me? I don't know. I always forget. Oh, there you are Blake.

Blake:

You forgot about me.

Erin:

Oh my gosh. I keep doing that terrible person. maybe I just need to drink some more coffee. Wake up. Yeah. So today It's Blake and meet Aaron and we are going to talk about the biggest hacks that have occurred.

Blake:

It's going to be a juicy one.

Erin:

It is juicy. And after this, what we're planning on doing too, we want to go through and pick up on. Individual hacks and talk about how they were hacked, what happened oh, maybe we can even talk about some of the viruses. Some of these viruses are just crazy the way that they work. I think that would be really interesting to you. They're programmed to basically be little spies. It's pretty fascinating.

Blake:

Yeah. We could make endless podcasts on all these hikes. We've got plenty of material, plenty of documents here to talk about plenty of companies and hopefully we're not calling people out, but these are all public record.

Erin:

Oh no. We're going to be calling people out. Let's be real here.

Blake:

Yeah, I know. Hopefully don't hurt anybody's feelings here, but I think there's a lot on here too, that maybe we can bring up and I want to stick to maybe some of the biggest service providers in the world or some of the larger companies, maybe the fortune 500 companies, because it's likely that you're a customer of some of these companies.

Erin:

what do you think the chances are Blake, that your data has not been stolen? when I say you, I don't mean you. Right.

Blake:

Oh, you're probably talking about me and I can probably say maybe, I don't know, 2%, 5%. I know that my data was hacked because I was a part of the Equifax settlement or trans union or whatever it was. I was a part of that settlement. I got a check for a whopping, five or$6 or whatever it was for my social security number being breached. Woo. Big payday. But yeah, I know I was a part of that. And then obviously, I can't remember what it is, but I think apple has some dark web scanner or something. And it shows you which one of your passwords, like in your password manager, it shows you which of your password to have been compromised in the apple password manager. So it shows some of my passwords on the web and of course they're stupid little apps, like for little video games or something where I don't have any payment information or anything. Some of them, it doesn't really bother me that is out there, but I know it's out there.

Erin:

Yeah. And the biggest problem with that, if you have some stupid little app and it got breached, that itself is not generally the problem, but the problem is when you reuse passwords and login credentials, Yeah. If you reuse the same password and it gets caught up in a breach let's say you use it for your bank account, what's stopping a hacker from using your login credentials to drain your bank account.

Blake:

Yeah. I think about severity too, right? So obviously what information they likely have. let's just say, for example, we're talking about some game or something that'll play on my phone or something like that. I know it's likely that they have maybe my email and maybe my phone number and maybe my birthday or something like that. You can pretty much get all that on LinkedIn or Facebook already, social media. Of course they likely have my password, which I never reuse passwords. So have some passwords that I reuse, if it's a stupid, stupid, stupid service or app or something that I really don't have any intention, or I'm not sure if I'm going to use it for the longterm obviously I'll just set up a little short password just to get me in and then if I like it and then I start adding more information and building my information database up there then obviously I'll change it and turn on to a and yada yada. but yeah, so I think about what information they have about me and if it's not important information, then. I know this is the worst thing ever to say, but I just don't care. obviously if they have national security number, like Equifax or TransUnion, these credit bureaus, I care about that. Because somebody can open a bank account in my name or pretend to be me and ruin my credit. So yeah, obviously I think about the severity, the information that they have and the sensitivity of that information before I start freaking out.

Erin:

It's still just feels, icky when you know that your information is stolen. It just feels achy.

Blake:

Yeah. I watched a documentary on Netflix and I think it was talking about 3:00 AM. I don't know. Maybe you've seen it. I think it's called the devil we know or something like that. But anyways, it's talking about 3m and it's talking about PF. Oh, so are you familiar with PA F O S

Erin:

No, I'm not.

Blake:

it's like a Petro fluoride, chemical something essentially three M is the one that I may tap lawn, nonstick pans and, they were using This material and all these nonstick pans and in the thirties, fifties, whenever it came out, I can't remember. But anyways they, weren't sure about the harmful effects of this chemical because people that were working with mixing these chemicals, they were getting all types of cancers and stuff. So people started looking into it and then 3m said, Hey, look by no means, should this ever, ever, ever get out of a facility. And they sold it to, I can't think of which company it is. They sold it to

Erin:

They sell the substance. You mean

Blake:

Yeah. Yeah. But anyways, 3m is the one that created it and they sold it to some company. And this company, of course, didn't read all the fine print of their contract. And they were dumping these chemicals out into streams and into water sources and stuff like that. and yeah, eventually I started getting out and it started killing animals and people and yada yada yada. So they were trying to figure out the harmful effects of it. and they started testing people's blood. they Were trying to do blood tests to see California. And I can't remember the exact stat, but the only clean blood that they could get was from enlistees and to gave blood before, world war II.

Erin:

Are you serious?

Blake:

So yeah, it's in all of our blood essentially, DuPont's the company, so damn you, Richard Petty.

Erin:

What's that who sponsored you? Richard penny.

Blake:

Yeah. I think it was Richard Petty, but, I remember seeing DuPont and all the NASCAR guys shirts and stuff

Erin:

Who this? Some Wilmington because DuPont, they do have a facility in Wilmington. Cause I went to UNC w and one of our professors was DuPont. Employee. And he tried to get me to work for them, but I didn't cause I wanted to enjoy my last summer in college. There's that horrible water down There, in Wilmington. It's awful.

Blake:

they're making this stuff in our backyard.

Erin:

terrible. Literally water in Wilmington was no joke causing my hair to break off and fall off. It was terrible. had stopped washing my hair with the tap water and I enter the sound's what extra, but I would wash my hair with water model. I had sprays and stuff like that. And then I come to find out one of the reasons for that is because of some chemical that was placed in the water a few years ago, and then they cleaned it up, but it's still not good. And there's this horrible smell that would give me migraines that was down there. I know that sounds crazy to you, but I didn't have migraines for 15 years. And when I went to Wilmington, I was there for like a year and a half and I had multiple migraines and then I left and then I didn't have any until recently, but I figured out what triggered that, but it was definitely something wrong. It's terrible what they do. To the environment. And I don't know, again, it was some gen X, I think it's called that they put in the water.

Blake:

Yeah, gen X the same type of

Erin:

Okay, so that's all, related. Okay.

Blake:

So DuPont is like P F Petro, poly Tetra fluoride. A Lessonly team is Teflon non-stick stuff. But of course it's all kind of related to gen X and PFO a PTFE. Yeah.

Erin:

They say it's cleaned up, but still not good. I didn't even notice it. I noticed that something was going on with my hair, but I didn't know, it took me a while to realize that's what it was, because I didn't even hear about it until later.

Blake:

I think DuPont sold. substance or the rights to use it to a company called Kim wars and then Kim wars their plant is in Bladen county, North Carolina. In they're dumping the gin ex into the Cape fear river fun stuff.

Erin:

Interesting.

Blake:

Yeah. I'm on their website here. And it's like, we are a different type of company.

Erin:

Yeah. you are now. I wouldn't say that in a good way.

Blake:

love to read these corporate responsibility disclaimers on all these companies. And it's just yeah, this is a

Erin:

That's a joke we see right through you guys,

Blake:

Yeah. come on, you care about profits more than you care about people.

Erin:

Capitalism is literally built on greed and I don't say that is a anything. I majored in business. that's what we were taught, you learn about capitalism. that's what it does.

Blake:

Let's bring this back. So yeah, let's talk about some of the companies we use every day. Something that maybe we all have relationships with or maybe have done business with them or given them some of our data. So that's what I'm going to focus on. Yeah. So where should we start?

Erin:

Let's talk about the biggest numerically, the biggest hack, because is mindbogglingly massive. Mind bogglingly. Massive. I would say,

Blake:

Yeah.

Erin:

would you agree with that assessment?

Blake:

For sure.

Erin:

It's so many people, so many records it's painful almost.

Blake:

Yeah. It is scary to think about the numbers.

Erin:

It is Yahoo so Yahoo. And this is just the one time that Yahoo is on here. Yahoo is on here multiple times. it's 3 billion records were compromised. so many records. What is the population of earth?

Blake:

7.7 billion.

Erin:

So almost half.

Blake:

Was that popular?

Erin:

well, it was back in the day, right? You're a little bit younger than I am, but I remember, they were huge. Yeah. My very first email account was a Yahoo account. I think that most of us after AOL, right. I think most of us went to Yahoo. And then I remember g-mail kind of started popping up a little bit.

Blake:

do have a Yahoo account. I still do. So I'm looking here in it. It said that it was outdated information and it was easy to crack encryption. It says that they did not include passwords and clear tax payment card information, bank accounts. But it did include security questions, backup email addresses. who knows what was in all this

Erin:

it doesn't really matter if it's old. Even if it's old, there's a lot of people that used the same password for 20 years

Blake:

Yeah. This was back in 2013. And then they had another one in 2014, which was 500 million.

Erin:

had a lot of breaches, but I guess it does kind of make sense. They were early adapters. They were really popular, really young in the process. And I feel like with the internet, it was kind of built. Let's just build this, let's just use this. And then we'll think about the consequences later or think about security later. So. I, think people probably weren't as good back then.

Blake:

I think that that happens with a lot of corporate companies. They just grow, grow, grow. They don't care about spending money. They don't care about security. Obviously I'm speaking very vaguely here. They're like, oh, well it hasn't happened. It hasn't happened to us or, oh we're making so much money already as it is. We shouldn't spend any more money. It is crazy. It is crazy how much, once the breach happens, not only do you lose customers, but you get fined.

Erin:

It was a lot of hat a lot of breaches, a lot of compromised data over the course of that time. But. At least they learned from their lessons. It looks like, and they haven't had a breach in awhile. Okay. Let's talk about Facebook.

Blake:

Facebook. I think they've had maybe six hacks. The earliest was 2013 and then they had one in 2018 and they had 3 in 2019, and the three amounts were 540 million users. One hack 267 million users, and then another hack 10, they had 1.5 million users that were hacked. Those two big ones were actually due to poor security. And the 1.5 million guests, what accidentally uploaded? What does that even mean?

Erin:

Did you see the 6 million accidentally published?

Blake:

Yeah,

Erin:

they haven't been hacked?

Blake:

they've been hacked. Facebook's been hacked. 533 million member, hack includes phone numbers, birthdays, email addresses in location data.

Erin:

Oh my gosh.

Blake:

How creepy is that?

Erin:

Super creepy.

Blake:

Instagram was hacked too. So Facebook owns Instagram. we're not even including that in here. 200 million there.

Erin:

due to poor security.

Blake:

poor security, fun, fun.

Erin:

You see right below that, I just want to mention the IRS was hacked

Blake:

Yeah. So according to this article that I pulled up here, somebody audited the dark web and. It says on the dark web, currently there is 15 billion stolen logins from a hundred thousand breaches crazy. And one hacker gave away 386 million stolen records for free. He wasn't even selling them like, Hey, here you go. We're friends.

Erin:

That's so much stuff.

Blake:

And this is even an old data. This is new data. But yeah, apparently this guy was trying to sell all those users data for a hundred thousand dollars. There was fresh market data. It was being promoted as database dump 386 million records from 18 data breaches, including nine, that hadn't been disclosed. And then the hacker says, yeah, the reason why I was giving them away is because I've already made so much money off of them. What?

Erin:

I've already made money off of them. Here you go. That's a little fishy to me.

Blake:

Here's my charity work. I've already made so much money.

Erin:

No, I don't believe you. Something else happened. Something we don't know about Blake. You're not telling the whole story.

Blake:

Going back to the Facebook hack, the data was on the Amazon cloud, AWS. So. I don't see Amazon in our master data breach here. It's just weird. people were able to get into Amazon web services and hack into AWS and steal just Facebook data, kinda crazy.

Erin:

And that Twitter hack. Do remember that Twitter hack. I remember it because I wrote about it and I thought it was kind of funny. Twitter was hacked back in like 20, 20. I think it was by some young kid. It was interesting. Cause what they did is they actually hacked into famous people's accounts. So they pretended to be somebody and they called up Twitter and got some information from them and use that information. Yeah. They totally spooked him it was this kid that was 16 or 17. I don't know. There's like three of them. They hacked into famous people's accounts and they were like, deposit your Bitcoin here now for something. Right. But it was all these famous people. He was like, will Smith Kim Kardashians, a couple other with tons of followers. So they ended up sealing a hundred thousand dollars plus from them because they got people to deposit their money. It was an interesting story.

Blake:

Twitter is another one. Let's talk about some companies that we all use,

Erin:

Okay.

Blake:

Adobe twenty thirteen, a hundred fifty 2 million records. and then in 2019, again, 7.5 million, then it has to do a poor security. That's the reason for it, I mean, are you serious? it was creative cloud accounts. I can only imagine what was on the creative cloud accounts, but Adobe has one of the biggest creative suites in the world, Photoshop after effects, premiere and everything ties right back into creative cloud. Imagine photographers, filmmakers producers that have their assets, their creative work living in this cloud. It's just crazy to think these companies make so much money off of us, off users and they don't really take cyber security seriously.

Erin:

They don't, it's a lot of places. Right.

Blake:

they were hacked twice. Obviously AOL, AOL. We could talk about them.

Erin:

They have one hack each decade

Blake:

Yeah. one hack every 10 years. Well, considering they've been around on the internet for so long will take my hat off to them if they're getting hacked every decade, once every decade,

Erin:

It could be worse. I guess people do still use AOL.

Blake:

I don't know anybody that

Erin:

I don't either, but it does. happen. I have Brandon run into people with aol.com, email addresses, and it's just like really? But Yeah. they use it on ironically and unapologetically, I guess it doesn't matter. Right. As long as you get your email, AOL is synonymous with my high school years. I remember the very first time a jumped on the internet, and I was just in some brawled. I was like, are you saying I can get on here and get in this chat room? And I can talk to people from all over the country and all over the world instantaneously, what is this? This is crazy. I just thought it was, oh man. Crazy. And here we are. It was fascinating. I did not grow up with the internet and I think that's maybe a difference between my generation and the millennial generation, because I think that the millennial generation started out very, very young had the internet. But I remember, a whole life before it practically.

Blake:

I remember the huge floppy disks that were like not tiny floppy disks, but big floppy disks that were maybe the size of a laptop now.

Erin:

Yeah,

Blake:

No, my storing data on them. I do remember that the internet CDs it's like oh, the Internet's gone. I need to go buy a CD.

Erin:

Yeah, exactly. And it would take forever to log on and back then too, we didn't have cell phones. because we had so many kids in my family there's well, there's four of us. I think we did end up with two phone lines. So we were able to utilize one of the phone lines for that. But then that meant that we weren't able to talk to our friends as much though, but yeah.

Blake:

Imagine when your friend was on the internet or somebody in your home was on the internet and your friend or family, and then you pick up the phone and then you're go into the Twilight zone. Cause you hear the internet, like,

Erin:

But when you did that, it would disconnect them from the internet.

Blake:

I don't remember it like that,

Erin:

it would, it would disconnect them from the internet and it would just suck.

Blake:

There's too much internet flowing through this wire. We have to disconnect them.

Erin:

We don't want anybody to turn into AI.

Blake:

Super crazy.

Erin:

Yeah, it was fascinating time to be alive.

Blake:

oh yeah, for sure. Right below we have apple here. So apple was hacked 2021 last year, 275,000 records.

Erin:

They accidentally published.

Blake:

I don't know that went to something about blue towed. I don't know what blue is, but there's also apple here as well. They're probably one of the biggest companies in the world, obviously, so, and the fact that at least in the database we're looking at now, they seem like they're probably one of the more secure companies just looking at that. at T and T is another one,

Erin:

Ashley Madison

Blake:

oh yeah. That was a huge one.

Erin:

was huge for 2015, yet. That was huge. Lives were ruined Homes were torn apart after that hack. that's pretty crazy to think about the impact of that on so many people, it's their fault because they're doing things they weren't supposed to be doing, but oh gosh. so many people, 32 million cheaters, basically.

Blake:

I don't know if it was all about cheating as a, not a dating website. I don't know that the detail

Erin:

from my understanding I've never been on it. but I think it's where married people go to find hookups. I think that's specifically what it was for, I could be wrong, but that was my

Blake:

Fair enough. Yeah. Haven't used that one personally, but maybe somebody out there, some of our listeners,

Erin:

Uh, commercial website build as enabling extra marital affairs. it was literally, that's what it's for.

Blake:

okay. Fair enough. 80 and T at and T. 2010, 2008, 114,000 records in 2010, 113,000 records, 2008. And one of them was because of a stolen computer

Erin:

Oh, wow.

Blake:

who now? Bank of America. Oh, 2005, 1.2 million records. And it says that I was lost and stolen media. So I don't know what specifically.

Erin:

Yeah. I bet somebody had like a drive or a flash drive or something like that.

Blake:

Think about bank accounts, right? if you're in financial services, you have social security numbers you have people's money,

Erin:

I won't say who I worked for, but I was a financial services representative. I had to get my series six and 63. But I had stopped briefly by my friend's apartment to grab something and I came back and somebody had. Broken my window and stolen my briefcase. Totally my fault. That was dumb, but I was only gone for five minutes, but they stole my briefcase. And it had personal information in it. I feel really bad about that now. I don't think anything came of it, but

Blake:

Let's talk about another one, I think is pretty interesting. Obviously we've got a couple of gaming companies here, like the feast, blizzard is another one. I think Blizzard's world of Warcraft one mistake. And another one that sticks out to me is Canva. So that was in 2019. Canned, are you familiar with CAMBA?

Erin:

No, I'm not.

Blake:

It's an image editing application is kind of like Photoshop for non-tech people, But yeah, it's like an online designing tool, so 140 million users. they're saying that there wasn't any credit cards taken, but still pretty bad.

Erin:

That's huge.

Blake:

Still pretty big. Imagine if you had a company with 140 million users. You're serious. You should be spending millions on security, but you're just like, oh, oh, oh period is nothing. Capital one, obviously. 2000, 19, 106 million records, If you're in the financial services space,

Erin:

No.

Blake:

I don't How about you pick out some of those on

Erin:

Oh, let's see. Well, IRS

Blake:

Oops. I don't want to know them though.

Erin:

no, stay away from me.

Blake:

Pretend like I don't. Door dash 2019, 4.9 million records hacked

Erin:

I was using door dash, then

Blake:

Gotcha.

Erin:

they got my stuff. Oh no,

Blake:

Yeah. The more we talk about this, the higher likelihood, like we said, at the beginning of the podcast, I know our data is out there and these are companies that use Dropbox, right? Another one that I use Dropbox, 68.6 million records.

Erin:

Verizon. Yeah.

Blake:

Yeah. Part about that one. I'm happy. I'm not a Verizon customer anymore.

Erin:

I'm an a T and T customer. So

Blake:

a T-Mobile customer. Ooh,

Erin:

I tried T-Mobile for awhile. I went back to 18 T.

Blake:

I have T-Mobile towers, but Ryan Reynolds is my mobile provider Deadpool. Yeah. Met mobile baby net mobile. E-bay E-bay twenty fourteen, a hundred and forty 5 million records or hacked.

Erin:

So looking through these, right. I feel like if you just look at how all of these occurred there's hacks poor security, things like that. If you're not a business and you're just an individual person you've been hacked, your information has been compromised. A hundred percent. Unless you're just not on the internet, which like, come on, who's on the internet these days. I'm sure it's somebody, but the thing is this is why it's so important to secure yourself. Even YouTube, Right. 4 million people due to poor security. So thing to know about this, you're going to get hacked. So instead of trying to figure out a way to not get hacked, I think the best way for people to go about minimizing the impact of these hacks on their lives is to, again, like we said on the last podcast, Multifactor authentication is going to stop a lot of this and also just password hygiene in general, good password hygiene, not reusing it, and also making a secure passwords, having a password manager, those things are really, really going to help minimize the impact of this because going to be impacted your information is out there, but you can only control yourself right in your own actions and the actions you need to take or to implement multifactor authentication or some sort of Google or some sort of authenticator everywhere that you possibly can. And you also need to not reuse passwords.

Blake:

Yeah, that's a big one. Something we should probably touch on since you kind of segwayed it, but the tips here that Aaron just gave of course you gotta live by them religiously, but,, some of these hacks were not for in user accounts, but they were just databases in general. So even by having to FFA, and things like that, your information is on their server, what information they keep on what server and where, and how it's stored who knows about that. But your information lives somewhere with this company and it's scary, but even having to FFA is it going to save you in instances like this? If somebody is just targeting a company

Erin:

Yeah. If they steal your log-in credentials though, having to a Fe and good password hygiene is going to help minimize it.

Blake:

It's definitely going to help outside of the hack. So let's just say, for example, a hacker gets your information from X company and sees that you do business, or maybe, have used a Y company they try to use the same credentials from X company on Y company. And you don't have to FAA enabled.

Erin:

You're toast, man. You're toast.

Blake:

yeah.

Erin:

If you have some stupid little app that you play that got breached and you use the same password for your retirement or anything, financial or anything sensitive. Just asking for it. And I hate to say that. I feel bad cause people just don't know this, right? But this should be common knowledge. This should be absolute common knowledge. I don't know why it's not. And I feel like there's a major failure somewhere because people don't know this. And that's why, ever since you can't put that idea, Blake or not came up with the idea, but told me the idea about cybersecurity starting cybersecurity young, that's makes so much sense. We need to teach our kids. These things are nieces, nephews, whoever because the means it's going to get stolen. It's going to get stolen, but you can only so much and be smart about it.

Blake:

if you think about it, social engineering, we've talked about social engineering before and role in cybersecurity, and I can't remember the stat, this wasn't in our stats podcasts. So I'm sure some of you guys are gonna remind me, but social engineering is a huge part of hacking and I think it takes maybe seven out of 10 or something. I can't remember the stat, but seven out of 10, for example, something like this hacks require social engineering to be successful. think about this. If you have a child you are social engineering, your children every single day when you raise that. Oh, don't talk to strangers, right? That's social engineering. Oh little Johnny Little Johnny is going to be a vegan because we're vegan, social engineering, right. Don't eat meat, this is bad, that's social engineering, so, you should be doing the same thing when it comes to internet security and web security why is it not.

Erin:

,I can't help it think again, I know we keep bringing it up, but it's, get used to it, but I can't help, but wonder how many of these hacks could have been prevented, had XDR been available?

Blake:

That's a good question.

Erin:

A lot of these could have just been straight up, taken off.

Blake:

Here's my take on this, right. So obviously as XDR becomes more prevalent I'm curious if cyber hacks are going to go down as a whole, just the frequency Curious on that. I know you're probably going to say you think so, Aaron, because I know you, but I don't think that the frequency is going to go down. I actually think the frequency is going to go up.

Erin:

why do you think that.

Blake:

I don't know. don't have an answer to the question, but Okay. So here's the navigable path. Obviously we live and breathe computers. everything is digitized. All the information is digital. We live and breathe computers and all the sensitive information lives in the internet. It's not like, you're throwing a brick through a window and taking a filing cabinet anymore to get data. so with that being said there's more and more information out there. So obviously hackers are going to be more and more creative trying to get that information. And it's just going to be a new racket and a new hustle, a new method

Erin:

all right. So that being said, I can see what you're saying, because obviously they are going to get increasingly sophisticated. That's just what's happening. But at the same time, I think that. They're going to get more sophisticated just because they have to, because they're going to have less opportunities to hack businesses that do adopt an XDR solution. If you think about it comparatively, okay. So maybe they'll still be a bunch of hacks. But think about when people talk about gun violence, where if you outlawed guns, I'm not advocating outlying guns at all. That's not what I'm saying. I just want to be upfront about that. I don't want to get canceled. Right. I go, what are you going to do anyway? But if you. Use a knife instead of a gun. Because people are like, oh, you can outlaw, but people are still going to murder people. But if you're in a group, like a big group of people and you have a gun versus a knife, how many people are you going to be able to hurt and kill with a knife versus the number of people that are gonna be able to hurt and kill with a gun? So I see what you're saying, that there are still going to be hacks and stuff like that. But if you think, about it, comparatively, there's going to be less hacks or there's going to be less impact per hack also of the people that have the XDR.

Blake:

I think you're right to a degree. So let me backtrack a little bit, because there's so many hackers out there. There's obviously going to be a wide variance between hackers that are going pro low-hanging. And hackers that are going for the colonial pipelines or these bigger targets. So there's obviously going to be that gap between the low-hanging fruit get hackers and the higher end targets is definitely going to get narrowed. So a lot of the hackers that aren't as experienced are definitely going to be missing in action. They're not going to be as effective. I don't know what they're going to do obviously, but, it's going make people like hackers like that, it's gonna make their job more difficult and they may get more frustrated and maybe make them. Quit hacking or maybe get them exposed or I don't know, those people aren't going to be as effective at hacking anymore, essentially as a nutshell. But you're going to have the big dogs, super hackers, they're going to be going after bigger targets, that's my thing, they're gonna be going up. They're bigger targets. You're going to be going after more sensitive data, because tacking is more and more challenging with XDR being, implemented and rolled out. They're going to go for the brass tacks, who knows what that is,

Erin:

guess though, the spirit of the question is kind of what I'm looking at, The fact of the matter is that having an XDR solution is going to reduce. The risk that you have of getting hacked in general. So does that mean that hackers are going to stop hacking

Blake:

Cyber security is about layers, right? It's about layered approaches. So the more layers you have, the more secure you are, so is XDR a layer. Absolutely. is it the end? All be All

Erin:

Oh God, No. no, not even close. No. The thing is, here's something that I've learned from looking at the reports that we have generated for people that have tried it. the thing is that when you have good cyber hygiene, besides just, XDR what it does, it makes the. Bad things that are happening stand out really clearly. for example, one of the reports we, uncovered a brute force hacking attempt now, this company already had amazing cybersecurity in place. But obviously it didn't stop everything and I don't know how quickly that would have been discovered if there other cybersecurity wasn't already so clean. If everything else was muddled and hard to see, then it wouldn't have been discovered. Most likely not in time anyway, or not as quickly. So still having good cyber hygiene besides just XDR. It's like, if your house is messy, it's like cleaning up one cabinet, cleaning out one cabinet is not really going to make a difference. Even if you do a really good job cleaning that cabinet out, it's still going to be a mess. And I guess that's kinda how I see, XDR and the layers, just make it that much more obvious when something is awry.

Blake:

Yeah. Talking about layers, think about you have thicker layers, right? You may have a cotton t-shirt on and then you have a sweater on, and then you have the peacoat, or maybe to sweater, XDR is probably at this point it seems like it's gonna be the thickest of the layers,

Erin:

Yeah. Yeah. That's a good point. It is not the end all be all. If you get XDR, you're still at risk for being hacked or breached, obviously but it's going to make it a lot less, possible for you to be breached or a lot more difficult. But yeah just because you have XDR, it's not like, oh, we can just rest easy. Now. Life is good. Nobody's going to hack me now. That's not the case all year. You still want to do all of these other layers, like we talked about just to make sure you got all of your bases covered.

Blake:

Yeah. Yeah. I think the future is obviously unknown. obviously with my experience in the industry, I have the more, I guess pessimist approach, maybe that's just me. But yeah, I think if anything being in this industry, I used to have more faith in humanity, but now, it is sad. Love what I do and I love the industry and I love my job, but yeah, we all are taking the lazy path,

Erin:

What do you mean?

Blake:

we're all taking the lazy path.

Erin:

Just in life in general? Or do you mean cybersecurity?

Blake:

in cyber security,

Erin:

What do you mean by that?

Blake:

Okay, if you want to get into the gym, or anything in life that you want to do, I gave you want to be good at something, or if you want to change something, it takes hard work. It takes hard work to break the habits that you live every single day. It takes hard work to break habits, to break bad habits, especially. I think everybody faces it. Is it easier for you to go through the drive through or Chick-fil-A or is it, to get your favorite sandwich or prepare a meal at home that is all vegan or vegetarian.

Erin:

Do that every day and some days I don't feel like doing it don't tell you I went vegan. I went vegan. Go.

Blake:

No, I didn't know that.

Erin:

I quit eating meat probably three and a half years ago. I'm like, I want to try to go vegan, but oh my gosh, I just love cheese so much. But then I decided to just do it. So I just went for it and I went vegan and last night or two nights ago, do you know And I was storming. So we decided to go out to eat. And we went to the place, man live right now in a small town in South Carolina. So there's not a lot of vegan options, out here, but I got a pizza. It was a garlic lovers pizza with no cheese. I got pizza with no cheese, like who does that. But, oh my gosh, it was actually really good. That being said. It is a lot easier to go to a drive through than it is to make vegan meal, a good plant-based meal every night in your kitchen. But I do it because I love food and I can't find any place around here anyways.

Blake:

The whole point is, we all have bad habits, Nobody's perfect. We all have bad habits. If it's the way you eat or something else. That's the easiest one to think about we can all say, oh, I wish I ate better. Oh, I wish I was more active or, oh, I wish, insert something here. But in cyber security,

Erin:

people are looking for a magic bullet.

Blake:

Yeah, they're looking for the WeightWatchers, they're looking for the herbal lab, the cyber security, they're looking for a prescription, they're looking for an easy button. That's what we like to say, and it doesn't exist, and if they're looking for the easy button and they don't find it, what do they do? They just don't do anything.

Erin:

nothing. It's all or nothing.

Blake:

Yeah. With that being said, that's the reason why, I find it easy to be disappointed, my 2 cents.

Erin:

Yeah. No, that makes sense. I hear what you're saying. You're Right, We do see that a lot here because I feel like because the cyber world is not rooted in the. World we can't necessarily see it or whatever.

Blake:

Right,

Erin:

I think people just don't understand it and don't understand the complexity of it. And so you're right. They're looking for an easy solution to making sure that they don't get hacked. But we do have lots of things that help with it, but Yeah. there's not one, magic bullet because everybody is different. So you can't have a solution, the same solution for everybody because we're not all the same, but I understand what you're saying and I totally agree and the thing is even with an easy button, looking at compliance and like what we talked about with Craig on Monday, we do help make compliance easier, but you have to still work on it. we can't just do it for you. Unfortunately it, sometimes I wish we could. Cause we get stuff done a lot more quickly, but we can't it has to be you that does it. It's your business cybersecurity seems like a pain in the butt, but we are all online. So it's all of our responsibility. If you want to enjoy the fruits of cyber security. Cool. But be mindful. It's not just you, right? So when your cyber hygiene is bad, you're not just impacting yourself. You're also impacting your clients. It's just very thoughtless. We don't want to have to be worried or concerned about these things because ah, that's boring. We just want to have fun and do it. But just like I was saying, the other one, when there's dangers, you have to take precautions. And you have to work to keep yourself safe,

Blake:

Let me think about driving a car, you obviously take a class and take a safety course and all this stuff before you get in the car because there's other people on the road. And you're responsible for not only your safety, but others safety.

Erin:

right?

Blake:

And, Craig, when we had him on the podcast, I think Monday or Tuesday or whatever he brought up a crazy good idea, and obviously we're not talking about internet censorship here. That's not what we're advocating for, but before you access the internet, maybe have a brief internet safety course, maybe a couple hour course that you have to take once a year or something

Erin:

The fact of the matter is that the internet is here. It's not going anywhere. I think that when it first came out, how could you even know the impact that would have? You might be able to guess a little bit, but it's just so widespread and so universally adapted, right? you couldn't have necessarily predicted. And I think people still kind of have that mindset almost like it's not, oh, it's just the internet or, oh, it's just social media. But the thing is that it is real. It is real because there's real life impacts, just like we're talking about with Ashley Madison. And if I said that right homes were ruined. Yeah.

Blake:

It's dangerous.

Erin:

yeah. It affects your life. It affects your life. people get hurt. people die. People have died because of hacks, unfortunately, but it's the reality of the situation and we need to start taking it seriously. Like it's not a joke. It's not going anywhere. Unless something major happens there's some huge catastrophe in the earth. Blue is at a place the Internet's not going anywhere, and it'll probably outlive humans who knows,

Blake:

maybe

Erin:

it's not a joke. We need to take it seriously.

Blake:

the internet is here to stay

Erin:

internet is here to stay and it's changing lives, whether for the good or the bad, do you know, that's debatable, but it's, that's what it's doing.

Blake:

a good place to leave this for the next one.

Erin:

I agree. I was thinking the same thing.

People on this episode