¶ Cyber Attacks Threaten Canada
Organized crime gangs . Typically , they prey on easy victims and stay clear of lawmakers , but something's been happening in Canada recently . In the last few years , some of the biggest public institutions in the country have been hit by hackers .
Newfoundland's health care system , the LCBO in Ontario , the Alberta Dental Services Corporation , the government's Global Affairs Department In Toronto alone , the public library system , the transit commission and the zoo have all been held ransom . The RCMP says it is dealing with what it calls an alarming cyber attack targeting its network .
Even the Royal Canadian Mounted Police themselves became victims this year . The hunter became the hunted . So today , on what's Up With the Internet , we want to find out how and why this is happening and what are the implications for ordinary people who engage with these institutions .
This show is created by CIRA , the Canadian Internet Registration Authority , which is building a trusted internet for Canadians , and I'm your host , takara Small . So Canadian institutions are facing unprecedented attacks from hackers and , as well as the financial implications , our personal data is also extremely vulnerable .
Private corporations like London Drugs , sobeys and many others have also been hit in a huge way . We know how precious our data is , because it's estimated to be a trillion-dollar industry . Many experts now say data is the most valuable resource on Earth , even more so than oil , and criminals are trading it in massive quantities .
So public institutions and corporations are facing huge challenges in protecting themselves and us . But are they up to Sami Khoury is the head of the Canadian Centre for Cyber Security . He joined us to help shed some light on what's going on . Why are so many big organizations such as the Toronto Public Library and the RCMP being targeted these days ?
You know , I think the pandemic has accelerated our digital transformation in society . So more and more we live in a connected world , which unfortunately has created the threat surface has increased . Whereas previously , you know , your IT was confined to your work or your home , now IT is everywhere .
We're all connected and as a result , you know there's a lot more vulnerabilities . Now why are they going after big companies ? Because the sad part is there is money to be made by cyber criminals and the bigger the company , the more money can be made because they can hold more information kind of ransom .
So there is money to be made in this underground world of cybercriminality .
Can you tell me how an attack like this actually unfolds ?
Usually the perpetrator of these attacks tend to be cyber criminals . There are a lot of cyber criminal gangs out there that have developed over the years or have acquired some cyber capabilities to exploit the system .
So essentially , whether it's a big company or a small company , they have ways to hack into the system and exploit the systems and then deploy on that system code to lock it up . So imagine you show up at your desk and you cannot log into your computer .
Somebody has either changed the password or has taken over your system and is now asking you for a ransom to unlock it . They often do it through phishing email and phishing emails are becoming a lot more sophisticated . So we have to be extra vigilant these days on phishing email .
But they can also do it through finding vulnerabilities in the IT that is on our system , on our network .
So on a big corporation there's lots of IT , there's lots of various software , lots of various hardware , and keeping that up to date is a big challenge and unfortunately , cybercriminals , hackers , have found ways to look for which system isn't up to date , which system isn't patched , and can I find a way to exploit it ?
¶ Negotiating With Cyber Criminals
So there are so many companies that are falling victim to cyber criminals , and I'm wondering , then you know , if that happens , who negotiates with these hackers and how do they do it ? Is it over email ? Is this a phone call ?
So you're absolutely right . I mean , we've , in our national cyber threat assessment that we issued in November of 2022 , we've assessed that ransomware continues to be the number one threat that Canadian companies are going to face , and not a day goes by without us hearing a story of somebody falling victim to ransomware .
It could be a big corporation , it could be a hospital , it could be a public sector , it could be a small-medium business .
So , unfortunately , ransomware continues to be out there and I can talk a lot about how do we prevent these things from happening or what are our role , but essentially , when you fall victim to ransomware , you have to make a decision of whether or not you want to pull the thread of paying the ransom . It's a choice .
Some companies have good backups and maybe they feel that they don't have the need to pay a ransom because they have a backup . Some companies might feel the need to pay , to pay the ransom , and there are , I would say , for those kind of incidents . There are professionals , I would say , out there .
Some of them are breach coaches that with handhold the company into the whole negotiation process . We at the Cyber Center don't get involved in those activities , but there are people out there who know how to communicate with the cyber criminal . Often , those cyber criminals leave some indication on the system of how to get in touch with them .
And so you know myself and many people . We are constantly sharing information online . It's made life a little bit easier since the pandemic to be able to , you know , rent items , to purchase items , to have it delivered straight to your house immediately .
It makes me wonder what information do these hackers want when they infiltrate and hack these types of companies , and what do they actually do with it ?
So when an actor hacks into a company , well , first of all there's a couple of types of actors . Some are purely in it for the money , so they hack into the company . Sometimes they would lock the IT and ask for the ransom . So this is very much a kind of a I will lock your system .
The only way to unlock it is for you to give me the money and if you have a backup , you can tell them to go away because you're not going to pay it , because you have a backup and you can recover from the backup and carry on your operations . More and more we're seeing them .
They go in and they steal information from your network and then threaten you with releasing the information publicly if you don't pay the ransom . Now , if you're a hospital and they steal patient records , that's very private information .
So there is a huge risk when that information , when you're threatened to release that information publicly , if you're a big corporation , there might be some corporate intellectual property or corporate secrets or you know , I don't know your sales information or your customer list that are on your network and again , putting that out there becomes challenging because those
companies are entrusted to safeguard this information . So once you're on the inside . You know those cyber criminals will go and get that information that can generate the biggest return on their investment and then threaten to leak that information if the ransom is not paid .
So where are all these you know hackers coming from ? Is this you know ? Are they Canadian ? Are these international actors ? There just seems to be so many these days .
You're absolutely right . There's many , many cyber criminal groups out there with names like Lockbit and Black Cat and other similar Hive and other similar names . They form in the underground of the internet the dark web as it's often called , and they essentially operate from there .
Physically , many of those people that are part of these groups hide in countries that are beyond the reach of law enforcement , so they would go and hide not hide , but they operate out of places like Russia or some of the Russian republics or some of the Russian sort of countries affiliated with Russia , where it's very difficult for Western law enforcement agency to
pursue an arrest or to exactly or to do even an extradition . There are cases of some of these actors being in Canada . The RCMP is the lead in that case and there's been a case of in Gatineau where there's been even an arrest of somebody who was involved in ransomware , but that's the RCMP .
But they tend to be maybe the exception and most of these that inflict a cost on Canadian economy , on Canadian business , are these cyber criminal organizations that operate beyond the reach of law enforcement , that operate beyond the reach of law enforcement .
Okay . So if oftentimes money is the main or one of the main motivations , I don't really understand why these hackers would target libraries and zoos . I mean , wouldn't banks and hedge funds be maybe a little bit more of a perfect target ?
In many cases these are targets of opportunity . So they scan your system and they find a vulnerability and then they exploit that vulnerability . So we don't usually talk about specific cases or specific incidents . We maintain that confidentiality or we respect the privacy of of whomever fell victim to one of those cases but one of those incidents .
But essentially , a cyber criminal will scan the internet and they will find a vulnerability in a system somewhere and if they can use that vulnerability to get a foothold on on the network , uh , then that would be their first step . And then you know , different groups have different tactics .
Some of them will lock the information , will lock your system and then ask for the ransom . Others will steal the information and then try to monetize that information .
So they're not necessarily going after your money information , but the fact that you have a username and a password , or you have a username and a home address and maybe a social insurance number stored somewhere on that system that has value for them .
Hack into an organization where there's tens of thousands of people records , whatever those records are , then they can sell that information to other cyber criminals and then other cyber criminals .
So first they will threaten you by asking you for a ransom to not release that information publicly , and then , if you choose not to , or even if you do pay the ransom you know whether or not they will end up holding their end of the bargain is a different story but they can then sell that information to other cyber criminals , who then can use it for
phishing email , or can use it to scam , or they can use it to , if they have your social insurance number or they have your home address , to create new identities , and so it's a second order and third order effect of them stealing that information .
Is it likely that some of these attacks are maybe sometimes politically motivated ?
There is definitely so in the category of who's out there hacking , you have the cyber criminals who hack for , to make money out of their hack , but also there are other people who hack for what I would call an information advantage , and many of those people who are in it for an information advantage tend to be nation states , and we again , in our national
cyber threat assessment , we talk about the four countries that we have named publicly basically Russia and China , north Korea and Iran as having cyber programs that have targeted Canada in the past and continue to target Canada to precisely do that the information advantage , to find out what is the government up to , what are some of the government secrets .
But also , in some cases , we know that they have gone after the private sector to steal information from the private sector , and sometimes we catch them and we call them out publicly . And sometimes we catch them and we call them out publicly , and sometimes we catch them and call them out or privately tell them not to do that again .
So how difficult then is it to catch these , you know , criminals , these hackers ?
Catching the criminals . The sad part is that we know about it after the fact . And the sad part is that we know about it after the fact , except we have started to develop some capabilities to we call them pre-ransomware notification . When we start to see chatter or when we start to see indications that something is brewing and we notify .
We try to notify company as quickly as possible that hey , we have information that there is chatter or there's an IP of your company being directed at by a ransomware group . So this , we're getting there , and last year we've issued a little bit over 400 pre-ransomware notification to Canadian companies .
So essentially these are up to 400 maybe cases of ransomware that have been avoided . But we don't have absolute , 100% coverage . So we continue to refine our techniques . But that is one way that we are making a difference in the ransomware For the nation states it's extremely sophisticated .
So these are countries with very advanced cyber programs , like Russia and China . There are . Some of their signatures are known publicly and some of them can be stopped by antivirus software or some other capability that the private sector has out there . But some you know you need to call .
You need to call us and we will come in and we will work with you and we will confirm who is behind that attack . So there are some knowledge that is still within the intelligence community and still classified , but by and large , I think we are trying to push as much of that information out there because they have very sophisticated capabilities .
I can just imagine there are listeners who are really worried right now just because we all have to engage with many of these big public institutions . I mean , it makes our lives easier , but sometimes it's just part of our job . So what can an individual do on a personal level if an institution that has our data gets hacked ?
So the important thing is that you know we all have to make , we all have to contribute to making Canada more resilient and whether it's a Security , seriously . So that's that's on them and , and you know they have to invest in cyber security . They have to invest in ensuring that their security is up to date , that their systems are patched and
¶ Individual Cybersecurity Practices and Responsibilities
and so on . But as individuals , we also have to do our part , our part , in ensuring that you know , starting with individually , that your passwords are not one , two , three , four , five , that individually , that your passwords are not 12345 .
But sadly , to this day , there are still people that their password is the same password on all the systems and it's 11111 or 12345 or something like that .
So we have to raise the bar on ensuring that we use complex password and I know it's difficult , but there are some good password password keepers out there where you can store all your passwords , but make sure that you still you use distinct passwords so if one of them gets hacked or if one of them gets lost , you don't lose access to everything .
You have to make sure that also that , for , as individual , we enable things like multi-factor authentication . You know it adds an extra layer of security that you know . It verifies that it is you that logged into your bank account and not somebody who managed to impersonate you or managed to steal your password or guess what your password is .
So MFA adds this second layer of of protection that your home system is up to date , that you've've patched it , that you keep it up to date whether you have a Mac or a window machine . That when there is a little symbol that says that there is an update available , that you take advantage of the opportunity and update it and update it .
Sometimes it's new functionality , but more often than not it's security , update , security features that make it a little bit more secure as a system . These are some things that we would recommend you do as a user . If you're traveling or if you're out of the house , know where you're connecting using Wi-Fi .
Not all Wi-Fi systems or not all Wi-Fi are of equal security , and you could be connecting to a Wi-Fi that has malicious intent and wants to steal your username and password as you try to log in somewhere .
So all of these are little things that you could do as an individual to protect yourself so that you don't fall victim to a cyber attack , but also to be extra on guard to be critical of emails that you receive , of SMS messages that you receive that say why am I getting an SMS message about a package that I never expected ?
Why am I getting an SMS message from this company who says click here to update your delivery information , when I'm not expecting anything ? Is it normal that this company sends me an SMS to update my delivery information ? Is it normal that I mean that I would get an email out of the blue that says click here to receive a free iPhone ?
No , these are so to be a little bit more critical .
Yeah , I mean just unrelated . I've received so many of those emails in the past and I'm always just like I look at them and I'm like , wow , they are stepping up their game , the grammar , the syntax , it's a little bit better . Every single time I can see how maybe someone would fall for something like that .
It's so dangerous and it's so simplistic in their phishing methods that it's yeah , it's a little scary and it's becoming , you said I mean you even observed it that it's getting more sophisticated because many of them have turned to things like ChatG , gpt and other similar capability to craft those emails .
So it's no longer you know emails written by somebody whose English is not the mother tongue and you can pick up the grammar , said the sentence does not make any sense . Now they can go on on these like ChagiPT and others , and type three , four words and a theme and suddenly it creates an email .
It creates a letter that is absolutely perfect from a grammar standpoint and maybe they can Google you and find out where you live , because you post things online and you have a dog and you like to go hiking .
And suddenly you go on some of these engines and type three , four words , put your name in it and generate an email to invite you to click on a link to partake in a hiking adventure over the weekend with your dog in the park , in Gatineau Park or wherever it is .
And finally , what should institutions and companies do to better protect themselves and us ? To be honest , I mean cybersecurity .
We don't do cybersecurity for the sake of cybersecurity . We do cybersecurity because we want to protect our communities , protect our values , our way of life .
Maybe down the road , maybe in 10 , 20 , 50 years , there won't be cybersecurity because all the systems will be secure , but we still live in a world where there is a lot of vulnerability in IT and we are pushing companies to design systems , design capabilities that are secured by design but also secure by default .
You know , but what can you do in the meantime , until these products come to market and are secure by design and secure by default is to recognize that a vulnerability to one is almost a vulnerability to many and , because of that , the fact that we live in a connected world . So , take cybersecurity seriously .
Play your role , whether you are an individual or whether you are a business . Recognize that you have assets , you have information of value to somebody and that somebody will not hesitate to go after you if they think that they can make money off of it or if they can use it to their advantage .
So , whether you are a startup working on the best , coolest idea , or whether you are a very established big company that has a lot of information , you are at risk , and the risk is that if you don't take cybersecurity seriously , that somebody will find a way to get into your system and to steal your coolest idea or to disrupt your system , and that generates
this disruption will have an impact on us , will have an impact on our communities , will have an impact of the services you provide , and so that's why I feel that we each have to do a part . You know , we say cybersecurity is a team sport , and we each have to play our position to make sure that the team functions in a coherent way .
Government , academia , private public Every one of us has something to do . None of us can solve it alone . So , I hope that's a bit of public service announcement on how do we do cybersecurity in Canada .
I love it . It's a good PSA . It should run on TV in between shows . Well , thank you so much . I have been fully educated and I'm sure our listeners have as well . Thank you for taking the time to chat with me today about this .
Thank you , I very much appreciate the opportunity .
¶ Data Privacy in the Digital Age
We live in a weird era . So much of our personal information lives online . Much of our personal information lives online . That means tech corporations and our devices know more about us than we do ourselves .
The novelist James Joyce once boasted that if the city of Dublin ever disappeared , it could be rebuilt from the information in his books , and Google and Meta could do the same thing with most of our personalities . Cambridge Analytica famously used extensive online data analysis on voters to influence the American elections and the Brexit referendum in 2016 .
Eight years later , the data points being collected on us are only growing , so our private data is vulnerable in ways other than being directly hacked . Joseph Cox is an award-winning investigative journalist who's worked extensively on this subject and set up a media company called 404 Media with some other like-minded reporters . We caught up with Joseph to learn more .
We caught up with Joseph to learn more .
I mean , I think at this point it is near impossible for especially an ordinary member of the public who , you know , just wants to get on with their life .
Really , they're going to have to interact with corporations because they provide the infrastructure , our communication tools , and that's , you know , messaging from one person to another or your family or even broader .
They will make the tools that allow you to then communicate with the public institutions , whichever they are , and then when you do interact with those as well , you're , of course , providing them data as well , and they are . They could fall victim to hacks , just like anybody else as well .
I think that for an ordinary person , it's going to be exceptionally difficult not only to not provide your data in the first place , because you need to do that to interact with these services , but also you essentially have no idea what happens to that data after the fact .
So , Joseph , what are the threats to ordinary people ?
I would put the threats into two main buckets , the first being low-level hackers , who will target everybody and anybody simply because they can , and that will be stuff like sending you a phishing email to get your password . It will be finding your password in another data breach and then using that on a website you're using elsewhere .
And then secondly I would say the broad one are privacy threats . Now , this could be you gave location data to an app , which then sold it to a data broker , which then sold it to somebody else .
That is really really difficult for an ordinary person to keep tabs on , and it's much more about bearing in mind well , what apps am I going to install , what services am I actually going to use . But those are the two main buckets of threats I think ordinary people should keep in mind when they're just going about their day-to-day lives .
So I'm really curious to know whether you've seen or if you've written anything about how things have changed since COVID , because during lockdowns in Canada , there was a push to get people to stop using in-person services and to go online for everything .
Yes , I mean , you're exactly right . During the pandemic , and certainly after it as well , there has been this mass migration by various companies and services to get us onto these apps to communicate , the communication platforms , service platforms , whatever they are .
I'm actually working on a piece at the moment I'm still in the process of reporting it but somebody tipped me off that a totally ordinary person was essentially banned from a medical practice because they refuse to use an android or an apple phone . You know they have a normal telecommunications device .
It can , I presume , send text messages , receive phone calls , all that sort of stuff , but it's not a smartphone , it's for lack of a better term , a dumb phone , and this medical practice simply refused to service them , even though they offered to actually go in person to their appointments .
That is simply not an option offered by some organizations now , and I think we're going to see more and more of that , because there are people who still don't use smartphones and don't want to . And you know , as populations age and it is predominantly older people who will use a normal phone , I think we're going to see more of that .
There's going to be more of that divide .
You worked on a story about the New York subway system where you were able to track a subway user and , you know , find out where they work , where they lived . It wasn't , you know , a traditional hacking story , but it did really showcase some of the weaknesses that exist in our public systems . And I'm curious , you know how common are weaknesses like that ?
How often do they occur ?
There are almost always tradeoffs when it comes to implementing some sort of feature , and I mean that in the broadest possible terms . The story you're referring to is that , yes , when people use the New York subway , they scan their card when they enter and then they go use a subway and they leave .
What I found was that there's a feature on the New York subway's website where you could go and check your own trip history , the the idea being like oh , where did I go ? How much have I spent on the subway ? That sort of thing .
But I found it was trivial for a third party , such as an abusive spouse , maybe a stalker , somebody like that , to use that system as well to track a target's whereabouts . As you say , that's not really a hack , it's more of a privacy leak and it's it's hard to say .
You know , I don't have data in front of me for how common it is um across countries or entities or organizations , but with every single feature implementation , every single design of a feature , there are always going to be trade-offs , and privacy is going to be one of them .
I think another case is going to be that Apple somewhat recently released AirTags , those small GPS little tokens you can put in your bag , or you could maybe put on your bike so it doesn't get stolen . And what they found was that , very quickly , stalkers were using these .
¶ Privacy and Security in Technology
I think that we just have to be very careful of the unforeseen consequences of the technology that we use or design or purchase .
You know a lot of the trade offs that happen when it comes to technology . It's usually for convenience and it disproportionately affects women , low income , bipoc . I'm wondering , though , you know is this due to incompetence ? Is this due to sometimes , tech being very siloed ? Why does this happen ? What is the cause behind it ? Is that an easy thing to state ?
Is it knowledge gap ? Is it money ?
Yeah , I generally want to give designers the benefit of the doubt . Of course there are going to be some who are just incompetent , but I want to give them the benefit of the doubt in that regard . But I would say that these mistakes are still being made .
Features are still being implemented with privacy issues in them , and I think it's just that privacy or security sometimes as well , they're often treated as an afterthought . You know , it's like oh , we're designing the product , we're launching this service and we want to focus on how usable it is , as you say , how frictionless it is , the ease of use .
They're very much focused on that and then stuff with privacy or security is sort of auxiliary , it's an afterthought .
When , really , when we're thinking about designing a feature , launching a product or rolling out some sort of I don't know even healthcare computer system across the country , privacy and security needs to be at the start of that conversation and there needs to be conversations with various stakeholders and , as you say , that can touch on race , that can touch on class ,
it can touch on domestic violence as well . They need to be part of the conversation at the point of inception rather than well , now an issue has emerged and we have to deal with it .
The tricky thing about conversations like this is where do the responsibilities lie ? Where do the obligations lie ? You know , is it with ? Is it companies ? Is it governments ? Particularly in Canada , there's an ongoing conversation about data privacy , specifically when it comes to social media , but it's a very convoluted .
It's a very noisy space to have this conversation because a lot of the time , each group is pointing the finger at the other . It's like that Spider-Man meme , you know .
Yeah , I mean , you're absolutely right . It is the Spider-Man meme and it's going to vary case by case , but I would hope .
I would hope that a government sorry , I would hope that a company designing some sort of new feature or platform would take it upon themselves to think about this , rather than just waiting for some sort of government regulation or intervention or whatever it may be .
But at the same time , I would hope that governments would take it seriously to police the companies as well . I mean , the short answer is I just hope everybody would do their job , but that is a much easier said than done , so I think it really should be up to the responsibility of everybody involved .
The one sort of group who I don't think the burden should fall on to is basically the user . You know the , the normal person at the end of that technology . There's often a refrain in cyber security and sometimes privacy , where it's like oh , the human is the weakest link .
You're the one that clicked on that suspicious email link , and then you're , and then that's the reason you got hacked .
Well , maybe the system should be designed in such a way that makes it very , very difficult for the ordinary person to click that link , or the better highlights that it's very , very suspicious and you shouldn't go anywhere near that phishing page . I don't think the user really should be blamed or the burden should be on them .
Of course there can be some exceptions , but you know why put it on their shoulders when you could just design it better in the first place ?
And what do you think might help , you know , create a safer space for the average person to share their information online ? Is it government regulation ? I feel like that's what most people go to . The government needs to put stricter laws in place . There has to be fines . What do you see as a possible solution ?
Yeah , so in Europe they have the General Data Protection Act , I think GDPR , and that's a massive sweeping data protection and privacy law and there are really big fines if companies mess around with your data .
The regulation is not perfect , but I absolutely think that , at you know a bare minimum , more countries should be emulating , replicating or getting closer to something like GDPR . It allows users to request from companies hey , I want to know exactly what you're doing with my data , what you have on me , and can you please delete it .
Sometimes that can be an arduous process , but if the companies implement it properly , it gives the control back to the user and allows them to make an informed decision of you know what . I don't want this data to be held with you anymore and legally , the companies have to follow that .
You know , because you know hacks , data breaches , are always in the news . I sometimes feel that the average person could easily believe that they are as much of a target as a Fortune 500 company . Should the public be worried ? Do you think that they perhaps are likely to be the I don't know a victim of hacking ?
is our ordinary people , uh , should be worried about these type of threats so the typical ordinary member of the public is not going to have the same sort of threat model , as we call it , as an executive of a fortune 500 company or whatever . But that is not to say that people are immune from data breaches .
There's a very common refrain which people say , which is well , I'm not important enough to be hacked , and I think that's a fundamental misunderstanding of how especially lower level hackers operate . I spend a sizable amount of my working day every day in hacker chat rooms and in there they're not going .
Oh , let's find the next big juicy target , although some of them do that as well . It's more . Here is 10,000 email address and password combinations . Let's try them , them all , and we'll see if we get in . And then we'll see what's of value . And maybe they break in to a US email address and they find a social security number .
Then they can do some identity theft or whatever . You know it could be any number of different things , but hackers hackers are opportunists . They are just looking to break into anything and then they'll see how they can monetize it later .
So in a way , everybody does need to take their security seriously , even if they're not running a super profitable billion dollar multinational corporation or something . I know it sounds terrifying , but it's not like it's . Not everybody now has to shut down their digital life . It's more just .
I think that shift in thinking to oh , the hackers don't actually care who I am , because they don't . They just care what data I have . And when you think about that , I think you can protect your own data a little bit better .
Are there any tools or services you think the average individual should know about or should adopt ? I'm thinking VPNs , for example . That's an easy , low-hanging fruit .
I think the number one tool that people should use is a password manager , and there's been a lot of I wouldn't say misinformation , because that's probably a little bit too harsh , but the common thinking is that , oh , you should never write down your passwords because somebody could break into your house and steal the notepad and get into all your accounts .
But what is more likely , the hacker is going to take your password from one data breach and use it on the website where you use the same password very , very likely . Or they're going to put on balaclavas and climb through your window and take your little notepad of all your passwords . That's super unlikely .
So what I would recommend is that people use a password manager Now .
Maybe that's the default one that's built into Google Chrome , maybe that's the default one in your iPhone or on your Mac and I believe Windows has something equivalent and what this will do is that it will often automatically generate strong and , more importantly , unique passwords for every website you use and then store them securely on your computer .
The biggest threat to your online security is that some random website gets hacked where you had a password . You use that password elsewhere , somewhere more valuable , such as your gmail , and then the hackers get into that as well .
So basically , everybody should be using a password manager if they can and I'm just curious is it challenging for you to just kind of go throughout your day , your week , your life , etc . Without a smartphone ? Is that hard for you ?
yes , it's exceptionally difficult . Um , I will use special apps that allow me to receive text messages , for example , onto my ipad , but not every bank allows that , so sometimes I can't have a bank account with a certain institution .
Maybe some medical practices don't like it as well , and that's just an extra layer of friction which , to be clear , I've put on myself and it's very extreme and most people should absolutely not do it . But , yes , it's difficult .
And then there's also just the social aspect , which I'm okay with but my friends hate , in that you know , I'm on a plane or something and I have a conversation with somebody and they say , oh , it's been great talking to you , can I get your number ? And it's like , well , I only use this encrypted messaging app and they don't .
And then you know , I don't get invited to the barbecue after that , basically . So it's tiring , it's exhausting , but it's just a personal decision I've made .
Yeah , and that was Joseph Cox of 404 Media , and , of course , joseph is welcome at our barbecue anytime . Okay , next week we're going to be looking at the way cybersecurity intersects with politics and national security .
This will turbocharge everything bad that we've already seen in a huge way .
As ever , you can email the show That at . T IRAca and you can visit CIRA . ca / cybersecurity for more information . It would also be great if you could leave us a review on Spotify and Apple podcasts . Thanks for listening and we'll see you again next time .