Thursday, August 6, 2020

Are You The Weakest Link When It Comes To The Human Factor in Cyber Security? (Note: From Podbean Podcast 2 of 3)



https://danedeutsch.podbean.com/e/episode-011-are-you-the-weakest-link-when-it-comes-to-the-human-factor-in-cyber-security-2-of-3/

Hey, what's up, everybody. Welcome back to the character secrets podcast today. I want to share with you one of the best ways you can protect yourself, your family, and your company from cyber-attacks. So in this day and age, when cyberattacks are increasing in severity and pace, there is one critical thing you need to do to prepare and stay safe on the internet.

And today I want to share with you a digital secret from the technical wheel and the trickle effect and how it could save your reputation, your company, and change your digital life.

So the big question is this horror entrepreneurs like us, who didn't cheat to win in business, spending time, money, and energy from our own company and doing the right thing. How do we grow ourselves or families that are companies in a way that lets us get our products, services, and things we believe in out to the world and still remain true to ourselves and profitable?

That is the question. And this podcast will give you the name. My name is Dane George, and welcome to character secrets. So that education piece, and that's a great segue into the next thing that I wanted to discuss, which I think is probably the really most prominent tip of the spear. So to speak is educating our users to make sure they understand what kind of threats are out there.

How they can defend themselves instead of clicking on a link in an email or how they can actually recognize a legitimate email from one that might be crafted to get them to give up their W2's or whatever else they might be fishing for the bag. So what is the breach secure now, product service or solution art.

And, and how does that really help us bolster that side of the human factor equation? So we, we focus on human security, you know, as, as opposed to technical, right? The technical safeguards, firewalls, antivirus, the vulnerability scans. We're focusing on raising awareness of employees and users on how to spot phishing emails, how to, to, you know, look out for scams, and really it is.

And you mentioned in the, in the introduction. And, you know, in school, you were, you were taught, you had quizzes, you built upon educated topics and you kept better and better. Um, as you and I know I get an email, I'm looking at headers, I'm looking at links, I'm looking at language, I'm looking at all these pieces that become.

Intuitive because I've done it so much. That's what we're doing. We're trying to use innovative and engaging and lots of videos, but we're trying to use all of these tools to raise awareness for employees. So they do the exact same thing. They start checking all the pieces and look at emails with suspicion.

This doesn't sound right, or this doesn't look right. Just going to ignore it or, you know, I'll take some other actions instead of click on a link, I'll go to the website directly. So we're, we're, you know, we're using a lot and those tools, but the key is you have to make it interesting. You have to make, get engaging.

Otherwise, people have other things to do. And then this is, you know, they don't want to deal with this. So, um, you know, that's the challenge, you know, to, to, to educate. Make it interesting and realize that this is not the only thing that users are doing, their work, they have a job to do. So, you know, make it in bite-sized pieces.

And I think that's, those are some of the aspects that we're, that we're working on, um, to raise awareness. That's great. And I think that is the key is that if we can increase that awareness for the individual users and then their security goes up, it isn't like you have to be totally secure, I don't think necessarily, but if you provide enough challenges, enough protection with that human factor, that guys will go elsewhere looking for a softer target instead of trying to break through something that is, there are plenty of easier targets out there.

And so we just need to put up a big enough challenge that they actually will go somewhere else and look for a softer target. How long has breached secure now, Ben providing your services? Art. So we've been in business for two, since 2010. Um, we're really focused on the breach, secure analysis, 2015. So, um, and that, that is that it's really growing very, very rapidly or our business.

Uh, you know, as you said, right, more and more criminals are coming in and, and more and more businesses are starting to work. He got up and say, you know, we need to secure ourselves, not only with technology but, but raising awareness. Right. Exactly. So how many companies around the world use your services or do you just do us companies only?

No. So we are worldwide. We haven't done anything to we've advertised worldwide and you know, we're starting to get Australian partners in New Zealand and South Africa and Europeans. Awesome. How we're we're, you know, our names out there, but predominantly we're in the United States, um, have close to 35,000 customers using our platform.

That's amazing. Yeah, no, that's good because every single one we get on and we can get them educated as one less. That's the weakest link. And hopefully, we can make that, that entire chain as strong as possible. You know, my background in the military, I tell people these days that this is the very first time and in our United States history.

That our government and our military cannot actually protect us as citizens. We each are responsible for our own protection. And yet we have people who are doing this, these attacks and crafting there, we're studying their craft. If you will, 24 by seven, 365 days a year. And, um, And it's almost inconceivable that we as just little business owners might have to play against some big adversary like that, but that's a fact.

And so, um, you know, we are each responsible for our own security and I think we have to find a way to work together. You even if you want to call it a virtual team, um, so that we're making each other stronger in order to be able to make sure that the weakest link closest to us doesn't become victimized or compromised.

So, and you said it, you said the government can't protect us. Can't protect their own cities, their own, you know, States look at, look what happened in Texas in Baltimore and Atlanta, we are falling behind. And the other reason is. Cybercriminals. These are, these are organized crime. Okay.

Worldwide organized crime. I've seen that. One of the programmers who's writing malware ransomware paid close to a million dollars a year. Yeah. Hey, you know, and, and so that's, you know, they're getting the brightest people in the world to do this. So when you think about being outnumbered, we have employees and users that haven't been trained against worlds, class developers that are getting very good at their trade.

You know, we're outnumbered, you know, and if you look in the military where they're out, you know, we're out powered also. So how do we protect ourselves? That's a really good point. Let's talk about the threat that the interposes today to our way of life, our culture, and ultimately our freedom. We talked about trust earlier, but one of the things that I think is really interesting is that our culture, the trust in our culture, let's say the character of our culture is breaking down in lots of different ways.

You know, people like to be on their devices all the time. They don't talk to one another directly, anymore in a lot of cases, no face to face relationships. I know of one school that had their W2's all fished by the bad guys because they hadn't set up the right security technically. But more importantly, the conversation that, that school went, something like this, but one person who got the email.

Told the other person in the office. Well, do you think I really should send all these W2's to the superintendent and the other lady said, well, you know what happens is if you don't do what he says, so the culture within the organization, if it's not healthy, Actually lends itself so that people are afraid to pick up the phone and, and construct or verify, you know, what kind of email was sent.

Are you sure you really want me to send these W2's did you really ask for that instead? They just want it quickly off their plate, right? Where this fast-food society, everything fast. And in this particular instance with this particular cybersecurity industry, haste definitely makes waste. Yeah.

And, and you know, what we, what companies have to do is put those, you know, that two-factor authentication for humans, right? If you feel that that is something that, you know, if you're going to ask another employee, should I do this? You got to pick up the phone to call the superintendent. You have to be for you, make you transfer W2's before you pay a vendor with a new routing number.

You have to verify this because of every email. Could be AC you know, could be a potential scam. That's trying to trick you into doing something. So the days of just trusting and doing it, and the problem is it gets harder. Because the superintendent's email may have been compromised. You know, the superintendent may have fallen for some sort of scam inside of there, you know, email sending legitimate emails from their account.

That's, that's almost impossible to know, except they're asking you to do something that you should say. Hmm. I don't know if I really want to do that. They got to verify it. So, you know, it's gotta be a knee jerk reaction. I have to verify before doing anything that's going to cause me problems. Cause my organization problem.

Yeah, absolutely. We really do need to get back to where we are actually working with. One another face to face shaking hands and have a relationship that we can build on trust so that we know we can call them. And we're not afraid to, to go verify. So you talked about the email thing and I've seen several situations where customers were actually compromised.

Um, the. The, they probably had a Phish email at some point where they clicked on a link, but then after that fish went away, what happened was that the bad guy then forwarded, set a setting inside their email. So afforded all their emails to them, which wouldn't alert anyone that anything was actually happening and what they were doing then.

Is taking their time to do reconnaissance. They were looking for who holds the purse strings in this organization who are, who is what's the pecking order, and who is actually ACH money or who has the purse strings. Right. So, um, we've watched title companies and others who have had money ACH because they never bothered to pick up that phone and call that other person.

And they also look at how this person sends emails, actually analyzing their, you know, their communication. Are they putting their last name and the signature, you know, our first day, like where they say, say thanks, or they put in their initials, they get good at like, Oh, this is how this person. Starts to, you know, sends emails.

Um, we're going to send emails just like that. Right? Right. Exactly. They're not just doing reconnaissance to figure it out who is in the game here or where the money is actually flowing, but also how do I craft these emails? So it looks and sounds and feels like the actual person that I'm impersonating.

Right. And that's a really good point. Really good point. So then just to take it one other step, you know, say they're inside that superintendent's email. And they're all sort of looking on LinkedIn. The superintendent said I'm going to be at some conference. Okay. If I know that, then I can write it an email.

I'm at a conference. I don't have time to do it. You just transfer this money. Could you send me that information then? You know, it's not only the superintendent, but everybody knows what the superintendent is at that conference. How would they know? It's gotta be the superintendent makes it real. So you think about all that information that's out there that could be collected.

To really make, you know, believable scams or we've seen before, where they're waiting for someone to go on vacation. Yep. And they just, they, they make their target, uh, vulnerable while that CEO or the CIO or CFO is on vacation. And so yes, they have all the intelligence inside that email system and they're crafting their actual attack based on all of the reconnaissance that they're gleaming there.

So really, really good point. You know, Fox news lately had said that their reporting on cybersecurity is now the greatest threat to our nation at one point in the last month or so. So do you think that cybersecurity is the greatest threat to our nation and why? If you do it there, I don't know whether it's the greatest threat, but it is definitely a real threat, you know when you start looking at, at the impact to small businesses, to large businesses, but then you take it to the next step of, you know, could it.

Could it hit our utilities? Could it, you know, could, you know, look at ransomware or we're taking over and compromising, you know, um, systems that are our, you know, our core infrastructure could go down. Right. You know, if you keep going, you know, within, um, the internet ahead of things and you know, your, your smart homes, you smart refrigerators.

You know, could those be breached your smartphones or smartwatches, your, your pacemakers. So cybersecurity, as we know, it means everything. We're a connected society. So, you know, could bad guys, whether those are organized crimes, you know, you know, um, state-sponsored other companies, uh, other countries.

It could definitely if you take it to the worst case, it could be a huge threat, to us as a home. Yeah, absolutely. Yeah.
To all you listeners out there...STAY TUNED for Episode #3 of Are You The Weakest Link When It Comes To The Human Factor in Cyber Security?

No comments: