December 19, 2023 • 41 mins
Join Blake Rea and Craig Petronella as we unwrap the latest tech and cybersecurity developments faster than you can tear through holiday gift wrapping. From the FBI's tactical strike against the Black Cat ransomware group to the Xfinity data breach leaving millions on edge, we cover it all. We also weigh the consequences of vengeful IT maneuvers in educational institutions and the David versus Goliath battle in intellectual property that saw Apple Watches being pulled off shelves. It's a conversation that's as enlightening as it is essential, with a dash of holiday spirit.
We then switch scenes to the cinematic world, contrasting a technology-deprived dystopia with Julia Roberts' triumphant return to the silver screen. The ebb and flow of Netflix's pricing model and its effect on our watch lists come under scrutiny. Meanwhile, the narrative takes a turn into the real-world plot of escalating living expenses versus stagnant wages, setting the stage for a critique of media trustworthiness as elections loom. It's a candid discussion on the intersection of culture, entertainment, and economic realities that's as gripping as any thriller.
Our final act takes a deep look into the exploits of teenage hackers and the tech industry's scramble to keep up. With Apple on their toes, we explore the Corporate Transparency Act's impact on business privacy, the cutting-edge strides in biometrics, and Elon Musk's bold Neuralink venturing into human trials. We wrap up by championing the indispensability of cybersecurity training, discussing compliance responsibilities, and advocating for a proactive, trustless approach to our ever-connected lives. Prepare to emerge more informed and vigilant in the digital age after tuning in to this compelling discourse.
This is Encrypted Ambition—a podcast about the builders rewriting the rules. Join Petronella Technology Group as we decode the ideas, challenges, and momentum behind tomorrow’s business, technology, and leadership breakthroughs.
That’s a wrap on this episode of Encrypted Ambition. Subscribe wherever you listen, and if today’s guest inspired you—leave us a review or share the show with someone in your circle.
To learn more about how we support innovators with AI, cybersecurity, and compliance, head to PetronellaTech.com.
Thanks for listening—and remember, the future favors the bold.
NO INVESTMENT ADVICE - The Content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained on our Site or podcast constitutes a solicitation, recommendation, endorsement, or offer by PTG.
Support the Show
Please visit https://compliancearmor.com and https://petronellatech.com for the latest in Cybersecurity and Training and be sure to like, subscribe and visit all of our properties at:
- YouTube PetronellaTech
- YouTube Craig Petronella
- Podcasts
- Compliance Armor
- Blockchain Security
- Call 877-468-2721 or visit h
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Craig (00:03):
Hey guys, welcome to a new episode.
We've got Blake Rea here.
Blake (00:06):
Merry Christmas.
Merry Christmas Right aroundthe corner.
Craig (00:12):
Like six days, four days, five days, depending on which
one you start with.
Blake (00:18):
Yeah, but I know most of the listeners have probably
checked out already oh, yeah,yeah, for sure.
Yeah, it's hard.
It's hard coming into theholidays because you're thinking
about being Christmas presentsand gifting Christmas presents
and traveling.
Craig (00:32):
It's just yeah, yeah absolutely All right, so you
want to start with some news.
Blake (00:40):
Yeah, yeah, I'll let you start and then I'll talk about
which ones I thought were prettyinteresting.
Craig (00:46):
Okay, well, I'll talk about just some headlines first
and then we'll see what kind ofis interesting.
So on there's a FBI that hasdisrupted the black cat
ransomware group, which is great.
They created a decryption tooland they're releasing it for
free for those that have gotteninfected with the black cat
(01:10):
ransomware.
So that's big.
Basically, what that means isif you've got an infected with
that ransomware strain, you canthen inoculate with that
decryption tool without payingthe ransom.
There's a data breach Xfinitydisclosed affecting over 35
(01:30):
million people.
There was criticalinfrastructure affecting Iran's
gas stations where speculationis that Israel launched the
attack and disruption Again,speculation, don't have any
evidence of it, just readingheadlines and disclosing.
I know Microsoft came out witha big update for Windows 11,
(01:56):
which is free, on Patch Tuesdaythat was released.
There was an IT manager thatgot fired from a high school,
got upset and retaliated bydeleting 1200 Apple ID school
accounts.
So we can talk about sanctionpolicies and what to do when an
(02:19):
employee is terminated and howto handle that without having
risks like that to yourorganization.
We could talk about securityawareness training and how,
pushback and just lack ofinterest around actually taking
and doing the training and thedrills and basically, what are
(02:44):
some new approaches and tacticsthat organizations can leverage
to better instill that intotheir culture?
Because obviously training isstill essential.
It's not going away.
I mean, as long as we have thehuman element that holds keys to
the castle, you can be tricked,fished, smished, you name it.
Blake (03:05):
Start there.
I found it to be interestingabout the Apple Watch Recall.
Craig (03:22):
I did not hear that.
No, what is that?
Blake (03:26):
Yeah, so this one.
Apparently Apple took thepatent for some of their like
EKG reading sensor technology.
They stole or they, I don'twant to.
From what I read.
From my understanding they usedsome technology that was
(03:50):
patented and now they're havingto rip the Apple Watches off the
shelves and so they're notgoing to sell these Apple
Watches anymore until they getfixed.
Wow, I'm not sure if it's Allthe Apple Watches, I know for
sure is the Apple Watch, I think, series 9 and the Apple Watch
(04:11):
Ultra 2 for sure.
Craig (04:14):
Yeah, so this is.
I'm just kind of followingalong with you.
It says Apple makes a pricedecision to pause some watch
sales before Christmas over apatent dispute.
Blake (04:24):
So that's what you're talking about there?
Craig (04:27):
Yeah, so disagreement between Apple and Massimo over
blood oxygen feature.
Apparently, there's some patentinfringement politics happening
.
That's kind of just an offtangent kind of thing.
(04:47):
Companies obviously pay a lotof money to secure a patent.
I'm not a lawyer, but as far asI understand it, the whole point
of a patent is to beat out yourcompetition so you can have
this new methodology or way ofdoing things, whatever it is you
want to protect.
What's interesting to me isthat if you apply for the patent
(05:10):
, you have to disclose exactlyhow it works, with drawings and
explanation and basically thewhole blueprint of the whole
thing.
Then you have to submit it withan application and typically
people hire some law firm tohandle this for them because it
can get complicated.
Some people do it themselves.
My point is that you have totell the world hey look, this is
(05:34):
exactly how I do this.
You have to hope and pray thatyou're going to get, number one,
awarded the patent and numbertwo get some type of protections
.
I know Blake and I we've talkedabout this before.
I don't know if we talked aboutit on a podcast before, but I
guess the issue that I have withit is let's say you have the
(05:55):
patent, let's say you're.
I don't know what this companyis.
I think it was Massimo.
I'm assuming Massimo is a smallor it says medical technology
company.
I'm assuming they're smallerthan Apple from market cap
perspective, right?
Blake (06:07):
Probably Right.
They're suing Apple.
I mean it's a but it's.
It's like yeah.
Craig (06:12):
So it's like big guy and AKA Apple versus little guy.
Again, I'm speculating, but I'mbasing it off of my lens and my
vantage point, suing the littleguy.
And now little guy has thepatent, but little guy has to
hire, like all these attorneys,to fight right, and then now
little guy's got to come up withall this money to pay these
(06:33):
attorneys, because theseattorneys want to get paid,
typically by the hour.
They're not going to,oftentimes they're not going to
do like a contingency.
Maybe they will, I don't know.
But the point is most, mostsituations are you pay
attorney's fees, you know, andthen you have to kind of
litigate, right, or try tosettle.
Well, my point is that thatwhole process is super expensive
(06:56):
and you can have some you knowclaws in your contract that says
that, oh, you know the the, theother party's going to pay the
attorney's fees.
Well, yeah, but guess what?
You got to still lay it all out.
You know what I mean Like.
So this little company, Massimo, might have to spend hundreds
of thousands or whatever it is,to defend this patent in court,
(07:18):
right, and again, most thingssettle.
But let's say, it goes to court.
I mean, this can be superexpensive and oftentimes it
could put the little guy out ofbusiness, Definitely, you know.
And then you know it goes backto money and power, I guess.
But I mean Apple couldn't?
(07:40):
They're so big.
I mean they could choose tojust buy the company and then
move on.
Blake (07:47):
That's an option, yeah, and then I guess patents are in
place to protect the IP of saidcompany.
So if somebody infringes onyour patent, I mean it should be
a pretty cut and dry case about.
Yeah.
Craig (08:05):
But I guess my point is that companies like Massimo
again, I'm speculating, I don'tknow anything about them other
than what I'm reading here.
I'm assuming they're smaller,but I guess my point is that if
you are a patent holder or youhave some type of intellectual
property that you're trying toprotect, you have to have
(08:27):
reserves.
You have to have cash reservesto be able to defend your
patents and your rights.
You know, there's a partner ofours I won't name who they are,
but they developed thetwo-factor authentication and
out-of-band authenticationtechnology.
So they're, in my opinion,they're little.
(08:50):
They're not super little.
They grew, obviously, butthey're still little compared to
like, a company like Apple.
Well, in their context, they hadan issue that was very similar
to this, where they havemillions of users that use their
technology, but they got suedby or actually no, they sued the
(09:10):
big guy.
They were the ones that foundhey look, this big company like
Apple stole our tech.
They sued them and theyactually won.
So this was like a good storythat happened.
And then what I, in talking tothe founders and the patent
holders, what happened was,since they have, I think, like
six different patents, likepowerful patents like this, they
(09:33):
ended up having to hire andbuild their own legal team.
So they have like a legal teamof lawyers that basically that's
what they do, that's their jobis to defend all their patents.
So they have cash reserves andthey have legal power, basically
, and that's what they do.
So they research, develop,build, protect patents and
(09:54):
that's their model, that hasbecome part of their business
model.
So, anyway, I know I went on atangent, but that's very
interesting to me.
Blake (10:04):
Yeah, yeah, I guess we'll see what happens.
I guess here's your chance toget your Apple watches while
they're still out.
Keep them boxed up and see whathappens in a few years.
Craig (10:19):
Wouldn't it be crazy if they I don't know if this would
happen again speculation but ifthey lost and they had to recall
all the Apple watches thatpeople have, or something like
that?
Like the Teslas oh yeah, that'sanother big one that we should
talk about.
So what happened with theTeslas?
Blake (10:37):
Apparently there was some lawsuit or I don't know, but
apparently there's been a lot offatal accidents from the
autopilot feature for Tesla.
Like I saw one video of a carthat's stopped in like a
underground tunnel and it caused, like a car pile up, the auto
driving feature.
So apparently the DOT recalledall the Teslas with this certain
(11:05):
auto driving.
Craig (11:07):
I think it's the full auto driving capability, isn't
it?
Isn't it the full autonomous?
It's like the $10,000 upgradeor something.
Blake (11:15):
I think, yeah, I think that's right, but from my memory
it was over 3 million Teslas,so that was kind of ironic and
funny somewhat funny to meanyway.
Craig (11:28):
So I don't know if you watch Netflix, but Netflix put
out a new movie.
It looks like October 2nd.
It's called Leave the WorldBehind.
Have you ever heard of it?
No, so it's Jennifer Rock, or?
Blake (11:44):
Oh, I saw the trailer for that where, like, the Teslas
just start crashing into eachother.
Craig (11:49):
Yeah, yeah.
So Julia Roberts is in it and Idon't want to spoil it.
In my opinion it's not a verygood movie, but I kind of see
where they're going with it.
So basically, again, I won'tspoil the whole movie.
But when you talked about theTesla thing it reminded me.
(12:10):
There's a scene in the moviewhere so basically, I'll tell
you the short version of themovie the movie is about a cyber
attack.
It's about a massive cyberattack that kind of or does hit
America, kind of like 9-11, onlylike a modern version, where
(12:32):
there's no internet, there'snothing electronic that works
Almost like an EMP.
Nobody knows what's going on,nobody can listen to the radio
or watch the TV.
There's no internet.
So everything's kind of likeshut down.
So that's kind of the mainfocal point of the movie.
But there's a scene in themovie that has all the Teslas
(12:56):
and they're driving.
They're brand new Teslas andthey're driving at high speed
and crashing.
So there's like a section ofroad that you have to drive
through to get out.
It's like a suburb of New YorkCity or something.
So all these people arepanicking, so they're trying to
figure out how do they get outof there and you see these cars
(13:19):
just zooming and crashingnonstop into one another and
they're all Teslas, they're allbrand new and they all have the
$10,000 full autonomous upgrade.
So anyway, I know that's areally random left field tangent
, but you brought up Tesla and Ijust watched that movie the
(13:40):
other night with my wife and inmy opinion, I did not think it
was very good at all.
It was actually.
I thought it was pretty bad.
But I think I guess what I'mtrying to say is I see what the
directors and the producers weretrying to do.
They were trying to paint thepicture of mass chaos and what
would really happen, like ifthat happened.
(14:03):
I get that and I applaud that.
I just think the delivery couldhave been done a whole lot
better in my opinion, and themovie could have had more depth
to it, but anyway, it was a goodtry.
Again, in my opinion, it mightbe worth a watch.
I'm gonna watch it.
Yeah, if you're bored orsomething.
Blake (14:26):
I mean, anyway, I was literally gonna show the trailer
to my wife and see if we couldwatch it.
Craig (14:33):
Yeah, watch it.
Like I said, you might love it.
I did not really like it thatmuch, but it does give you a
different perspective, and Ithink that's kind of the point.
The point is, what would yourlife be like if you couldn't do
this?
You couldn't listen to apodcast, you couldn't make a
(14:53):
podcast, you couldn't go on theinternet to check your news, you
couldn't use your Apple Watch,you couldn't use your iPhone.
What would happen if none ofthis stuff worked?
And that's really what themovie is talking about and kind
of trying to highlight andrelive that you know, yeah, so
(15:14):
I'll leave it there.
I don't want to spoil anything.
Blake (15:18):
Yeah, I think that I just saw because I guess they were
teasing it with that that onescene you're talking about.
I'm just the Tesla is just boom, boom, like crashing into each
other and then, and then, likeshe looks at the window and she
sees like all like self drivingcapability or whatever, and then
she's like get out of here.
Like you know, I haven't seen aJulia Roberts movie in a really
(15:42):
long time, like, so it seemslike she's been been busy.
I think the last Julia Robertsmovie I saw was like one of the
oceans movies.
Oh right, yeah, I mean Ihaven't seen her act in a while.
Well, I think, if you do, watchit with your wife.
Craig (15:58):
I'd be curious to see your, or hear your, opinion on
it.
Blake (16:05):
I'm kind of protesting Netflix right now because they
change their fees again.
Craig (16:11):
So I'm like well, that's kind of what they do, Right?
I mean spectrum, all of themhave changed.
You know, I remember spectrumcoming out with what's called
the signature package andspectrum for those that are
listening it's kind of likecharter communications or Ryzen
Internet, you know Internet andcable TV provider, Right.
(16:32):
Well, anyway, years ago theycame out with what's called the
signature package and it was249.99.
And it basically gave youeverything.
You got Internet and you got abundle.
You also got a phone linebundled with the package and
that's it.
It was basically like your,your pass, right.
Well, slowly, over the yearsnow it has crept up to it's over
(16:54):
$329 now or something.
Every time I have the plan andI'm about to cancel it because
it's just gotten ridiculous.
Every month it's like smallincrements of increase.
Blake (17:10):
Yeah, I've been seeing some of these.
You know, like every time I goto the grocery store, like I
went and I was like, all right,let's pick up a few things for
breakfast, right?
You know, of course, you pickedup a few things that ran out
and it's like $100 later.
You know, and I've beenwatching these, there's these,
this group of people that havebeen like keeping receipts from
like 20, 2008, 2010, 2015,.
(17:34):
Like 2020, 2023 now, and likethey're like this is, you know,
the same shopping list, you knowat the same store, and it's
like it's insane to see how muchgroceries are going up.
Craig (17:49):
You know how much they've gone up.
You mean, yeah, how muchthey've gone up.
Blake (17:52):
Yeah, yeah, yeah they're going.
Yeah, cost of living you knowit's just skyrocketing like the
housing, you know skyrocketing,but then you know, like the
wages aren't keeping up withthat growth.
You know, and yeah, you knowI've been, I've been following a
(18:13):
lot of that stuff and you knowit seems to be.
You know that the picture ispainted, that things are our
business as usual, right.
Craig (18:25):
But yeah, that's a whole nother.
That could be a series ofpodcasts.
Yeah, yeah, well, I think.
How do I segue into that?
So I think what you'rerealizing is that there's the
news that says oh, you know,we're not in a recession, and oh
, everything's great.
(18:45):
And look, inflation went down.
But, and then interest?
Blake (18:51):
rates went up.
Craig (18:52):
Yeah, stock market gets pumped and goes up and
everybody's great, and interestrates are at record high.
You know, I don't.
I mean, they're just insanelyhigh right now.
They're they were talking aboutmaybe talks about no more rate
hikes, but maybe they're goingto drop rate soon.
(19:12):
I just don't know how it's evenaffordable anymore for most
people to even buy a house.
You know, it's just, but I thinkI guess again, my opinion it
just there's just so muchcorruption everywhere and so
much manipulation everywhere.
I think it's hard for people toget the truth because there's
(19:36):
just so much media that you'regoing to see more of this too
with the election coming up.
There's so much media and somuch bias you just can't trust
any of it.
Like you have to go on your ownkind of hunt to find the truth,
and I think that that's themost challenging thing and I
(19:58):
think that some people arewaking up to that fact.
You know, I remember back agesago.
You know, learning about thegovernment and government power
versus people, right, like youknow, when the government gets
too much power, then you voteand you're supposed to try to
take some powers away from thegovernment, but then you see now
(20:20):
, like there's just so muchcorruption and manipulation in
the government and it's likewho's paying who off, and it's
just again, I'm going in randomtangents, I'm sorry, it's just,
it's just such a crazy world.
And I guess my point is that Ithink everybody is looking for a
(20:42):
like a safe haven or a moretrusted system.
And you know, with, like yousaid, with with groceries going
up and you know, milk is likefive, six bucks, you know,
depending on the kind of milkthat you want to buy.
You know what I mean it's justlike not sustainable.
You know what I mean.
Like I don't know what theanswer is.
(21:02):
I'm just saying that it justseems like there's so much stuff
that's messed up, you know, butyeah, and then, and then you
know we, we try to be the goodguys and do really good at what
we do and nobody wants to payfor, for what we offer.
You know, it's like we don'tneed that.
You know, like yesterday we geta note saying that, oh, we're
(21:24):
not going to do a pen test for2024.
And I just, I just shake myhead because I mean it's like
I'm I don't make up the news.
I mean, yeah, the news might bemanipulated, but the point is
that these things are reallyhappening, people are really
getting infected, people arereally getting extorted and
hackers are, you know, rampant.
(21:46):
So.
So it's like how could you not?
I don't know.
Blake (21:52):
I was yeah, I mean, obviously I know who the company
is and I was looking at, likeand thinking in my mind.
When I saw that email that wentout, I was like like they're
such a huge company and theyhave they have their fingers in
and specific industry Hands allover it and they probably have a
(22:14):
lot of important data.
Craig (22:16):
Oh, they do yeah.
Blake (22:18):
Important, important IP, like for their clients, like I
mean, they're doing Amazing,amazing work, but you know, it
goes back to what you weresaying, like about the training.
Craig (22:31):
It goes back to that it's .
They don't think it's going tohappen to them.
And until it does, or untilsome vendor of their company,
vendor of their demands evidenceto say, look, we're not going
to do business with you unlessyou have this, this and this and
you can show proof of it.
Until things like that happen,where it's like, look, you have
(22:52):
to.
This is no longer optional foryou, Training is no longer
optional.
If you want your job, you haveto show proof of training and
proof of drills, Otherwise youlose your job.
Like it's.
You know, if there's no likerules like that that are written
and enforced, everybody's goingto sit on the sidelines and be
like well, I'm going to roll thedice.
You know I'm not going to dothat.
Blake (23:16):
Yeah, I mean, it's crazy.
It's crazy to think you knowthe amount of pushback that I
mean.
If we don't enact change, thenchange is never going to happen.
Right Like, we and I'm sure ourpodcast listeners are part of
that change, because here theyare.
(23:36):
Right, like, like.
Let's be real, like, unlessyou're in the industry, you know
, chances of you listening to acybersecurity podcast on the way
into work is, you know, lesslikely, right?
Not as fun, yeah, I mean, youcould be listening to who knows
Joe Rogan or whatever podcast,right?
(23:58):
But you know, you guys are thefuture and you guys are the
change that we need and thatwe're talking about.
Craig (24:07):
Well, I think that part of that, you know, kind of
stemming off of what you'resaying.
You know, I think we're taughtto vote right, vote, vote, have
your voice heard right.
But I think again my opinion, Ithink that a lot of the people
that we're voting for thesepoliticians, more often than not
there's corruption and we'retrusting and voting for a
(24:31):
politician to make our voiceheard, but I'm not so sure
that's the best vehicle anymore,and what I mean by that is I
think that maybe that wholesystem needs to change and maybe
more power needs to be given tothe people to vote on their
beliefs and what they wantwithout the politicians.
(24:53):
Just something to think about.
Blake (24:58):
Yeah, I think that'd be interesting to see how that
could be organized and how thatcould be structured, right,
because we've always put faithlike think about it Like
thousands and thousands ofpeople from one district are
putting faith in you know.
Tens of thousands, hundreds ofthousands are putting faith in
(25:19):
one person.
Yeah, you know, like like thinkabout this, like that would not
be like a fair match, right?
Like like imagine if thatpoliticians on the street, right
Like just walking through DC,how many security personnel do
(25:40):
you think that one person wouldhave for 200,000 people?
Or 50,000 people?
Right?
Yeah, the only reason why I'msaying that is because that one
person I don't feel like it'scapable of representing that
many people.
You know like could be wrong,but just my opinion.
Craig (26:03):
Well and yeah and I know this is like a completely
tangent podcast yeah, this isbut this is more of a banter
podcast than a cybersecuritypodcast.
But we do tie it back, so yeah.
So one thing I want to show you.
Hold on, I don't know if you're, I'll take this back to cyber
(26:33):
real quick.
You ever seen one of these?
Blake (26:38):
Yeah, flipper.
Craig (26:40):
Yep.
So you see the headlinesrecently about how script
kiddies and teenagers werehaving fun with Apple devices.
Blake (26:52):
Nah, I didn't.
Craig (26:54):
Oh yeah, so these kids again.
I don't have the whole story orwhatever, so it's again my
speculation and my perspectiveon it.
I'm envisioning a bunch ofteenage kids in different
locations buying these thingsand just causing hell and like
the Christmas lines, and whatthey were doing was they were
locking up all everybody'siPhones.
(27:15):
They were just inundating themwith NFC and Bluetooth and
broadcasting messages and theiPhones would crash and within a
30 to 50 foot radius.
And these kids again.
I'm envisioning this happeningin supermarkets or in crowded
places or New York or whereverthey are.
(27:37):
They're just using these things, they're upgrading the firmware
on it and just blasting a 50foot radius, and all these
people are confused, looking attheir phones and they're like
what the hell is happening?
Anyway, I thought it wascomical to read that Apple was
then pushed to do an update toiOS.
So I don't know if you have thelatest update.
(27:57):
If you don't, you might want tograb it, but yeah, that was the
primary driver of why they didthat update.
Blake (28:07):
So funny.
Craig (28:09):
So, you know, bringing this back to technology and
cyber and compliance, I mean,you may you may be listening and
you may not have ever heard ofa flipper zero or these
different tools, but you knowthat's part of what we do.
We get all these differenttools that hackers use and we
become hackers.
You know, white hat hackerstrying to see and learn how they
(28:31):
work and do research anddevelopment to learn the gaps
and and how to protect ourclients.
Right, you know, that's reallythe end game for us, but I
thought that that was, you know,pretty interesting to read.
The other on another newshighlight there what else did we
find?
We found some biometrics withretina scanning and talk about
(28:57):
how certain governments andentities are trying to, almost,
like, enhance KYC or know yourcustomer type stuff.
I saw a headline or actually anews article Yesterday.
This was about the CorporateTransparency Act If you're a
(29:19):
business owner.
Now the federal government isenhancing this corporate
transparency act.
So now there's yet anotherthing that the business owners
have to do.
If you own, you know, a certainpercentage of a business and
they.
I don't understand why theyhave to do this, because I feel
(29:40):
like the information thatthey're asking they already have
, but they're asking for, likephoto ID and birthday of
business owner and obviouslyname and home address.
I mean a lot of that stuff,obviously not the photo ID part,
but a lot of that stuff's onyour tax return.
So I don't know really whythey're asking for this, but
anyway, they're trying toenhance that whole, in my
(30:02):
opinion, the whole KYC thing.
But yeah, so, like you know,people are doing some of these
pilots.
Have you heard about the ElonMusk Neuralink?
Blake (30:18):
I've heard about the technology, but I haven't heard
anything recent about whathappened or what's going on with
it.
Craig (30:25):
Well, I don't, I don't.
I mean, I don't know if it wasrecent, but basically he's
working on implants and, youknow, trying to test chips in,
you know, animals, and there's alot of controversy around that.
Basically, essentially creatingcyborgs is what it is right In
(30:48):
a nutshell.
Blake (30:49):
I heard that something he was testing, I don't know.
I heard something startedhappening with those chips that
they were implanting.
Did you hear about that?
I didn't something like Let mesee if I can pull it up, but I
heard something about like,obviously, safety right.
Craig (31:11):
Yeah, I haven't seen anything.
I haven't looked it up like yourecently, but Anyway so they're
starting human trials.
I did see that.
I did see that certain numberof people have signed up to do
(31:32):
it.
Blake (31:36):
But then I heard something about like I mean, I
don't know, I don't want toagain, I'm not here to spread
misinformation, but I heardsomething about safety.
Craig (31:45):
Right yeah.
Blake (31:47):
I'm not saying Anyways, yeah, I mean, imagine that, like
, imagine everybody having theseneural links and then you know
if you want to learn anotherlanguage, or you know if you
want to become an expert oncybersecurity or ITs.
(32:11):
You know, download thatinformation you know into your
little chip.
I don't know how that wouldwork.
Craig (32:17):
But I mean, I guess where my brain goes is most companies
can't even get their cyber andcompliance right.
How could you trust a companyto get that right?
And then what if a hacker Godforbid gets control of that?
You know what I mean.
Like now you're a slave to thatperson.
You know what I mean.
Like there's so much risk and Idon't know, like again bringing
(32:40):
this back full circle.
I mean, people have done thewhole 23 and me thing or
ancestry with DNA and you knowsubmitting and again trusting
these companies to keep thatsecure, and then there's a
breach, you know.
So I hate to be the downer, butit's almost like you have to
assume the worst.
(33:00):
You know, it's like if you everchoose to sign up for something
like this, assume that it'sgoing to be breached one day,
right.
And then I mean, I don't know,I fear that if you do all those
things and, like you do the DNAthing and then you do the the
neuro link thing, and it gets tothe point where it's like, how
(33:21):
do you prove you're you?
You know it's like.
You know what I mean.
Like if all this information isout there, it becomes
increasingly more difficult, andespecially in the wrong hands.
I mean think identity theft.
You know they're going to haveall this information at their
fingertips.
You know it's just I don't know.
It's really scary to me.
But bringing this back, I guessfull circle from a cyber and
(33:43):
compliance perspective, I mean,again, I bring this up several
times I think we're in atrustless world.
I think we have to thinkdifferently.
In my opinion, these tests,these trainings, these drills,
they're not optional.
If you want to have thatmindset, you really shouldn't be
(34:04):
using the technology in thefirst place.
You know, in my opinion, a lotof technology and software.
They're tools.
They're tools to make your lifeeasier or your job easier or to
maybe gain a competitive edge.
But with those tools come greatrisks and responsibility.
And part of that responsibilityis your own training of how to
(34:27):
properly use the tools, how tomake sure that you don't get cut
or, in this case, hacked.
So you know certain tools canbe manipulated to become a
weapon, just like in the realworld.
You know you can.
A pen can be used, you know,for bad situations.
So it's just.
My point is that trainingshouldn't be optional.
(34:49):
Training is mandatory,incorporated into your corporate
culture, incorporated into yoursanction policies and your
procedures and, you know,enforce it, make it optional the
drills, the tests.
It's only going to make youbetter and stronger, it's only
going to increase your maturitylevel as we progress into, you
(35:11):
know, new CMMC mandates and newregulations.
These companies are going todemand evidence.
So it's not just going to beyou checking a box, saying, oh
yeah, we did that, yeah, sure,we did.
And then when they say theycall your bluff and they say,
well, show me the proof.
You know, at least the smartlisteners will be the ones that
actually have the proof, youknow.
But I think that, truthfully,is why CMMC is kind of, or is
(35:37):
starting to become law.
The government realized that hey, too many people were checking
boxes and lying, you know.
So now they're making it,they're raising the bar right.
So we need more, in my opinion,we need more enforcement of
those types of things To makesure that people can't say, oh,
(35:57):
we're just not going to do that,it's just not an option, you
know, kind of like with your car, you have to get I mean, you
have the freedom to not, but youhave to get your registration
renewed, you have to show, incertain states at least where I
live you have to have insurance.
You may not have to have themost expensive insurance, but
the point is you have to haveinsurance and you have to show
(36:18):
proof of it and if you don't andyou get pulled over, you not
only can you get fined but youmight get arrested.
You know, depending on you knowhow bad the infraction is.
I think that it has to theenforcement side.
They need to raise the bar fora lot of different industries
100%.
Blake (36:40):
I mean, we're at a turning point right now, not
only in.
You know, we talked verybriefly about politics and
economics today and and ofcourse now cybersecurity.
Like it seems like everythingin our society is on the verge
of some huge change, right, orsome tipping point.
(37:03):
Cybersecurity has been therefor the past five, 10 years, but
it hasn't tipped over.
Craig (37:13):
I'd say it's even been there longer than that, I mean
ever since the really the birthof the public internet.
I mean that you have to have apassword, you know, so that
could be technically,cybersecurity and password
hygiene right Now not to saythat people didn't use proper
hygiene with that, but I'm justsaying that again, it's a tool
you know.
Like if you don't have thetraining and you don't go
(37:35):
through the drills and you donothing and you use a dumb
password like password orpassword 123, you're just asking
to be hacked or you've beenhacked already and you're being
naive and not believing it.
And you know, if you want totake back control of the systems
and the tools and the thingsthat you use and ensure privacy
(37:59):
and you need to take yourcybersecurity and compliance
no-transcript.
I mean, look at some healthcareorganizations that we work with
Now.
They're getting increasedpressure for SOC reports.
You know, and I think that'sgenerally a good thing.
You know, obviously we don't dothe SOC audit we have a partner
(38:21):
that does that, but we do theprep work and the end result,
though I think is a good thing,that it's a way, it's a tool for
a vendor to request of theirclient proof of maturity and
evidence that backs it all up.
It's not a simple exercise ofhey, just fill this form out.
(38:41):
It's look, you've done all this.
You've had a third party comein and monitor and check all
your stuff for a period of time,and that third party is putting
their reputation on the line tovouch for you, you know.
And if ultimately you get thatcertificate, I think that's a
(39:02):
step in the right direction toraise the bar and ensure that,
hey, look, this company is doing, you know, maybe not everything
right, but doing more than most.
And I'm not saying that's thecure all either.
I'm just saying that,culturally, I think we need a
push to take more action and getoff the sidelines.
Blake (39:24):
Yeah, we're here and all you guys need I think we, you
know we need it to be a change,right?
Our listeners are, you know,obviously open to this
information that we're talkingabout and they're open to
cybersecurity policies,procedures and becoming
compliant, getting compliantfollowing security regulations,
(39:47):
following laws, like you know,here we are right.
But there's.
Craig (39:54):
I think the point, though , is that you know we're here to
help as a partner for you and aresource, but let's say we
packaged everything up in alaptop or whatever and we put
all the security on it and wehand it to you.
You still have responsibilitywe.
You know the technology is onepiece of it, but it's across
(40:15):
people, process and technologyright.
So I think there's still a lotof misconception that oh, I use
Amazon or I'm on whateverplatform with Microsoft and it's
their problem, and that's whatI'm trying to drive home.
No, what?
As long as humans exist,there's going to be the
psychology and the trainingthat's needed to operate that
tool or that ecosystem.
(40:37):
It could be the most securething is possible, but if you
can get into it, so can a hacker, and if you don't have the
proper knowledge, training anddrilling to make sure that it's
just you that's getting intoyour systems, that's a problem,
and that's why that's what I'msaying.
Like that responsibility sideis always going to lie on the
(40:59):
shoulders of the human side.
Blake (41:02):
Yeah, we should probably wrap on that note here.
Yeah, All right, thanks guys.
I guess we'll see you guys onthe next one.
All right, take care, All rightbye-bye.
Hey guys, welcome to a new episode.
We've got Blake Rea here.
Blake (00:06):
Merry Christmas.
Merry Christmas Right aroundthe corner.
Craig (00:12):
Like six days, four days, five days, depending on which
one you start with.
Blake (00:18):
Yeah, but I know most of the listeners have probably
checked out already oh, yeah,yeah, for sure.
Yeah, it's hard.
It's hard coming into theholidays because you're thinking
about being Christmas presentsand gifting Christmas presents
and traveling.
Craig (00:32):
It's just yeah, yeah absolutely All right, so you
want to start with some news.
Blake (00:40):
Yeah, yeah, I'll let you start and then I'll talk about
which ones I thought were prettyinteresting.
Craig (00:46):
Okay, well, I'll talk about just some headlines first
and then we'll see what kind ofis interesting.
So on there's a FBI that hasdisrupted the black cat
ransomware group, which is great.
They created a decryption tooland they're releasing it for
free for those that have gotteninfected with the black cat
(01:10):
ransomware.
So that's big.
Basically, what that means isif you've got an infected with
that ransomware strain, you canthen inoculate with that
decryption tool without payingthe ransom.
There's a data breach Xfinitydisclosed affecting over 35
(01:30):
million people.
There was criticalinfrastructure affecting Iran's
gas stations where speculationis that Israel launched the
attack and disruption Again,speculation, don't have any
evidence of it, just readingheadlines and disclosing.
I know Microsoft came out witha big update for Windows 11,
(01:56):
which is free, on Patch Tuesdaythat was released.
There was an IT manager thatgot fired from a high school,
got upset and retaliated bydeleting 1200 Apple ID school
accounts.
So we can talk about sanctionpolicies and what to do when an
(02:19):
employee is terminated and howto handle that without having
risks like that to yourorganization.
We could talk about securityawareness training and how,
pushback and just lack ofinterest around actually taking
and doing the training and thedrills and basically, what are
(02:44):
some new approaches and tacticsthat organizations can leverage
to better instill that intotheir culture?
Because obviously training isstill essential.
It's not going away.
I mean, as long as we have thehuman element that holds keys to
the castle, you can be tricked,fished, smished, you name it.
Blake (03:05):
Start there.
I found it to be interestingabout the Apple Watch Recall.
Craig (03:22):
I did not hear that.
No, what is that?
Blake (03:26):
Yeah, so this one.
Apparently Apple took thepatent for some of their like
EKG reading sensor technology.
They stole or they, I don'twant to.
From what I read.
From my understanding they usedsome technology that was
(03:50):
patented and now they're havingto rip the Apple Watches off the
shelves and so they're notgoing to sell these Apple
Watches anymore until they getfixed.
Wow, I'm not sure if it's Allthe Apple Watches, I know for
sure is the Apple Watch, I think, series 9 and the Apple Watch
(04:11):
Ultra 2 for sure.
Craig (04:14):
Yeah, so this is.
I'm just kind of followingalong with you.
It says Apple makes a pricedecision to pause some watch
sales before Christmas over apatent dispute.
Blake (04:24):
So that's what you're talking about there?
Craig (04:27):
Yeah, so disagreement between Apple and Massimo over
blood oxygen feature.
Apparently, there's some patentinfringement politics happening
.
That's kind of just an offtangent kind of thing.
(04:47):
Companies obviously pay a lotof money to secure a patent.
I'm not a lawyer, but as far asI understand it, the whole point
of a patent is to beat out yourcompetition so you can have
this new methodology or way ofdoing things, whatever it is you
want to protect.
What's interesting to me isthat if you apply for the patent
(05:10):
, you have to disclose exactlyhow it works, with drawings and
explanation and basically thewhole blueprint of the whole
thing.
Then you have to submit it withan application and typically
people hire some law firm tohandle this for them because it
can get complicated.
Some people do it themselves.
My point is that you have totell the world hey look, this is
(05:34):
exactly how I do this.
You have to hope and pray thatyou're going to get, number one,
awarded the patent and numbertwo get some type of protections
.
I know Blake and I we've talkedabout this before.
I don't know if we talked aboutit on a podcast before, but I
guess the issue that I have withit is let's say you have the
(05:55):
patent, let's say you're.
I don't know what this companyis.
I think it was Massimo.
I'm assuming Massimo is a smallor it says medical technology
company.
I'm assuming they're smallerthan Apple from market cap
perspective, right?
Blake (06:07):
Probably Right.
They're suing Apple.
I mean it's a but it's.
It's like yeah.
Craig (06:12):
So it's like big guy and AKA Apple versus little guy.
Again, I'm speculating, but I'mbasing it off of my lens and my
vantage point, suing the littleguy.
And now little guy has thepatent, but little guy has to
hire, like all these attorneys,to fight right, and then now
little guy's got to come up withall this money to pay these
(06:33):
attorneys, because theseattorneys want to get paid,
typically by the hour.
They're not going to,oftentimes they're not going to
do like a contingency.
Maybe they will, I don't know.
But the point is most, mostsituations are you pay
attorney's fees, you know, andthen you have to kind of
litigate, right, or try tosettle.
Well, my point is that thatwhole process is super expensive
(06:56):
and you can have some you knowclaws in your contract that says
that, oh, you know the the, theother party's going to pay the
attorney's fees.
Well, yeah, but guess what?
You got to still lay it all out.
You know what I mean Like.
So this little company, Massimo, might have to spend hundreds
of thousands or whatever it is,to defend this patent in court,
(07:18):
right, and again, most thingssettle.
But let's say, it goes to court.
I mean, this can be superexpensive and oftentimes it
could put the little guy out ofbusiness, Definitely, you know.
And then you know it goes backto money and power, I guess.
But I mean Apple couldn't?
(07:40):
They're so big.
I mean they could choose tojust buy the company and then
move on.
Blake (07:47):
That's an option, yeah, and then I guess patents are in
place to protect the IP of saidcompany.
So if somebody infringes onyour patent, I mean it should be
a pretty cut and dry case about.
Yeah.
Craig (08:05):
But I guess my point is that companies like Massimo
again, I'm speculating, I don'tknow anything about them other
than what I'm reading here.
I'm assuming they're smaller,but I guess my point is that if
you are a patent holder or youhave some type of intellectual
property that you're trying toprotect, you have to have
(08:27):
reserves.
You have to have cash reservesto be able to defend your
patents and your rights.
You know, there's a partner ofours I won't name who they are,
but they developed thetwo-factor authentication and
out-of-band authenticationtechnology.
So they're, in my opinion,they're little.
(08:50):
They're not super little.
They grew, obviously, butthey're still little compared to
like, a company like Apple.
Well, in their context, they hadan issue that was very similar
to this, where they havemillions of users that use their
technology, but they got suedby or actually no, they sued the
(09:10):
big guy.
They were the ones that foundhey look, this big company like
Apple stole our tech.
They sued them and theyactually won.
So this was like a good storythat happened.
And then what I, in talking tothe founders and the patent
holders, what happened was,since they have, I think, like
six different patents, likepowerful patents like this, they
(09:33):
ended up having to hire andbuild their own legal team.
So they have like a legal teamof lawyers that basically that's
what they do, that's their jobis to defend all their patents.
So they have cash reserves andthey have legal power, basically
, and that's what they do.
So they research, develop,build, protect patents and
(09:54):
that's their model, that hasbecome part of their business
model.
So, anyway, I know I went on atangent, but that's very
interesting to me.
Blake (10:04):
Yeah, yeah, I guess we'll see what happens.
I guess here's your chance toget your Apple watches while
they're still out.
Keep them boxed up and see whathappens in a few years.
Craig (10:19):
Wouldn't it be crazy if they I don't know if this would
happen again speculation but ifthey lost and they had to recall
all the Apple watches thatpeople have, or something like
that?
Like the Teslas oh yeah, that'sanother big one that we should
talk about.
So what happened with theTeslas?
Blake (10:37):
Apparently there was some lawsuit or I don't know, but
apparently there's been a lot offatal accidents from the
autopilot feature for Tesla.
Like I saw one video of a carthat's stopped in like a
underground tunnel and it caused, like a car pile up, the auto
driving feature.
So apparently the DOT recalledall the Teslas with this certain
(11:05):
auto driving.
Craig (11:07):
I think it's the full auto driving capability, isn't
it?
Isn't it the full autonomous?
It's like the $10,000 upgradeor something.
Blake (11:15):
I think, yeah, I think that's right, but from my memory
it was over 3 million Teslas,so that was kind of ironic and
funny somewhat funny to meanyway.
Craig (11:28):
So I don't know if you watch Netflix, but Netflix put
out a new movie.
It looks like October 2nd.
It's called Leave the WorldBehind.
Have you ever heard of it?
No, so it's Jennifer Rock, or?
Blake (11:44):
Oh, I saw the trailer for that where, like, the Teslas
just start crashing into eachother.
Craig (11:49):
Yeah, yeah.
So Julia Roberts is in it and Idon't want to spoil it.
In my opinion it's not a verygood movie, but I kind of see
where they're going with it.
So basically, again, I won'tspoil the whole movie.
But when you talked about theTesla thing it reminded me.
(12:10):
There's a scene in the moviewhere so basically, I'll tell
you the short version of themovie the movie is about a cyber
attack.
It's about a massive cyberattack that kind of or does hit
America, kind of like 9-11, onlylike a modern version, where
(12:32):
there's no internet, there'snothing electronic that works
Almost like an EMP.
Nobody knows what's going on,nobody can listen to the radio
or watch the TV.
There's no internet.
So everything's kind of likeshut down.
So that's kind of the mainfocal point of the movie.
But there's a scene in themovie that has all the Teslas
(12:56):
and they're driving.
They're brand new Teslas andthey're driving at high speed
and crashing.
So there's like a section ofroad that you have to drive
through to get out.
It's like a suburb of New YorkCity or something.
So all these people arepanicking, so they're trying to
figure out how do they get outof there and you see these cars
(13:19):
just zooming and crashingnonstop into one another and
they're all Teslas, they're allbrand new and they all have the
$10,000 full autonomous upgrade.
So anyway, I know that's areally random left field tangent
, but you brought up Tesla and Ijust watched that movie the
(13:40):
other night with my wife and inmy opinion, I did not think it
was very good at all.
It was actually.
I thought it was pretty bad.
But I think I guess what I'mtrying to say is I see what the
directors and the producers weretrying to do.
They were trying to paint thepicture of mass chaos and what
would really happen, like ifthat happened.
(14:03):
I get that and I applaud that.
I just think the delivery couldhave been done a whole lot
better in my opinion, and themovie could have had more depth
to it, but anyway, it was a goodtry.
Again, in my opinion, it mightbe worth a watch.
I'm gonna watch it.
Yeah, if you're bored orsomething.
Blake (14:26):
I mean, anyway, I was literally gonna show the trailer
to my wife and see if we couldwatch it.
Craig (14:33):
Yeah, watch it.
Like I said, you might love it.
I did not really like it thatmuch, but it does give you a
different perspective, and Ithink that's kind of the point.
The point is, what would yourlife be like if you couldn't do
this?
You couldn't listen to apodcast, you couldn't make a
(14:53):
podcast, you couldn't go on theinternet to check your news, you
couldn't use your Apple Watch,you couldn't use your iPhone.
What would happen if none ofthis stuff worked?
And that's really what themovie is talking about and kind
of trying to highlight andrelive that you know, yeah, so
(15:14):
I'll leave it there.
I don't want to spoil anything.
Blake (15:18):
Yeah, I think that I just saw because I guess they were
teasing it with that that onescene you're talking about.
I'm just the Tesla is just boom, boom, like crashing into each
other and then, and then, likeshe looks at the window and she
sees like all like self drivingcapability or whatever, and then
she's like get out of here.
Like you know, I haven't seen aJulia Roberts movie in a really
(15:42):
long time, like, so it seemslike she's been been busy.
I think the last Julia Robertsmovie I saw was like one of the
oceans movies.
Oh right, yeah, I mean Ihaven't seen her act in a while.
Well, I think, if you do, watchit with your wife.
Craig (15:58):
I'd be curious to see your, or hear your, opinion on
it.
Blake (16:05):
I'm kind of protesting Netflix right now because they
change their fees again.
Craig (16:11):
So I'm like well, that's kind of what they do, Right?
I mean spectrum, all of themhave changed.
You know, I remember spectrumcoming out with what's called
the signature package andspectrum for those that are
listening it's kind of likecharter communications or Ryzen
Internet, you know Internet andcable TV provider, Right.
(16:32):
Well, anyway, years ago theycame out with what's called the
signature package and it was249.99.
And it basically gave youeverything.
You got Internet and you got abundle.
You also got a phone linebundled with the package and
that's it.
It was basically like your,your pass, right.
Well, slowly, over the yearsnow it has crept up to it's over
(16:54):
$329 now or something.
Every time I have the plan andI'm about to cancel it because
it's just gotten ridiculous.
Every month it's like smallincrements of increase.
Blake (17:10):
Yeah, I've been seeing some of these.
You know, like every time I goto the grocery store, like I
went and I was like, all right,let's pick up a few things for
breakfast, right?
You know, of course, you pickedup a few things that ran out
and it's like $100 later.
You know, and I've beenwatching these, there's these,
this group of people that havebeen like keeping receipts from
like 20, 2008, 2010, 2015,.
(17:34):
Like 2020, 2023 now, and likethey're like this is, you know,
the same shopping list, you knowat the same store, and it's
like it's insane to see how muchgroceries are going up.
Craig (17:49):
You know how much they've gone up.
You mean, yeah, how muchthey've gone up.
Blake (17:52):
Yeah, yeah, yeah they're going.
Yeah, cost of living you knowit's just skyrocketing like the
housing, you know skyrocketing,but then you know, like the
wages aren't keeping up withthat growth.
You know, and yeah, you knowI've been, I've been following a
(18:13):
lot of that stuff and you knowit seems to be.
You know that the picture ispainted, that things are our
business as usual, right.
Craig (18:25):
But yeah, that's a whole nother.
That could be a series ofpodcasts.
Yeah, yeah, well, I think.
How do I segue into that?
So I think what you'rerealizing is that there's the
news that says oh, you know,we're not in a recession, and oh
, everything's great.
(18:45):
And look, inflation went down.
But, and then interest?
Blake (18:51):
rates went up.
Craig (18:52):
Yeah, stock market gets pumped and goes up and
everybody's great, and interestrates are at record high.
You know, I don't.
I mean, they're just insanelyhigh right now.
They're they were talking aboutmaybe talks about no more rate
hikes, but maybe they're goingto drop rate soon.
(19:12):
I just don't know how it's evenaffordable anymore for most
people to even buy a house.
You know, it's just, but I thinkI guess again, my opinion it
just there's just so muchcorruption everywhere and so
much manipulation everywhere.
I think it's hard for people toget the truth because there's
(19:36):
just so much media that you'regoing to see more of this too
with the election coming up.
There's so much media and somuch bias you just can't trust
any of it.
Like you have to go on your ownkind of hunt to find the truth,
and I think that that's themost challenging thing and I
(19:58):
think that some people arewaking up to that fact.
You know, I remember back agesago.
You know, learning about thegovernment and government power
versus people, right, like youknow, when the government gets
too much power, then you voteand you're supposed to try to
take some powers away from thegovernment, but then you see now
(20:20):
, like there's just so muchcorruption and manipulation in
the government and it's likewho's paying who off, and it's
just again, I'm going in randomtangents, I'm sorry, it's just,
it's just such a crazy world.
And I guess my point is that Ithink everybody is looking for a
(20:42):
like a safe haven or a moretrusted system.
And you know, with, like yousaid, with with groceries going
up and you know, milk is likefive, six bucks, you know,
depending on the kind of milkthat you want to buy.
You know what I mean it's justlike not sustainable.
You know what I mean.
Like I don't know what theanswer is.
(21:02):
I'm just saying that it justseems like there's so much stuff
that's messed up, you know, butyeah, and then, and then you
know we, we try to be the goodguys and do really good at what
we do and nobody wants to payfor, for what we offer.
You know, it's like we don'tneed that.
You know, like yesterday we geta note saying that, oh, we're
(21:24):
not going to do a pen test for2024.
And I just, I just shake myhead because I mean it's like
I'm I don't make up the news.
I mean, yeah, the news might bemanipulated, but the point is
that these things are reallyhappening, people are really
getting infected, people arereally getting extorted and
hackers are, you know, rampant.
(21:46):
So.
So it's like how could you not?
I don't know.
Blake (21:52):
I was yeah, I mean, obviously I know who the company
is and I was looking at, likeand thinking in my mind.
When I saw that email that wentout, I was like like they're
such a huge company and theyhave they have their fingers in
and specific industry Hands allover it and they probably have a
(22:14):
lot of important data.
Craig (22:16):
Oh, they do yeah.
Blake (22:18):
Important, important IP, like for their clients, like I
mean, they're doing Amazing,amazing work, but you know, it
goes back to what you weresaying, like about the training.
Craig (22:31):
It goes back to that it's .
They don't think it's going tohappen to them.
And until it does, or untilsome vendor of their company,
vendor of their demands evidenceto say, look, we're not going
to do business with you unlessyou have this, this and this and
you can show proof of it.
Until things like that happen,where it's like, look, you have
(22:52):
to.
This is no longer optional foryou, Training is no longer
optional.
If you want your job, you haveto show proof of training and
proof of drills, Otherwise youlose your job.
Like it's.
You know, if there's no likerules like that that are written
and enforced, everybody's goingto sit on the sidelines and be
like well, I'm going to roll thedice.
You know I'm not going to dothat.
Blake (23:16):
Yeah, I mean, it's crazy.
It's crazy to think you knowthe amount of pushback that I
mean.
If we don't enact change, thenchange is never going to happen.
Right Like, we and I'm sure ourpodcast listeners are part of
that change, because here theyare.
(23:36):
Right, like, like.
Let's be real, like, unlessyou're in the industry, you know
, chances of you listening to acybersecurity podcast on the way
into work is, you know, lesslikely, right?
Not as fun, yeah, I mean, youcould be listening to who knows
Joe Rogan or whatever podcast,right?
(23:58):
But you know, you guys are thefuture and you guys are the
change that we need and thatwe're talking about.
Craig (24:07):
Well, I think that part of that, you know, kind of
stemming off of what you'resaying.
You know, I think we're taughtto vote right, vote, vote, have
your voice heard right.
But I think again my opinion, Ithink that a lot of the people
that we're voting for thesepoliticians, more often than not
there's corruption and we'retrusting and voting for a
(24:31):
politician to make our voiceheard, but I'm not so sure
that's the best vehicle anymore,and what I mean by that is I
think that maybe that wholesystem needs to change and maybe
more power needs to be given tothe people to vote on their
beliefs and what they wantwithout the politicians.
(24:53):
Just something to think about.
Blake (24:58):
Yeah, I think that'd be interesting to see how that
could be organized and how thatcould be structured, right,
because we've always put faithlike think about it Like
thousands and thousands ofpeople from one district are
putting faith in you know.
Tens of thousands, hundreds ofthousands are putting faith in
(25:19):
one person.
Yeah, you know, like like thinkabout this, like that would not
be like a fair match, right?
Like like imagine if thatpoliticians on the street, right
Like just walking through DC,how many security personnel do
(25:40):
you think that one person wouldhave for 200,000 people?
Or 50,000 people?
Right?
Yeah, the only reason why I'msaying that is because that one
person I don't feel like it'scapable of representing that
many people.
You know like could be wrong,but just my opinion.
Craig (26:03):
Well and yeah and I know this is like a completely
tangent podcast yeah, this isbut this is more of a banter
podcast than a cybersecuritypodcast.
But we do tie it back, so yeah.
So one thing I want to show you.
Hold on, I don't know if you're, I'll take this back to cyber
(26:33):
real quick.
You ever seen one of these?
Blake (26:38):
Yeah, flipper.
Craig (26:40):
Yep.
So you see the headlinesrecently about how script
kiddies and teenagers werehaving fun with Apple devices.
Blake (26:52):
Nah, I didn't.
Craig (26:54):
Oh yeah, so these kids again.
I don't have the whole story orwhatever, so it's again my
speculation and my perspectiveon it.
I'm envisioning a bunch ofteenage kids in different
locations buying these thingsand just causing hell and like
the Christmas lines, and whatthey were doing was they were
locking up all everybody'siPhones.
(27:15):
They were just inundating themwith NFC and Bluetooth and
broadcasting messages and theiPhones would crash and within a
30 to 50 foot radius.
And these kids again.
I'm envisioning this happeningin supermarkets or in crowded
places or New York or whereverthey are.
(27:37):
They're just using these things, they're upgrading the firmware
on it and just blasting a 50foot radius, and all these
people are confused, looking attheir phones and they're like
what the hell is happening?
Anyway, I thought it wascomical to read that Apple was
then pushed to do an update toiOS.
So I don't know if you have thelatest update.
(27:57):
If you don't, you might want tograb it, but yeah, that was the
primary driver of why they didthat update.
Blake (28:07):
So funny.
Craig (28:09):
So, you know, bringing this back to technology and
cyber and compliance, I mean,you may you may be listening and
you may not have ever heard ofa flipper zero or these
different tools, but you knowthat's part of what we do.
We get all these differenttools that hackers use and we
become hackers.
You know, white hat hackerstrying to see and learn how they
(28:31):
work and do research anddevelopment to learn the gaps
and and how to protect ourclients.
Right, you know, that's reallythe end game for us, but I
thought that that was, you know,pretty interesting to read.
The other on another newshighlight there what else did we
find?
We found some biometrics withretina scanning and talk about
(28:57):
how certain governments andentities are trying to, almost,
like, enhance KYC or know yourcustomer type stuff.
I saw a headline or actually anews article Yesterday.
This was about the CorporateTransparency Act If you're a
(29:19):
business owner.
Now the federal government isenhancing this corporate
transparency act.
So now there's yet anotherthing that the business owners
have to do.
If you own, you know, a certainpercentage of a business and
they.
I don't understand why theyhave to do this, because I feel
(29:40):
like the information thatthey're asking they already have
, but they're asking for, likephoto ID and birthday of
business owner and obviouslyname and home address.
I mean a lot of that stuff,obviously not the photo ID part,
but a lot of that stuff's onyour tax return.
So I don't know really whythey're asking for this, but
anyway, they're trying toenhance that whole, in my
(30:02):
opinion, the whole KYC thing.
But yeah, so, like you know,people are doing some of these
pilots.
Have you heard about the ElonMusk Neuralink?
Blake (30:18):
I've heard about the technology, but I haven't heard
anything recent about whathappened or what's going on with
it.
Craig (30:25):
Well, I don't, I don't.
I mean, I don't know if it wasrecent, but basically he's
working on implants and, youknow, trying to test chips in,
you know, animals, and there's alot of controversy around that.
Basically, essentially creatingcyborgs is what it is right In
(30:48):
a nutshell.
Blake (30:49):
I heard that something he was testing, I don't know.
I heard something startedhappening with those chips that
they were implanting.
Did you hear about that?
I didn't something like Let mesee if I can pull it up, but I
heard something about like,obviously, safety right.
Craig (31:11):
Yeah, I haven't seen anything.
I haven't looked it up like yourecently, but Anyway so they're
starting human trials.
I did see that.
I did see that certain numberof people have signed up to do
(31:32):
it.
Blake (31:36):
But then I heard something about like I mean, I
don't know, I don't want toagain, I'm not here to spread
misinformation, but I heardsomething about safety.
Craig (31:45):
Right yeah.
Blake (31:47):
I'm not saying Anyways, yeah, I mean, imagine that, like
, imagine everybody having theseneural links and then you know
if you want to learn anotherlanguage, or you know if you
want to become an expert oncybersecurity or ITs.
(32:11):
You know, download thatinformation you know into your
little chip.
I don't know how that wouldwork.
Craig (32:17):
But I mean, I guess where my brain goes is most companies
can't even get their cyber andcompliance right.
How could you trust a companyto get that right?
And then what if a hacker Godforbid gets control of that?
You know what I mean.
Like now you're a slave to thatperson.
You know what I mean.
Like there's so much risk and Idon't know, like again bringing
(32:40):
this back full circle.
I mean, people have done thewhole 23 and me thing or
ancestry with DNA and you knowsubmitting and again trusting
these companies to keep thatsecure, and then there's a
breach, you know.
So I hate to be the downer, butit's almost like you have to
assume the worst.
(33:00):
You know, it's like if you everchoose to sign up for something
like this, assume that it'sgoing to be breached one day,
right.
And then I mean, I don't know,I fear that if you do all those
things and, like you do the DNAthing and then you do the the
neuro link thing, and it gets tothe point where it's like, how
(33:21):
do you prove you're you?
You know it's like.
You know what I mean.
Like if all this information isout there, it becomes
increasingly more difficult, andespecially in the wrong hands.
I mean think identity theft.
You know they're going to haveall this information at their
fingertips.
You know it's just I don't know.
It's really scary to me.
But bringing this back, I guessfull circle from a cyber and
(33:43):
compliance perspective, I mean,again, I bring this up several
times I think we're in atrustless world.
I think we have to thinkdifferently.
In my opinion, these tests,these trainings, these drills,
they're not optional.
If you want to have thatmindset, you really shouldn't be
(34:04):
using the technology in thefirst place.
You know, in my opinion, a lotof technology and software.
They're tools.
They're tools to make your lifeeasier or your job easier or to
maybe gain a competitive edge.
But with those tools come greatrisks and responsibility.
And part of that responsibilityis your own training of how to
(34:27):
properly use the tools, how tomake sure that you don't get cut
or, in this case, hacked.
So you know certain tools canbe manipulated to become a
weapon, just like in the realworld.
You know you can.
A pen can be used, you know,for bad situations.
So it's just.
My point is that trainingshouldn't be optional.
(34:49):
Training is mandatory,incorporated into your corporate
culture, incorporated into yoursanction policies and your
procedures and, you know,enforce it, make it optional the
drills, the tests.
It's only going to make youbetter and stronger, it's only
going to increase your maturitylevel as we progress into, you
(35:11):
know, new CMMC mandates and newregulations.
These companies are going todemand evidence.
So it's not just going to beyou checking a box, saying, oh
yeah, we did that, yeah, sure,we did.
And then when they say theycall your bluff and they say,
well, show me the proof.
You know, at least the smartlisteners will be the ones that
actually have the proof, youknow.
But I think that, truthfully,is why CMMC is kind of, or is
(35:37):
starting to become law.
The government realized that hey, too many people were checking
boxes and lying, you know.
So now they're making it,they're raising the bar right.
So we need more, in my opinion,we need more enforcement of
those types of things To makesure that people can't say, oh,
(35:57):
we're just not going to do that,it's just not an option, you
know, kind of like with your car, you have to get I mean, you
have the freedom to not, but youhave to get your registration
renewed, you have to show, incertain states at least where I
live you have to have insurance.
You may not have to have themost expensive insurance, but
the point is you have to haveinsurance and you have to show
(36:18):
proof of it and if you don't andyou get pulled over, you not
only can you get fined but youmight get arrested.
You know, depending on you knowhow bad the infraction is.
I think that it has to theenforcement side.
They need to raise the bar fora lot of different industries
100%.
Blake (36:40):
I mean, we're at a turning point right now, not
only in.
You know, we talked verybriefly about politics and
economics today and and ofcourse now cybersecurity.
Like it seems like everythingin our society is on the verge
of some huge change, right, orsome tipping point.
(37:03):
Cybersecurity has been therefor the past five, 10 years, but
it hasn't tipped over.
Craig (37:13):
I'd say it's even been there longer than that, I mean
ever since the really the birthof the public internet.
I mean that you have to have apassword, you know, so that
could be technically,cybersecurity and password
hygiene right Now not to saythat people didn't use proper
hygiene with that, but I'm justsaying that again, it's a tool
you know.
Like if you don't have thetraining and you don't go
(37:35):
through the drills and you donothing and you use a dumb
password like password orpassword 123, you're just asking
to be hacked or you've beenhacked already and you're being
naive and not believing it.
And you know, if you want totake back control of the systems
and the tools and the thingsthat you use and ensure privacy
(37:59):
and you need to take yourcybersecurity and compliance
no-transcript.
I mean, look at some healthcareorganizations that we work with
Now.
They're getting increasedpressure for SOC reports.
You know, and I think that'sgenerally a good thing.
You know, obviously we don't dothe SOC audit we have a partner
(38:21):
that does that, but we do theprep work and the end result,
though I think is a good thing,that it's a way, it's a tool for
a vendor to request of theirclient proof of maturity and
evidence that backs it all up.
It's not a simple exercise ofhey, just fill this form out.
(38:41):
It's look, you've done all this.
You've had a third party comein and monitor and check all
your stuff for a period of time,and that third party is putting
their reputation on the line tovouch for you, you know.
And if ultimately you get thatcertificate, I think that's a
(39:02):
step in the right direction toraise the bar and ensure that,
hey, look, this company is doing, you know, maybe not everything
right, but doing more than most.
And I'm not saying that's thecure all either.
I'm just saying that,culturally, I think we need a
push to take more action and getoff the sidelines.
Blake (39:24):
Yeah, we're here and all you guys need I think we, you
know we need it to be a change,right?
Our listeners are, you know,obviously open to this
information that we're talkingabout and they're open to
cybersecurity policies,procedures and becoming
compliant, getting compliantfollowing security regulations,
(39:47):
following laws, like you know,here we are right.
But there's.
Craig (39:54):
I think the point, though , is that you know we're here to
help as a partner for you and aresource, but let's say we
packaged everything up in alaptop or whatever and we put
all the security on it and wehand it to you.
You still have responsibilitywe.
You know the technology is onepiece of it, but it's across
(40:15):
people, process and technologyright.
So I think there's still a lotof misconception that oh, I use
Amazon or I'm on whateverplatform with Microsoft and it's
their problem, and that's whatI'm trying to drive home.
No, what?
As long as humans exist,there's going to be the
psychology and the trainingthat's needed to operate that
tool or that ecosystem.
(40:37):
It could be the most securething is possible, but if you
can get into it, so can a hacker, and if you don't have the
proper knowledge, training anddrilling to make sure that it's
just you that's getting intoyour systems, that's a problem,
and that's why that's what I'msaying.
Like that responsibility sideis always going to lie on the
(40:59):
shoulders of the human side.
Blake (41:02):
Yeah, we should probably wrap on that note here.
Yeah, All right, thanks guys.
I guess we'll see you guys onthe next one.
All right, take care, All rightbye-bye.
Popular Podcasts
Are You A Charlotte?
In 1997, actress Kristin Davis’ life was forever changed when she took on the role of Charlotte York in Sex and the City. As we watched Carrie, Samantha, Miranda and Charlotte navigate relationships in NYC, the show helped push once unacceptable conversation topics out of the shadows and altered the narrative around women and sex. We all saw ourselves in them as they searched for fulfillment in life, sex and friendships. Now, Kristin Davis wants to connect with you, the fans, and share untold stories and all the behind the scenes. Together, with Kristin and special guests, what will begin with Sex and the City will evolve into talks about themes that are still so relevant today. "Are you a Charlotte?" is much more than just rewatching this beloved show, it brings the past and the present together as we talk with heart, humor and of course some optimism.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.