Businessweek Extra- Fortalice CEO - podcast episode cover

Businessweek Extra- Fortalice CEO

Bloomberg Businessweek
Mar 12, 202111 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Theresa Payton, CEO at Fortalice, discusses news of hackers breaching thousands of security-cameras in a data hack.

Hosts: Carol Massar and Tim Stenovec. Producer: Doni Holloway.

See omnystudio.com/listener for privacy information.

Transcript

Speaker 1

This is Bloomberg Business Week from Bloomberg Radio. I'm Carol Masser and I'm Tim Stunk. Welcome to the Bloomberg Business Week Extra, our weekly podcast bringing you a highlight or favorite or just really cool interview from the week. This one, it is a cool one. It's a timely discussion considering the Bloomberg exclusive on the group of hackers who breached a massive trove of security camera data and coming on the heels of two other major hacks. That's right, China's

global attack on Microsoft's popular email software. Tim, we got that last week or just about a week ago, and then of course the equally sprawling Russian attack discovered three months ago. A lot of folks are saying, we're not talking about all of this enough, and the stakes are getting even higher when it comes to cybersecurity. And once you listen to this interview, you they want to think twice about your home security cameras and connected home devices.

It certainly helped me think more about that great voice on this right, it's Theresa Peyton, former White House Chief Information Officer. Tim. She was the first woman to hold that position at the White House. She's also CEO at the cybersecurity advisorn strategy firm fortis this particular attack, although it's incredibly unfortunate because personal and confidential information was surveiled as these um hackers alerted everybody um and turned you know,

most everything over. But what does that mean for other hackers who potentially took advantage of this super admin access, this password that was out in password dumps of past data breaches. They're probably not the only ones who took advantage of that type of access, And so what does that mean? UM? So a couple of things, UM, this is an avoidable situation. Having super admin accounts should be incredibly rare, and this password should be changed very frequently.

That can be a great way to avoid something like this from happening, or to at least minimize the damages from the surveillance. The other thing that all companies can do, not just for cameras, but or employee access and very like critical information access is create a log in behavior analysis where you look at behavioral patterns. What times of day does this particular user or system log in, what's the Internet services provider they usually log into you? From,

what operating system? What type of device is being used? All of those can give you some baselines and some clues because you and I are creations of habit and when you see an anomaly, that could be a warning that that is not the system or the person who's the authorized user. It could be somebody else. You know. It's interesting too because I find if I log in on certain accounts and they're like, wait, we don't recognize this device that you're on, I certainly get a red flag.

I feel like this should be the norm. Is it not the norm? And you talk about the you know, admin account, it just sounds like these are basic cybersecurity steps to be taken, you know. But if you look across the country, are we not doing it? If we look across government, are these not being kind of normally done? Yea. Oftentimes it's not being done, and the burden rests squarely

on the shoulders of businesses, government organizations, and users. I mean, in this particular instance, you would think, if you're buying a security camera, it should be secure out of the box, and but the burden is actually on the business to say, well, wait a minute, let's make sure it doesn't have a default password. We'll wait a minute, let's let's make sure we have logging behaviors, you know, all of those things. Many businesses who don't do cybersecurity for a living expect

that to be in there, out of the box. And I keep asking the question, well, why isn't it, Like, why do we continue to put this burden on the purchaser of the technology. So that's a big reason why it's still missing from sort of daily operating routines of

many organizations. There when you look at in a world that I think about even my home, these smart homes, right, and we talk about smart cities and all these things that are in many ways making our world more connected, easier in some regards, But I wonder how much it's making it more vulnerable to our world easily being shut down. How do you see it? Yeah, I mean I I do believe we have reached sort of this critical mass where technology is truly ubiquitous. I mean to the point

where you don't even realize it's there. Between the smart devices in your home, the cameras in your laptops, your tablets. Maybe you have a camera on your door, maybe you unlock your door using an app on your phone. All of those different conveniences and advancements we have in our lives that some of us have learned, you know, like

you can't live without them. For many people UM, they are collecting patterns of life, and so that the challenge that we have is is our inability to secure data all UH this camera hacking, Allah wins, Microsoft, you know name the last SUF team, organizations that have been victims of a cybercrime. UM that data, as it gets collected, could in fact, in the future be used to do

a digital walk in on your life or mine. Those patterns are things that are used to identify you and I UM to give us health insurance, to create credit scores. And the question is is when do you and I get to opt in or opt out at that data collection and have it be aggregated under our name. Well, we don't write. I mean like you think about anytime you try to do something, if you don't opt in or agree basically to those documents that nobody can read,

you know, you can't access something. You know, you're increasingly your hands are tied. In terms of society. I have a question for you, and this is something that that's stuck with me many times. I did panels with UM tech leaders tech CEOs who would be like, yeah, um, my kid, I limit how much they're on social media. Yeah, I don't let my kid really spend a lot of time on a laptop or something. Do you limit kind of security access in your in your life, whether it's

cameras or smart homes or anything like? How do you? Because you're concerned, because you see the risk that's out there. I do so. For example, UM, we do have security cameras. They're outside the house. Uh, and and I managed them and I specifically didn't want baby cams in the house, um when my children were small, and I didn't want cameras inside the house. As a matter of fact, we actually have, um, a couple of smart home devices, you know those assistants like Alexa and Google Home. And we're

very specific where they are. As a matter of fact, they're located near our two rescue Great Pyrenees. And when we leave the house, they the Pyrenees like to listen to Ella Fitzgerald when we're not so who doesn't like to listen to Ella? I mean right that they have good case. But we'll actually just to make it a point with my children, UM, when we're talking about family matters or school or anything in particular that you wouldn't want to broadcast out on the internet. We make it

a point as a family to unplug those devices. We make it a point to make sure that those Internet of things devices are not as part of the family conversation. I mean, how many times have you said something to somebody and Serie wakes up and says, I'm sorry, I didn't understand you. Too many? Too often? Exactly exactly, So there is a way to integrate this technology to make

it work on your behalf. Just always understand that everything is hackable, and so you just have to be thinking about when this is compromised, what did it have access to? How could it be damaging to my family and friends who may have come in contact with it, And you'll operate a little differently and you'll be able to mitigate the damages that happen. And it's the same thing for business. Just thinking about that technology. It's great to have of

just assume it will be compromised. So what would the downstream impacts be if it were. It's like something to really really think about. Well, so then do you think like the story that our William Turton did, um you know about these group of hackers that say they breached all these security camera uh, you know, security cameras uh and their data collection to kind of show and remind the world or show the world kind of in an expose of like look at how easily you can be exposed?

Are they in many ways? Do you think doing us a service? And will people kind of wake up because of this? I wish I could say this would be everybody's wake up call, but everybody is so stressed and dizzy, and during this time of pandemic, we're all told to be away from each other. You know, before the pandemic, we were worried about screen time, and now we're worried about being within six feet of other people. UM. The other thing that I would say is I researchers who

do UM ethical hacking and produce the results. It does provide the greater good a good service. My caution to this group and other groups like them, as you could really do it with the right rules of engagement and approach, because you could have unintended consequences when you jump into something like this where you could have actually taken very important cameras by accident offline while you were doing what you were doing, and what if those cameras were vital

and important to national security and safety. So I always caution just because you can and you've got good intent, doesn't mean you should like really understand the rules of engagement before you engage in ethical white hack hacking. I know it's a good interview when our head of technical operations here at radios like sending me messages and like commenting on things you're saying, Like, I just know people

in general are just listening. So what's your advice? Just got about forty seconds, Um, Theresa, you know you understand this world. You're talking to companies, you're talking to individuals. What can we all do or at least what's one step that we should be taking when it comes to cybersecurity and concerns? Yeah, I think one step is have a playbook. Assume you could be breached or your technology

could fail you, and practice a digital disaster. It's the best thing that you can do to understand where your gaps your holes are. And hopefully you'll never need the playbook, but it can be a great way to just sort of get everybody rallied around trying to prevent that event

from happening. That was Theresa Peyton, former White House Chief Information Officer and CEO at Ford List you've been listening to Bloomberg Business Week Extra, be sure to listen to our Bloomberg Business Week Daily radio show, airing live Monday through Friday at two pm Wall Street time on Bloomberg Radio.

Watch us too on our daily broadcast on YouTube just search Bloomberg Global News and you can also see me on Bloomberg Quick Take, available at Bloomberg dot com, slash qt, and then streaming platforms like Roku, Apple TV, Samsung TV, and more. I'm Tim stead Of and I'm Carol Manzer. This is Bloombergh

Transcript source: Provided by creator in RSS feed: download file
For the best experience, listen in Metacast app for iOS or Android