¶ Privacy and Security
All righty then . Ladies and gentlemen , welcome back to Privacy , please . Cameron Ivey , here hanging out with Gabe Gumbs how you doing , gabe , I'm good how you doing .
Doing well , doing well , getting ready to celebrate the independence of days . Yeah , the independence of the days . Yes , the independence of the days , ah , yes , the old tradition of the forefathers .
Yes , the independent . Ah yes , the old tradition of the forefathers . Buy some overly priced , expensive fireworks and take the chance of blowing your fingers off .
I'm ready for it I mean sounds , sounds like tradition , that ain't america yeah , I don't know what it is . I don't know what it is . I don't know what it is . M80s and apple pies they go well together . They go well . I hope everyone does stay safe out there this year .
Like , unfortunately we're joking , but it happens and I'm only half a degree away from someone that it happened to once a few years back and , oh man , not good . Like you're not interested in this kind of trauma , they lost four or five fingers on one hand . It's just not good . Be safe , Don't do anything stupid . No drinking and driving .
No setting off fireworks while drinking and driving .
Yeah , you don't want to be down the road where your friends nickname you nubs .
No , that's right , there's three headlines you don't want . John was breached by ransomware nubs . No , that's right , there's three headlines you don't want . John was breached by ransomware . Sorry John . Six months later , john has still not come back online because he was breached by ransomware . John lost four fingers in a fireworks drunk boating accident .
John's not doing so well .
John has some Real deep , introspective . You know , time he needs To spend really looking at himself in the mirror Asking himself why , john , why ? Why are these things happening to me ? Apologies if your name is John , yeah , sorry , john .
There's a lot of Johns out there . That was a good name to pick .
John Doe , that's the John I'm talking about .
You know who you are , Mr Doe .
Mr Doe knows who he is . He's always getting into some kind of shit . I love Doe .
Yeah , fried Doe .
Yeah , fresh bake is good too . Fried Doe Every country in the world has their own version of fried dough . Everyone out there knows what I'm talking about and they're just fabulous . Some people , some countries , sprinkle , you know , like confectionaries on it , like powdered sugar , other stuff . I'm full of savory stuff .
Some just some just serve it with butter , some just serve it as is .
It's fried dough , man so , speaking of that , I don't know what made me think of this , but , um , have you ever made pancakes ? But instead of making them pancakes , when you pour the batter into the pan start to break up all the mix and then make it into like little pieces .
So then you pour those little pieces into a bowl and then you dribble you you know , blueberries on top . I take like powdered peanut butter and mix it with egg whites and then pour that on top . Holy moly , and it's . It's like eating a healthy , cause . I make protein pancakes . It's like eating healthy . Like what's that dessert ? That's like the fried .
I don't know . We fried fried funnel cake .
So it's like . So it's almost like a funnel cake , like bowl that I make .
I'm going to need to go back and re-listen to this episode such that I capture that recipe again , because I am , so it's yummy and you can make good pancakes out of cottage cheese eggs and like protein powder or something to give it like a flavor , and then make pancakes , maybe some oatmeal in there or something with it to make it a little thicker it's good
anyways , I like it yeah so , speaking about let's , let's , let's talk a little bit . This is like our halfway point in the year .
We are just about halfway in the year . It moves fast , doesn't it ? Every year it happens .
And here we are about halfway through . You know what doesn't move fast ?
Yeah , the rated interest compounds .
Actually , you know what does move fast ? That definitely doesn't .
The ones and zeros ticking up in my bank account . Those don't move as fast as that . Yeah , those are very slow , yeah , I was going to say Increasing number of commas . Shit , those have been going up too fast . Those have been going up too fast .
We're only I don't know a few months out before the salty soot say returns and review some of his predictions for the year , but we figured we're halfway through the year . Let's check in so far and just you know how we do it , how we do it . We pulled some of the naughty numbers , but why don't we start with the positive ?
I think there's some good things that have happened this year so far . I mean , I'll open up with a couple of things . I think one of the things that we saw was some really , really great conversations around AI , governance and responsibility .
We spent a ton of time talking about how AI was all the doom and gloom and the world was going to end and all the privacy was going to be violated , et cetera , et cetera , and we definitely had some incidents and there's still a lot of work to be done .
But we saw some really , really great progress on the larger conversation about how we leverage it as businesses , as individuals , to improve our lives and our businesses . But how do we do that in responsible ways ? I thought there was really good work around that . I think in other sectors of privacy and security , some other really good things that have happened .
I think privacy tech is really starting to settle into its own , if you would . I think it is moving away from just , oh my God , we're just going to buy a cookie banner thing and throw that up and that's privacy , to really start investing in technology that enables the business to execute on its privacy goals . I think we see the same thing from security .
I think we see some really really good advancements in how we approach security , not from just a tooling perspective , but from a risk perspective . Not from just a tooling perspective , but from a risk perspective . I think things like ransomware has forced us to do that . It's okay , there is , you know , the change is here and we have to change .
With what else did you witness so far ?
this year in the privacy and security world that you want to give a shout out to everything that you said , but on top of it , you know you can see the shift in the privacy community in terms of new positions coming out .
I think the voice is out there a little bit louder in terms of I need more support for my security teams um , that kind of thing which is great to see . And , like you were talking about , the ai governance thing , some laws it seems like extremely quickly put together and put in place .
To be in this era I mean , you know , being born in the 80s , I've gone through almost everything , just like you have , in terms of technology , and it's fascinating to see the rapid speed of AI and privacy and state privacy laws as well of AI and privacy and state privacy laws as well , like with APRA , seeing some progress in terms .
I know there were some cancellations by the committee , but it's kind of cool to see that they're pushing for something bigger like GDPR over here in the States .
That is good stuff . The not-so-good news yeah , not-so-good stuff . The not-so-good stuff . The not so good yeah , not so good stuff , the not so good stuff . Where we're only halfway through the year and we have seen a staggering 2741 publicly disclosed incidents of data breaches , and this is just in the united states .
And this , by the way , does does dip into last year a little bit . So these numbers cover from november 23 to april 24 . So you there's a bit of a lagging indicator , if you want to call it that . The indicator here would be things are not well . One every 17 seconds . I saw some
¶ Rising Threat of Ransomware Attacks
reports on , I saw some reports that mirrored similar things , but ultimately , I think we see it in the news . We were joking at the top of the show . There's another one , there's another one and someone just got it with ransomware . There it is . There it is before I even finished that sentence .
Yeah , we were joking about the headlines , but I was also talking to you , cam , earlier today , reflecting on the trajectory that we've watched ransomware take from being a nuisance .
We've seen a lot in technology over the last 30 years and in that last 30 years we've watched it go from nuisance to it'll put you right out of business , from nuisance to it'll put you out of business . And so , yeah , the halfway point of this year is not looking great . I don't know what was the worst of the worst of those months .
Who can we credit to this Gabe ? Is this the USA report ? Data Breaches and Cybertax USA report yeah , it is .
That's exactly who it is , and we'll drop creds to this report on the show . Make sure we tag them and point out those sources . But that is what this is from .
Now , I know you were voicing some strong opinions about ransomware . There's that I don't know if we stated this yet the ransomware and supply chain attacks .
They're up there . They continue to be one of the number one ways that businesses are affected , and I mean how do we not have an answer to that ?
Do we never have an answer to it ? Is it just one of those ?
things that have an answer to what to ransomware .
Yeah .
Oh , there are answers . There are definitely answers , and it is relatively easy to perpetrate . And the business model has democratized it such that ransomware gangs have affiliate members that can carry out their dirty work and get kicked in for a percentage .
As for the answers , you need three things you need to make sure your data is safe , you need to make sure it's recoverable and you need to do so in a manner that doesn't break the freaking bank , because that's the reason why a lot of to your question about what answer do we have ?
A lot of answers don't get sought or executed on because people choose to do nothing , and then they're not malicious , they're not like , oh well , I just do nothing . They're making shitty trade-offs between what they have to do and I see it every day .
But if but those three things that data safe , that data being recoverable and doing it , uh , economically those things will will help you against rash , they will prevent ransomware . They will not necessarily prevent it from going away , in the same way that , like you know , a flu shot doesn't prevent the flu from existing .
Um , but maybe I shouldn't have brought up flus . I don't want my anti-vax people canceling . It's like stay subscribed . Stay subscribed . Anti-vax people .
They're coming for you .
They are coming for me . They know what I'm about to say Don't at me , don't at me , don't at him .
Don't at him , don't at him .
No , you're not .
It's not going to happen ?
It's not going to happen .
It is not impossible .
It is not impossible for us to put an end to the scourge . Why do I say that ? It's not like these are zero days for the most part , for frick's sake , right . It's not like , oh no , we will never stop a zero day because it happens that fast . Like that's not how ransomware is happening . It's not how it's happening at all .
They're dwelling , they're taking the time they get into the stuff , they're hitting the backups to make sure you can't recover like . We have answers . We have answers . If we make it less profitable such that we never pay them , they'll change their mode , their , their motive . They'll change their modus operandi . They'll go to something different . For what it's worth .
That doesn't mean we won't then be greeted with a different problem yeah , right am I , am I right now right ?
yeah , oh , sorry , go now . I was gonna say am I reading this right ? It says look at that number , for there's a monthly breakdown . Um , for you know , from , like you were saying , from november 23 to april of 24 , what is april ? That much more than everybody else . It's like what happened in April . Am I reading that number right ?
That number is 4,277,728,098 records breach . You , sir , are reading that number correctly . And there's nothing nowhere near that . That dwarfs everything else . The last one that was that big was in December . There were 1 billion , 1.6 billion . I'll just round it . 1.6 billion . I'll just round 1.6 billion . Actually I'm rounding down .
But whatever , 1.6 billion in december . I want to . I want to be intellectually honest there . We're journalists after all . Right , can't you see your little handwritten ? It says it right there press in my cap . I wrote it in the paper and I stuck it in my hand . I am depressed now . Um , what happened in april ?
yeah , shit , I mean it's such a good month man got my birthday in april .
What happened in april there ? Was the that there was that mother of all breaches , but I think that was prior to that . Uh , misconfigured google firebase websites that exposed a whole ton of shit . Uh , yeah with google yeah , no we gotta go dig in . Yeah , we gotta go dig into .
Uh , we gotta go dig into that a bit more and see exactly what pushed that number up quite so high .
It's crazy , though yeah , that's a big . Yeah , I definitely want to know a little bit more about that . But uh , if anybody listening knows , now's not the time .
Now's not the time to get all dejected , though we can . We can definitely put . We can put a lot of this genie back in the box not all of it , but we can put a lot of it back in the bottom . There's not a good enough reason why we should have , you know , four billion records breached in in a month and that's just the us . That's wild .
That's just the us this report at all .
I'm not sure if I see it , but um , is there a a trend in um organization or , uh , the type of organization that's mostly hit the most particularly ?
it . It does seem fairly scattered , um , I mean there's's some clusters right , like in the healthcare space and such , but it's equally opportunistic . No one's safe because it's easy . Wow , yeah , it's easy . I take you offline , you pay right . This isn't just even about exposing records any longer .
I mean , that is problematic for most businesses , but this is very much a hey , you're going to get caught in headline number two . Headline number one was we breach you . Headline number two is you're still offline . Maybe you pay us . Maybe you pay us if you want to get back online .
It's unfortunate .
Not to know that I'm not picking on anyone , but we watched the LA Unified School District . Not to know that I'm not picking on anyone , but we watched the LA Unified School District . I feel so very had to have been a stressful environment to have been in . They were down for months , down for months , months , months , months . That's another trend we see .
Most of the folks , even if they pay the ransom , they're not getting their data back . They don't get their data back even if they pay the ransom . Some folks paid it this year . They got nothing back . There was some nonsense in there . One of the affiliate groups ran off with the money . Whatever , doesn't matter , business is still closed .
Oh , I got some . I got some statistics here . I I opened , I went a little deeper . Let me see if I can . Oh yeah , you're good , but before we wrap this up real quick , looks like there was it's between , like , hospitality and leisure insurance , it services and software . It's all over the place , yeah .
It's all over the place .
Well , anyways , this is pretty fascinating Gabe . Anything else you want to ?
No , it's a good check-in . We're going to do a little blog cast action on it . One of the things we'll be talking about in our next live show related . We're going to be talking a bit more about embracing privacy and security and how that can
¶ Exploring Business Impact of Privacy
really affect the operations of your business . Right ? Which is really what we're talking about here today is these numbers are getting worse , but it's gone from nuisance to put you out out of business , so right , what do we have for that live show ?
who's coming on for that live show ? Um , that is amit . Uh , amit dannenberg . Um , she'll be on with us , um , on july 16th .
I'm excited looking forward to that so we've , got episodes between now and then .
Of course , listeners , but that's the next live show that is the next live one , so register , join us and we'll see you guys there .
I appreciate it , David .