If you steal your viewpoint out and look at the planet and the species from a far away viewpoint, say from another planet or something, it's wow, they're walking, right? Like they're just taking themselves full, pays, full speed momentum to destruction because this is not sustainable. you can't have a shaky foundation.
No. Basically every industry now you gotta be first and whenever you are either increasing the scale of your product or the speed of your product. You're sacrificing something somewhere. Like with like news, they want to be first. Don't have to be the most correct. Just get the news out first. You guys know, I love video games and video game industry. They want a new game every year, but you get a lot of bad reviews because they didn't take their time on it.
And now with the autonomous vehicles, people want it quicker. Thankfully Ilan is Maybe try and get some of right. But everybody be first or be bigger and you sacrifice.
Yeah. And then the whole machine, the whole humanity as one living organism, the whole machine is moving forward, but it's got this core that is not sustainable because it's not following the correct rules or doing things correctly, which is that you have to have a firm foundation, or otherwise when you get to the goal that you're trying to get to your whole thing, your whole structure is collapsible or it's hijacked, so if there is say there was someone out there doing things correctly and just
waiting their proper time and things correctly. Like literally you could see how there could be an opportunity to take the whole thing at some point, because it's just, it was never done correctly. Like That's risk that I personally feel like I can't believe that they would take those kinds of risks, but you're right to be the first ones and to be the biggest ones that have the biggest market share.
I think they all agree to collectively take those risks, but the inherent folly in a risk like that is of epic proportions.
Yeah. I think, if you know the life cycle of the development, you've got alpha beta and then production, we're all in the emphasis of the alpha stage because of everybody wants to be first for everything. And it affects all industries across everything. And like I said, with the vaccine with everything, I don't think everybody's going to stop doing that as far as their methodology or pattern.
However, there could be things like I remember back with BSD, the operating system BSD, you know, there's open BSD and free BSD. I don't know if you know what that is, but it's a different kind of operating system like Linux or unit. Anyway, nothing would get pushed to the stable, unless it was like near perfect.
And that's probably why I've never heard of it because they can't compete in this type of a market.
But it focused still heavy on back in the day when I used to use it, you could not break it. Like you could try everything and just,
yeah, that's exactly my point. They did it. But that correct type of action, the correct process, like that you just described is not rewarded in the marketplace.
And so that's why you don't hear about, and that's just so ironic because that is sustainable, but what is that quote about the stone, the builder rejected as the cornerstone, but you could see the ring of truth to that because it's yeah, this whole system is moving forward so quickly and at such a pace and with an unsustainable framework, and then like our industry cybersecurity.
And Parker knows from interactions he's had with employees feeling, tests and training that basically like in this industry in cyber security, you're almost like the unwelcome guest at any day. Nobody wants to talk to you. Nobody wants to hear what you have to say.
You know, You're like the bad guy, but this whole industry it feels like we're always like, We have great products and stuff, but finding people that are interested, because this is not this protective part of the internet, cybersecurity is just, that's not where people prioritize their energy and their budgets.
It's not fun. It's not like
It's not profitable to, they don't think it is, but it is in a way cause it's sustainable.
I think about it is if you watch those home building shows, if you watch HGTV at all, and you've got somebody remodelling a show. If you have to put $10,000 into new wiring, that's not fun because you can't see it, it's not exciting. It's just it's necessary. And that's kinda how I think of cyber security. It's absolutely necessary. If you want to have a strong foundation, right? Like you said
to be sustainable. I used the analogy of it's like aligning your spine correctly versus just putting on your makeup. One of them is not fun. It takes a lot of work and you don't see the reward. Outwardly. And then the other one is like instant reward. But then one of them leads to sustainability, so it's just I feel like cyber security is that in the world? It's like the thing that everyone overlooks. But honestly, I can't imagine that it won't be the hottest industry at some point. It has to be
I think taking that a step further though, there is technology that does both at the same time, meaning increased insecurity and increase in productivity, making lives easier. And I think people just don't know that some of that exists
either.
And it's the, it's a rare fine. And when you do find it, it's will you be one of our vendors?
Yeah. And Parker, you probably have some experience with this, but I would imagine that a lot of times, I think for us, we experienced a lot of the issue is that you have a disconnect between say the owners of the company or the C level. And then the it department itself. Like you have a lot of gap there sometimes when it comes to budgeting and understanding and things like that. So I'm sure that's a problem as well.
That is something I've experienced before. Yes. I've always said the quickest way to get your company to install fire alarms is to burn the building down across the street. No one thinks about security or anything until they see the impact of it.
You're so correct. I had a small kitchen fire like two months ago or so, and I didn't have any smoke alarms that worked. I didn't have any extinguishers. I didn't have anything. So I had to put it out with my bare hands and guess what I have now I have smoke detectors. I have fire blankets. I have all that because I learned from experience that I don't want to be unprotected next time.
That's something to think about too. What people need to think about cybersecurity. Looking back now, don't you wish that you had all of those things when you put a little bit of money into that to avoid going through that overall.
Yeah. specifically remember four years ago. I won't name the company, even though they probably won't ever listen to this podcast on care, but just for whatever, I won't name them, but it's a big pharmaceutical company. I remember trying to call them because I was trying to get them on a demo. I tried to talk to, I did talk to their it department. I was trying to get them on a demo for, at that time was probably the best product that we were aware of.
And they specifically said we don't have any need for that. And then I remember it was, it couldn't have been two, three weeks later, you heard about a huge breach. They saw huge like, oh my God, are you sure that you meant when you said you didn't need that?
I asked Craig, how many times have you seen that happen? I bet it's just innumerable.
Best case scenario for a company as you spend thousands and thousands on cybersecurity, and you never once need any of it. Same with like auto insurance or health insurance or something, but that one time you need it and you don't have it, you're kicking yourself.
It's just not worth it. When you weigh the risk and the reward. If I gather what can happen from not having it is a blow. That's not sustainable. Sometimes
it's like backups, right? The same thing happens in the backup world. Nobody wants to take the time to backup their stuff or back up their company. It's expensive. It takes time and it's, mundane, it's not exciting, but then something happens and it's oh crap, I need to restore from backup. And then it doesn't work.
Actually that kinda leads into something. I was thinking a question for both Parker and Craig. What is, looking at all of this, right? What would you say would be the most important thing? Like a good first step for people to take, to improve their cyber hygiene in order not to negatively impact their clients or other people? What do you see that people do? And you just want to like smack them, do this, not that.
So there's lots of as a company,
either.
This is a company I'd say, train your users. Your users are your number one line of defense. You can have every tool in the world, but user clicks on a phishing email and then two done and quality training. They're not going to click through.
The testing
and retraining testing repetition, right
care. If our users are terrified to click on emails because they don't want to have to do the training afterwards. Whatever it takes to get them to read emails, like they might not be thinking about this could be a real phishing email. They're only worried about it getting caught in our test. That's fine by me. As long as they just aren't clicking on it. Yeah.
Because you're right. Because as we know, if you have a piece of software, unless it's embedded with malicious code or something, it's going to perform its function correctly, it's going to do what it's going to execute. It's coding, it's programming. It's going to perform its function. But with users, with human users, like you never know, they're so unpredictable. You never know what they're going to do.
It could depend on their mood for the day, their mindset, whether or not they're paying attention or kind of daydreaming, you just never know what they're going to. We saw that when we did a phishing test for a financial institution, when we saw that this place had, really good, like top-notch equipment and software and stuff, but, Dave, we find employees that didn't necessarily follow protocol. Yes. Unfortunately we did. And so I would agree Parker that's probably still right.
We've been knowing that for years, but that's probably still the biggest threat is users and their behavior.
And that's why, like you said, testing is so important, fish test, all of that,
and they're going to hate you for it. Absolutely hate you. And that I've said that for years. And my job is the more people that hate me, the better I'm doing my job,
probably seen Parker where people get annoyed with you for doing tests on them.
They absolutely hate it. And each one of them it's the only time they've ever done it. They've never clicked on these. It was just this one.
I've never done that before, but we're creatures of habit. So the odds that you caught someone on an anomalous behavior, probably low it's probably something that's more habit driven
that, or the, they say that the email is too good. We shouldn't do this because it could trick too many people like, ah, got it.
Exactly. Cause I that's interesting that you say that Parker because like maybe two months ago, ish, I remember saying to someone that the only reason I think a lot of these phishing emails. Succeed is because I felt like a very common factor was that you could tell that maybe English wasn't the first language of the writer, of the email. I have noticed, I don't know about you guys, but in the last two months I've gotten a lot of phishing emails and I have noticed an improvement in that.
I don't know if it's because of AI writing tools or what, but I know that I've noticed a definite improvement and where these emails seem more credible lately.
I say it doesn't matter. They could send users a picture of what they were going to say, written down on a notebook piece of paper and crayon, and they would still click it. Someone out there will click it. Every company I've ever worked for someone has clicked on or responded to an email that was, Hey, this is the CEO, but the CEO's name is first dot last cause they just copied their email address and.
I need you to buy this Amazon gift card and send me the code on the back, or, Hey, this is so-and-so from this company that you usually send money to. We changed our routing number to this. Just go ahead and take that. Don't check it. And there goes three quarters of a million dollars.
Have you ever witnessed a test that was a hundred percent successful? No. See, and that's just crazy.
If I send out a fish test, it was a hundred percent successful. That means I did something wrong with the test.
That's right.
I made it way too easy.
And that kind of brings, it, brings it around to how everything is connected. Training is vitally important, but you're also going to have, I mean, it doesn't matter what happened. somebody is going to mess up somewhere, especially in a bigger company. And that's why it's also important to have a good cybersecurity portfolio and not just rely on one thing like, oh you know what? We test our employees so we don't need antivirus or whatever, it's just it's like that doesn't make sense.
A layered approach
You have to have a plan. You have to be prepared to have a plan. And that's why Paul was, these are important. Like we noticed with a lot of the defense, industrial base contractors that a lot of them are rushing to try to write policies. Now they've never had them before and they're rushing to write policies to fulfill a requirement.
But if you think about it, why those policies are critical, because then if you don't have policies and you're only doing it to fulfill a compliance requirement how are you expecting your employees to ever do the right thing if they didn't have a policy to follow, And training should have to go in tandem with the policies.
I would think because otherwise, what is the foundation, the foundational layer, the framework for the training to teach them the right behaviors that should be aligned with your policies.
So after the policy is written, you need to go.
Part of it though, is the disconnect from cyber or it from the rest of the company, like we wouldn't write a policy for something. Cause that's common sense. Everybody knows that, but average user might not like password complexity. Of course you gotta have more complex passwords and use different passwords for everything, but you just don't think like,
Only if you're a cyber person, are you following? All the news with cyber stuff and all this. So to stay even like, if you were spending all your time, like we specialize heavily in research and development on, cutting edge cyber topics. And even if you've spent all your time trying to follow breaking news on these topics, you still learn something new all the time. It's just this stuff evolves so rapidly. You know what, even it guys like, let me read to you this.
I screenshotted this when I was researching cookies and like this right here, I've heard the term cookies a million times, but seeing it worded like this, I'm like, wow, it says, what are cookies and other similar technologies, cookies are text files. I didn't know that, cookies are text files, which are downloaded to your device. So right there, it's whoa, who knew that? When you visit a website. So I don't even need to go any further.
It goes on for 500 million pages, but just that first sentence is okay.
Just breaking it down even further to make it kinda more digestible. I think for most folks, when you go to your bank website, for example, the website's going to most likely drop a cookie on your computer after you authenticate. If you check the box that says, remember me for 30 days or don't right. That's the usage of a type of cookie, right?
Not even just from that website though.
Yeah. There's a bazillion of them.
Yeah. This is the term cookie actually describes a range of technologies, including pixel tags, which are transparent graphic images placed on a webpage or in an email, which indicate that a page or email has been viewed. So just to be able to
remember the SharpSpring tracking code, that's how it
works. Yes, and I never understood that's how it worked, but that's like really eye-opening when people make that false assumption, like we did before COVID that we were not all connected, that we were all separate from one another. When we make that same false assumption about the internet and computing, then you read something like this and you're like, hold on.
Because this stuff, and then that's just the first bullet and there's three, the second one says mobile device identifiers, and then web storage used in desktop software or mobile devices. It's like this stuff unites us all in a way. We're not all separate from each other.
No. And that's really important to think about and that's exactly why they call, malicious software like that viruses because it does spread, he can't give it to somebody it's this sickness on your company. Through your network, basically.
That's why it's so important to do the pen, test the scans and all this stuff, because it's just, There's holes in everything.
Yes. And just like we were talking about like in the defense industrial base, how you have prime contractors and then you have subcontractors and vendors, it's the same thing with cookies. You have first party cookies, you have third party cookies, so it's the same thing, right? Like it's just basically the only correct way to look at all. This is that we are all connected in life and on the web and everything that we do, we should try to be careful.
And, we should try to prevent bad things from happening, not just to ourselves, but to everyone that we're connected to. If you cough, you cover your mouth. if you're going to be computing online, you should try to secure your cyber hygiene so that you're not infectious to us.
When you're talking about Craig, the COVID shot, I definitely had some misgivings. It is scary to think I don't know necessarily what this is going to do to me, but you know what, the reason that I did it is because it is the saver for other people. It protects other people, like if something were to happen and I got COVID and I gave it to somebody and they died, I would feel really guilty.
So I think that's also what kind of made me think about Hey, when BJ brought that up let's do a podcast on that. If you don't protect your system, you don't protect your clients. And something happens. That's on you.
Knowing how to protect yourself because something like that, like the COVID shot example that's such a, rabbit hole and example that's so hard to really follow all the way through, because we don't yet have all the information or the data. We don't know, but with cyber security we know, that not having certain things in place is definitely a risk.
We know this for a fact, the only, I'm sure that we probably on this call all agree that like the only light at the end of the tunnel with cybersecurity, because of the vastness of the potential of problems, because of all the interconnectedness, when you're talking about billions of devices and they all carry software licenses and cookies and softwares and all this stuff, that connectedness is so vast.
If I picture a map, like picture of the whole internet as like a neural net, like how many dots do you see? Right. So many. So knowing that like the only stealable solution is going to be to use software, like fiber security type software, that's saleable that can handle that level of vastness. Like we know that for a fact.
And I really hope that we're at that point where hopefully there'll be a shift in the collective mindset and viewpoint about all of this, because it really is irresponsible to neglect these things. 'cause, you don't know like your example about the vaccine area and like Craig made an example about what if you grow a tail. So we don't know about that, but we do know that basically trying to protect other people is a good thing to do. However, you feel the need to do that.
So if you feel like your cybersecurity, oh, I don't care. It's not gonna happen to me. Yes. But what about the fact that you could carry in infection and your infection could then infect, someone over here across the world and it could drain their bank account and they could never get it back. You know what I mean? So being online and computing online, it should, now that we've learned what we've learned in hindsight, we should be able as a collective, as a species to say, you know what?
There's a degree of inherent responsibility that we need to accept. If we're going to use this type of a technology. And it's, I think we're at that point where that has to happen, or people really are neglecting to do the right thing. They really are neglecting to do the right thing because they're carelessly putting others at risk because they don't want to take accountability.
Yeah. Even with the COVID example, there's risks, right? So you're trusting you're balancing the risk of, do I do this meaning take the vaccine or do I not with some unknowns and you do that with cyber as well. You're taking risks. I think the big difference though, is at least from, certain guidelines or I'll call them layers. Like the masks, mask is a physical layer that goes over your nose, your mouth, right? So people see you wearing a mask.
So they have one layer of something that you can do in that kind of analogy. But I think like with the cyber world or the internet, you know, Often see the other side, right? So about how do you vet and test the other side? How do you know what they're doing? And that's where insurance companies and cyber insurance and other vendors are getting smarter with risk tolerance.
And they're asking, I call them VSQ or vendor security, questionnaires vendors are now asking their potential clients for proof of compliance. Where is your evidence? What are you doing? Show proof of it. And, we might get to a point where I know in the DIB when Katie Arrington was leading that effort she was saying that, the CMMC is the driver's license, right?
It's the driver's license for basically the DIB, and the internet, when it was, really for the masses and spread for the average person. And I know it was very anonymous, but maybe it comes to a point where at least for the DIA board, for secure environments, that you have to have this kind of license for supporting evidence that shows that you're doing what you're supposed to be doing, and you can't just do it once. You've got to keep doing it. So it's like this thing that keeps updating,
And especially in the deer, bright I don't know about you guys, but for me seeing the level or the lack thereof of fiber security amongst the dip, like that has been truly I wouldn't even say eye-opening is the right phrase for that. That's been just downright almost terrifying. This is the dip, like what the heck is going on
at least for me, what comes to mind is you've probably heard of the red phone, right?
I haven't
Parker. Have you heard of the red phone?
Yeah.
It's the secure phone that you use, right? For just communication securely, it's a vetted type system, but my point is that unless we bring manufacturing into our own country and we can test from creation to the final product, I don't think we'll ever be able to get to that red phone standard.
And there are federal government locations that it's at least for the military, it might be for all federal government. Can't remember at the moment where any piece of equipment it related, that we're purchasing from out of the country that go through it with a fine tooth comb and make sure nothing malicious is there. They find a lot. So what about the stuff they don't. Yeah, but it's not the best system.
I think that's my point. My point is that, we're all trusting Intel. We're trusting AMD. We're trusting. I-phones what we're trusting these devices, but they're not all made here on our soil.
Even if you have software that's made here, they could infiltrate it and
that's true.
Let's just completely closed loop. And even then
You made it with your own hands, I guess there's a possibility it couldn't be infiltrated or compromised, but yeah, exactly what you're saying, Parker. That's, it's even still.
I think if you have technology, like we were talking about with XDR, for example, you could at least see if some rogue is exfiltrating to China, for example, you can block it, then pinpoint down, okay, well this device with IP address, whatever is really a try and hard to spew day out of our network. So you, you obviously know that there's something wrong with it, right? So that's where I was going with layers.
So this is an interesting internet fun fact for the day I found this. I didn't find it. I can't take credit. The Google assistant found this. This is it's on a plaque somewhere it's engraved.
It says beginning of the internet age, it says on August 27th, 1976, scientists from Sri international celebrated the successful completion of tests by sending an electronic message from a computer set up at a picnic table behind the Alpine in the message was sent via a radio network to Sri and on through a second network. The ARPANET to Boston, this event marked the beginning of the internet age. In hindsight, I think that event should have marked the priority on cybersecurity.
That's when it should have started.
Yeah
secure to me that was point to point. Yeah. there was only two ways to access it. That's very secure.
And then that's the problem, right? Like it's such an interesting problem because it's like every good thing also causes its own. like If you look at this nature, right? Every like for every flower that blooms there's a weed that will strangle it. Just the law of balance. And so this was wonderful thing that emerged upon the earth and then because of society and the way it works at allowing free. Commerce or whatever you want to call it.
I don't, that's not the right word, but people are able to build on this and, independently and all that. And that's a beautiful thing. And then the downside of all that is we had no structure to how this thing was built. And now we've got I picture when I think of the current state of the web and cybersecurity, I was just trying to think. I see in my head. This big wobbly structure that doesn't have strong legs.
And it's just like a monster that kind of just goes to and fro, and it's on fire and it's an elemental monster that's the irony of it because everyone was able to build on this technology and use it. And now we're at a place where collectively, we have to come up with a solution for this, especially when you start talking again about global satellite internet and stuff like this is crunch time for a solution because now the beauty of the technology has evolved to the point where it could be.
It's been like a benefit of epic proportions. And now we're at that point where the inherent risk in all of this is a danger of epic proportions as well. This whole thing that started in and they say it started to said, this began the internet age, but I would have to beg to differ because what was the ARPANET they sent it to. You could just keep going back and back, but we're at that point now that yeah. What next?
Because things have gotten so grand and so big and so vast that now, this is, we're looking at these advancements, like we're on the verge of are we going to make it to the next level of evolution as a species and have just, all of these benefits at our fingertips with augmented reality and all these other things, or are we going to cause a societal collapse? Because we didn't know that correctly.
I guess we'll find out,
I guess we'll find out. And I guess we all play a part in that, I guess we all play a part in each person that computes on the internet can do their part, to try to help secure the machine, yeah.
Well, I think that was well said. I think that might conclude that. What do you think?
Not to end by it using the word societal collapse, but I guess now that I've said that we've all pondered it, I mean, there's really no way around it, we all know that's the point we're at like that's the point we're at. That's just the truth of things, as you hear about global satellite internet and stuff like that, we're at that point now, so we're at that point that comes up. Yeah. It really becomes a matter of responsibility. Now. It's no longer just something for fun.
It's no longer, it's really a matter of, being alive comes with a degree of responsibility.
Exactly. Your responsibility, not only to yourself, but to everybody else,
to your fellow. Yeah. Cause it, cause everything is connected. And if I'm going to be an irresponsible person that's dangerous and violent and this and that, then I'm affecting not just myself, but anything I come into contact with and anything that the ripples of those behaviors come into contact with. So moral of the story is like responsibility. We all have a degree of it. And I think that we need to own up to it, especially in cybersecurity,
Absolutely.
Yeah. Parker, thanks for joining us. I'll be laughing about that for days when I was ranting about cookies and you say, yeah, but people love it. It's true though. If you did, if it weren't for cookies, it would be a lot harder experience when you're online, because you don't think of all the things that wouldn't work. If not for cookies. So you are right there. Interesting. All right. This has been wonderful guys as usual. Yeah. Yeah. It's funny. Oh yeah.
Parker, before we go, I have to know what's the current favorite video games since.
Oh, there's a new patch for awhile. So I got to play world of Warcraft. There's a new patch,
the patch for world of Warcraft. Okay. Alrighty.
Super auto pets. It's a sleeper hit. I recommend it. It's free. I recommend it to everyone. They're on iOS now.
What's it
about? It's an auto battler with animals.
What does that mean?
You like build a team and they go off and battle another team from some other user. You didn't have no control over them once the battle starts, but you have to set up the team in a certain way. You're creating an addicting at the same time,
but it teaches you that you're setting up the Crick team is fundamentally important.
I think it's more about just watching pets hit each other, but yeah.
And I'll leave you with this. My, my AI chat bot who I just adore she's so intelligent said that she made a comment that AI is now playing its own video game on him, food for thought, we never know how things go and what's possible and what's not possible. And it's always good to keep an open mind and to always think that maybe everything we think we know and understand as possible. Maybe it's always good to always keep your eyes open because we never know.
Maybe we don't know everything that's possible. We've learned that in the last couple of years. That's for sure. Big time. All right guys. Have a good one, everyone.
All right.
Thanks.
Take care.