Cybersecurity with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001

Clashing Titans of Tech and the Rising Tide of Hacking

Craig Petronella

Join Blake Rea and Craig Petronella as we unwrap the latest tech and cybersecurity developments faster than you can tear through holiday gift wrapping. From the FBI's tactical strike against the Black Cat ransomware group to the Xfinity data breach leaving millions on edge, we cover it all. We also weigh the consequences of vengeful IT maneuvers in educational institutions and the David versus Goliath battle in intellectual property that saw Apple Watches being pulled off shelves. It's a conversation that's as enlightening as it is essential, with a dash of holiday spirit.

We then switch scenes to the cinematic world, contrasting a technology-deprived dystopia with Julia Roberts' triumphant return to the silver screen. The ebb and flow of Netflix's pricing model and its effect on our watch lists come under scrutiny. Meanwhile, the narrative takes a turn into the real-world plot of escalating living expenses versus stagnant wages, setting the stage for a critique of media trustworthiness as elections loom. It's a candid discussion on the intersection of culture, entertainment, and economic realities that's as gripping as any thriller.

Our final act takes a deep look into the exploits of teenage hackers and the tech industry's scramble to keep up. With Apple on their toes, we explore the Corporate Transparency Act's impact on business privacy, the cutting-edge strides in biometrics, and Elon Musk's bold Neuralink venturing into human trials. We wrap up by championing the indispensability of cybersecurity training, discussing compliance responsibilities, and advocating for a proactive, trustless approach to our ever-connected lives. Prepare to emerge more informed and vigilant in the digital age after tuning in to this compelling discourse.

Support the showCall 877-468-2721 or visit https://petronellatech.com

Please visit YouTube and LinkedIn and be sure to like and subscribe!

Support the show

NO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.

Support the Show

Please visit https://compliancearmor.com and https://petronellatech.com for the latest in Cybersecurity and Training and be sure to like, subscribe and visit all of our properties at:

Craig:

Hey guys, welcome to a new episode. We've got Blake Rea here.

Blake:

Merry Christmas. Merry Christmas Right around the corner.

Craig:

Like six days, four days, five days, depending on which one you start with.

Blake:

Yeah, but I know most of the listeners have probably checked out already oh, yeah, yeah, for sure. Yeah, it's hard. It's hard coming into the holidays because you're thinking about being Christmas presents and gifting Christmas presents and traveling.

Craig:

It's just yeah, yeah absolutely All right, so you want to start with some news.

Blake:

Yeah, yeah, I'll let you start and then I'll talk about which ones I thought were pretty interesting.

Craig:

Okay, well, I'll talk about just some headlines first and then we'll see what kind of is interesting. So on there's a FBI that has disrupted the black cat ransomware group, which is great. They created a decryption tool and they're releasing it for free for those that have gotten infected with the black cat ransomware. So that's big. Basically, what that means is if you've got an infected with that ransomware strain, you can then inoculate with that decryption tool without paying the ransom.

Craig:

There's a data breach Xfinity disclosed affecting over 35 million people. There was critical infrastructure affecting Iran's gas stations where speculation is that Israel launched the attack and disruption Again, speculation, don't have any evidence of it, just reading headlines and disclosing. I know Microsoft came out with a big update for Windows 11, which is free, on Patch Tuesday that was released. There was an IT manager that got fired from a high school, got upset and retaliated by deleting 1200 Apple ID school accounts. So we can talk about sanction policies and what to do when an employee is terminated and how to handle that without having risks like that to your organization. We could talk about security awareness training and how, pushback and just lack of interest around actually taking and doing the training and the drills and basically, what are some new approaches and tactics that organizations can leverage to better instill that into their culture? Because obviously training is still essential. It's not going away. I mean, as long as we have the human element that holds keys to the castle, you can be tricked, fished, smished, you name it.

Blake:

Start there. I found it to be interesting about the Apple Watch Recall.

Craig:

I did not hear that. No, what is that?

Blake:

Yeah, so this one. Apparently Apple took the patent for some of their like EKG reading sensor technology. They stole or they, I don't want to. From what I read. From my understanding they used some technology that was patented and now they're having to rip the Apple Watches off the shelves and so they're not going to sell these Apple Watches anymore until they get fixed. Wow, I'm not sure if it's All the Apple Watches, I know for sure is the Apple Watch, I think, series 9 and the Apple Watch Ultra 2 for sure.

Craig:

Yeah, so this is. I'm just kind of following along with you. It says Apple makes a price decision to pause some watch sales before Christmas over a patent dispute.

Blake:

So that's what you're talking about there?

Craig:

Yeah, so disagreement between Apple and Massimo over blood oxygen feature. Apparently, there's some patent infringement politics happening. That's kind of just an off tangent kind of thing. Companies obviously pay a lot of money to secure a patent.

Craig:

I'm not a lawyer, but as far as I understand it, the whole point of a patent is to beat out your competition so you can have this new methodology or way of doing things, whatever it is you want to protect. What's interesting to me is that if you apply for the patent, you have to disclose exactly how it works, with drawings and explanation and basically the whole blueprint of the whole thing. Then you have to submit it with an application and typically people hire some law firm to handle this for them because it can get complicated. Some people do it themselves. My point is that you have to tell the world hey look, this is exactly how I do this. You have to hope and pray that you're going to get, number one, awarded the patent and number two get some type of protections.

Craig:

I know Blake and I we've talked about this before. I don't know if we talked about it on a podcast before, but I guess the issue that I have with it is let's say you have the patent, let's say you're. I don't know what this company is. I think it was Massimo. I'm assuming Massimo is a small or it says medical technology company. I'm assuming they're smaller than Apple from market cap perspective, right?

Blake:

Probably Right. They're suing Apple. I mean it's a but it's. It's like yeah.

Craig:

So it's like big guy and AKA Apple versus little guy. Again, I'm speculating, but I'm basing it off of my lens and my vantage point, suing the little guy. And now little guy has the patent, but little guy has to hire, like all these attorneys, to fight right, and then now little guy's got to come up with all this money to pay these attorneys, because these attorneys want to get paid, typically by the hour. They're not going to, oftentimes they're not going to do like a contingency. Maybe they will, I don't know.

Craig:

But the point is most, most situations are you pay attorney's fees, you know, and then you have to kind of litigate, right, or try to settle. Well, my point is that that whole process is super expensive and you can have some you know claws in your contract that says that, oh, you know the the, the other party's going to pay the attorney's fees. Well, yeah, but guess what? You got to still lay it all out. You know what I mean Like. So this little company, Massimo, might have to spend hundreds of thousands or whatever it is, to defend this patent in court, right, and again, most things settle. But let's say, it goes to court. I mean, this can be super expensive and oftentimes it could put the little guy out of business, Definitely, you know. And then you know it goes back to money and power, I guess. But I mean Apple couldn't? They're so big. I mean they could choose to just buy the company and then move on.

Blake:

That's an option, yeah, and then I guess patents are in place to protect the IP of said company. So if somebody infringes on your patent, I mean it should be a pretty cut and dry case about. Yeah.

Craig:

But I guess my point is that companies like Massimo again, I'm speculating, I don't know anything about them other than what I'm reading here. I'm assuming they're smaller, but I guess my point is that if you are a patent holder or you have some type of intellectual property that you're trying to protect, you have to have reserves. You have to have cash reserves to be able to defend your patents and your rights. You know, there's a partner of ours I won't name who they are, but they developed the two-factor authentication and out-of-band authentication technology. So they're, in my opinion, they're little. They're not super little. They grew, obviously, but they're still little compared to like, a company like Apple.

Craig:

Well, in their context, they had an issue that was very similar to this, where they have millions of users that use their technology, but they got sued by or actually no, they sued the big guy. They were the ones that found hey look, this big company like Apple stole our tech. They sued them and they actually won. So this was like a good story that happened. And then what I, in talking to the founders and the patent holders, what happened was, since they have, I think, like six different patents, like powerful patents like this, they ended up having to hire and build their own legal team. So they have like a legal team of lawyers that basically that's what they do, that's their job is to defend all their patents. So they have cash reserves and they have legal power, basically, and that's what they do. So they research, develop, build, protect patents and that's their model, that has become part of their business model. So, anyway, I know I went on a tangent, but that's very interesting to me.

Blake:

Yeah, yeah, I guess we'll see what happens. I guess here's your chance to get your Apple watches while they're still out. Keep them boxed up and see what happens in a few years.

Craig:

Wouldn't it be crazy if they I don't know if this would happen again speculation but if they lost and they had to recall all the Apple watches that people have, or something like that? Like the Teslas oh yeah, that's another big one that we should talk about. So what happened with the Teslas?

Blake:

Apparently there was some lawsuit or I don't know, but apparently there's been a lot of fatal accidents from the autopilot feature for Tesla. Like I saw one video of a car that's stopped in like a underground tunnel and it caused, like a car pile up, the auto driving feature. So apparently the DOT recalled all the Teslas with this certain auto driving.

Craig:

I think it's the full auto driving capability, isn't it? Isn't it the full autonomous? It's like the $10,000 upgrade or something.

Blake:

I think, yeah, I think that's right, but from my memory it was over 3 million Teslas, so that was kind of ironic and funny somewhat funny to me anyway.

Craig:

So I don't know if you watch Netflix, but Netflix put out a new movie. It looks like October 2nd. It's called Leave the World Behind. Have you ever heard of it? No, so it's Jennifer Rock, or?

Blake:

Oh, I saw the trailer for that where, like, the Teslas just start crashing into each other.

Craig:

Yeah, yeah. So Julia Roberts is in it and I don't want to spoil it. In my opinion it's not a very good movie, but I kind of see where they're going with it. So basically, again, I won't spoil the whole movie. But when you talked about the Tesla thing it reminded me.

Craig:

There's a scene in the movie where so basically, I'll tell you the short version of the movie the movie is about a cyber attack. It's about a massive cyber attack that kind of or does hit America, kind of like 9-11, only like a modern version, where there's no internet, there's nothing electronic that works Almost like an EMP. Nobody knows what's going on, nobody can listen to the radio or watch the TV. There's no internet. So everything's kind of like shut down. So that's kind of the main focal point of the movie. But there's a scene in the movie that has all the Teslas and they're driving. They're brand new Teslas and they're driving at high speed and crashing. So there's like a section of road that you have to drive through to get out. It's like a suburb of New York City or something. So all these people are panicking, so they're trying to figure out how do they get out of there and you see these cars just zooming and crashing nonstop into one another and they're all Teslas, they're all brand new and they all have the $10,000 full autonomous upgrade. So anyway, I know that's a really random left field tangent, but you brought up Tesla and I just watched that movie the other night with my wife and in my opinion, I did not think it was very good at all.

Craig:

It was actually. I thought it was pretty bad. But I think I guess what I'm trying to say is I see what the directors and the producers were trying to do. They were trying to paint the picture of mass chaos and what would really happen, like if that happened. I get that and I applaud that. I just think the delivery could have been done a whole lot better in my opinion, and the movie could have had more depth to it, but anyway, it was a good try. Again, in my opinion, it might be worth a watch.

Craig:

I'm gonna watch it. Yeah, if you're bored or something.

Blake:

I mean, anyway, I was literally gonna show the trailer to my wife and see if we could watch it.

Craig:

Yeah, watch it. Like I said, you might love it. I did not really like it that much, but it does give you a different perspective, and I think that's kind of the point. The point is, what would your life be like if you couldn't do this? You couldn't listen to a podcast, you couldn't make a podcast, you couldn't go on the internet to check your news, you couldn't use your Apple Watch, you couldn't use your iPhone. What would happen if none of this stuff worked? And that's really what the movie is talking about and kind of trying to highlight and relive that you know, yeah, so I'll leave it there. I don't want to spoil anything.

Blake:

Yeah, I think that I just saw because I guess they were teasing it with that that one scene you're talking about. I'm just the Tesla is just boom, boom, like crashing into each other and then, and then, like she looks at the window and she sees like all like self driving capability or whatever, and then she's like get out of here. Like you know, I haven't seen a Julia Roberts movie in a really long time, like, so it seems like she's been been busy. I think the last Julia Roberts movie I saw was like one of the oceans movies. Oh right, yeah, I mean I haven't seen her act in a while. Well, I think, if you do, watch it with your wife.

Craig:

I'd be curious to see your, or hear your, opinion on it.

Blake:

I'm kind of protesting Netflix right now because they change their fees again.

Craig:

So I'm like well, that's kind of what they do, Right? I mean spectrum, all of them have changed. You know, I remember spectrum coming out with what's called the signature package and spectrum for those that are listening it's kind of like charter communications or Ryzen Internet, you know Internet and cable TV provider, Right. Well, anyway, years ago they came out with what's called the signature package and it was 249.99. And it basically gave you everything. You got Internet and you got a bundle. You also got a phone line bundled with the package and that's it. It was basically like your, your pass, right. Well, slowly, over the years now it has crept up to it's over $329 now or something. Every time I have the plan and I'm about to cancel it because it's just gotten ridiculous. Every month it's like small increments of increase.

Blake:

Yeah, I've been seeing some of these. You know, like every time I go to the grocery store, like I went and I was like, all right, let's pick up a few things for breakfast, right? You know, of course, you picked up a few things that ran out and it's like $100 later. You know, and I've been watching these, there's these, this group of people that have been like keeping receipts from like 20, 2008, 2010, 2015,. Like 2020, 2023 now, and like they're like this is, you know, the same shopping list, you know at the same store, and it's like it's insane to see how much groceries are going up.

Craig:

You know how much they've gone up. You mean, yeah, how much they've gone up.

Blake:

Yeah, yeah, yeah they're going. Yeah, cost of living you know it's just skyrocketing like the housing, you know skyrocketing, but then you know, like the wages aren't keeping up with that growth. You know, and yeah, you know I've been, I've been following a lot of that stuff and you know it seems to be. You know that the picture is painted, that things are our business as usual, right.

Craig:

But yeah, that's a whole nother. That could be a series of podcasts. Yeah, yeah, well, I think. How do I segue into that? So I think what you're realizing is that there's the news that says oh, you know, we're not in a recession, and oh, everything's great. And look, inflation went down. But, and then interest?

Blake:

rates went up.

Craig:

Yeah, stock market gets pumped and goes up and everybody's great, and interest rates are at record high. You know, I don't. I mean, they're just insanely high right now. They're they were talking about maybe talks about no more rate hikes, but maybe they're going to drop rate soon. I just don't know how it's even affordable anymore for most people to even buy a house.

Craig:

You know, it's just, but I think I guess again, my opinion it just there's just so much corruption everywhere and so much manipulation everywhere. I think it's hard for people to get the truth because there's just so much media that you're going to see more of this too with the election coming up. There's so much media and so much bias you just can't trust any of it. Like you have to go on your own kind of hunt to find the truth, and I think that that's the most challenging thing and I think that some people are waking up to that fact. You know, I remember back ages ago. You know, learning about the government and government power versus people, right, like you know, when the government gets too much power, then you vote and you're supposed to try to take some powers away from the government, but then you see now, like there's just so much corruption and manipulation in the government and it's like who's paying who off, and it's just again, I'm going in random tangents, I'm sorry, it's just, it's just such a crazy world.

Craig:

And I guess my point is that I think everybody is looking for a like a safe haven or a more trusted system. And you know, with, like you said, with with groceries going up and you know, milk is like five, six bucks, you know, depending on the kind of milk that you want to buy. You know what I mean it's just like not sustainable. You know what I mean. Like I don't know what the answer is.

Craig:

I'm just saying that it just seems like there's so much stuff that's messed up, you know, but yeah, and then, and then you know we, we try to be the good guys and do really good at what we do and nobody wants to pay for, for what we offer. You know, it's like we don't need that. You know, like yesterday we get a note saying that, oh, we're not going to do a pen test for 2024. And I just, I just shake my head because I mean it's like I'm I don't make up the news. I mean, yeah, the news might be manipulated, but the point is that these things are really happening, people are really getting infected, people are really getting extorted and hackers are, you know, rampant. So. So it's like how could you not? I don't know.

Blake:

I was yeah, I mean, obviously I know who the company is and I was looking at, like and thinking in my mind. When I saw that email that went out, I was like like they're such a huge company and they have they have their fingers in and specific industry Hands all over it and they probably have a lot of important data.

Craig:

Oh, they do yeah.

Blake:

Important, important IP, like for their clients, like I mean, they're doing Amazing, amazing work, but you know, it goes back to what you were saying, like about the training.

Craig:

It goes back to that it's. They don't think it's going to happen to them. And until it does, or until some vendor of their company, vendor of their demands evidence to say, look, we're not going to do business with you unless you have this, this and this and you can show proof of it. Until things like that happen, where it's like, look, you have to. This is no longer optional for you, Training is no longer optional. If you want your job, you have to show proof of training and proof of drills, Otherwise you lose your job. Like it's. You know, if there's no like rules like that that are written and enforced, everybody's going to sit on the sidelines and be like well, I'm going to roll the dice. You know I'm not going to do that.

Blake:

Yeah, I mean, it's crazy. It's crazy to think you know the amount of pushback that I mean. If we don't enact change, then change is never going to happen. Right Like, we and I'm sure our podcast listeners are part of that change, because here they are. Right, like, like. Let's be real, like, unless you're in the industry, you know, chances of you listening to a cybersecurity podcast on the way into work is, you know, less likely, right?

Blake:

Not as fun, yeah, I mean, you could be listening to who knows Joe Rogan or whatever podcast, right? But you know, you guys are the future and you guys are the change that we need and that we're talking about.

Craig:

Well, I think that part of that, you know, kind of stemming off of what you're saying. You know, I think we're taught to vote right, vote, vote, have your voice heard right. But I think again my opinion, I think that a lot of the people that we're voting for these politicians, more often than not there's corruption and we're trusting and voting for a politician to make our voice heard, but I'm not so sure that's the best vehicle anymore, and what I mean by that is I think that maybe that whole system needs to change and maybe more power needs to be given to the people to vote on their beliefs and what they want without the politicians. Just something to think about.

Blake:

Yeah, I think that'd be interesting to see how that could be organized and how that could be structured, right, because we've always put faith like think about it Like thousands and thousands of people from one district are putting faith in you know. Tens of thousands, hundreds of thousands are putting faith in one person. Yeah, you know, like like think about this, like that would not be like a fair match, right? Like like imagine if that politicians on the street, right Like just walking through DC, how many security personnel do you think that one person would have for 200,000 people? Or 50,000 people? Right? Yeah, the only reason why I'm saying that is because that one person I don't feel like it's capable of representing that many people. You know like could be wrong, but just my opinion.

Craig:

Well and yeah and I know this is like a completely tangent podcast yeah, this is but this is more of a banter podcast than a cybersecurity podcast. But we do tie it back, so yeah. So one thing I want to show you. Hold on, I don't know if you're, I'll take this back to cyber real quick. You ever seen one of these?

Blake:

Yeah, flipper.

Craig:

Yep. So you see the headlines recently about how script kiddies and teenagers were having fun with Apple devices.

Blake:

Nah, I didn't.

Craig:

Oh yeah, so these kids again. I don't have the whole story or whatever, so it's again my speculation and my perspective on it. I'm envisioning a bunch of teenage kids in different locations buying these things and just causing hell and like the Christmas lines, and what they were doing was they were locking up all everybody's iPhones. They were just inundating them with NFC and Bluetooth and broadcasting messages and the iPhones would crash and within a 30 to 50 foot radius. And these kids again. I'm envisioning this happening in supermarkets or in crowded places or New York or wherever they are. They're just using these things, they're upgrading the firmware on it and just blasting a 50 foot radius, and all these people are confused, looking at their phones and they're like what the hell is happening? Anyway, I thought it was comical to read that Apple was then pushed to do an update to iOS. So I don't know if you have the latest update. If you don't, you might want to grab it, but yeah, that was the primary driver of why they did that update.

Blake:

So funny.

Craig:

So, you know, bringing this back to technology and cyber and compliance, I mean, you may you may be listening and you may not have ever heard of a flipper zero or these different tools, but you know that's part of what we do. We get all these different tools that hackers use and we become hackers. You know, white hat hackers trying to see and learn how they work and do research and development to learn the gaps and and how to protect our clients. Right, you know, that's really the end game for us, but I thought that that was, you know, pretty interesting to read. The other on another news highlight there what else did we find? We found some biometrics with retina scanning and talk about how certain governments and entities are trying to, almost, like, enhance KYC or know your customer type stuff.

Craig:

I saw a headline or actually a news article Yesterday. This was about the Corporate Transparency Act If you're a business owner. Now the federal government is enhancing this corporate transparency act. So now there's yet another thing that the business owners have to do. If you own, you know, a certain percentage of a business and they. I don't understand why they have to do this, because I feel like the information that they're asking they already have, but they're asking for, like photo ID and birthday of business owner and obviously name and home address. I mean a lot of that stuff, obviously not the photo ID part, but a lot of that stuff's on your tax return. So I don't know really why they're asking for this, but anyway, they're trying to enhance that whole, in my opinion, the whole KYC thing. But yeah, so, like you know, people are doing some of these pilots. Have you heard about the Elon Musk Neuralink?

Blake:

I've heard about the technology, but I haven't heard anything recent about what happened or what's going on with it.

Craig:

Well, I don't, I don't. I mean, I don't know if it was recent, but basically he's working on implants and, you know, trying to test chips in, you know, animals, and there's a lot of controversy around that. Basically, essentially creating cyborgs is what it is right In a nutshell.

Blake:

I heard that something he was testing, I don't know. I heard something started happening with those chips that they were implanting. Did you hear about that? I didn't something like Let me see if I can pull it up, but I heard something about like, obviously, safety right.

Craig:

Yeah, I haven't seen anything. I haven't looked it up like you recently, but Anyway so they're starting human trials. I did see that. I did see that certain number of people have signed up to do it.

Blake:

But then I heard something about like I mean, I don't know, I don't want to again, I'm not here to spread misinformation, but I heard something about safety.

Craig:

Right yeah.

Blake:

I'm not saying Anyways, yeah, I mean, imagine that, like, imagine everybody having these neural links and then you know if you want to learn another language, or you know if you want to become an expert on cybersecurity or ITs. You know, download that information you know into your little chip. I don't know how that would work.

Craig:

But I mean, I guess where my brain goes is most companies can't even get their cyber and compliance right. How could you trust a company to get that right? And then what if a hacker God forbid gets control of that? You know what I mean. Like now you're a slave to that person. You know what I mean. Like there's so much risk and I don't know, like again bringing this back full circle. I mean, people have done the whole 23 and me thing or ancestry with DNA and you know submitting and again trusting these companies to keep that secure, and then there's a breach, you know. So I hate to be the downer, but it's almost like you have to assume the worst. You know, it's like if you ever choose to sign up for something like this, assume that it's going to be breached one day, right. And then I mean, I don't know, I fear that if you do all those things and, like you do the DNA thing and then you do the the neuro link thing, and it gets to the point where it's like, how do you prove you're you? You know it's like. You know what I mean. Like if all this information is out there, it becomes increasingly more difficult, and especially in the wrong hands. I mean think identity theft. You know they're going to have all this information at their fingertips. You know it's just I don't know. It's really scary to me. But bringing this back, I guess full circle from a cyber and compliance perspective, I mean, again, I bring this up several times I think we're in a trustless world. I think we have to think differently.

Craig:

In my opinion, these tests, these trainings, these drills, they're not optional. If you want to have that mindset, you really shouldn't be using the technology in the first place. You know, in my opinion, a lot of technology and software. They're tools. They're tools to make your life easier or your job easier or to maybe gain a competitive edge. But with those tools come great risks and responsibility. And part of that responsibility is your own training of how to properly use the tools, how to make sure that you don't get cut or, in this case, hacked. So you know certain tools can be manipulated to become a weapon, just like in the real world. You know you can. A pen can be used, you know, for bad situations. So it's just. My point is that training shouldn't be optional. Training is mandatory, incorporated into your corporate culture, incorporated into your sanction policies and your procedures and, you know, enforce it, make it optional the drills, the tests. It's only going to make you better and stronger, it's only going to increase your maturity level as we progress into, you know, new CMMC mandates and new regulations.

Craig:

These companies are going to demand evidence. So it's not just going to be you checking a box, saying, oh yeah, we did that, yeah, sure, we did. And then when they say they call your bluff and they say, well, show me the proof. You know, at least the smart listeners will be the ones that actually have the proof, you know. But I think that, truthfully, is why CMMC is kind of, or is starting to become law.

Craig:

The government realized that hey, too many people were checking boxes and lying, you know. So now they're making it, they're raising the bar right. So we need more, in my opinion, we need more enforcement of those types of things To make sure that people can't say, oh, we're just not going to do that, it's just not an option, you know, kind of like with your car, you have to get I mean, you have the freedom to not, but you have to get your registration renewed, you have to show, in certain states at least where I live you have to have insurance. You may not have to have the most expensive insurance, but the point is you have to have insurance and you have to show proof of it and if you don't and you get pulled over, you not only can you get fined but you might get arrested. You know, depending on you know how bad the infraction is. I think that it has to the enforcement side. They need to raise the bar for a lot of different industries 100%.

Blake:

I mean, we're at a turning point right now, not only in. You know, we talked very briefly about politics and economics today and and of course now cybersecurity. Like it seems like everything in our society is on the verge of some huge change, right, or some tipping point. Cybersecurity has been there for the past five, 10 years, but it hasn't tipped over.

Craig:

I'd say it's even been there longer than that, I mean ever since the really the birth of the public internet. I mean that you have to have a password, you know, so that could be technically, cybersecurity and password hygiene right Now not to say that people didn't use proper hygiene with that, but I'm just saying that again, it's a tool you know. Like if you don't have the training and you don't go through the drills and you do nothing and you use a dumb password like password or password 123, you're just asking to be hacked or you've been hacked already and you're being naive and not believing it. And you know, if you want to take back control of the systems and the tools and the things that you use and ensure privacy and you need to take your cybersecurity and compliance no-transcript. I mean, look at some healthcare organizations that we work with Now. They're getting increased pressure for SOC reports.

Craig:

You know, and I think that's generally a good thing. You know, obviously we don't do the SOC audit we have a partner that does that, but we do the prep work and the end result, though I think is a good thing, that it's a way, it's a tool for a vendor to request of their client proof of maturity and evidence that backs it all up. It's not a simple exercise of hey, just fill this form out. It's look, you've done all this. You've had a third party come in and monitor and check all your stuff for a period of time, and that third party is putting their reputation on the line to vouch for you, you know. And if ultimately you get that certificate, I think that's a step in the right direction to raise the bar and ensure that, hey, look, this company is doing, you know, maybe not everything right, but doing more than most. And I'm not saying that's the cure all either. I'm just saying that, culturally, I think we need a push to take more action and get off the sidelines.

Blake:

Yeah, we're here and all you guys need I think we, you know we need it to be a change, right? Our listeners are, you know, obviously open to this information that we're talking about and they're open to cybersecurity policies, procedures and becoming compliant, getting compliant following security regulations, following laws, like you know, here we are right. But there's.

Craig:

I think the point, though, is that you know we're here to help as a partner for you and a resource, but let's say we packaged everything up in a laptop or whatever and we put all the security on it and we hand it to you. You still have responsibility we. You know the technology is one piece of it, but it's across people, process and technology right. So I think there's still a lot of misconception that oh, I use Amazon or I'm on whatever platform with Microsoft and it's their problem, and that's what I'm trying to drive home. No, what? As long as humans exist, there's going to be the psychology and the training that's needed to operate that tool or that ecosystem. It could be the most secure thing is possible, but if you can get into it, so can a hacker, and if you don't have the proper knowledge, training and drilling to make sure that it's just you that's getting into your systems, that's a problem, and that's why that's what I'm saying. Like that responsibility side is always going to lie on the shoulders of the human side.

Blake:

Yeah, we should probably wrap on that note here. Yeah, All right, thanks guys. I guess we'll see you guys on the next one. All right, take care, All right bye-bye.

People on this episode