Cybersecurity with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001
Cybersecurity with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001
The REAL Reason the US is Behind the Curve in Cybersecurity
Sometimes it seems as if America is ALWAYS the target of cybersecurity attacks. And that's because it kinda is! But what remakes the US such an attractive target? It's a complicated answer with multiple reasons - some that aren't too surprising, and others that may be harder to spot.
But one thing is for sure: We in the US, collectively, need to take cybersecurity more seriously and make it a priority, rather than something at the bottom of our to-do lists.
Listen in as we deep dive into the REAL reason the US is behind the curve in cybersecurity!
Hosts: Erin and Blake
Support the show - Call 877-468-2721 or visit https://petronellatech.com
Please visit YouTube and LinkedIn and be sure to like and subscribe!
NO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.
Support the Show
Please visit https://compliancearmor.com and https://petronellatech.com for the latest in Cybersecurity and Training and be sure to like, subscribe and visit all of our properties at:
- YouTube PetronellaTech
- YouTube Craig Petronella
- Podcasts
- Compliance Armor
- Blockchain Security
- Call 877-468-2721 or visit https://petronellatech.com
welcome to another PTG podcast today. It's just myself, Aaron and Blake. Today blake does not have his microphone, so we don't have his sexy voice, but it's still sexy enough. You'll be fine.
Blake:Yeah. Yep. I was thinking you were going to forget to say my name here on the Centro, but I'm also here.
Erin:No, I'm not the one that forgets. remember you.
Blake:I was like, okay, my mic is muted. Maybe she doesn't know that I'm here.
Erin:It's just me today, guys. It's just me talking. What's that little voice and the background. I don't know.
Blake:The Lone Ranger.
Erin:I'm the lone ranger today, Oh, hi Blake. There you are.
Blake:I'm here..
Erin:I think we have a really interesting topic today. So Blake do you want to tell our listeners what we're going to be talking about today?
Blake:Yeah. So we're going to be talking about the real reason behind cybersecurity problems in the United
Erin:Yes. What is it? Because here's the problem. Cyber security is a real problem. It is a huge problem, we've talked about the colonial pipeline before, but that's really one of the biggest, most impactful breaches that we've experienced here in the U S and the thing about it is that they weren't even really trying to mess with our critical infrastructure, according to the hackers, maybe they're lying, but I just thought that was interesting. They're just doing their thing and then we're over here. boyfriend was working for a company at the time and they ran out of gas and they knew they were going to run out of gas and they still had to go out on the job site, even though there was no gas anywhere. That's how it impacted my life. Not really, but it impacted my boyfriend's life.
Blake:The colonial pipeline was a big one, especially for the east coast. It was more about supply chain disruption than anything, but of course there's been bigger in my opinion, breaches like Equifax and TransUnion, because it was more users impacted, Just because there wasn't a presence that was being felt. It's fact that these hackers got however many millions of social numbers, that's pretty. Yeah. So.
Erin:it's huge. I think the colonial pipeline, it impacted a lot of people real time. I feel like you're right. There've been much bigger hack. But I guess I was thinking more to critical infrastructure cause there's also a new announcement today. Maybe it wasn't today, but this week there's been a new announcement, a new renewal of warning against the potential, possibility of Russia attacking critical infrastructure here in the U S so we all need to be on high alert obviously, but that leads us down to the question. Why is our cyber security so crappy anyway? What do you think, Blake?
Blake:think we're just an easy target. We talked about in some of our product desks, low-hanging fruit. I think the United States government is certainly some low hanging fruit.
Erin:Why do you think that is though? What missteps do you think the U S took in protecting our infrastructure?
Blake:Of course there's been maybe missteps. I'm not entirely sure. Obviously it has a lot to do with I think personally the digital push, within the past 15 to 20 years, all businesses for the most part have been storing records digitally. They've been getting away from physical records, everything is going through the cloud. Everything is going digital every single employee in a company. Yeah, that works at a company has access to a digital device versus, maybe 15 or 20 years ago. Maybe there was one computer, one assistant administrative computer, her office and there wasn't cell phone, smart phones. But yeah, I just think that visual, but we just weren't ready for it. That's just my thing we just can't keep up with it. There's so much business that's going on, especially on the internet, we can't keep up with the amount of transactions, the amount of company records that we just can't keep up with So I don't know if it was a misstep, but certainly we're just a cat and mouse game.
Erin:I think though, that you said you don't see necessarily where a misstep has been, but I think you actually kind of outlined a misstep without realizing it because we did push to go digital and I understand why, but at the same time, I think one of the problems that we had was the fact that we relied on. Promises from the supply chain from the DIB defense industrial base. And it wasn't even trust, but verify, it was just trust I've said this before, but kind of think of NIST 801 71 and deforest requirements previously as being like a wink, wink, nudge, nudge kind of thing. Like, oh Yeah. you got your cyber security up to code. Yeah. Okay. I'm going to believe you wink, wink, nudge, nudge. Yeah, you totally do. Right. That's kind of the impression that get from it. And I think that was a big problem. Cause America is built on the principle of freedom. And I think that sometimes. That gets taken a little far for certain things, because freedom is great, but we also need to think about security. It's like the more free you are, the less security that you have. So, You're free to run your business as you want, but when it gets to the point that national secrets are being stolen, there's a problem, I know it's not the cheapest thing in the world to get all of your cyber security to date, but what's the costs going to be, we don't secure our supply chain,
Blake:I think that's the multi-million dollar question to the government that standing out these multi-million dollar grants, but yeah, now that you bring up the nifty a hundred, 1 DFARS regulations, I just don't understand how that happened. I don't understand why there wasn't more done, especially when millions and millions of dollars of rewards are being handed out. I just don't understand how you could stress corporate business or big fortune 500, or whoever these worries are, just don't understand how could hand out those large sums of money without some actual evidence and supporting that
Erin:but at the same time though, think about people that we've talked to in some of our past prospects and things like that, that did not end up going forward with Protecting their data, The reason that they don't do it is because they don't think that they're going to need it. The problem is that, okay, this is a potential, threat, but it has not actually impacted them personally that they're aware of. So why are they going to spend millions, billions of dollars to secure their supply chain if it's just a potential threat. I don't know, I just kind of get this feeling too, that hackers and malicious, malware ransomware, feel like the pace of increasing sophistication just really ramped up to a point where it was all of a sudden like, oh crap, what have we done? Or what have we not done? This is getting out of hand. And it got out of hand before they realized it was going to get out of hand. And now honestly, like it's just a mess. I look at it and I'm like, how are we going to secure ourselves? I don't know. I don't know how we're going to secure ourselves. Billions of dollars are being exfiltrated annually by foreign actors, right? Billions of dollars worth of data and information and national secrets. It's all being stolen. So wouldn't it make sense to instead use those billions of dollars? Actually? No, I think it's trillions of dollars, but anyway, it's a heck of a lot of money. So why not use that money instead to. Secure your supply chain. I think that that would be huge. I think that they need to grant people money for it, grant businesses, money for it, but at the same time, cause I think they did try that a bit with NIST. Some of the costs were built into the contract, but they need to make sure that that money is going towards what they say it's going towards because clearly they did not use the money that they were given in the contracts to fortify their cybersecurity defenses. That's blaringly obvious glaringly obvious. One of those, both of those, could work.
Blake:also feel like we're conditioned the worst case scenario but when you were talking, I was really thinking a lot about healthcare, the healthcare industry, and how everybody strives in America to have health insurance. Not because you want to use it, but because you hope you don't have to use it.
Erin:that's a great point.
Blake:if we weren't conditioned to that manner to say, Hey, look you're driving a car you're doing risky activity every single day you're running or don't know swimming, or think about how many people get in accidents on a daily basis.
Erin:Just living.
Blake:Yeah, just accidentally, I'm sure there's a lot of people out there who accidentally broken a bone and that's when your health insurance comes in, just because you had health insurance and you have to lose health insurance. Does it mean that you're not going to have to. So going back to the deep bars, what's the holdup, I don't understand if we're conditioned to understand and we're conditioned to realize that accidents happen every single day, just living then. Why is it that we trust in relies so much on the perception of cyber security that doesn't exist? Why do we lean on that? Because that's a fictional It's not real.
Erin:exactly. No, I think, that that's a really good point. I mean, the internet is not tangible necessarily. You can see it on your computer screen, but what is it? So I think that unlike car insurance, where you have your vehicle, you see accidents on the road all the time or health insurance, you go visit people in the hospital, you can see the impact that it has, but it's almost like cybersecurity is more of an invisible thing. it's harder to see that means that people probably think that, I don't know, maybe out of sight, out of mind, kind of.
Blake:I think there's just a, such a lack of expertise in the field. We've talked about this before. No cybersecurity I've said this before, it's not sexy. You're not a doctor or you're not an airplane pilot, it's not something that, kids go to school for dream to be like, oh, I want to be an astronaut.
Erin:I wouldn't be a cyber security expert.
Blake:I can't think of anybody. personally wanted to pursue cyber security. It's just like, you're conditioned for it. And you end up this field because you stumble upon. And it takes a certain type of person to be successful in this industry. Me and Jonathan had talked about this before, but usually it's people, I know this sounds weird, but it's people that are overly analytical and the type of people that have, an ever evolving mind I think it's a mental disorder that people that join this industry. really did.
Erin:Okay. I think that we all have ADHD company. I don't know if that's what you're talking about. I'm not an it person, I'm not a technical person, but I find cybersecurity. Absolutely fascinating. remember one of the first articles I wrote for Craig, I was like, this reads like a spy novel. This is so cool. It's not cool that it's happening. It's not cool that it's mad guys, but just learning about what the hackers did to the viruses and how they program them to do these just insidious in city is acts to people on the computer. not only does it encrypt all of your data and all of your files, but it also stays dormant on your computer. It's just sneaky. they're smart. Lazy hackers are lazy, but they are pretty smart. And a lot of people just don't get cyber.
Blake:Soldiers, right? A lot of people injure the armed forces maybe because they feel like they don't fit in, or maybe they're undecided about their future. So they enlist in the armed forces, the military, then they can fish and to be a soldier. So that's what I think is the cyber security space. instance, I always was kind of like the pivotal point between my family and friends and technology. Everybody was always saying. I dunno, I stood out being the type that would help you solve problems with cybersecurity or not cybersecurity technology. so for that reason I just landed here, I landed here. It seemed like it was just something that comes natural. I don't know if you can compare it to athletes or, it's the field we're addicted minds thrive. And usually those gifted minds, it usually comes with a personality disorder, but we're all for the most part overachievers. That can be classified as a personality disorder. people that have. Analytical minds arrive, arrive in this industry. And those are the ones that hang out and stay in this.
Erin:Now out of curiosity, do you think there's a difference between people that thrive in it and people that thrive in cyber security, but do you think that there's a different there? Because I know for me personally, I am way more interested in cyber security and the digital realm in general than I am just in it. the thought of doing what you guys do. It just makes me cringe, but I'm super curious about what goes on the other side. And honestly, like part of me kind of wishes I had. Studied cybersecurity, but they didn't have it really. Back when I went in college, it was more just it stuff, not interested in so much.
Blake:Yeah. I think if we can compare it to sports, it's total opposite spectrum. We're not playing a sport. But you have defensive minded players on a sports team and you have authentic minded players on a sports team and they all go towards the bigger picture of winning the game. So of force, your personality has a lot to do with it, in my opinion. I'm more of an offensive, strategist, more so than I am a defensive strategist. I think about how we can progress, how we can push, how I can Excel, how I can stand apart, how I can be a leader more so than how can I fortify and how can I secure the progress that we've made?
Erin:So you consider yourself to be more proactive, as opposed to more reactive is kind of what I get from that, which makes a lot of sense to me
Blake:And we've got people like Jonathan that are more reactive, I definitely see both sides of the spectrum. And I like to think of myself as somebody that floats in between too. Cause I can be reactive, but I do mean in a proactive state.
Erin:I think that I'm more proactive too. I try to about problems that can pop up, okay, we're doing this activity, what can go wrong? What can fall through the cracks? Where can this process break? That's why I'm so detailed. I'm a naturally disorganized person, but learned at an early age that if I don't get my stuff together, I'm not going to make good grades. And I, always liked making good grades. So. I had to set up systems for myself and I think that because of that experience, I'm actually able to help people become a little bit more organized and proactive, or at least I try to, it always work, but I agree. I agree with you. I think a big difference between it, and MSP like managed service providers is it, to me feels more reactive and MSP feels more proactive. And I think cybersecurity is definitely proactive, you can get reactive. we get a lot of reactive clients. Who did not necessarily set up their cybersecurity in the best way, or didn't think about. The impact that a lack of cybersecurity could have on their company. So we do have a lot of people that call and they're like, I've been hacked. I need help. But really, another thing I would say, I feel like I say all the time, but a half an ounce of prevention is worth more than a half pound of cure.
Blake:Yeah. We, had somebody that we were working with and putting together that we were trying to figure out if we were the right service provider for them. And ultimately they ended up not choosing us because we were cyber security focused. And in my mind, I was like,
Erin:really.
Blake:I just can't understand
Erin:Wow.
Blake:you hire mez Sheriff's provider and cybersecurity, isn't a priority to them. think you'd want to find somebody who shows down that, rabbit hole backwards, right?
Erin:Yeah,
Blake:Somebody who is more in tune with cybersecurity and managed services is a secondary service to them versus cyber security. Because should you have a net, let's just say, for example, running virtualization from your managed service provider, VM-ware virtual, machines and these people are responsible for securing all of your cloud storage, all of your end points, all of your devices, all of your data. Not specialists in security. That's handing over to your home, to your neighbor who you've never met we were talking about even leaving the T it's like a plague. People who have that house, they leave a key under a pot or they leave a key under a door mat. those are the most common places that somebody is going to look, to get into your house. But I can't understand why you would go to and trust your data with somebody who doesn't have a security background and somebody who doesn't have that defensive mentality. That's for a fixation perspective on, being a managed service provider.
Erin:that really does. Make any sense? It does not compute. I don't understand it. And I don't mean to sound mean when I say this, but it's so mind blowing, but that's very indicative of this topic that we're discussing right now. People just aren't thinking, things through, they don't think things through. because they're not proactive. They don't think ahead. It's very myopic. They look at what's in front of them. And what are you going to do?
Blake:I want to see more cybersecurity courses and school. I don't know if that's the thing. I've been out of school for a long time, but when I. was going through high school college. there wasn't a lot of cyber security horses There wasn't much, information out there. people think of, your computer as a tap, like plumbing you go to your faucet and you turn your faucet on and water comes out. But whatever you, all of a sudden see leaks, then you have a problem. They don't think about it from the same type of perspective that we've been conditioned to think about healthcare,
Erin:Right.
Blake:Hey, it's better to be, proactive than to be reactive, but I want to see. Cyber security courses for, children, younger, kids. And, I, can't tell you how many times I've been walking through a store and I've seen a mom or maybe on a flight and a mom hands their kids over the iPad to play games or whatever. If they're playing games on an iPad and they're they should be learning my opinion, rudimentary cybersecurity,
Erin:Absolutely. That's a great point and actually kind of leads into something. I was going to ask you too on the podcast. I like that we discuss the problems. Right. But even more than that, I guess, because we are proactive, right. I like to also. Discuss solutions. So I was going to ask you, what do you think we could do here in the United States to improve our overall cybersecurity? And that might not be the only thing, but that is a really, really great point. Kids are on the computer now from, as soon as they can look at something, they're on an iPad and they're on a I guess probably not computer, but definitely on an iPad. And if you're old enough to be on an iPad, you're right. you need to be able to maybe not at three years old, you're not gonna how to defend yourself against hackers, at a very early age, it is a digital world now, and we do need to take it seriously.
Blake:let me jump in. if your child is old enough to click on an application and running an application on the iPad, and they're likely old enough to click on a VPN application and turn on a VPN,
Erin:Yeah.
Blake:you click on the application, press the on button. There's some really user-friendly VPNs out there especially before they do anything on the internet. If they want to browse the internet for anything at all. I can't think of reason kids do on the internet these days, maybe look at YouTube videos of cutie pie or maybe watch Mr. B's videos. You're certainly young enough or certainly capable enough to run a VPN. you're going to browse to YouTube and watch YouTube videos or play games,
Erin:watch unboxing videos I know, understand kids love
Blake:Sure. Yeah. maybe, a lot of kids that I know love to watch other people play games on the internet. It's like, oh, this person is playing roadblocks and they want to watch them play roadblocks on the internet while they're not playing roadblocks. so if you're certainly capable of searching something on the internet, that you can certainly teach your child how to run. You can certainly tell your child the same way you said, Hey, don't talk to strangers. You can certainly tell your child, Hey, if you see anything weird on the computer or on your telephone or on my telephone or on my tablet, let me know. Or if you see a weird way and you're not sure what that link is, let me know, show me or just don't click it. It's that simple. It's the same way you tell your child to not talk to strangers. Those are two immediate things that you can teach a child on how to at least condition them. That's what we're talking about. We're not talking about turning your child into a cybersecurity specialist. We're talking about rudimentary cyber security practices. Let's take the simplest amount of sophistication or even abilities to perform
Erin:yeah. Yeah, absolutely. And that's another idea for a podcast Blake. Maybe we should do a podcast on the top cyber security tips to teach your children as soon as they start learning how to click on links or apps. I think that that's a good idea.
Blake:I think about this now, every child a phone,
Erin:Yup.
Blake:not only for convenience purposes, but for safety purposes. I don't remember what age I got a cell phone, but I think is really common for kids as young as nine or 10 years old and maybe even have a cell phone this day. Because mom and dad wants to get ahold of them. Mom and dad wants to keep tabs on them. Mom and dad wants to know what's going on in their life and have a means to communicate with their child. the same time that you're handing over a cell phone to your child is the same time you need to introduce the practices Craig was talking about, people just don't understand and they feel like they're relatively you're because they don't understand, cybersecurity maybe negligence is a sense of protection in a way. if you don't know that you're doing something dangerous, then it doesn't feel dangerous. If you jump into the ocean of Brazil, that is shark infested in roshiki Brazil, and you don't know that it's shark infested, but you jump in there any ways and start swimming and surf or whatever. You don't know that you're putting yourself at danger you don't realize that you're in the presence of danger.
Erin:it also kind of goes back to the point that we've made before, where. It's so much easier to build in cyber security in the very beginning of your business. It's a lot hard to build in systems and processes after you already have business. And I think that your children cybersecurity is kind of the same thing. Like why not start from the ground up? Why not start as early as possible? If they're aware of the dangers that exist, it could be really real-world dangers that they could run into on the internet, so it's just a good idea to teach them safety. And I mean, Why not start in kindergarten? we have. Computer classes where I'm old enough to where We played the original Oregon trail, right? So why not? When you have your computer classes, once a week also teach little cybersecurity tips and tricks and things like that to keep them safe. Especially teaching them about social engineering and things to look out for. That can help because people that conduct social engineering hacks, they operate in the same way that real life sociopaths operate. So I feel like that kind of lesson could help them just from the very beginning, what to look out for red flags signals. If you get from your friend, who's a native English speaker, but they don't tell like native English speaker, then they're probably been hacked. So don't click on the link. They sent you little things like that that could really help them.
Blake:I love how you bring up special engineering. Because that is the practice that needs some implementation on both sides, as social engineering is a huge part of cyber security breaches. And I think in the last video or the last podcast that we did, some crazy statistic, like 90% of cyber security breaches involve social engineering.
Erin:yeah.
Blake:So I think I could be wrong on that status. It's a really high number, but it needs to go on both sides. So you need to consider social engineering. Your children, your family, your friends we even joked about. Before we were talking, it was me and Greg or whoever we were joking about. The next book that Craig writes would be cyber security for children or something those natures. I think that'd be awesome.
Erin:I think that's a fantastic idea. might not necessarily. Fix what we're going through. Right now obviously it's going to take time, but just CMMC the point of CMMC is to integrate cyber security into the core, into the culture of the company. So why not do that with children as well? So it's not just a separate thing. It's something that they're always constantly aware of because it's something that they're taught. I don't know why I've never thought about that before Blake brilliant. And so helpful and so proactive also. So I agree, obviously wholeheartedly. And then with that being said, what are some other things that you think the U S can slash do to help improve our overall cybersecurity portfolio?
Blake:think we've talked about this before and some of our podcasts not entirely this topic. but definitely more layers.
Erin:Yes.
Blake:Especially here at PTG. we have 22 layer patented cybersecurity stack. You can always fortify. You can always fortify yourself for there. Something that immediately comes to mind is I don't know if you're on Instagram. and if we are, I don't think we're following each other, which is a shame, but I've been seeing on Instagram does mean. And it's like, don't let them look. No your next move. People that are doing things, but they're intentionally tricking people. They do them in reputation. Have you seen that?
Erin:No.
Blake:I think it might be a tick shop trend or something, but there's a hip hop song and it's like, don't let them know your next move. but what they do is all these weird, tricky things like somebody gets in the car door and they come out the other side of the car and then they get back in the car and then they come up the back of the cross, the back of the car and then they pretend like they're going to shoot a basketball. pass them. You know what I mean? To pass basketball. it's intentional misdirection. And it goes along with the theme song. the answer to your question that is continuing to fortify, continuing to seek excellence. You use those offensive strategies that I'm sure people in your industry or corporation, people that you know, or maybe even your service providers, if you're working with an IC company, then they have people, offensive minded cybersecurity talent there, continue working with those individuals to continue to push the envelope because the second that you stop pushing the envelope is the second that somebody can catch up to you. that's the same thing that we're starting to slowly get conditioned for. Where phone manufacturers, apple, Samsung, providers that are putting out applications for your phone. They're always saying a update your app. If your app up to date, keep your app, keep your iPhone, keep your stamps on phone. Up-to-date keep all of your devices up to date. So that way you have the latest surety vulnerabilities. And it's a play of people that don't update it. It's a virus a huge the pandemic.
Erin:yeah, no, I agree with you completely. And it goes along with what we were talking about before, because it's just, it's slightly inconvenient. And people are like, well, I've never updated it before. So I start now. Because you might not be safe in the future is why you should do it. And it might be a little bit incomplete. But worth it.
Blake:Seriously, how inconvenient is there for you to press a button and let your phone update itself?
Erin:It's not that inconvenient
Blake:can totally do it before you go to bed. can totally do it on your lunch you're not using phones. Can set these to auto update nowadays.
Erin:right. Exactly. There just people aren't aware. I think that that's the biggest problem, right? People aren't aware and people think it's not. going to happen to them. And I think people underestimate the amount of headache and trouble and even financial ruin. It can literally lead to financial ruin People just think it's the worst case scenario, but it's really not the worst case scenario. I can't remember what it is, but it's something like 80, 85% of companies, small businesses that experience a breach go out of business within five years or six years. Something absolutely crazy. And, I think that one of the problems is it can be expensive to secure your business. So I do think that the government should really pour resources into helping businesses and individuals
Blake:we also have right now, obviously with COVID and the resurgence there is cdc.gov website where you can go on the cdc.gov website. And see all the latest information about the health protocols the latest articles articles releases and findings and ways to keep yourself healthy and to keep yourself safe. As far as I'm aware there isn't something issued like that for cyber security from the government. Of course there is a degree of some way of finding out that information, whether it's from the SCC or maybe even other websites, there's websites that indicates trust such as Google, Yelp, Yahoo. Trustpilot but there isn't really, in my opinion, a government mandated cybersecurity program that is implemented and rolled out through the public fully adaptable in mass to end users. But if there is, I haven't heard of it. Of course I'm talking about the sec and usually that deals with online fraud and things of that nature, but they really only issue warnings. They don't talk about proactive measures. they don't offer free cybersecurity courses. They don't act proactively. They act reactively.
Erin:Yeah, exactly. It is. It is. And it's so true, a couple of years ago when I was reading a book and it talked about the difference between being proactive and reactive. And I was like, wow, okay. That's a great way to put it. And I think about it a lot now You can save yourself a lot of trouble. I know we use a CRM here at Petronella tech. We just started using it recently. And when I first started doing the project management role, know Blake and Jonathan got so sick of hearing me say, can you put it in here? I'm not going to say the name of what we use just because I don't feel comfortable doing that, but, and it's also irrelevant, but would be like, cool, Blake, can you put that in? But then in our CRM, BJ, thanks for letting us know, can you put them in the CRM? but it's the same kind of concept, right? Where it's about thinking ahead and being proactive, because I'm like, well, if we don't know what's going on, What we're all doing, then we're all gonna look disorganized. And we're going to miss things and things are gonna fall through the cracks. And it is, it's a pain. It can be a pain in the butt to be proactive sometimes because you're like, am I just wasting your time? And you might be, but at the same time, when you do need something and you can find it easily, it makes up for the amount of time that it takes to input it And it is annoying. It is annoying and I totally get it. But yeah, I think that being proactive is just extremely important. how Much do you know about web 3.0 out of curiosity, web three.
Blake:I haven't read as much articles on it as I should. So I'm not the web three guy. But from my understanding, is moving away from SQL databases because world and websites are all powered SQL databases. So, in the future where they're no longer relying on this database, SQL is like a central database. That information that produces or websites that you visit, that you frequent in represents and fabricates the user experiences of the website with that web three. Things are going to be producing, without those databases. So there is no centralization of data. And that is what, you understand the rudiments or understanding of what three that I have and how it's going to be impactful to the internet that we love
Erin:I look at this problem sometimes I think about it in the big picture and it just seems like an impossible task to secure our supply chains, to secure our government.
Blake:here's the cocktail. There's a cocktail creating these security problems for our country. I think personally, my opinion. I just want to put on the record that it's completely my opinion... And hopefully that's the reason why you're listening, but...,
Erin:It does not necessarily the opinion of petronella technology group. Is that what you're trying to say?
Blake:yes, absolutely.
Erin:I want to hear that.
Blake:I think it's a combination of negligence. Ignorance, of course, the rapidly advancing technology and the digital flush of everybody, adapting and, trying to create a visual presence. And everybody's trying to go online, everybody trying to make money on the internet, that ultimately they think about being able to reach their customers easier through the internet. I just think that whole cocktail, it's definitely what cyber security and fortification back with the background of their actions, because they're always stuck in that cocktail and we just can't keep up.
Erin:I think also included in that cocktail could be a bit of the culture of the United States. And how I feel like just because we have freedom and right. Doesn't mean that we necessarily have freedom from outcomes, right? So you make a choice, you make a decision to go online. You are free to do that, but just know if you do it and you're not secure you run the risk of financial ruin. Yeah, that sounds kind of fear-mongering and I don't mean it to be, but we don't have freedom from our, consequences.
Blake:it's such a problem, especially now with the ever-growing evolution of web, the digital world has created these mega personalities online celebrities, social influencers, YouTube influencers, bloggers, what with the rise of the internet has rated this mega celebrities status and people aspire be rich. People do aspire to be famous, but kind of like what you were saying is people can look at these people and these people can get away anything. These people can get away with anything at all because they're celebrity,
Erin:yeah.
Blake:They don't have to answer to the laws that found the world for the most part. And you start to see justice happening more so now more than ever. And I'm gonna be the most stereotypical referenced the most high profile. But if we look at people like, Jeffrey Epstein or R Kelly or cases that we're developing for such a long periods of time, and because they were influential, people they didn't have to worry about. The laws bound control, keep the world safe, it didn't live by those rules,
Erin:And they were this stuff for decades, decades. I think that because of all this freedom of information is being allowed on social media and on the internet, which sounds great in theory. But then when in actuality, oh my goodness. people just believe whatever they see but then they don't believe other things,
Blake:Yeah.
Erin:you can pick and choose what you think. Even if this is completely irrational and illogical and makes no sense. further is my narrative. This is something that I believe in. So I'm going to believe it. And I think that kind of goes along with what you were saying a little bit.
Blake:I think it's scary.
Erin:really scary.
Blake:I think it's scary. the way that people are evolving and the way that the security is evolving, I definitely think is scary. People aren't serious humans anymore. You can look at internet culture, if something happens in the world, what, does America do? we mean it to death,
Erin:yeah,
Blake:I think we have a lot of progress to make up. I think we have. Of minds to hopefully change. A lot of people to influence, cause we need progress. If we stand here fail to move forward, whatever's chasing us is going to catch up to us. But as we continue to progress and advance and move forward, course I'm talking about in cybersecurity or my wife or whatever, the second that you stopped progressing with the second that you start to lose your position. that can be anything.
Erin:No, I agree with that completely. Everything takes so much time. Everything is so slow, but around us, in the digital world, it's advancing more quickly than it ever has in the history I don't think that we're going to be able to keep up or stay ahead unless we cut back on some of the fat, cut out the bloating, get rid of this water weight, there's just so much extra unnecessary that we have. I think that we need to be able to move more quickly. And one thing that BJ said to me once. Really made a lot of sense really got me thinking why in the world is everybody not using something like blue shift? why is the government not using this service? I just don't understand it. They have to know about it. And why isn't it more prevalent? why isn't it known? I don't get it. It's such an amazing thing I feel like it should just be standard at this point, the more that an AI cyber security, SOC SIM solution learning, the more it's going to be able to protect. the more data it gathers, the better off we're going to be. I don't understand how it's not prep.
Blake:they're defensive minded. not authentic minded. They're not seeking the future. They're loving in the present and Yeah, the worst thing that I've ever heard my opinion, because I'm this type of person, but it something that people say that I hate if it's not broke, don't fix it
Erin:given as a really great point, because that. is such a reactive mindset as opposed to a proactive mindset.
Blake:Yeah. Just because it's not broke, doesn't mean that you can't be exploring other alternatives. if you go to this same fishing all every single day and never explore another fishing, You're only going to catch the same type of fit. You can still utilize what works without being broken, but look at all the new technology that happens. If every technology company, apple, Samsung LG any of these companies said, oh, well, we have this technology that works. Let's not improve it. Then we wouldn't have the technology we've had today. We wouldn't have Lucia. we wouldn't have HDR. We wouldn't have 4k. You wouldn't have O led displays or we wouldn't have,
Erin:Spotify
Blake:Yeah, we wouldn't have Spotify. We would still be downloading music through Limewire or Napster.
Erin:is that tapes? no, no, we'd still have cars eating our cassette tapes. You probably didn't have to deal with that Blake you're a little bit records with scratches on them.
Blake:Yeah, no MP3 players or who
Erin:be
Blake:knows
Erin:starting fires and eating roots and berries and an occasional rabbit.
Blake:Yeah. There'd be no such thing as a lighter silver using matches. so that needs to be the forefront of every business evolution. Everybody who's listening to our podcast is likely a business owner. they likely have some type of product or service or. And they're always continuing to improve it. They're always continuing to make it more efficient. They're always continuing to advanced it, to make it better, make it more useful, to make it more cutting edge and make it more user-friendly or whatever it is that they're pushing for. And the second that you stop doing that in your life, in your business, in your cyber security is the second going to get surpassed or this case breached or hacked or whatever, right?
Erin:Yeah. I think that that was a really strong, impactful point. And I think probably a good one to leave off of. I think you really hit the nail on the head. And I think we really got to the roots slash roots of the problem here in the United States. Really what it boils down to is that we're reactive as opposed to proactive.
Blake:You certainly can't win a game with only defensive players and you certainly can't win a game with only off pensive players. So we need to have a mixture of reactive and proactive minds, and we just need to be unleashed into this world. And if maybe we started conditioning society to think about security. We may have children that may be considering security you, that's being optimistic, but I think it was one of like my nephews or one of my nieces or something when my grandpa, was there asking where my nieces or nephews, what he wanted to be when he grew up. he said he wanted to be an app developer. I was like, what? I could never see that because in my generation, I was like, I want to be a zookeeper, or I want to be an astronaut. Yeah. I want to be an astronaut. I want to be a doctor. I want to be an airplane pilot. Those are the things that come to mind for me. can't be that difficult. Why are we putting this off? Why aren't we doing this? It can't be that challenging to start to condition our children, think about cybersecurity. It's the same way we say, Hey, don't talk to strangers. we, teach our children's about physical security. but not digital security. Why is that?
Erin:hate to necessarily bring this up, but it was just what popped into my mind. after nine 11, we started getting serious about airport security about bringing things onto planes because we all didn't want to have to deal with that. I don't want to have to stand in line for an extra hour so that you can check my shoes. I would love it if my friends or family could come pick me up again, at the actual gate and you can get off the plane and see happy smiling faces that was so nice. we enjoy that, but after nine 11, We realized okay, but is the safety of thousands of Americans worth seeing smiling faces at the gate. And we decided it wasn't. And I think that something similar is going to have to happen. Hopefully not. I say that? hopefully not on such a large scale in such a parable scale. Right. But I think going to, it's going to take It something like that to kind of wake people up and make them realize what could happen. Because right now it's all theoretical of the things that could happen. Again, we were talking to Dwight about what, if they shut down the power supply somewhere or did something, oh gosh, there's just so many things that could happen. Until those things, something actually happens. I don't think it's going to be taken seriously.
Blake:It already has happened Look at the airport that, I keep referencing at the Equifax or your, social security number is on the internet right now. You're likely lucky enough that they haven't tried to use a number to open a card there's tens of millions of social security numbers on the internet.
Erin:that's also something that happens though on an individual basis. It happens to a lot of people, but it's an individual thing. So, if you look at the colonial pipeline, like we talked about that was on a massive scale comparatively and I think that It would take a tragedy, which hopefully does not occur. But it would take a tragedy on a massive scale here in the United States for people to be like, okay, I guess we really need to get serious about this. Right now at this point, think there is one person in Germany who passed away from a successful ransomware attack at a hospital. And that's just not enough to wake people up, unfortunately.
Blake:I think 143 million social security numbers being breached is a massive scale.
Erin:No, it is. Yes it is. But the consequences of that are seen on an individual basis.
Blake:For sure. haven't, been felt because those hackers haven't rummaged through as 143 million social security numbers and open the credit card. they haven't gone that far. The chances of you being picked or a one and 143 million. So yeah, it hasn't been felt on a large scale, like the colonial pipeline it's stacked, but really a shame that we have to have such a tragic event happen to start to be proactive to start realizing that we live in. we are a reactive society and not a practice society.
Erin:It is a shame. hate saying that I don't want something like that to happen. I don't want it to take that. For people to the potential negatives that can happen. That's a terrible thing. But I think that that's the only thing That's going to happen that can actually change us at a base level make it so that we're like, wait a minute. Okay. people on the PDD podcast were right. We need to take this seriously
Blake:We're going to be like, that dude that was hyping Bitcoin, 10 years ago, Hey, buy one Bitcoin.
Erin:Oh God, if I had done that...
Blake:But yeah, we might be those people that seem crazy now. but when time progresses, We may be profits.
Erin:It feels inevitable. Doesn't it? Blake doesn't feel inevitable.
Blake:It does,
Erin:I just want people to take it seriously. It has to happen.
Blake:has to happen. And in due time we figured these things out, for better, for worse. So am optimistic, that this will happen.
Erin:Yeah.
Blake:just want it to happen fast.
Erin:And proactively, instead of reactively, I don't want it to be something that we do because something massively tragic happens. rather prevent that.
Blake:absolutely. Absolutely. For sure.
Erin:But then the other problem with that is that if you do prevent it, then people are going to be like, well, what's the point? Because nothing happened well, will nothing happen? That's a good thing.
Blake:We don't need any more tragedies to happen. We can look at, the past two years, of COVID and said, Hey, look, we weren't proactive enough
Erin:People still don't think it's anything besides the flu.
Blake:People still don't feel like it's a reason to wear masks on the airplane.
Erin:Yup. It's hard not to get political sometimes. I don't even think of this as political though. It's been turned political, shouldn't have been turned political.
Blake:Yeah. We should probably end it before we start ranting
Erin:and I are on the same page with a lot of things. So we should probably not feed off each other on this podcast. Well, blake. I know it was just the two of us, but I think that was a good discussion. So thank you for the time to come on
Blake:Yeah, absolutely.
Erin:we'll talk soon.
Blake:All right. Well, have a good day.