December 4, 2025 • 15 mins
A recent phishing attack may have compromised your information while you were Black Friday or Monday shopping. Scott talks with cyber security expert Chris Nyhuis about what you should be on the lookout for and how to protect yourself.
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Do you want to be an American idiot?
Speaker 2 (00:03):
It's got friend backed on seven hundred WLW. With all
the news and big news we've had in the headlines recently,
there's other things that are kind of important. One of
those is I don't know if you saw this, but
the auditor of state State of Ohio reported at least
twenty three cyber attacks against government offices in the past
twelve months. It's here in Ohio, including seven hundred thousand
dollars in theft in Licking County. We've seen this in Dayton,
(00:25):
and in Cincinnati and across the area. Oh and let's
not forget that one in Middletown. And as a result,
lawmakers are working on cybersecurity legislations coming together that would
acquire municipalities to develop their own policies in response to
those cyber attacks and local governments.
Speaker 1 (00:41):
Chris Nihis is here.
Speaker 2 (00:42):
He's the CEO of Cincinnati based Vigilant Cyber Security and
Joints show to discuss Chris.
Speaker 3 (00:47):
Welcome, Thanks Scott, thanks for having me on.
Speaker 1 (00:49):
Yes, sir.
Speaker 2 (00:50):
Before we get to the new law, we also have
the holiday buying season here. Everyone's clicking, clicking, clicking. We
just had cyber Monday, biggest one everet grows every year.
We had a huge Black Friday, people buying a lot
of stuff online or ordering it picking up later what
it might be. And we have seen a threat against
the supply chain. For those at the user end can
explain what's going on here, what to look out for.
Speaker 4 (01:11):
Right, So what's crazy about this? So MPMs are little
packets of data it's or it's it's software, and what
developers will do is they'll go out and get the
software kind of like a marketplace, and they'll pull it
put it into their software that they write so that
they don't have to write those modules again. So what
(01:32):
basically happened here is UH is an individual that manages
these some of these MPMs, they were fished and basically
gave up access to these modules. Attack went in modified
them to when they were updated, like when people update
their software, and these are definitely the cyber attack went
(01:56):
into all of these different pieces of software out there.
Speaker 3 (01:58):
So the problem with this is.
Speaker 4 (02:00):
Is that developers don't always necessarily know what packages they
put into these applications. Companies they don't know if they
take a piece of software and they put it into
their websites or whatever. In this case, it's affecting a
lot of crypto wallets that are out there, and so
it's a massive problem because this supply chain attack of
(02:20):
basically a supply chain of a piece of software that
gets to stream all kinds of places with maybe no
record that's even there is. It can affect the applications
you use every day. And in a lot of case,
what they're seeing where a lot of these applications were
affected were crypto wallets. So if you're transferring crypto, one
of the things that's happening is malicious attacker. So it's
(02:44):
where if you go to transfer crypto, the software actually
swaps out the sending address that you're sending to with
their address. So they're accumulating crypto from people trying to
make legitimate transactions by just changing that out.
Speaker 3 (02:59):
Wow.
Speaker 2 (03:01):
So now every time you click buy or you know,
add the car right now, now you've got to think about.
Speaker 1 (03:05):
That, right.
Speaker 3 (03:07):
No, it's crazy.
Speaker 4 (03:08):
As we talk with HB ninety six, it's even these
things can be related, right because you know, when when
it's software, it's embedded in software you use, you don't
necessarily know those things are happening. So like within PM,
it's invisible to everybody out there, you know, but it's everywhere, right,
It's the software library system that developers use to build
these apps and websites, and so you know, I think
(03:30):
it's like the plumbing behind all of your favorite apps,
you know.
Speaker 2 (03:34):
Right right right, We don't think about it until now
we can breach that as well. And this gets back
to the discussion about HB ninety six, your cybersecurity legislator
across the state the state says, well, if you're in
a municipality, you have to come up with a plan
to deal with cyber attacks on local level. You've got
to review your do a systems review, identify risks and
mitigation and stuff like that. But I mean that'd be
(03:55):
okay for Cincinnati, Columbus, Cleveland. Maybe if you're a Toledo
or a date. But what about a Middletown. We saw
what happened well this past summer, systems down timelines for
restoration up in the air. I know that it was
a huge suthing to be a huge problem, and the
people in Middletown are actually angry. They want to answer
some of this whole thing.
Speaker 4 (04:15):
Well, see here the thing about it is and you know,
you and I've talked about cyber for a while. Here
is that the commodity technology that's out there in the
market just it just doesn't work. And and that's that's
something that people don't like me to say, especially in
this industry, but it's the truth of it. And you know,
if you look at all of the reports year after year,
the time it takes to detect a threat right now
(04:37):
is seven years. I mean that seven years starts seven months.
That's grown years. I know that you will well sometimes
you know, with with the attack against Dropbox, it was
four years, right so so, but average right now it
was seven months and and and that's where you know,
the part of the issue is the cyber industry just
(04:58):
doesn't have a significant amount technology have pivot that really
is effective. And when it is effective tech, it does
take teams that have had skill sets in and have
a lot of time to focus on that. And unfortunately
in our school districts and local governments, you know, they
don't have the funding. You know, they're they're they're not
giving the funding to do it. And you know, if
(05:18):
you watch some of these, uh, you know, council meetings
you'll find where you know, someone bring up purchase for
cybersecurity and it gets trumps because of cybewalk fixes, right
and which are both important, but but they just don't
get the funding and they don't have the resources. So
to your point, yes, it's going to be a problem.
Speaker 1 (05:36):
Now.
Speaker 4 (05:36):
You know what happens though in these organizations is they
buy commodity software that is more automatic, and that's that's
part of the issue is that the automatic approach to
cyber treaty doesn't work, and so these school districts are
going to have to spend a lot more money. Local
governments are gonna have to do the same. They're going
to have to bolster their teams up. Uh, and they're
(05:57):
going to have to really be wise about the tech
that they buy.
Speaker 3 (06:01):
Inside the environments you know.
Speaker 2 (06:03):
That they that they use right right, Well, that's the
thing is finding the proper vendor. But it's up to
the municipality though to figure out, you know what the
detection is there too, So the onus is on them
is in this in this bill, can I just go
wait a minute, I've got a bad vendor or I
hired someone doesn't know what the hell they're doing does
that cover them legally from the state perspective?
Speaker 1 (06:22):
What about that? Because I don't know what I don't know,
you know.
Speaker 3 (06:25):
Yeah, it doesn't.
Speaker 4 (06:26):
And that's really the thing with all of this is that,
you know, companies have to be extremely careful about the
tech they buy. They can't just buy a brand name.
And in fact, if you look at that seven months
of time, that's driven by the you know, the organizations
that have quote unquote more market share. So you have
to be really careful about the organizations you buy because
(06:47):
at the end of the day, you are legally responsible
because you chose where to put the data. And in
this case, you know, there's you know, the responsibility to report.
I mean, you have to report an incident within seven days,
you know, from when it happened. I mean right now,
it's seven months to even detect it. You have to
you know, you can't ransomware, which I think is a
(07:10):
good thing in most cases because it will it will
slow down the process for these attackers. I think it'll
make school districts a lot less of a target in
some ways because it'll be harder to get some but
they have to get either board approval or they have
to get counsel approval to beat to ransomware now, which
is really good. But the other thing that I I'll say,
(07:32):
I do really love about this bill, and it's something
that I think Ohio did really really well, and states
like California did really really poorly. And basically in this bill,
it makes all cybersecurity records and purchases confidential, and in
like California, they have to report everything they do literally
(07:54):
public record. And so why that's important is when you're
when you're fighting against cyber packers that know what they're doing,
and if you have a document that you literally just
put out there right and you tell everybody all the
technology you use and all the purchase you use and
all your records, then they.
Speaker 3 (08:12):
Know exactly how to attack you. So I think.
Speaker 4 (08:14):
Ohio did a really good thing. You don't normally see
that from lawmakers a lot because they're not really technologically
advanced when they write these laws.
Speaker 3 (08:21):
Ohio did an awesome job.
Speaker 1 (08:23):
That's incredible.
Speaker 2 (08:24):
Here's California, Silicon Valley, Apple, all these big and they
screw it up.
Speaker 1 (08:28):
Here's Ohio. We get it right.
Speaker 3 (08:30):
Good for right, we get it right.
Speaker 1 (08:31):
Oh The reason I live in Ohio now California.
Speaker 3 (08:33):
Chris and I.
Speaker 2 (08:33):
Heis CEO of vigil and Cybersecurity in Cincinnati. We're a
few weeks in now to legislation that was passed the
state of Ohio that says you got to come up
with a plan no matter how big or small you municipality,
is your old town, your village, if you have an
online presence, you've got to come up with a cyber plan.
And there's a lot of questions there for the smaller ones.
I mean it was the big ones. Cleveland had a
huge cyber attack. They're a victim of. I believe the
(08:56):
court system in Cleveland recently had that happen. So it's
big cities too, not just places like Middletown where we
were shut down for a while, and the residents are
angry because they just want to know how much information
was compromised. We know, like, for example, the one in Columbus,
Columbus last year.
Speaker 1 (09:11):
As a matter of fact, it was a major one.
Speaker 2 (09:12):
I think it preached like five hundred thousand people, including
names and dobs, addresses, tax accounts, socials, all that stuff
that's stolen and sold in the dark web. Still have
no idea who did it, where, the information is it's
just out there in the ether and there's no catching
these people, as we've talked about before, Chris, But those
are two of many. I think the problem for me is,
and I heard about this firsthand from a friend. Kettering
(09:33):
Health Alliance had a ransomware malware attack shut everything down,
and I don't know what the outcome was, but you know,
their pr people kind of played it close to the vest, like, Hey,
everything's fine, we got it under control, we're working on
the problem, and there's no disclosure. Now, if you're that's
one thing in your company, but if it's your health records,
if it's your social if it's your address, I need
to know that that information has been compromised and it's transparency.
(09:57):
So you look at you go. You know, I just
don't want to be held accountable. I don't want to
get voted out if I'm a Middletown City council person,
if I'm the mayor of Columbus, or I'm the CEO
of a healthcare operation, I don't want that on my
I'm the one that staying on my record, so we'll downplay.
That's not good for the people who have been victimized.
Speaker 3 (10:15):
Though it's not you know, you know, we we have
to be better.
Speaker 4 (10:20):
You know, organizations have to be better at communicating, They
have to they have to not hide it.
Speaker 3 (10:24):
You know.
Speaker 4 (10:25):
That's where a lot of these plot packs from lasting
against these organizations are starting to come around. The one
thing I will say is that is that when it
comes to these records, you know, when you when you want,
you know, our records, yours of mine already stolen. You know,
the majority of the population over eighteen already stolen. I mean,
(10:45):
there's been so many breaches one after the other that
data is out there, especially as social numbers things like that. Yeah,
where schools come into play in the municipalities. There's two
things that are interesting here. One is every year as
kids turn turns eighteen, right, it's a new group of
people whose identities haven't been compromised yet, And so schools
(11:09):
are a great place for attackers to come in and
get high value target information. And what I mean high
value target is yours. My records sell for about a
dollar out there in the marketplace. Some of that's turning step,
you know, seventeen eighteen, their records are going to sell
for a lot more out of the hacking marketplace because
they haven't been used yet, whereas yours or mine, you know,
if they have to prove it everything else. So schools
(11:31):
are a major target for that. So you know, as
a parent, one of the things you can do right
now is make sure you get identity STEFF protection for
your kids. Even though they're under eighteen, they have to
have that. Make sure you lock down their credit because
what happens is these you know, go to apply for
their first vehicle and they realize they have a portable
credit score because you know their identity since you know
(11:53):
with that, when it comes to municipalities, you know we
are in an international cyber wark already happens and people
in this industry know it. We ass as you know,
citizens United States have to realize that that it is
and it is an actual border to border war and
and with that, our municipalities, our local police departments are
(12:16):
emergencies response systems. You know, when cyber war continues to escalate,
those are the places that are going to get shut
down first, right and you're not going to have the services.
So there has to be accountability to make sure that
these things are done right. In that our identity is perpective.
Speaker 2 (12:32):
You just assume your information is out there as an adult.
And so you know, we have the credit monitoring thing
going on, and we have a LifeLock or whatever the
version is of that we have, but that's a good brand.
And also make sure that our credit reports are locked down.
And so we originally bought a new house and had
to go remember to unlock all the credit reports for
a while until they pulled your credit and then lock
them back up. Is that the best pay Is that
(12:54):
the best you can do to prevent your information from
me You just assume it's being misused. But if you
have your credit the three credit beer is locked down,
then there's not much they can do as far as
trying to get credit in your.
Speaker 3 (13:04):
Name, right right, I mean, and that's finance side of things.
Speaker 4 (13:08):
So yes, locking things down there, making sure you have
credit holds, you know, unless you're going to purchase something,
then turn the credit hold off and then turn it
back on. Make sure you're working with a reputable organization
will protect your credit. But also make sure that you
have insurance around it, you know, identity step protection. You know,
getting our identity back can cost over a million dollars
sometimes and so you know, I mean it depends you
(13:30):
one hundred thousand million, you know wherever, how widespread that is.
So make sure you have insurance, you know, with whoever
you're working with. And again for your kids. You have
to make sure that you do that for your kids.
Speaker 3 (13:42):
If you if you.
Speaker 4 (13:42):
Don't, if you haven't done it, do it today, right
because right, because it's it's a growing problem. Kids.
Speaker 1 (13:48):
You're young, you don't, you're not, thank you.
Speaker 2 (13:49):
You know, you haven't pulled any credit yet, and so
I don't need to lock my credit down.
Speaker 1 (13:52):
I don't.
Speaker 2 (13:53):
But all they need is a social Security number. And
you know, you can be sixteen, seventeen, eighteen and they
can use that social We've seen them using for dead
PEP in newborns. Why not teenagers? We just don't think
of that.
Speaker 3 (14:04):
Right, right.
Speaker 4 (14:04):
And the other thing too is you know what you know,
want your kids, you turn a team, you help them,
put them on your credit card as well, and and
then that way they have some if something does happen
where their identity is stolen, you at least have some
good credit that is built then so they can they
can bounce it off, you know, set them up for success.
Speaker 3 (14:22):
But yeah, it's you know, you know, this data.
Speaker 4 (14:25):
Is so widespread. Companies just I'll just say, companies do
not protect data the way they're supposed to. And and
a lot of it isn't their fault in the sense
of what we were talking about earlier. It's they're the
ones that made the decision to choose the technology or
the solutions that they put in, but they don't have
the skill set to do the due diligence to it,
or they don't have the budget to purchase the things
(14:47):
they need, and so it is a growing problem. It's
going to keep getting worse until there's a lot more
accountability in place. But then with the kount of ability
comes regulation, and with regulation there's somethings less what's ability.
So yes, it's a fine line.
Speaker 2 (15:02):
Chris Nihi, CEO of Vigilant Cybersecurity and Cincinnati, always enjoy
the conversation, the especially the eye opening information.
Speaker 1 (15:09):
I appreciate you, Thank.
Speaker 3 (15:10):
I appreciate you. I'm great.
Speaker 4 (15:11):
Guy.
Speaker 2 (15:12):
Had some good news over and I we didn't get
that a little bit of snow we're expected for the
commute this morning, so that was kind of nice.
Speaker 1 (15:16):
Nice little surprise this morning.
Speaker 2 (15:18):
Nice little surprise we'll get a news update in the
latest and forecast, especially travel weather too. Know a number
of people are going up and myself included to Buffalo
for the Bengals game. Should be fantastic, and I have
some observations about our weather fear not totally unfounded. We'll
get into that next and best spot in Buffalo to
get wings. If you're headed up there, you're like, where
(15:38):
do they get where do they get the good wing?
Play aware coming up next. Slooney seven hundred ww
Do you want to be an American idiot?
Speaker 2 (00:03):
It's got friend backed on seven hundred WLW. With all
the news and big news we've had in the headlines recently,
there's other things that are kind of important. One of
those is I don't know if you saw this, but
the auditor of state State of Ohio reported at least
twenty three cyber attacks against government offices in the past
twelve months. It's here in Ohio, including seven hundred thousand
dollars in theft in Licking County. We've seen this in Dayton,
(00:25):
and in Cincinnati and across the area. Oh and let's
not forget that one in Middletown. And as a result,
lawmakers are working on cybersecurity legislations coming together that would
acquire municipalities to develop their own policies in response to
those cyber attacks and local governments.
Speaker 1 (00:41):
Chris Nihis is here.
Speaker 2 (00:42):
He's the CEO of Cincinnati based Vigilant Cyber Security and
Joints show to discuss Chris.
Speaker 3 (00:47):
Welcome, Thanks Scott, thanks for having me on.
Speaker 1 (00:49):
Yes, sir.
Speaker 2 (00:50):
Before we get to the new law, we also have
the holiday buying season here. Everyone's clicking, clicking, clicking. We
just had cyber Monday, biggest one everet grows every year.
We had a huge Black Friday, people buying a lot
of stuff online or ordering it picking up later what
it might be. And we have seen a threat against
the supply chain. For those at the user end can
explain what's going on here, what to look out for.
Speaker 4 (01:11):
Right, So what's crazy about this? So MPMs are little
packets of data it's or it's it's software, and what
developers will do is they'll go out and get the
software kind of like a marketplace, and they'll pull it
put it into their software that they write so that
they don't have to write those modules again. So what
(01:32):
basically happened here is UH is an individual that manages
these some of these MPMs, they were fished and basically
gave up access to these modules. Attack went in modified
them to when they were updated, like when people update
their software, and these are definitely the cyber attack went
(01:56):
into all of these different pieces of software out there.
Speaker 3 (01:58):
So the problem with this is.
Speaker 4 (02:00):
Is that developers don't always necessarily know what packages they
put into these applications. Companies they don't know if they
take a piece of software and they put it into
their websites or whatever. In this case, it's affecting a
lot of crypto wallets that are out there, and so
it's a massive problem because this supply chain attack of
(02:20):
basically a supply chain of a piece of software that
gets to stream all kinds of places with maybe no
record that's even there is. It can affect the applications
you use every day. And in a lot of case,
what they're seeing where a lot of these applications were
affected were crypto wallets. So if you're transferring crypto, one
of the things that's happening is malicious attacker. So it's
(02:44):
where if you go to transfer crypto, the software actually
swaps out the sending address that you're sending to with
their address. So they're accumulating crypto from people trying to
make legitimate transactions by just changing that out.
Speaker 3 (02:59):
Wow.
Speaker 2 (03:01):
So now every time you click buy or you know,
add the car right now, now you've got to think about.
Speaker 1 (03:05):
That, right.
Speaker 3 (03:07):
No, it's crazy.
Speaker 4 (03:08):
As we talk with HB ninety six, it's even these
things can be related, right because you know, when when
it's software, it's embedded in software you use, you don't
necessarily know those things are happening. So like within PM,
it's invisible to everybody out there, you know, but it's everywhere, right,
It's the software library system that developers use to build
these apps and websites, and so you know, I think
(03:30):
it's like the plumbing behind all of your favorite apps,
you know.
Speaker 2 (03:34):
Right right right, We don't think about it until now
we can breach that as well. And this gets back
to the discussion about HB ninety six, your cybersecurity legislator
across the state the state says, well, if you're in
a municipality, you have to come up with a plan
to deal with cyber attacks on local level. You've got
to review your do a systems review, identify risks and
mitigation and stuff like that. But I mean that'd be
(03:55):
okay for Cincinnati, Columbus, Cleveland. Maybe if you're a Toledo
or a date. But what about a Middletown. We saw
what happened well this past summer, systems down timelines for
restoration up in the air. I know that it was
a huge suthing to be a huge problem, and the
people in Middletown are actually angry. They want to answer
some of this whole thing.
Speaker 4 (04:15):
Well, see here the thing about it is and you know,
you and I've talked about cyber for a while. Here
is that the commodity technology that's out there in the
market just it just doesn't work. And and that's that's
something that people don't like me to say, especially in
this industry, but it's the truth of it. And you know,
if you look at all of the reports year after year,
the time it takes to detect a threat right now
(04:37):
is seven years. I mean that seven years starts seven months.
That's grown years. I know that you will well sometimes
you know, with with the attack against Dropbox, it was
four years, right so so, but average right now it
was seven months and and and that's where you know,
the part of the issue is the cyber industry just
(04:58):
doesn't have a significant amount technology have pivot that really
is effective. And when it is effective tech, it does
take teams that have had skill sets in and have
a lot of time to focus on that. And unfortunately
in our school districts and local governments, you know, they
don't have the funding. You know, they're they're they're not
giving the funding to do it. And you know, if
(05:18):
you watch some of these, uh, you know, council meetings
you'll find where you know, someone bring up purchase for
cybersecurity and it gets trumps because of cybewalk fixes, right
and which are both important, but but they just don't
get the funding and they don't have the resources. So
to your point, yes, it's going to be a problem.
Speaker 1 (05:36):
Now.
Speaker 4 (05:36):
You know what happens though in these organizations is they
buy commodity software that is more automatic, and that's that's
part of the issue is that the automatic approach to
cyber treaty doesn't work, and so these school districts are
going to have to spend a lot more money. Local
governments are gonna have to do the same. They're going
to have to bolster their teams up. Uh, and they're
(05:57):
going to have to really be wise about the tech
that they buy.
Speaker 3 (06:01):
Inside the environments you know.
Speaker 2 (06:03):
That they that they use right right, Well, that's the
thing is finding the proper vendor. But it's up to
the municipality though to figure out, you know what the
detection is there too, So the onus is on them
is in this in this bill, can I just go
wait a minute, I've got a bad vendor or I
hired someone doesn't know what the hell they're doing does
that cover them legally from the state perspective?
Speaker 1 (06:22):
What about that? Because I don't know what I don't know,
you know.
Speaker 3 (06:25):
Yeah, it doesn't.
Speaker 4 (06:26):
And that's really the thing with all of this is that,
you know, companies have to be extremely careful about the
tech they buy. They can't just buy a brand name.
And in fact, if you look at that seven months
of time, that's driven by the you know, the organizations
that have quote unquote more market share. So you have
to be really careful about the organizations you buy because
(06:47):
at the end of the day, you are legally responsible
because you chose where to put the data. And in
this case, you know, there's you know, the responsibility to report.
I mean, you have to report an incident within seven days,
you know, from when it happened. I mean right now,
it's seven months to even detect it. You have to
you know, you can't ransomware, which I think is a
(07:10):
good thing in most cases because it will it will
slow down the process for these attackers. I think it'll
make school districts a lot less of a target in
some ways because it'll be harder to get some but
they have to get either board approval or they have
to get counsel approval to beat to ransomware now, which
is really good. But the other thing that I I'll say,
(07:32):
I do really love about this bill, and it's something
that I think Ohio did really really well, and states
like California did really really poorly. And basically in this bill,
it makes all cybersecurity records and purchases confidential, and in
like California, they have to report everything they do literally
(07:54):
public record. And so why that's important is when you're
when you're fighting against cyber packers that know what they're doing,
and if you have a document that you literally just
put out there right and you tell everybody all the
technology you use and all the purchase you use and
all your records, then they.
Speaker 3 (08:12):
Know exactly how to attack you. So I think.
Speaker 4 (08:14):
Ohio did a really good thing. You don't normally see
that from lawmakers a lot because they're not really technologically
advanced when they write these laws.
Speaker 3 (08:21):
Ohio did an awesome job.
Speaker 1 (08:23):
That's incredible.
Speaker 2 (08:24):
Here's California, Silicon Valley, Apple, all these big and they
screw it up.
Speaker 1 (08:28):
Here's Ohio. We get it right.
Speaker 3 (08:30):
Good for right, we get it right.
Speaker 1 (08:31):
Oh The reason I live in Ohio now California.
Speaker 3 (08:33):
Chris and I.
Speaker 2 (08:33):
Heis CEO of vigil and Cybersecurity in Cincinnati. We're a
few weeks in now to legislation that was passed the
state of Ohio that says you got to come up
with a plan no matter how big or small you municipality,
is your old town, your village, if you have an
online presence, you've got to come up with a cyber plan.
And there's a lot of questions there for the smaller ones.
I mean it was the big ones. Cleveland had a
huge cyber attack. They're a victim of. I believe the
(08:56):
court system in Cleveland recently had that happen. So it's
big cities too, not just places like Middletown where we
were shut down for a while, and the residents are
angry because they just want to know how much information
was compromised. We know, like, for example, the one in Columbus,
Columbus last year.
Speaker 1 (09:11):
As a matter of fact, it was a major one.
Speaker 2 (09:12):
I think it preached like five hundred thousand people, including
names and dobs, addresses, tax accounts, socials, all that stuff
that's stolen and sold in the dark web. Still have
no idea who did it, where, the information is it's
just out there in the ether and there's no catching
these people, as we've talked about before, Chris, But those
are two of many. I think the problem for me is,
and I heard about this firsthand from a friend. Kettering
(09:33):
Health Alliance had a ransomware malware attack shut everything down,
and I don't know what the outcome was, but you know,
their pr people kind of played it close to the vest, like, Hey,
everything's fine, we got it under control, we're working on
the problem, and there's no disclosure. Now, if you're that's
one thing in your company, but if it's your health records,
if it's your social if it's your address, I need
to know that that information has been compromised and it's transparency.
(09:57):
So you look at you go. You know, I just
don't want to be held accountable. I don't want to
get voted out if I'm a Middletown City council person,
if I'm the mayor of Columbus, or I'm the CEO
of a healthcare operation, I don't want that on my
I'm the one that staying on my record, so we'll downplay.
That's not good for the people who have been victimized.
Speaker 3 (10:15):
Though it's not you know, you know, we we have
to be better.
Speaker 4 (10:20):
You know, organizations have to be better at communicating, They
have to they have to not hide it.
Speaker 3 (10:24):
You know.
Speaker 4 (10:25):
That's where a lot of these plot packs from lasting
against these organizations are starting to come around. The one
thing I will say is that is that when it
comes to these records, you know, when you when you want,
you know, our records, yours of mine already stolen. You know,
the majority of the population over eighteen already stolen. I mean,
(10:45):
there's been so many breaches one after the other that
data is out there, especially as social numbers things like that. Yeah,
where schools come into play in the municipalities. There's two
things that are interesting here. One is every year as
kids turn turns eighteen, right, it's a new group of
people whose identities haven't been compromised yet, And so schools
(11:09):
are a great place for attackers to come in and
get high value target information. And what I mean high
value target is yours. My records sell for about a
dollar out there in the marketplace. Some of that's turning step,
you know, seventeen eighteen, their records are going to sell
for a lot more out of the hacking marketplace because
they haven't been used yet, whereas yours or mine, you know,
if they have to prove it everything else. So schools
(11:31):
are a major target for that. So you know, as
a parent, one of the things you can do right
now is make sure you get identity STEFF protection for
your kids. Even though they're under eighteen, they have to
have that. Make sure you lock down their credit because
what happens is these you know, go to apply for
their first vehicle and they realize they have a portable
credit score because you know their identity since you know
(11:53):
with that, when it comes to municipalities, you know we
are in an international cyber wark already happens and people
in this industry know it. We ass as you know,
citizens United States have to realize that that it is
and it is an actual border to border war and
and with that, our municipalities, our local police departments are
(12:16):
emergencies response systems. You know, when cyber war continues to escalate,
those are the places that are going to get shut
down first, right and you're not going to have the services.
So there has to be accountability to make sure that
these things are done right. In that our identity is perpective.
Speaker 2 (12:32):
You just assume your information is out there as an adult.
And so you know, we have the credit monitoring thing
going on, and we have a LifeLock or whatever the
version is of that we have, but that's a good brand.
And also make sure that our credit reports are locked down.
And so we originally bought a new house and had
to go remember to unlock all the credit reports for
a while until they pulled your credit and then lock
them back up. Is that the best pay Is that
(12:54):
the best you can do to prevent your information from
me You just assume it's being misused. But if you
have your credit the three credit beer is locked down,
then there's not much they can do as far as
trying to get credit in your.
Speaker 3 (13:04):
Name, right right, I mean, and that's finance side of things.
Speaker 4 (13:08):
So yes, locking things down there, making sure you have
credit holds, you know, unless you're going to purchase something,
then turn the credit hold off and then turn it
back on. Make sure you're working with a reputable organization
will protect your credit. But also make sure that you
have insurance around it, you know, identity step protection. You know,
getting our identity back can cost over a million dollars
sometimes and so you know, I mean it depends you
(13:30):
one hundred thousand million, you know wherever, how widespread that is.
So make sure you have insurance, you know, with whoever
you're working with. And again for your kids. You have
to make sure that you do that for your kids.
Speaker 3 (13:42):
If you if you.
Speaker 4 (13:42):
Don't, if you haven't done it, do it today, right
because right, because it's it's a growing problem. Kids.
Speaker 1 (13:48):
You're young, you don't, you're not, thank you.
Speaker 2 (13:49):
You know, you haven't pulled any credit yet, and so
I don't need to lock my credit down.
Speaker 1 (13:52):
I don't.
Speaker 2 (13:53):
But all they need is a social Security number. And
you know, you can be sixteen, seventeen, eighteen and they
can use that social We've seen them using for dead
PEP in newborns. Why not teenagers? We just don't think
of that.
Speaker 3 (14:04):
Right, right.
Speaker 4 (14:04):
And the other thing too is you know what you know,
want your kids, you turn a team, you help them,
put them on your credit card as well, and and
then that way they have some if something does happen
where their identity is stolen, you at least have some
good credit that is built then so they can they
can bounce it off, you know, set them up for success.
Speaker 3 (14:22):
But yeah, it's you know, you know, this data.
Speaker 4 (14:25):
Is so widespread. Companies just I'll just say, companies do
not protect data the way they're supposed to. And and
a lot of it isn't their fault in the sense
of what we were talking about earlier. It's they're the
ones that made the decision to choose the technology or
the solutions that they put in, but they don't have
the skill set to do the due diligence to it,
or they don't have the budget to purchase the things
(14:47):
they need, and so it is a growing problem. It's
going to keep getting worse until there's a lot more
accountability in place. But then with the kount of ability
comes regulation, and with regulation there's somethings less what's ability.
So yes, it's a fine line.
Speaker 2 (15:02):
Chris Nihi, CEO of Vigilant Cybersecurity and Cincinnati, always enjoy
the conversation, the especially the eye opening information.
Speaker 1 (15:09):
I appreciate you, Thank.
Speaker 3 (15:10):
I appreciate you. I'm great.
Speaker 4 (15:11):
Guy.
Speaker 2 (15:12):
Had some good news over and I we didn't get
that a little bit of snow we're expected for the
commute this morning, so that was kind of nice.
Speaker 1 (15:16):
Nice little surprise this morning.
Speaker 2 (15:18):
Nice little surprise we'll get a news update in the
latest and forecast, especially travel weather too. Know a number
of people are going up and myself included to Buffalo
for the Bengals game. Should be fantastic, and I have
some observations about our weather fear not totally unfounded. We'll
get into that next and best spot in Buffalo to
get wings. If you're headed up there, you're like, where
(15:38):
do they get where do they get the good wing?
Play aware coming up next. Slooney seven hundred ww
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history like the Tulsa race massacre of 1921. My Favorite Murder is part of the Exactly Right podcast network that provides a platform for bold, creative voices to bring to life provocative, entertaining and relatable stories for audiences everywhere. The Exactly Right roster of podcasts covers a variety of topics including historic true crime, comedic interviews and news, science, pop culture and more. Podcasts on the network include Buried Bones with Kate Winkler Dawson and Paul Holes, That's Messed Up: An SVU Podcast, This Podcast Will Kill You, Bananas and more.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com