This is Bloomberg Business Week with Carol Masser and Bloomberg Quick Takes Tim Stinovic from Bloomberg Radio. So I do want to get to our next guest, because, as we mentioned earlier, among our most read stories on the Bloomberg in the past day is about the group of hackers who breached a massive trove of security camera data. We talked about it earlier with Bloomberg News reporter William Turton.
He broke that story. This is coming on the heels of two other major hacks that we've already seen involving Microsoft, and of course earlier we saw certainly the other one that tapped into the government also tapped into the private sector. So let's get into it and see what Teresa Peyton has to say. She is former White House Chief Information Officer, first woman to do so. She's CEO at the cybersecurity advisory and strategy firm Ford List, and she joins us
on the phone from Charlotte, North Carolina. Teresa, so great to have you back. I've been looking forward to this conversation. How are you. I'm doing well, Carol, thanks for asking, and I've been like forward to the conversation as well. It's it's always a good one. You ask great questions and the conversation hopefully is always really great for your listeners to give them some points to take away back
in their business and personal life. Well, and I think that's the that's such a great thing to bring up because I think at this point, UM, I talked with Tom Siebel yesterday of of founder of Sebel Systems UH and A three C I or A A three AI. Excuse me, C three AI, I'll get it out. What's interesting is that we're seeing increasingly serious cybersecurity attacks come out.
UH and the one with the surveillance cameras was by a group that kind of wanted to just raise the attention of you know, how many surveillance cameras they're out there and essentially how easy it is to tap. What is the conversation that we're not having that you think
we need to be having around these attacks? Yeah, I mean this particular attack, although it's incredibly unfortunate because personal and confidential information was surveiled as these um hackers or did everybody um and turned you know, most everything over? But what does that mean for other hackers who potentially took advantage of the super admin access this password that was out in password dumps of past data breaches. They're probably not the only ones who took advantage of that
type of access, and so what does that mean? Um? So a couple of things. Um, this is an avoidable situation. Having super admin accounts should be incredibly rare, and this password should be changed very frequently. That can be a great way to avoid something like this from happening, or
to at least minimize the damages from the surveillance. The other thing that all companies can do, not just for cameras, but for employee access and very like critical information access is create a log in behavior analysis where you look at behavioral patterns. What times of day does this particular user or system log in, what's the Internet services provider they usually log into you from? What operating system? What type of devices being used? All of those can give
you some baselines and some clues. Because you and I are a creatures of habit, and when you see an anomaly, that could be a warning that that is not the system or the person who's the authorized user. It could be somebody else. You know. It's interesting too, because I find if I log in on certain accounts and they're like, wait, we don't recognize this device that you're on. I certainly get a red flag. I feel like this should be
the norm. Is it not the norm? And you talk about the you know, admin account, it just sounds like these are basic cybersecurity steps to be taken, you know. But if you look across the country, are we not doing it? If we look across government, are these not being kind of normally done? Yea. Oftentimes it's not being done, and the burden rests squarely on the shoulders of businesses,
government organizations, and users. I mean, in this particular instance, you would think, if you're buying a security camera, it should be secure out of the box, and but the burden is actually on the business to say, well, wait a minute, let's make sure it doesn't have a default password. We'll wait a minute, let's let's make sure we have logging behaviors, you know, all of those things. Many businesses who don't do cybersecurity for a living expect that to
be in there out of the box. And I keep asking the question, well, why isn't it, like, why do we continue to put this burden on the purchaser of the technology. So that's a big reason why it's still missing from sort of daily operating routines of many organizations. Teresa, when you look at in our world that I think about even my home, these smart homes, right, and we talk about smart cities and all these things that are in many ways making our world more connected, easier in
some regards. But I wonder how much it's making it more vulnerable to our world easily being shut down. How do you see it? Yeah, I mean I I do believe we have reached sort of this critical mass where technology is truly ubiquitous. I mean to the point where you don't even realize it's there. Between the smart devices in your home, the cameras in your laptops, your tablets.
Maybe you have a camera on your door, maybe you unlock your door using an app on your phone, all of those different conveniences and advancements we have in our lives that some of us have learned, you know, like you can't live without them. For many people, um, they are collecting patterns of life, and so that the challenge that we have is is our inability to secure data.
Allah this camera hacking, Allah, Solar winds, Microsoft, you know, name the last fifteen organizations that have been victims of a cybercrime. UM that data, as it gets collected, could in fact, in the future be used to do a digital walk in on your life or mine. Those those patterns are things that are used to identify you and I UM to give us health insurance, to create credit scores. And the question is is when do you and I get to opt in or opt out at that data
collection and have it be aggregated under our name. Well, we don't write. I mean like you think about any time you try to do something, if you don't opt in or agree basically to those documents that nobody can read, you know you can't access something. You know, you're increasingly your hands are tied. In terms of society, I have a question for you, and this is something that that's stuck with me many times. I did panels with UM tech leaders, tech CEOs who would be like, yeah, um
my kid, I limit how much they're on social media. Yeah, I don't let my kid really spend a lot of time on a laptop or something. Do you limit kind of security access in your in your life, whether it's cameras or smart homes or anything like? How because you're concerned because you see the risk that's out there. I do so for example, UM, we do have security cameras. They're outside the house. Uh and and I managed them and I specifically didn't want baby camps in the house.
Um when my children were small, and I didn't want cameras inside the house. As a matter of fact, we actually have, um, a couple of smart home devices, you know, those assistants like Alexa and Google Home. And we're very specific where they are. As a matter of fact, they're located near our two rescue Great Pyrenees And when we leave the house, they the Pyrenees like to listen to Ella Fitzgerald when we're gon. So who doesn't like to listen to Ella? I mean, right that they have good case.
But we'll actually just to make it a point with my children, UM, when we're talking about family matters or school or anything in particular that you wouldn't want to broadcast out on the internet, we make it a point as a family to unplug those devices. We make it a point to make sure that those Internet of Things devices are not as part of the family conversation. I mean, how many times have you said something to somebody and Serie wakes up and says, I'm sorry, I didn't understand
you too many too often exactly exactly. So there is a way to integrate this technology to make it work on your behalf. Just always understand that everything is hackable, and so you just have to be thinking about when this is compromised, what did it have access to? How could it be damaging to my family and friends who may have come in contact with it, And you'll operate a little differently and you'll be able to mitigate the damages that happen. And it's the same thing for business.
Just thinking about that technology. It's great to have just assume it will be compromised. So what would the downstream impacts be if it were. It's like something to really
really think about. Well, so then do you think like the story that are William Turton did um you know about these group of hackers that say they breached all these security camera uh you know, security cameras uh and their data collection to kind of show and remind the world or show the world kind of in an expose of like look at how easily you can be exposed? Are they in many ways do you think doing us a service? And will people kind of wake up because
of this. I wish I could say this would be everybody's wake up called, but everybody is so stressed and dizzy, and during this time of pandemic, we're all told to be away from each other. You know, before the pandemic, we were worried about screen time, and now we're worried about being within six feet of other people. UM. The other thing that I would say is I researchers who do UM ethical hacking and produce the results. It does
provide the greater good a good service. My caution to this group and other groups like them is used to really we do it with the right rules of engagement and approach, because you could have unintended consequences when you jump into something like this, where you could have actually taken very important cameras by accident offline while you were doing what you were doing, and what if those cameras
were vital and important to national security and safety. So I always caution just because you can and you've got good intent, doesn't mean you should like really understand the rules of engagement before you engage in ethical white hack hacking. I know it's a good interview when our head of technical operations here at radio is like sending me messages and like commenting on things you're saying, Like, I just know people in general are just listening. So what's your advice?
Just got about forty seconds, Um, Theresa, you know you understand this world. You're talking to companies, you're talking to individuals. What can we all do or at least, what's one step that we should be taking when it comes to cybersecurity and concerns? Yeah? I think one step is have a playbook. Assume you could be breached or your technology could fail you, and practice a digital disaster. It's the best thing that you can do to understand what your gaps,
your holes are. And hopefully you'll never need the playbook, but it can be a great way to just sort of get everybody rallied around trying to prevent that event from happening. Thank you so much, UM, really appreciate it, Teresa. Take care of yourself. Teresa Peyton, chief executive officer at fort Alis, former White House Chief Information Officer, joining us from North Carolina.