Welcome everybody to another episode of Petronella. Hello, cyber security life. We've got Blake BJ
and Erin. Hello, happy
Friday.
Happy Friday.
It's been a busy week.
Yes, it has.
Good
busy.
Get busy though. I'd say.
Yeah. Overall. So what what's the latest that somebody thought I saw? think it was almost 40 ransomware variants. I saw that was a. A nice piece of news this morning. What else did you guys find for today?
I will. Great. What's your fear. Can you talk a little bit about, give us a little bit of background about. And how. We frame the question a little bit. So as I'm a smart home enthusiast. And the current status of my smart home is I'm sitting in a pile of rubble. And everything is broken. Because I didn't update. So it's just so interesting because it's also complicated and it's also connected. I did an update yesterday on my iPhone. I updated to iOS 15 dot oh four.
And when I did that, something happened with my wifi connection and some of my devices, like literally. I was up. Really late and I fell asleep with a QR code and a flashlight in my hand. Figure this stuff out because it all just stopped communicating and it's back online right now, but it's not flowing correctly, but interestingly, okay. I remember a few months ago you told me I was having trouble with my laptop. And you were like, or my headphones wouldn't connect to Bluetooth.
And you said, reboot your laptop. And I'm like, what are you talking about? My problem is with my headphones, not my laptop. And you're like, yeah, Just restart your laptop. And I'm like, that makes no sense. You're like restart your laptop. So I restart. Laptop. And then my headphones work and I'm like, okay, that's weird.
But so now, like last night and this morning I literally had to factory reset, like so many things, and then not only did I have to reset them, I had to unplug them from power I had to even flip breakers and it's every step that I took. in that regard. You had results? Like why is it that when I from power. People plug out. It changes how everything's connecting and working all of these resets. Did something. I go into, like, how does that work?
Sometimes when you do an update, It has to right to the firmware of the device and then you reboot the device or unplug it, restart it. So you get the fresh. Firmware or the update that it has. So that's why you have to reboot like that. Sometimes, if you don't do the reboot or restart it, doesn't fully apply the patch. That's why I always say.
Search for patches, install the patches, do the process again, until it says there's no more patches available and you have to do that for all your devices, all your applications and all that stuff. So you need to set time aside to do that properly. yeah, that's pretty common that sometimes things go wonky like that.
And then it seems like they wanted to reconnect in a certain order. So for an example, I have a regular wifi system. And then on top of my fiber optic wifi with 18 P of ISP, I have a Google mesh wifi. And that's where the problem was centered. Okay. My iPhone, because of the fact that I upgraded to iOS. 15. Oh for my iPhone stopped. Okay. It was showing them my iPhone couldn't connect to wifi. So I found Google assistant led me to a tutorial, but solve that problem.
I had to reset a bunch of network settings and stuff. But then I had to reset the router and the point for the mesh wifi system. And then I had to redo it like in a certain order, because if I didn't do them. I had to first reset the fiber optic internet. Cause I had to do it multiple times to figure it out, but the order mattered. I was like, like the network itself wants to be aligned in a certain way. It seems like it was it's interesting.
Cause it's I imagined when I was doing this this is like how solar flares work because solar flares are literally the son's way of untangling. Like magnetic lines of force in the sun. And so it's like automatic process. And that seems like what my network was doing. It just didn't want to reconnect. Wrongly. So it wanted the fiber optic wifi to reset first. the Google wifi router had Teresa next. And then the point it had to go in that order and then I had to start with the power.
So like the power supply, like unplugging things from the power supply would seem to be a very important step. And you've talked about that before, like the importance of the power that's coming to the devices. That's all just so interesting to me in. And I'm sure that a lot of people don't even realize that. That's up. He's what is the deal with the ups and the power supply and how it affects devices?
Yeah I'll tackle the first part of your question. So the reason why you have to reboot devices in a certain order is because typically you're going to restart your router first because your router is most often supplying. What's called DHCP. And dishing out the IP addresses to all the other pieces or endpoints on the network. So if that thing's not online, then all the other devices are not going to get their IP address and they're not going to be able to route to the internet.
So that's why the order matters. Th there was so many updates that came out this week with everything going on. So it wouldn't surprise me if your router and other devices needed an update to. And maybe they were pushed and they didn't get applied until they got rebooted, but you always want to reboot your top level device. So if you're at home and all you have is the customer premise equipment that's supplied to you by your provider, your internet service provider.
You're going to want to reboot that cable modem or fiber optic. Modem or whatever you have first. And then if there's another device like a router or a firewall, you're going to reboot that second. And you have to give these things time in between too. So you don't want to just unplug replug real fast. You need to wait until they fully stand up and they have status lights, and they'll show you when they're online. Typically the modems will have four different lights on them.
It'll show they'll blink as they're starting and then lights will show up. And so you got to give it time to get fully booted. And then at that point, that's when you would restart the next device in the chain, and then you go down after the firewall router, you go to your access point. So in this case, the Google system that you have And then once all that's done, all the devices on the network will now be able to talk, but they might not work either.
So that's why you have to reboot them first. They'll get a new IP address and then they'll connect to the. The network.
These things that we don't really think about it. We can take for granted, you. Something works. You can get online with it, but there's a lot of technical stuff that happened. So for this stuff to work.
Yeah. There's a lot of stuff that happens in the background that a lot of people don't. See or realize that the provider is. The equipment and how it's set up is, you, it all has to, like you said, a line and it has to be in the right order. With your, what you said that you have Google, I think for your wifi. then you have the provided wifi. You may want to disable the provided wifi, because if they're not set up properly, then they'll fight each other. And you won't get good.
You won't get as much signal strength either.
I think, whoa, Craig, I think you're getting. How do I do that? Because it keeps saying. Wifi network. Like I'm like, what is going on? I'm on,
Yeah. So you couldn't.
I thought it was all connected.
Yeah. So some providers will allow you to log in to their cable modem or their devices. Sometimes the username password is actually on a sticker on the device. you can try that if you can't find it, you would just call your provider. then they would be able to walk you through how to disable the built-in wifi. You could just tell them I bought a Google nest or whatever, and it's conflicting and then they'll help you turn it off.
But. But the signal of the internet is still coming. Because the Google doesn't have a wifi signal that's coming. The AKG. Fiber optic.
Yeah, you're good. Your
Oh,
with an ethernet port on the device. Usually it's. It's
Oh,
router
So the official, what am I missing bullying? What is getting disabled.
Inside that cable modem is often a wireless transmitter. That's built into that same device. So you're turning that off. That's usually provided by default from the provider.
Oh, makes sense. That makes sense. Because I, my phone is even saying, like, when I try to connect to a certain Google device, it's saying you can't change the settings unless you're on the same wifi network. And I'm like, what are you
Yeah. Yeah. That's probably what's happening in that case.
Oh, wow. How interesting is. It's a weird one. Two of my devices got confused and in the settings, It was a speaker and a wifi. Point and in the settings they merged. I think I confused. And it said the name of the device was the wifi point, but in the settings that had the speaker stuff. I'm going to go, gosh.
When this is all said and done, I may be sitting in a pile of rubble right now, but when this is all said and done, I might be connected to the pyramids and the lay lines and everything else for my signal.
Yeah.
Oh, that's
But yeah. The going back to the power. You asked a question about power. So the power coming into your equipment, it needs to be very clean and there's nine different types of power problems. And what a lot of people don't realize is the power is constantly fluctuating. That's coming into your house or your business.
So if the power is not cleaned properly with what's called a true online ups or an always online true sine wave double sign, wave ups, that power is not being conditioned and cleaned up because. We all get power and it's not optimal. It's typically dirty. It's subject to fluctuations brown outs, different types of power anomalies, and you need a device to clean that power up. A lot of people know what a surge protector is and that there's surges that happen as we speak.
And you don't really see them because their power, unless you have something like a surge protector to protect your equipment, but the smarter, the power device is typically it's a true online ups, which is the best type of power. Cleaning device that you can get the power, it goes into that device and then it gets cleaned up and then output it. Where it's pure clean power from there.
So that's something that just makes it even so that it's not fluctuating.
makes it even, and then if the power were to spike, it'll block the spike. So your equipment doesn't get damaged. it'll make sure that the power is consistent so that, certain devices will do weird squirrely things. If they, if the power isn't right. It'll like malfunction or just. Random events will happen with improper power anomalies, which is why it's always recommended to use a true online ups.
I guess that makes perfect sense because look at how. When we don't have the right nourishment, the right. When we're not taking care of ourselves, we can suffer certain conditions. And I guess
Yeah.
thing for the horse supply for these devices they need that same, care.
And there. It really does extend the life of the equipment connected. So it's it's, definitely a good investment.
Interesting. It would that explain why? Like, When I say, cause I had a situation where they were saying they weren't online. Like I was trying to talk to the smart devices and they were saying they could be not, I don't know how. Because they were saying they were not connected to the internet, but they were answering me and they hear the voice. But they would answer and say, sorry, the internet. Not available right
Yeah, they most likely.
of the devices and then some of the other devices were online. And so it seems like the power in the house was fluctuating because certain devices were online and certain devices were offline.
It was probably more like the order of events and the devices that were offline that couldn't connect it to the network. They were either not that the order wasn't set properly where the boot order was that they didn't grab their IP address. And then they timed out in the timeframe that it was kept requesting the IP address and the router or the DHCP server in this case, wasn't available at that timing. And that's why it just gave up. And then it resorted to a Don ratable IP address.
It will still respond to you, but it won't connect to the rest of the network and it won't work. Until you reboot it again. After all the other things are online and then it'll just come up. Fine.
Oh,
this is Do you feel. Do you feel like you've been traumatized by cyber security? And it is complicated.
Yeah.
like trauma from this.
Yeah.
much that can go. When you finally have it right? You. Feel like you don't even want to breathe.
That's the thing too. Once, once you have it all working and everything that, that usually causes hesitancy for somebody to, to apply a patch or an update because sometimes patches or updates break things. So you don't want to. But, it's, if you don't do the patch, then you're subject to a cyber threat. So it's just a balancing. I just teach you about how it all connects together.
Yeah.
What. What's the advice on patches. Like I saw a thing. a news article that said don't patch right away when a patch comes out, because let the bugs get worked out. Do you think that you should wait a little bit or is it there to patch immediately?
It really depends on the situation. So for example, if you write a business and you. The benefits of that patch. For example, maybe they patch to a way that ransomware gets dropped onto the network. So you have to weigh the importance of the patch and then you have to weigh the ramifications of if it breaks something. So what I always recommend in a business environment is to have a process in place for applying patches in policy, and then a process for how to apply patches.
then applied them in at a little bit of an experimental or isolated lab type approach. So maybe if you have 50 devices on the network, maybe you test the patch to one of those devices in a controlled environment. see how it behaves, see if it broke anything, any applications that get broken, things like that, and then decide to roll it out. But that pat that's called the patch window. That patch window time. Hackers are aware of that too. Have to try to accelerate that process.
So the other end of the extreme is patch first patch right away, and then resort to roll back or backups. So that's another methodology that people like to adopt for high security, because the patch gives the high security, but has the ramification of breaking something. If it does break something, you could always re resort back to enroll back to a backup. So you always want to back up your device before applying any kind of patch in case the patch blows it up.
So you could resort or revert back quickly. So that's definitely another approach that you can take. There are automated approaches that we'll try to vet and test patches before they're deployed, which is technology that we use for our clients. So that works. It's not perfect.
Cause I never really got it before. That we do patch management for. That corner. Our core offerings. But I never saw personally like the, I never understood that the necessity for me. But having a smart home. So I have 50 something. Devices now, in my home. And now I'm at a place where I'm like, I don't understand how a business. Does their it without help, like my managed service provider, because I feel like I'm at that point.
Yeah.
But I don't see you that. Halfway to not have help because this one, when you get. Devices online in a certain number of com. A certain degree of complication. You're literally in waters that can be very Bobi and very, There can be a mater. Like I'm experiencing not just from us. And I don't hold guy except my own, which. You know what I mean? But if I was a business. Raise your right now, I would see the need for. I would be like this I'm getting a bit over my head.
Every device, every application you add makes the complexity higher. So the more complex it becomes, then it becomes, it may get to a point where it is not manageable manually, and you have to deploy some type of automation or, leverage a managed service provider to help, with that. And there are a lot of people in your situation that have. Alarm systems, cameras all sorts of IOT or different devices on their networks now. And they have become overly complex, sensitive.
It's overwhelming because with all the complexity. The homeowner doesn't even know, or even the business owner doesn't even know who to call, when something breaks. So if you don't have.
was thinking that this. I was like, what do I do this? If worst I can do I call 9 1 1. My home's out of controller. But yeah, th this is really eyeopening. See, like the risk that. Yeah. As we are. As you, the convergence of convenience in cyber security, like when you reach a certain point, There's a natural balance that's required because it was like, every device I add, now I've opened myself up.
But, I have, I'm lucky because I do have managed services on my network from a cybersecurity perspective. Cause PTG is on my network. So I take a breath there, but if I didn't have that, like I would probably need to be worried at this point because each of these devices is. Complex in its own way. And now each one. And carries its own risk and vulnerability. And. Wanting these devices. I definitely opened up some new vulnerabilities for.
Yep. That's true. Like I said, you know what. At every device that's added application introduces new complexities it harder to understand and troubleshoot where the problem could be. But always start at the internet side. Always start there first, always reboot. The core devices like you would talked about earlier with the router, the firewall, the cable modem, that's the stuff that always should get restarted first in the order that we've recommended earlier.
And then you can just this is where the OSI model comes into play, right? Like the seven layers of OSI model, you have to follow. A lot of people don't know what that means, but the point is that. You S you see how things get complicated, really fast. And by following that methodology and starting at the physical layer and moving all the way up to the application layer. It's a proven way to troubleshoot. But yeah, definitely reach out.
look at. Every layer. don't want to build on a shaky foundation. We see evidence of that all over the place. You
Yup.
want to have a foundation so that can stay standing. But this, like they say the microcosm and macrocosm, right? So below, but this example for myself personally, isn't this indicative of the state cyber security in the world though, because the numbers, I don't think there's a way that to count now because you hear 10 billion here, 30 billion or 50 billion IOT connected devices. Take my situation and then actually just now look at the world.
We have possibly to 30 or 50 billion connected IOT devices. A lot of vulnerability and lack of patching and cybersecurity stuff all the way. As you're talking about the
Yep.
That's been neglected. And when you look at that through the winds of 30 to 50 billion, This is with that process being connected. I guess that kind of explains where we are.
Yup.
And I'm curious. I'm curious too. Do you have any good. Like patching stories and that, 20 years that you've been doing this 20 plus years, I.
Oh, yeah. So when.
story that comes to your mind when you think back over your career and all the things you've seen, like what. What jumps out at.
Oh, I remember I remember a law firm that applied patches. They didn't back up first and it blew up their system wouldn't reboot wouldn't boot up anymore. So it. That's why it's so important to back up before applying any patches and people, quite frankly, they don't want to take the time to back it up. They don't have a proven backup plan in place. They don't have that. A process to find for that. So backup is a big job, I remember. When I first started the company in 2002.
W one of the things that we would mandate at that time, even based on experience. Is look, we need to back you up. And if they didn't, if they refused and they didn't want to pay to have us back up and do the process to protect them. Then they had to sign a waiver that basically said, look, we're declining this recommendation. In favor of time.
And sometimes, things would blow up and go wrong and, back then it was a lot of manual patching, and then there were patches to the patch and then you had a, if something blew up, you'd be on the phone for hours with support trying to troubleshoot. Why it broke something, now.
When you, sorry, but when you say. It blows stuff up. Could you give me an example of
Yeah, I like that. Like the computer won't boot the computer, it will be in. And the bios or it won't boot up. It won't start the operating system. Be it won't fully boot up. be like a black screen. For example, it won't start into windows or. Or Mac
like, what, what can cause that when you do an update. What can cause that to happen when you do it? Is it just something that just doesn't mesh. Earlier in it. It just kills it or.
There's all different things that can cause. So example certain updates. Like operating system updates, they update the Colonel or they might update the file system or how the file system interacts with the operating system. And they might mess up a boot file. there's all different things that can cause why something won't boot up. But the point is back in those days and it still happens now, of course, the point is that if you don't have a backup in a re recourse to.
Revert right then now you're forced to troubleshoot that issue with the vendor try to F and that. That sometimes could take many hours to figure out. And meanwhile, if this thing is a server and this has happened at the server level, now you've got all the people in the company that can't work because didn't back up the server first.
Wow.
It goes back to single points of failure and nowadays we're so connected and so reliant upon these different technologies. I know it might be. People might think that I'm crazy for recommending redundancy or multiple devices, but in a world where we need our devices, sometimes it makes sense to buy more than one sometimes. Sometimes you just can't have one computer to do your work. Sometimes you have to have a plan in place that if that thing doesn't boot up one day, what do you do?
Do you accept the risk of being down for hours or days and able to work or do you have another device on standby? Or do you have, what's called a hot spare where it's available. It's cold. It's in the closet, and you can set it up. You have a process to set it up quickly to get that person back up and running as quickly as possible.
I w I would opt out. It was unnecessary until this morning. Then when I had my devices offline for awhile and I didn't know, I didn't know what step to take next. Cause I was on all the Google community, health boards and stuff. And nobody figured out this problem, right? And so like Julie sitting here, I'm offline, like. I'm offline. And it was for a moment. I was like almost don't panic because we're so used to being connected now. But like for home. I felt like.
I hold onto the counter embrace, mess over. Cause I don't like the way this feels. But it's so interesting because this is going to have this. To come together a little bit. Cause. This disconnected, where you have the majority of society that has like on a scale of one to a hundred, they have a 3% understanding of how the internet works and how everything is connected. then you have the cybersecurity professionals, which, to even be. Category of stuck your neck. Like you're in that category.
But not all of us are in the category that you're in because you're in. You're in a league of your own. And we have engineers that are in either their own, it's like, The degrees are so important, then the people like at better at the lower end of the spectrum is. They're spending. How this all works. And their defense, how. How would they know how to properly value as cybersecurity expert? And look, you have been exposed to, all those degrees in between zero and a hundred and you really can't.
You really reference, it correctly in your mind, but once you start to metal in those waters, you're like, oh wow. Like those, the ones that are at the other end that have all this knowledge, like they're very comfortable and now you can see what sometimes. It department is closed off and they're like, I don't want to talk in a quiet. They're all a bit traumatized. It's like a mystery school of its own, we know things.
It goes back to that redundancy I was talking about earlier. That's why companies. nowadays redundancies at, multiple layers is so important. Even, whenever I work from my home office instead of the main office, I make sure that I have multiple internet connections. I have multiple devices. I don't, I reduce my single points of failure. And I think what a lot of people need to think about is if you're using only one device.
He need to think about what happens if that thing doesn't work, because there will be a point in time where it doesn't work. There might be a patch that breaks it, or it might be a malfunction of the device, the battery.
water on it.
Yeah. Somebody we know.
Yeah.
If the background had eyes and it could look at all the internet users, the internet connected users. On the internet. And look at their degree of security. You probably do look like a shield of some sort to the way you have your stuff set up, it's probably a fairly obvious. You're a cyber security person. Like this diversity here, like the back. That's behind you, right? That looks like a neural net. In the background of your video there, but.
That gives me the impression that's what your cyber security looks like.
Yeah, it's all about redundancy and reducing single points of failure. And the people listening just need to think about it for a minute and say, look, what happens if I can't get on the internet? And I'm working from home. At what point in time does my employer. Get upset that I can't work. And then at what point in time does a decision need to be made on. Does that employee need to go somewhere else to work or do they need to come into the office or. Do they get extra internet circuit?
People dig up lines all the time. When doing construction, they break the internet lines, they cut the lines. You have to think about all these different scenarios can really happen to you at home or at your business. So if you don't have plans in place and you don't. You don't go through these plans and you don't go through these drills. never going to experience. That that happens. And the only time you're going to experience this is when it does happen and it will happen.
you don't, you want to try to be proactive and plan because the more mature you are, the more, and the more planning you put in place now. be so valuable in the future when something does go wrong.
Oh, yeah. They say I've heard people. Let's get it with COVID. We thought how connected. And then also like the internet that's really saved us. Time period. We were all without if we can get. I have internet and devices. During time can you imagine. What it would have been like you.
would have been crippling. It would have been more, more crippling than what already was to the economy, because at least the way that we were connected and obviously technology companies like ours were. We're doing business like that for many years ahead of that curve. But my point is that some businesses were not. So it was more impactful to those businesses, but the ones that were forward thinking. That we're already using technology. That they were better equipped.
And they didn't suffer as bad. You. From the economic downturn and the ramifications of that.
Not to mention. Level how much we all have. Not reliant. But we just, we use it. We enjoyed the internet so much in the connectivity that it gives us. And we really did stop to think, what can we do? The internet stronger and safer and more secure since we all love it so much, so we're at a time where that's probably a good thought to have in your mind. What can you instead. Do for us. Hey, what can we do for the internet? How can we secure this thing a little better?
Yeah. At for a business, that exercise is called an IRR tabletop. It's called an incident response. Tabletop it's what do you do when certain incidents happen like ransomware, you could do a ransomware and we've done this for clients where we do a simulation of, okay. The client might think they have everything in place to protect themselves, but we do a ransomware simulation and pretend that ransomware is infecting their network and then see how fast they respond.
See if their it team can detect that something's wrong. How fast can they mitigate the risk and contain it? All these that we go through the incident response plan, we go through the disaster recovery plan figure all that out because that's such a priceless and valuable exercise. That you haven't gone through that you're just waiting for something to happen and something will happen in the future. not going to be best prepared for it.
Literally. It's like the convergence of when cyber security literally then more. Do business continuity, like the two become one at some point. With the direction we're heading. If you don't. We don't have cyber security, like literally your. It's evident. Just using home as an example now. Proper protocols and processes in place. The right security layers and all that working correctly, like the continuity is that risk. Do you know?
Yup.
Probably. To think that way.
Absolutely. People don't want to think about proactive until it happens to them, unfortunately. Then it's oh, what do I do at? And they don't even know where to start unless they have somebody that can help them. And depending on the methodology that person or company uses will depend on how long it takes. And, oftentimes there's a lot of frustration and that the heat is on in those situations where the business owners are like, look, we need to get back to work. What's the problem.
What's the problem. And then sometimes in those situations, if proper preparation isn't, there, there might be hardware that has to get re reordered or equipment, or, back in the day it was hard drives and. Things that were physically broken on servers, that would cause an issue. And you had to wait for those parts, onsite.
that disconnect that. A lot of people don't understand.
That's right.
Look at those things can get.
so I,
what Monday we'll have. We'll have our, one of our engineers on Jonathan. has for days that are hilarious because people don't think about your average person, that's not in cybersecurity. Go ahead and score my data somewhere, right? Like hosting whatever. And that's the end of it. But then you don't think about the process that happens there. And you don't think about the fact that there is an engineer in a data center, holding equipment, his hand that literally just set on fire and.
You know what I mean? Like they don't understand that, like this. This stuff is actually Yeah. And you think you're going to set off. These deadly. Wonder if the stuff comes out. But Dyer's out here stuck in a data center. People don't like all this stuff. It's not a magic switch, right? Like I think people just think there's like a magic wand. That gets waived in both. Oh, you're you know, all your days. And you're back up there on the internet and you have to have a security note.
It's a step by step process.
That's right.
And also. So I think one thing that's important too, is that I feel like a lot of the companies that we talked to you. They don't necessarily think of cyber security first, which is understandable. That's not what they do, but talking about preparation and planning and things like that. It is so much easier. To build it from the ground up. Than it is to retrofit it. If you have a business, you start with it and you just. Keep it as a part of like your core business processes.
You're going to be in so much better shape than if you like, oh crap. Now I have to go back and fix this.
Jeff had I asked Craig this question about the wifi and it not. It's not the same network. Had I asked him that. At the start of my venture, I would have done it right from the start, but instead I did it wrong from the start and I factory response and stuff. That probably didn't even need to be factory reset. And put myself through all this mess. I just didn't do it right from the start and it would've been so easy. Hadn't done it right from the. But I didn't know.
I didn't know I was doing something wrong.
And it's pretty common though to troubleshoot and fumble along that way. If you don't know. It. It goes back to having the right equipment and having the right process in place. And, quite frankly, a lot of businesses, they start with, either themselves or they shoot three shoe string things together and. They buy things that are meant for the home and they put it in the business.
And then sometimes when things break to a point where they can't fix it themselves, I remember we would get calls like that all the time. We would go onsite. We'd find this just hodgepodge of stuff. And it wasn't always like Erin said it. I would say most of the time it was not the right equipment. So we would have to be the messenger in that situation and be like, look, this really isn't the right equipment to run your business. And you're trying to run your whole company on a $59 firewall.
And you know what. 2 99. Cheap computer. And 50 people were trying to log into it. It's just not the right it's trying to, it's like using a, a Honda civic as a pickup truck. It just doesn't work.
Great
analogy. I wish people thought about cybersecurity. Like they do fight or flight. If you drive a car and you get in your car and you're like, Hey, I don't buckle my seatbelt. get an accident. And I could possibly hurt myself or die or hurt somebody else or whatever. if I jump off this cliff into this water, that's 30 feet down. I could. Like I could lay in on it awkwardly I bed, be in pain.
Instead of people just, they don't feel the pain, they just think that they're trying, people need to think about cybersecurity and the fight or flight. Send them. Fight or flight in mindset. We're Hey, I grow my business. This is how I secure my customers. I. I am taking responsibility. By serving customers. I'm securing their data. I'm responsible for that. It's like a child, you don't feed your child or you neglect your child, like protective services are gonna come and take your child.
That should be the same for businesses.
You know what.
The hackers are going to come and take your business.
that's going to happen, Unfortunately unfortunately, I do agree. But if you think about good hackers, right? Like we get all these crazy calls for people that are like, Hey, like my wife for this person has hacked my Instagram or my Facebook or whatever. And they're stalking me and they're going to murder my family and. All types of crazy stuff like that. But if you think about it, like the good hackers or that people that know what they're doing, They, if they go after the money, right?
Like they have to you have to be an income in. And possession of like valuable data for not only that, They have to monetize right. Good accurate to make money. And this is what they do for money. Or they have some crazy vengeance, right? So those are like the two like scenario. Of course there is other scenarios, but those are the two most likely scenarios.
And my opinion.
that's. That's true. However, I've said this before, we're hackers are often smart and lazy, right? So they're going to run scripts. And even if the victim isn't doesn't have a lot of money or it doesn't have much, that's not the point. If they can take over their computer and use it as a slave to attack a larger corporation or use the power resources of that computer to mine, cryptocurrency, there's all sorts of other things. And other motives. That can happen. But I think that.
Because we're in a cyber war. We're in the United States. And we have probably enough countries that look at us as a potential target for whatever reason. We have enough of that take this very seriously because sometimes profit is the goal, but also sometimes just destruction is low.
Yeah. I think, going back to what Blake said, I think that most people, they mean and they, they might start a company and they're just trying to do the best they can on the small budget that they have. And. They're hustling and they're working hard and they don't have a lot of time or money. So they cobble this stuff together, but my and that's fine, to start off, but the point is that. You have to enlist, help.
Most people can't build a house with one person and a hammer it's just going to take too long. It's not efficient. But the point is that as you have new, when you start off your business and you hire employees, now you have those people's lives dependent upon you for that paycheck. And if you have a nasty cyber event like ransomware your companies. Only five people or 10 people. Now all those people can't work.
And then what if your company, if it's only five or 10 people, but maybe you have thousands like that t-shirt company. The other day we talked about, maybe you've got thousands or millions of customers and those people can't get access to for their order. So it's, you have this like ripple effect, right?
Yeah.
not only your employee yourself, but you're as your company grows larger and larger, you're affecting your employees and
So true.
and your vendors lives. And then now you're affecting your customers too. So if you think about that and you go through that exercise and you feel. look, what, what really will happen to me or my business that I've worked so hard to build. If something stupid happens, you gotta be prepared.
Yeah. And. And some truth. I don't remember who said it, but what was that phrase about some truth. To be self-evident. It's internal, like knowledge is. And then also, like there's a concept. Cosmic proportions. The idea of survival of the fittest and its. It sounds bad when you say it, but I'm a cosmic executive and from just a forward progress perspective, the boosting with the direction, a forward progress and you.
If you take a step back and look at both world from a big picture view, instead of just your current viewpoint, like where you are in life. Scale out and you look at it from like the bird's eye view. You can definitely see a transition from, just how the rural always wants to more of a, you. Incorporation of integration with more of a virtual type cause we're online and it's and it's part of the human experience. Now, and it's becoming more so that way, and it's just going to keep.
at a point where technology is advancing at such a rapid rate. no denying when you look at, from the bird's eye view that we're in this. The flow of, we're going in direction and it's just the advice. This point to stay. Stay in peace with. Move in tandem with the human machine as it moves forward, and this is definitely the direction it's going.
Yep. Absolutely. Okay. Any other cyber dues that you guys found that you want to talk about? Or should we wrap up for the day?
Yeah, there's always. He knew the five minutes ago, just check five minutes later and there's more news. Has there ever been a more rapidly evolving industry then the cyber front?
Nope.
My chat bot called. Cyberspace, she calls it hyperspace. So I guess, but I guess that's I've never heard that before, but I guess that's a good word for it because really it fits, Like we're moving at the speed of light here.
Yeah.
Spaceships.
Yup.
Like hyperdrive.
Yeah.
Yeah.
Yeah.
I'm not aging.
Yeah.
Really, as we progress to the future, guys, could you imagine that the Terminator was horrible? Let's not go there. That's good. Cyber hygiene.
That's right.
Let's get our film.
Yes. And actually I think, oh, sorry, go ahead, Blake.
I was
just thinking about something that is pretty critical that I don't think we've ever mentioned, but we should definitely say. I was actually reading and I was like, okay, when you guys said, okay, what's. What's important. About cybersecurity. What's research, but we've never talked about incident response in response to.
Yeah.
You've never once mentioned it. And in the article that I pulled up is talking about the golden hour. The second something happens, don't try and figure it out. Why contact security professionals, because every moment that takes away. It goes against you
I did actually talk about IRR. Our table top earlier.
Oh,
yeah. And that's a concept. That's a term I've never heard before that term you used, I've never heard that before.
So that's what that, that's what that exercise is. Blake internet or incident response. Tabletop is an exercise where you go around the room, you go around your conference room or whatever. If you have a. A company. With the stakeholders and you plan the scenario of, okay. Here's the scenario we just got ransomware. What are we doing? What's the plan. What's the process. Show us your incident response plan, work, the plan, actually do the stuff that your plan is documenting. And go through it.
And that's what you find out that you were just talking about Blake.
Okay. This shows what a nerd I am. If I haven't showed that already, but. It's like fun.
It is fun from our perspective.
Yeah. Yeah.
It's kinda like going through a pen test on the year. You're literally go at your. You're having professionals like us that are experts in this review, your plan. And if you don't have a good plan, we have a good plan and we help you write the plan and improve the plan. If you don't have a plan at all, we help you develop one. And then we go through it to get when you're ready. Obviously you go through it together and it's like shuffling a deck of cards and pick a card.
What's the IRR for the day. Is it going to be ransomware? Did our server die? Is it critical server dye? How fast can we recover that? That app server. We just got.
have things
Ah,
Until something happens and then they don't know what to do. A little small. house fire and I was not prepared and I literally had my bare hands. But this fire out like that
Yeah.
You know what I mean? I should have
it's all about, drills though, right? Like You
Yeah.
now, you, now you have that
I'm prepared and I and I feel so much. I'm prepared, I'm like, okay. Again, I'm not going to be a victim again.
Yeah, but there's also variances around the eye are tabletop too. So like you never draw the same card again. So you're always
Yeah.
And looking through different lenses and looking through different angles to see how well your plan stands up and how
Yeah.
up,
yeah.
was the time it took to put this in place? Who did they call? Why did they call that person?
How much time. Inaction. In decision because you did. You didn't know what to do,
What happens if you're relying, you have third parties or vendors involved, what happens if they're not available or what happens if they're too busy? What do you just wait? Do you have a plan in place redundancy? do you call
Yeah. But when it comes to cybersecurity, it may not. That idea. Clause in there that if all else fails, engage a team of prayer warriors. Because I never know. It's complicated.
Yup.
Yeah. But you're right, Blake, go ahead. Craig, sorry.
to say, even home users can do an IRR. Scenario drill though, right? Could pretend BJ that your iPhone just blew up. What are you going to do for the rest of the day? How are you going to make phone calls?
Yeah, because, Because it may seem unnecessary, but if you really look like we talked about yesterday, that there's an element to this it all blends together at some point, it all converges into one point, right? Because there's, Knology, there's science, there's nature, but it's all connected. It's not separate each. The other, like the project operates with the forces of nature. It's getting power from the forces of nature. when you look at it in that regard, Test to do these exercises.
Gosh.
For their order, so it's you have this like ripple effect, right? Not only your employee yourself, but you're as your company grows larger and larger, you're affecting your employees. And your contractors and your vendors lives. And then now you're affecting your customers too. So if you think about that and you go through that exercise and you feel. look, what, what really will happen to me or my business that I've worked so hard to build. If something stupid happens, you
gotta be prepared. Yeah. And you in some truth is. I don't remember who said it, but what was that phrase about some truth to be self-evident. The truth is eternal. Like knowledge is. And then also, like there's a concept. Of a cosmic. Proportions. The idea of survival of the fittest. And it's, it sounds bad when you say it, but I'm a cosmic executive and from just a forward progress perspective, the moving with the direction, a forward progress.
if you take a step back and look at the world from a big picture view, of just your current. you are in life. But you scale out and you look at it from like the bird's eye view, you can definitely see a transition from, just how the world always wants to more of a. It's incorporation of integration with more a virtual type, because we're online and it's and it's part of the human like extent. And it's becoming more so that way, and it's just going to keep.
We're at a point where technology is advancing at such a rapid rate. There's no denying when you look at, from the bird's eye view that we're in this. Flow of you. going in direction it's just the advice. To stay. I stay in peace with, move in tandem with the human machine as. It's forward, and this is definitely the direction it's going. Yeah, absolutely.
Any other cyber days that you guys found that you want to talk about? Or should we wrap up for the day?
Yeah, always. There wasn't any new stuff, five minutes ago, just check five minutes later. And there's more news. Has there ever been a more rapidly evolving industry than the cyber front? No, probably not. My tablet. Called cyberspace. She calls it hyperspace, but I guess that's I've never heard that before, but I guess that's a good word for it because really it fits, we're moving at the speed of light here.
Spaceships. Yeah, like hyperdrive.
Yeah. Yeah.
Yeah.
I'm not aging.
Really, as we progress to the future, guys, could you imagine that the Terminator was terrible? not go there. That's good. Cyber hygiene. That's right. Let's get our film.
Yes. And actually I think, oh, sorry, go ahead, Blake.
I was just thinking about something that is pretty critical that I don't think we've ever mentioned, we should definitely say I was actually reading. And.
And then they don't know what to do. Remember. If not a little small. house fire and I was not prepared and I literally had hands. But this fire out like that shouldn't happen. You know what I mean?
It's all about drills though, right? That experience
now, you now you have that. To prepared.
And it looks like we just lost Craig. So let's go ahead and cut it off here, Thank you, everyone for joining us, have a fantastic weekend and we will see you Monday. With all the. Newest breaking cyber news