Sunday, July 26, 2020

Are You The Weakest Link When It Comes To The Human Factor in Cyber Security? (Note: From Podbean Podcast 1 of 3)



Hey, what's up, everybody. Welcome back to the character secrets podcast today. I want to share with you one of the best ways you can protect yourself, your family, and your company from cyber-attacks. So in this day and age, when cyberattacks are increasing in severity and pace, there is one critical thing you need to do to prepare and stay safe on the internet.

And today I want to share with you a digital secret from the technical wheel and the trickle effect and how it could save your reputation, your company, and change your digital life.

So the big question is this, are entrepreneurs like us, who didn't cheat to win in business, spending time, money, and energy from our own company and doing the right thing. How do we grow ourselves or families that are companies in a way that lets us get our products, services, and things we believe in out to the world and still remain true to ourselves and profitable?

That is the question. And this podcast will give you the answer. My name is Dane Deutsch and welcome to character secrets. This is going to be another very exciting show today. There's nothing more important these days than internet security, cybersecurity. And with that said, almost everybody is connected to the internet in some form or fashion these days.

Whenever a person connects the internet. That also means that everyone on the internet has the virtual capability of connecting to that person as well. Therefore, increasingly everyone is more susceptible to internet threats than ever before. So in reality, “the bad guys are getting better, faster than the good guys are getting gooder.”

And I would love to say it that way because I try and to get people's attention. Threats like malware viruses, ransomware being developed, and created quantity, greater frequency. And with increased sophistication, when the bad guy, as you're developing these new threats, they also know that we, we, as humans are vulnerable and that is why they count on us to make their schemes successful.

They count on human weakness. What I like to call the human factor or the human element that is we as humans, trust one another to a certain degree so that we can communicate with each other. Build relationships do commerce and much more. The trust factor is so crucial in helping us grow as investors Joel's families and even our entire global society or individual cultures today.

But that trust is also what the bad guys pray upon. So how do we combat or protect ourselves from that threat and yet still trust the good guys? Well, that answer is in educating ourselves as humans. Sure we all go to school and we learn a lot from our school years, but the most important thing we should have learned is that school is only a first step to a lifetime of developing habit.

For education, internet security is no different. That's growing on the internet at an exponential rate. We can't just depend on being edited once and consider that good enough. Yet many people, companies, and organizations do just that. Dustin dykes once said the adage is true that the security systems have to win every time the attacker only has to win once.

So in other words, we have to cover all the holes and the attacker only needs to find one. So think about it. If the threat is involving shouldn't, we get into the habit of educating ourselves on a consistent and timely basis to match or parallel the new evolving threats and risks. And they're growing daily.

The answer to that question of how to educate ourselves is absolute. Yes. So how do we go about doing that? That's the foundation of today's internet security awareness training radio sepsis episode. We are here today to share with you our listeners, our great solution and service from an internet security training company called breach secure.

Now. And we are joined by our girls, founder, and CEO of breach secure. Now we are partnered with art and his company Breach Secure Now to allow us to provide our customers with the very best continuing education on internet security awareness training. Art joins us today to tell us more about his company, their mission, their vision, and their Superbowl world-class education system that focuses on simple.

And yet, yes, high caliber security awareness training. Hello, Art, and welcome to blog talk radio. It's great. It's great to be here. Thank you. Thanks for the opportunity. So you're the founder and CEO of breach secure now a security awareness training company, right? That's correct. I'm secure now. It was founded in 2010.

Um, we've helped organizations with HIPAA compliance and helping small and midsize businesses with cybersecurity and all of the things that you said about training employees and building awareness. That's what we do. That's we think that that is a critical aspect now. Right. You know, instead of just technology, you have to focus on these humans.

Cause those humans are making mistakes a lot. Right. And we, as humans are the weakest link. I like to tell people, um, so you know, the threats and vulnerabilities and risks are only increasing. We've got to find a way to be able to educate our teammates, our team members, our fans, family members, so that whoever is around us is not the weakest link.

Right. So that way we don't become a victim or a lie susceptible to some kind of ransomware or other threat or risk out there. So. And you said, you said it, you know, that we're, we're trusting, we're trusting bonds. Right. You know, and, and, you know, rely on that trust and that social engineering to trick people and, and to, you know, cause data breaches.

So it's really important to focus on that part of it. You know, you have to have trust, like you said, for the good guys, but how do you not trust the bad guys? Right. And you know, on top of that, They pray on everyone, right. All ages. So I know the older people always been trusting in our society. Um, yeah.

Younger folks today might verify first and then trust. But our culture overall is still trust first and verify second, which makes us even more vulnerable in some sense when it comes to cybersecurity or internet security. So one of the things I know that that is just a, you know, hard for the people that are older to be able to grasp is the fact that, Hey, if it pops up on the screen, it must be real.

Right. And yet most of these things that the bad guys are doing to try and capture us so to speak or fish us, um, so that they can put something on our computer or steal money from us or whatever is to make those things look as real as possible. Right. Exactly and, you know, they're getting better and better at it.

And I'm personally, you know, if you, if you hit a, a large number of potential victims, you're going to get some that, that fall for that trick. And, and as it gets more and more believable and more and more real, your, your victims are going to increase and. So as we've seen that the cybercriminals are, there's a lot of money to be made.

So they're getting better and better. They're, they're hiring better and better talent, and it's becoming harder and harder to tell the fake emails and the fake, you know, you know, the real ones and these scams are just getting much better. So, um, you know, humans are at a very much of a disadvantage right now.


Right. And it isn't just scams either the rise of ransomware and some of the others, um, payload, if you will, that they're delivering to the, uh, the victims per se, uh, and asking for money or holding them a ransom for ransom or even extorting them for money is incredible. Even some of the tools that they're using now are past tools that our own government has developed.

Um, and my understanding from recently with this whole idea of, uh, the number of cities we got hit with ransomware in, uh, Texas recently a week ago, I think on a Friday was a very collaborative effort. And there were what all, I think, 22 or 23 cities that were held for ransom and that particular attack and, and the word on the street is that they're using the bad guys.

You're using NSA tools. Yeah, exactly. And you know, when it comes down to it, there's, there are lots of tools, but a lot of these ransomware attacks, a lot of the malware, it's all delivered via tricking, not all of it, but a lot of it's delivered the in tricking and employee. Where, you know, a human to go and do something to download it, a file to, to click on a link, too, to give away a password or, or, um, you know, ID and password.

So, you know, some of it is definitely using NSA tools that look for vulnerabilities in technical systems. The other ones are tricking employees and, and, you know, as humans to, to install it for them. So, uh, you know, you have a, a double, a double-edged sword there. So what some people are calling social engineering, right?

They're, um, they're betting on the fact that you're going to trust something that comes across your email or across your screen, click on it and go from there. When in reality it doesn't look like it looked, might look like an email from your bank, but in reality, it's an email crafted by the bad guys to look like your bank and be as real as possible.

I think the days of the quote, unquote, Nigerian letters with lots of spelling errors, and grammatical errors is long gone and the bad guys. Are now crafting emails and pictures and websites and things that are very, very good. Have good grounds course. A lot of that is automated now, so they can look better than they ever have before.

Right. Yeah, absolutely. Um, I saw a statistic that they said 88% of all small and midsize business data breaches are caused by social engineering. That is like mind-blowing. When you think about it, like almost every single one is caused by some, you know, some, employees being tricked into doing something, so right.

They're getting much, much better. Well, we've had some, uh, victims, so to speak just within a 30-mile radius of rice Lake, 30 miles, two 60 miles. Um, it seems like it's been an emergency room lately because they get calls from some of these. They're not our customers, but they're people who have been victimized and someone else told them to call us because they knew we were into cybersecurity.

One of the things that I think is, is somewhat. Um, disconcerting is the fact that a lot of companies are popping up saying they're doing cybersecurity cause they can make a fast buck. So either on the good side guy inside of the, or the bad guy's side of the house, we're getting it from both ends in reality.

You know, it's like a gold rush. When you think about it, it's a gold rush because the criminals are rushing in to, to make money. You have the suppliers that are supplying all the miners, uh, you know, in the, in a gold rush. So you have everybody moving into this space and, and unfortunately, it's going on because.

But the criminals are, are, you know, are successful. So there's lots of money. There's lots of money to be had stealing. And there's lots of money to be had trying to protect the, you know, the businesses from being coming victims. So it really is a gold rush. Yeah. And you know, the one thing that has been interesting, it was, I asked some of these people who have been victimized, who would come to me and want help afterward.

Well, who are you using for your it service? And they'll tell me, and I say, well, did you check their background? Right. And they never did even banks that we have gone in talk to never ask for a background. If you hung out a shingle that says you do cybersecurity, then that means you do cybersecurity. For the same reason, we talked about trust being violated on the internet, just because someone hangs out a shingle that says they do computers or networks or cybersecurity doesn't mean they actually do.

Everyone at our company has been vetted through the FBI's organization called infra. InfraGuard. And a lot of people don't know that there's an organization that yeah. I created to collaborate or partner with private industry, where they do allow you to become a secured member. They do a background investigation on you.

So even my administrative people have had background investigations done and, uh, and it has allowed us to be a lot more authentic and genuine for our customers when they call. I can definitely tell them that all of my people here are. Uh, they are cleared for law enforcement sensitive information. And because of that, we also gain Intel there because these bad guys are growing so fast.

Their tools are getting smarter with artificial intelligence and machine learning. Now, um, it's just becoming much more difficult, much more complex to, uh, to be able to fight. Yeah. And you know, and it's, it's basically basically a very unregulated industry. Anyone could say that they're a cybersecurity expert.

Anyone could say that they're a managed service provider, so you're right. You know, customers have to, to peel back a couple layers and make sure that the, you know, that the company you're working with. Has the, the capability that they have, those background checks that they, you know, that they can truly protect you.

But I think the other problem is a lot of the businesses don't believe that going to be a victim. Right. They believe that, you know, this, I don't have to worry about the cybersecurity stuff, because that only happens to target that only happens to hospitals. So, you know, I don't have anything the bad guys want.

Right. Exactly. Exactly. So, you know, I don't think. I don't even think we're at the point where small businesses are actually concerned about, you know, the background of their cybersecurity, because, you know, okay, I have a firewall, I have antivirus. I'm good. Yeah, I'm good. You know, and fortunately, those days are passed.

So you know, that's an important aspect that we need to educate that the days of not really worried about cybersecurity are over and, and everyone has to worry about cybersecurity now.

To all you listeners out there...STAY TUNED for Episode #2 of Are You The Weakest Link When It Comes To The Human Factor in Cyber Security?