1
00:00:00,000 --> 00:00:10,680
Well, before we get down to the nitty gritty of everything fun about cybersecurity reports,

2
00:00:10,680 --> 00:00:12,640
I wanted to put the question to both of you.

3
00:00:12,640 --> 00:00:16,960
I know we've had it before, but what's on repeat currently in your playlist?

4
00:00:16,960 --> 00:00:18,480
What's getting you through the workday?

5
00:00:18,480 --> 00:00:22,640
I'll go first to give you two just a moment to think of your response.

6
00:00:22,640 --> 00:00:28,640
I've been listening a lot to the Bear McCreery, Apple, Radio, whatever you do right with the

7
00:00:28,640 --> 00:00:32,240
artists that I've pretty much been like at started without Lander, and then the amount

8
00:00:32,240 --> 00:00:36,240
of productivity that I've lied myself that I've been able to accomplish through soundtracks

9
00:00:36,240 --> 00:00:40,240
has been 100% that soundtrack on repeat.

10
00:00:40,240 --> 00:00:42,520
What about you, Matthew?

11
00:00:42,520 --> 00:00:49,440
I am listening to Noah Cahan's Stick Season that came out, I think, a month or two ago

12
00:00:49,440 --> 00:00:51,400
now.

13
00:00:51,400 --> 00:00:52,960
Highly recommend it.

14
00:00:52,960 --> 00:00:53,960
Very fun album.

15
00:00:53,960 --> 00:00:54,960
So good.

16
00:00:54,960 --> 00:00:58,080
What about you, Todd?

17
00:00:58,080 --> 00:01:02,840
Here has been a five-year-old in my house and so Baby Shark with a bullet.

18
00:01:02,840 --> 00:01:04,960
I'm just kidding.

19
00:01:04,960 --> 00:01:11,000
I mean, that is plain, but for me, the song that's been on repeat for whatever reason

20
00:01:11,000 --> 00:01:15,320
is called The Loneliest by Maniskine.

21
00:01:15,320 --> 00:01:19,560
The band in general has been kind of on my list, but that song for whatever reason has

22
00:01:19,560 --> 00:01:22,760
really stuck with me for the last week or so.

23
00:01:22,760 --> 00:01:23,760
Nice.

24
00:01:23,760 --> 00:01:24,760
And Baby Shark.

25
00:01:24,760 --> 00:01:25,760
Yeah.

26
00:01:25,760 --> 00:01:29,440
And Baby Shark, adding both to my up next 100%.

27
00:01:29,440 --> 00:01:31,440
Well, awesome.

28
00:01:31,440 --> 00:01:36,000
As to why we're sitting down today, sadly, it's not to talk about Baby Shark, but it

29
00:01:36,000 --> 00:01:39,600
is for the Tech for Business podcast that we're sitting down and talking about insights

30
00:01:39,600 --> 00:01:44,240
from that 2022 ICCC report.

31
00:01:44,240 --> 00:01:45,240
Lots of acronyms.

32
00:01:45,240 --> 00:01:48,560
I'll let you guys explain it, but as to who we're talking to, who you've heard so far.

33
00:01:48,560 --> 00:01:49,560
I'm Kelsey.

34
00:01:49,560 --> 00:01:51,920
I'm a member of our marketing team, and I'm the moderator.

35
00:01:51,920 --> 00:01:57,640
Matthew is our GRC analyst, and Todd is our CISO and COO, and I'll let you guys take it

36
00:01:57,640 --> 00:02:02,240
away for what is it and what is the report talking about?

37
00:02:02,240 --> 00:02:04,560
Definitely.

38
00:02:04,560 --> 00:02:14,480
So the ICCC is a segment of the FBI that is about the Internet crime, and I really should

39
00:02:14,480 --> 00:02:18,760
have looked it up again, but it's Internet Crime Complaint Center.

40
00:02:18,760 --> 00:02:21,120
I knew I'd get that.

41
00:02:21,120 --> 00:02:23,400
Just a little stalling is all we need.

42
00:02:23,400 --> 00:02:30,120
And basically, they are a group of people that wait for complaints and respond to them

43
00:02:30,120 --> 00:02:35,640
as necessary, which as necessary is a fun term there.

44
00:02:35,640 --> 00:02:42,680
In short, they're a place where you should be reporting if you have an Internet crime

45
00:02:42,680 --> 00:02:45,000
that is committed against you.

46
00:02:45,000 --> 00:02:49,080
This can run the gamut of business to personal.

47
00:02:49,080 --> 00:02:53,120
People falling for scams or being extorted, blackmail, etc.

48
00:02:53,120 --> 00:02:56,080
Those included here, if it's being committed online.

49
00:02:56,080 --> 00:03:00,080
Bullying and harassment are included as well, and I highly recommend anyone going through

50
00:03:00,080 --> 00:03:04,120
anything like this does report as much as they can.

51
00:03:04,120 --> 00:03:05,120
It's always useful.

52
00:03:05,120 --> 00:03:06,120
It's very helpful.

53
00:03:06,120 --> 00:03:10,640
I've had instances where I've used it for reporting previously outside of my job.

54
00:03:10,640 --> 00:03:13,920
So I can't recommend it highly enough.

55
00:03:13,920 --> 00:03:19,060
As part of that, I like to keep up with what they report every year, as a lot of us do.

56
00:03:19,060 --> 00:03:24,600
And their report from last year has come out based on all the complaints that they received,

57
00:03:24,600 --> 00:03:29,160
which amounted to approximately 2,000 reports a day.

58
00:03:29,160 --> 00:03:33,000
So as mentioned, this includes information related to both the business side of things

59
00:03:33,000 --> 00:03:34,560
and the personal side of things.

60
00:03:34,560 --> 00:03:40,960
But it's a very good insight into the attacks that people are talking about and what the

61
00:03:40,960 --> 00:03:44,120
monetary losses of that can be.

62
00:03:44,120 --> 00:03:45,120
Yeah.

63
00:03:45,120 --> 00:03:52,120
Yeah, one brief little thing that I was going to add to that is, if you're not sure what

64
00:03:52,120 --> 00:03:57,680
ICCC is, and you were going through some sort of incident, if you have cybersecurity insurance

65
00:03:57,680 --> 00:04:01,440
or if you're working with a party that tends to get engaged in those processes, they'll

66
00:04:01,440 --> 00:04:03,280
typically get engaged for you.

67
00:04:03,280 --> 00:04:07,840
So it isn't something that you need to have the deep knowledge of the what, the how, etc.

68
00:04:07,840 --> 00:04:10,760
Those people will tend to help you through that process.

69
00:04:10,760 --> 00:04:15,800
And then I did want to kind of expand briefly, and I will try to stay brief for a change,

70
00:04:15,800 --> 00:04:19,480
on one of the comments that Matthew made is, when do they get engaged?

71
00:04:19,480 --> 00:04:24,000
And I would echo what he said is, anytime I would report basically everything, and I

72
00:04:24,000 --> 00:04:26,120
think it's the appropriate thing to do.

73
00:04:26,120 --> 00:04:32,920
What we typically see for engagement is if the event is less than $500,000, they typically

74
00:04:32,920 --> 00:04:34,640
do not get engaged.

75
00:04:34,640 --> 00:04:40,440
The caveat being, if money leaves the United States to another country, they will always

76
00:04:40,440 --> 00:04:45,080
get engaged, which actually does lead to one of the interesting statistics that's in the

77
00:04:45,080 --> 00:04:46,080
report.

78
00:04:46,080 --> 00:04:50,240
I don't know if you've got it off the top of your head, Matthew.

79
00:04:50,240 --> 00:04:55,640
I can look for it real quick, but I wanted to say it was something like 73% of all funds

80
00:04:55,640 --> 00:04:58,560
were recovered by the RAT team.

81
00:04:58,560 --> 00:05:01,400
Yeah, I think it was around 73%.

82
00:05:01,400 --> 00:05:02,400
We'll get to it.

83
00:05:02,400 --> 00:05:05,120
I think I've got that number specifically written in here.

84
00:05:05,120 --> 00:05:13,400
Yeah, 73% success rate in freezing payments and, in their words, keeping money safe.

85
00:05:13,400 --> 00:05:18,040
So I'm assuming, and we're assuming that that means didn't leave the country was blocked

86
00:05:18,040 --> 00:05:20,920
prior to being exported in any way.

87
00:05:20,920 --> 00:05:25,240
I'm a little bit ahead of myself there, but I do think it's interesting that when they

88
00:05:25,240 --> 00:05:29,200
do get engaged, they are very, very successful in what they do.

89
00:05:29,200 --> 00:05:30,200
Exactly.

90
00:05:30,200 --> 00:05:35,520
And on that, one of the things I do want to mention is you said, like you mentioned,

91
00:05:35,520 --> 00:05:39,280
the insurance companies, these sometimes are filled out by them as well.

92
00:05:39,280 --> 00:05:43,240
It'll be as part of their internal process.

93
00:05:43,240 --> 00:05:47,200
Sometimes it'll reach the point where it's blocked by, say, your bank first.

94
00:05:47,200 --> 00:05:53,400
And so I have had instances where customers were falling for these and were attempting

95
00:05:53,400 --> 00:05:59,280
to send wire transfers and their banking team caught it and blocked it.

96
00:05:59,280 --> 00:06:04,080
Your report, you should be reporting as much of this as possible.

97
00:06:04,080 --> 00:06:09,680
This is not just going to be me repeating, please report everything to the ICCC every

98
00:06:09,680 --> 00:06:13,960
sec, every five minutes, but I'll try and stop mentioning it.

99
00:06:13,960 --> 00:06:15,960
But please do anyway.

100
00:06:15,960 --> 00:06:16,960
Yeah, I agree.

101
00:06:16,960 --> 00:06:22,440
In case you're wondering, I do agree because they will look at things in aggregate too.

102
00:06:22,440 --> 00:06:27,040
So even if your event is less than 500,000, if it does get to a point where it's an aggregate

103
00:06:27,040 --> 00:06:31,040
and they're seeing it's the same threat actor, they will again get engaged and they will

104
00:06:31,040 --> 00:06:34,280
take action.

105
00:06:34,280 --> 00:06:41,520
So we'll be adding the link to the report to the notes of this podcast.

106
00:06:41,520 --> 00:06:45,840
So please have it open if you want to kind of follow along.

107
00:06:45,840 --> 00:06:50,400
It's very dense, but there is a lot of information, especially at the end that covers some of

108
00:06:50,400 --> 00:06:52,520
the definitions we're using.

109
00:06:52,520 --> 00:06:57,020
So if there is a term that we use that maybe we don't expound upon as much as we probably

110
00:06:57,020 --> 00:07:03,840
should, it is covered in the document and that'll be a good way to review it.

111
00:07:03,840 --> 00:07:08,200
Diving into the big thing that I think this is based around and the main thing that they

112
00:07:08,200 --> 00:07:13,080
work on obviously in terms of being on the monetary and blackmail and extortion side

113
00:07:13,080 --> 00:07:14,520
of things.

114
00:07:14,520 --> 00:07:21,920
Last year, there was $10.3 billion in losses from scams, extortion, blackmail and all other

115
00:07:21,920 --> 00:07:27,280
forms of crime that were submitted via ICCC.

116
00:07:27,280 --> 00:07:28,280
That's so much.

117
00:07:28,280 --> 00:07:34,040
I know it's an increase from last year as well, but it keeps growing.

118
00:07:34,040 --> 00:07:40,240
Yeah, we often do cybersecurity training and typically we start the process of a lot of

119
00:07:40,240 --> 00:07:43,280
people want to understand what's going on in the world and that kind of gives you the

120
00:07:43,280 --> 00:07:45,160
context of what's happening.

121
00:07:45,160 --> 00:07:49,880
Unfortunately, there's a lot of the term in cybersecurity is again another acronym because

122
00:07:49,880 --> 00:07:55,000
why wouldn't there be but it's called FUD which is fear, uncertainty and doubt.

123
00:07:55,000 --> 00:07:59,200
But the point I was trying to make in this particular instance is people are like, well,

124
00:07:59,200 --> 00:08:00,680
why do they keep attacking me?

125
00:08:00,680 --> 00:08:05,280
Well, $10 billion is an awful big reason to continue to do it.

126
00:08:05,280 --> 00:08:06,280
Exactly.

127
00:08:06,280 --> 00:08:09,840
So that'd be kind of the basis of why you're typically seeing most of it as almost all

128
00:08:09,840 --> 00:08:11,400
for financial gain.

129
00:08:11,400 --> 00:08:12,400
Yeah.

130
00:08:12,400 --> 00:08:17,440
And Todd, you and I were speaking about this not too long ago and we've done this in a

131
00:08:17,440 --> 00:08:23,560
previous podcast, the large hacking groups work like legitimate businesses.

132
00:08:23,560 --> 00:08:27,400
They aren't obviously because it's a crime, but they work that same way.

133
00:08:27,400 --> 00:08:33,200
They have fantastic looking websites with very easy support systems to help you pay.

134
00:08:33,200 --> 00:08:42,160
There are jobs posted online looking for people to do this work, to assist them, to put together

135
00:08:42,160 --> 00:08:46,920
the websites and those support teams and be part of the chat team.

136
00:08:46,920 --> 00:08:50,080
It is growing because of that price.

137
00:08:50,080 --> 00:08:55,520
For context, over the past five years, there's been $27.6 billion in losses.

138
00:08:55,520 --> 00:09:00,720
So last year's $10.3 billion accounts for more than a fifth of that.

139
00:09:00,720 --> 00:09:02,440
It's growing exponentially.

140
00:09:02,440 --> 00:09:05,400
In 2018, it was just $2.7 billion.

141
00:09:05,400 --> 00:09:10,080
So it's grown almost four times in five years.

142
00:09:10,080 --> 00:09:15,840
When we dig into those numbers more and what that actually looks like, of those of that

143
00:09:15,840 --> 00:09:22,120
$10.3 billion, $4.9 billion of it was from people over the age of 50.

144
00:09:22,120 --> 00:09:23,960
So that was monetary loss from that.

145
00:09:23,960 --> 00:09:29,440
Now, this document doesn't break down whether or not that was business related or personal.

146
00:09:29,440 --> 00:09:33,480
So we can't define how much of this was from business loss and how much was from personal

147
00:09:33,480 --> 00:09:34,480
loss.

148
00:09:34,480 --> 00:09:43,000
But we can say that phishing is still the top form of crime that's committed in the main

149
00:09:43,000 --> 00:09:44,840
attack vector.

150
00:09:44,840 --> 00:09:50,880
But business email compromise was ninth on the list and accounts for $1 billion in losses

151
00:09:50,880 --> 00:09:53,360
on its own.

152
00:09:53,360 --> 00:10:00,800
So if we ignore the split of ages and go purely for what the attack vector was, there's a

153
00:10:00,800 --> 00:10:06,880
lot of money here that's coming out of businesses from a direct email compromise that may also

154
00:10:06,880 --> 00:10:11,480
include additional money from other sectors.

155
00:10:11,480 --> 00:10:13,280
I have a lot of opinions on this.

156
00:10:13,280 --> 00:10:16,280
So I'll pass it off to Todd first before I just keep rambling.

157
00:10:16,280 --> 00:10:19,480
No, I think it's excellent.

158
00:10:19,480 --> 00:10:22,400
There were a couple of stats that I thought were interesting.

159
00:10:22,400 --> 00:10:26,440
That's all back up just briefly as Matthew was covering some of the statistics that went

160
00:10:26,440 --> 00:10:27,520
in there.

161
00:10:27,520 --> 00:10:31,360
He talked about being about $10.3 billion in $22 billion.

162
00:10:31,360 --> 00:10:36,520
It was only about $6.9 billion in $21 billion.

163
00:10:36,520 --> 00:10:40,480
Oddly enough, the statistics that are in the report is there were actually less complaints

164
00:10:40,480 --> 00:10:48,680
filed by roughly 40,000 less reports and yet the increase was over 34% more dollars out

165
00:10:48,680 --> 00:10:49,680
there.

166
00:10:49,680 --> 00:10:53,680
So when Matthew says they're getting bigger and bigger, 100%.

167
00:10:53,680 --> 00:11:00,280
Going back to the phishing comment, the reason why business email compromise is not as much

168
00:11:00,280 --> 00:11:02,200
of an aha.

169
00:11:02,200 --> 00:11:04,160
It's only that $1 billion again only.

170
00:11:04,160 --> 00:11:05,640
It was only $1 billion.

171
00:11:05,640 --> 00:11:10,360
I think the big threat that we're still seeing is ransomware and there's other types of

172
00:11:10,360 --> 00:11:14,600
attack types that tend to be very heavy in the dollar amounts.

173
00:11:14,600 --> 00:11:19,760
Business email, I'm sorry, email phishing is still the number one, obviously, form that

174
00:11:19,760 --> 00:11:22,240
that process begins.

175
00:11:22,240 --> 00:11:23,840
We've talked about it at Nazium.

176
00:11:23,840 --> 00:11:28,200
Anybody who wants to go under the Wayback machine to 2022, there is an MFA and there

177
00:11:28,200 --> 00:11:30,480
are EDR podcasts out there too.

178
00:11:30,480 --> 00:11:33,900
So there's some really good content on how you can protect yourself against those types

179
00:11:33,900 --> 00:11:35,400
of attacks.

180
00:11:35,400 --> 00:11:42,320
Yeah, there's so much of it that comes down to what we call the attack vector, right?

181
00:11:42,320 --> 00:11:43,680
How did it get in?

182
00:11:43,680 --> 00:11:47,440
And while some of the things we're saying, like a business email compromise and phishing

183
00:11:47,440 --> 00:11:52,360
may seem like they go hand in hand, we could spend the whole podcast explaining how they

184
00:11:52,360 --> 00:11:56,800
don't or how they differ or how they don't have to when they can be divergent.

185
00:11:56,800 --> 00:12:03,240
So one thing I will mention as part of this is that this is all self-reporting.

186
00:12:03,240 --> 00:12:11,760
So while some notes may be updated by the ICCC to reflect information they have, keep

187
00:12:11,760 --> 00:12:18,400
in mind that we can't guarantee the information provided directly reflects what occurred because

188
00:12:18,400 --> 00:12:25,480
it's impossible to know the technical level of everyone who was filling out this form.

189
00:12:25,480 --> 00:12:29,880
So while it does just, I would actually say expand most of these numbers.

190
00:12:29,880 --> 00:12:35,800
And especially the business email compromise number because it does include different actions

191
00:12:35,800 --> 00:12:43,440
and different attack vectors that may have impacted and caused it in the first place.

192
00:12:43,440 --> 00:12:49,000
I don't want to stick too heavily on that, but it is also very focused around numbers.

193
00:12:49,000 --> 00:12:54,360
As Todd mentioned, the FBI, so the team that actually does this work is called the RAT

194
00:12:54,360 --> 00:13:02,800
team, which is just great, they're called the recovery asset team.

195
00:13:02,800 --> 00:13:12,680
So they'll get pulled in for this if there is that monetary value of over $500,000.

196
00:13:12,680 --> 00:13:17,000
And again, we're averaging this number is specific to each incident, but that's what

197
00:13:17,000 --> 00:13:18,760
we've seen.

198
00:13:18,760 --> 00:13:23,040
And then on top of that, it's about where that money's going.

199
00:13:23,040 --> 00:13:30,000
So there is that monetary basis for how important some of these things may be weighted and what

200
00:13:30,000 --> 00:13:31,720
is and isn't included.

201
00:13:31,720 --> 00:13:35,760
We don't have specifics on too much of how that information is coming out, except to

202
00:13:35,760 --> 00:13:39,440
say that they're providing what they provide.

203
00:13:39,440 --> 00:13:43,720
So that 10.3 maybe smaller, maybe slightly larger.

204
00:13:43,720 --> 00:13:46,920
I would say it's probably slightly larger because there's going to be more people who

205
00:13:46,920 --> 00:13:53,040
were uncomfortable reporting information than there were people who under reported what

206
00:13:53,040 --> 00:13:55,960
was taken.

207
00:13:55,960 --> 00:14:01,960
You see a lot of this in the numbers that have changed from year to year.

208
00:14:01,960 --> 00:14:08,040
One thing that hasn't changed is that healthcare is still the biggest sector for ransomware

209
00:14:08,040 --> 00:14:10,280
attacks across the board.

210
00:14:10,280 --> 00:14:13,960
It's still growing by magnitudes.

211
00:14:13,960 --> 00:14:18,280
Yeah, I wanted to expand on that a little bit too.

212
00:14:18,280 --> 00:14:21,680
The way that Matthew phrased it, it almost seems like it's kind of a surprise.

213
00:14:21,680 --> 00:14:23,240
And it sort of is.

214
00:14:23,240 --> 00:14:25,960
And it doesn't seem like it should be a surprise, right?

215
00:14:25,960 --> 00:14:31,280
There's so much information that healthcare has access to.

216
00:14:31,280 --> 00:14:35,640
But I think what potentially gets lost in just the overall thinking is everybody tends

217
00:14:35,640 --> 00:14:36,640
to go healthcare.

218
00:14:36,640 --> 00:14:38,640
That means hospitals and it means whatever.

219
00:14:38,640 --> 00:14:39,920
It doesn't always.

220
00:14:39,920 --> 00:14:42,480
There's a lot that goes into that healthcare category.

221
00:14:42,480 --> 00:14:44,680
That can be your optometrist.

222
00:14:44,680 --> 00:14:46,000
It could be the dentist.

223
00:14:46,000 --> 00:14:50,120
It could be anything, quite frankly, the chiropractor falls into that category.

224
00:14:50,120 --> 00:14:52,200
So there are insurance.

225
00:14:52,200 --> 00:14:56,200
So there's a lot of different areas that fall into that category.

226
00:14:56,200 --> 00:14:58,120
And a lot of those businesses are quite small.

227
00:14:58,120 --> 00:15:04,840
They're just not automatically a massive business like a United Health Group or Kaiser Permanente.

228
00:15:04,840 --> 00:15:08,680
So there's a lot of people that are in those industries and it's difficult for them to

229
00:15:08,680 --> 00:15:13,200
keep up with the cybersecurity, the threats and everything just like everybody else is.

230
00:15:13,200 --> 00:15:16,640
And especially when you're looking at those smaller individuals, it's much, much harder

231
00:15:16,640 --> 00:15:22,800
for them to go, I don't have the people I'm not big enough to afford the multi-hundred

232
00:15:22,800 --> 00:15:25,800
thousand dollar CISO in my back pocket.

233
00:15:25,800 --> 00:15:27,840
Those things are very, very difficult to find.

234
00:15:27,840 --> 00:15:30,520
So it is interesting.

235
00:15:30,520 --> 00:15:37,320
Do you want to get into the states that are mostly affected by that?

236
00:15:37,320 --> 00:15:44,600
I mean, yeah, it starts with California.

237
00:15:44,600 --> 00:15:47,040
Let me, yeah, so it starts with California.

238
00:15:47,040 --> 00:15:51,760
The number of victims for California was almost double that of Florida who were next on the

239
00:15:51,760 --> 00:15:52,760
list.

240
00:15:52,760 --> 00:15:58,440
So 80,000 victims from California, 42,000 from Florida.

241
00:15:58,440 --> 00:16:03,760
Does this represent that California is being more attacked is kind of a question that we

242
00:16:03,760 --> 00:16:06,560
can't answer from this as well.

243
00:16:06,560 --> 00:16:12,880
But it does imply, and when we look at the specific numbers of losses, California had

244
00:16:12,880 --> 00:16:21,080
$2 billion of loss out of that 10.3 came purely from California.

245
00:16:21,080 --> 00:16:26,560
So what I think we can say from this, and I am extrapolating, is that while there were

246
00:16:26,560 --> 00:16:30,840
more, it seems like there might be more of an attack vector there purely based on what

247
00:16:30,840 --> 00:16:33,600
the funds that are coming out of it are.

248
00:16:33,600 --> 00:16:38,320
So that doesn't again mean that any other state is more safe or less safe.

249
00:16:38,320 --> 00:16:44,120
It just means that there's possibly more attacks going to California than anywhere else.

250
00:16:44,120 --> 00:16:49,720
A surprise for me was that Texas and New York are almost neck and neck on here.

251
00:16:49,720 --> 00:16:53,960
I thought there would be a bit of a distinction there, but they're third and fourth, and then

252
00:16:53,960 --> 00:16:59,040
fourth and third based on number of victims and victims of and victim loss.

253
00:16:59,040 --> 00:17:03,920
Yeah, again, it's really hard to look at those numbers and say this is what it means.

254
00:17:03,920 --> 00:17:07,160
And obviously, partially it's got to be population.

255
00:17:07,160 --> 00:17:10,840
So there is at least that factor that goes into it.

256
00:17:10,840 --> 00:17:13,520
But again, it's hard to know exactly what it was.

257
00:17:13,520 --> 00:17:16,440
Was there just a really large breach or whatever?

258
00:17:16,440 --> 00:17:19,080
And I guess we could figure that out if we dug into it deep enough.

259
00:17:19,080 --> 00:17:23,320
But again, this report really doesn't dig into that detail.

260
00:17:23,320 --> 00:17:28,360
I did want to back up real briefly too, because as we're talking about the number of attacks

261
00:17:28,360 --> 00:17:32,520
and locations and whatnot, at the very beginning you did the intro and you talked about the

262
00:17:32,520 --> 00:17:39,400
sheer quantity of dollars that were attacked on the over 50 population age wise.

263
00:17:39,400 --> 00:17:42,200
And I thought it was an interesting statistic for a couple of reasons.

264
00:17:42,200 --> 00:17:43,960
And again, now I'm extrapolating.

265
00:17:43,960 --> 00:17:48,840
I know Matthew mentioned at the beginning, we don't know exactly what that is.

266
00:17:48,840 --> 00:17:53,760
But I was shared a story somewhat recently with Matthew and Kelsey that I had a family

267
00:17:53,760 --> 00:17:58,600
member that sent me a screenshot of the typical pop-up that says, hey, you seem to be having

268
00:17:58,600 --> 00:18:00,280
problems with your PC.

269
00:18:00,280 --> 00:18:02,920
Click here to engage a phone call and we'll help you through that.

270
00:18:02,920 --> 00:18:04,720
And the question is, is this legitimate?

271
00:18:04,720 --> 00:18:09,120
And the answer obviously is no, because Microsoft isn't going to tell you to call them.

272
00:18:09,120 --> 00:18:12,080
That's not how they behave.

273
00:18:12,080 --> 00:18:15,040
But it was targeted at somebody that was well over 50.

274
00:18:15,040 --> 00:18:16,800
And I go, oh, so is it a personal thing?

275
00:18:16,800 --> 00:18:20,800
And there are some statistics in here that how many attacks were personal versus business.

276
00:18:20,800 --> 00:18:23,920
But again, you're still digging into it.

277
00:18:23,920 --> 00:18:29,160
In the context of business, what we typically see a lot of companies do, and maybe this

278
00:18:29,160 --> 00:18:31,000
isn't just the company itself.

279
00:18:31,000 --> 00:18:32,000
Maybe it's a culture.

280
00:18:32,000 --> 00:18:36,000
Or maybe it's just the individuals at the top is you'll often see the people that are

281
00:18:36,000 --> 00:18:40,880
at the board level or in the officer level or that senior executive team tend to go,

282
00:18:40,880 --> 00:18:46,000
yeah, I fully support security so long as it doesn't impact me.

283
00:18:46,000 --> 00:18:49,560
That was kind of the main thrust I wanted to make on talking about this a little bit

284
00:18:49,560 --> 00:18:51,640
more is, what does that mean?

285
00:18:51,640 --> 00:18:56,000
Should I continue to just go, I'm a little wiser since I'm a little older.

286
00:18:56,000 --> 00:19:00,280
Therefore, I can spot a fish or I can do whatever better than anyone else.

287
00:19:00,280 --> 00:19:01,760
Is that a fair statement?

288
00:19:01,760 --> 00:19:07,000
Or should people treat things differently as they understand these statistics?

289
00:19:07,000 --> 00:19:08,000
Exactly.

290
00:19:08,000 --> 00:19:17,760
I mean, there is so much that goes into what an attack is now that knowing that so much

291
00:19:17,760 --> 00:19:23,280
money came from that portion of the population means we should be taking additional actions.

292
00:19:23,280 --> 00:19:25,120
Now, I agree with you.

293
00:19:25,120 --> 00:19:29,640
I've heard from multiple people the argument you can implement it for everyone else, but

294
00:19:29,640 --> 00:19:31,720
leave it for me.

295
00:19:31,720 --> 00:19:36,960
Hard of that is that it is a real interruption for a lot of people.

296
00:19:36,960 --> 00:19:42,400
I have actively had to have conversations which changed the mindset of signing in as

297
00:19:42,400 --> 00:19:47,960
just username and password to not signing in is always username, password and MFA.

298
00:19:47,960 --> 00:19:54,320
If you don't use MFA, you're actually signing in unsafely and changing what people think

299
00:19:54,320 --> 00:19:56,400
of as that initial process.

300
00:19:56,400 --> 00:20:01,000
That's just an easy example of it, but that is the type of thing that can definitely increase

301
00:20:01,000 --> 00:20:05,520
your risk within the space.

302
00:20:05,520 --> 00:20:11,480
There are also attacks of as you get into those positions, there are more things that

303
00:20:11,480 --> 00:20:14,080
you're handling, there's more things you're making decisions of.

304
00:20:14,080 --> 00:20:19,240
The chances of you having an email that would seem obviously suspicious to someone else

305
00:20:19,240 --> 00:20:25,720
being incredibly not suspicious for you and in fact, just part of your regular day increases.

306
00:20:25,720 --> 00:20:30,400
There's a bigger attack vector for the things that you would do as well.

307
00:20:30,400 --> 00:20:35,560
The solution is not treating yourself differently to everyone else.

308
00:20:35,560 --> 00:20:37,120
Yes, it's different.

309
00:20:37,120 --> 00:20:41,440
It is a change the way you may work and it may increase the amount of time it takes you

310
00:20:41,440 --> 00:20:45,480
to do some things every day.

311
00:20:45,480 --> 00:20:50,440
Is that better than a $100,000 fine?

312
00:20:50,440 --> 00:20:53,640
A $500,000 fine?

313
00:20:53,640 --> 00:20:55,760
That's just from the HIPAA perspective.

314
00:20:55,760 --> 00:21:03,160
What if it's an actual ransomware attack and they're asking for $10 million?

315
00:21:03,160 --> 00:21:09,880
What point is you not having MFA on your phone worth that?

316
00:21:09,880 --> 00:21:15,840
Those are things that I focus on and I try to instill when I'm discussing this at that

317
00:21:15,840 --> 00:21:25,120
level is 20 seconds, 30 seconds in the morning to set up MFA and then use it every day, if

318
00:21:25,120 --> 00:21:26,120
that and-

319
00:21:26,120 --> 00:21:27,760
Wait less than that.

320
00:21:27,760 --> 00:21:28,760
Exactly.

321
00:21:28,760 --> 00:21:36,160
If that's not worth the potential of the business losing millions of dollars, there's

322
00:21:36,160 --> 00:21:39,000
a question there as to why.

323
00:21:39,000 --> 00:21:47,240
But the other reason that I believe that age range is so targeted is because you are making

324
00:21:47,240 --> 00:21:48,440
those decisions.

325
00:21:48,440 --> 00:21:50,200
Of course you're being targeted.

326
00:21:50,200 --> 00:21:56,040
We have entire names for fishing at sea level executives, which we call whaling, which is

327
00:21:56,040 --> 00:21:59,040
purely around this fact.

328
00:21:59,040 --> 00:22:03,080
Of course there are going to be more attacks and the monetary numbers are going to be bigger

329
00:22:03,080 --> 00:22:08,720
because there are more resources that you're in control of.

330
00:22:08,720 --> 00:22:14,360
Something that while it may seem like an annoyance, you have this position of power and therefore

331
00:22:14,360 --> 00:22:21,200
should be doing your best to respect and safe keep that as much as possible is where I try

332
00:22:21,200 --> 00:22:23,640
to come down on it.

333
00:22:23,640 --> 00:22:27,760
Especially given these numbers, I will make one very brave prediction.

334
00:22:27,760 --> 00:22:30,760
If you are a healthcare provider in California-

335
00:22:30,760 --> 00:22:33,520
Use MFA.

336
00:22:33,520 --> 00:22:35,560
You might want to use-

337
00:22:35,560 --> 00:22:42,600
It feels like a comedy skit, you might want to use MFA.

338
00:22:42,600 --> 00:22:49,520
These numbers show that there are things that make you a bigger, using that language from

339
00:22:49,520 --> 00:22:55,200
before, a bigger whale, a bigger prospect for these organized teams.

340
00:22:55,200 --> 00:22:59,520
Do what you can to mitigate that.

341
00:22:59,520 --> 00:23:05,160
One thing that I'll add to that very good overview is I don't want to insinuate that

342
00:23:05,160 --> 00:23:09,560
only senior individuals as far as age tend to be in those upper positions because it

343
00:23:09,560 --> 00:23:10,800
definitely is not the case.

344
00:23:10,800 --> 00:23:14,720
There are plenty of smart young people out there that are in those positions as well,

345
00:23:14,720 --> 00:23:18,920
but this information still applies to you where we're just extrapolating on a specific

346
00:23:18,920 --> 00:23:21,120
statistic.

347
00:23:21,120 --> 00:23:25,160
One thing that I would add in addition to when it comes to what else should you do about

348
00:23:25,160 --> 00:23:27,040
it is training.

349
00:23:27,040 --> 00:23:28,840
It's a huge thing.

350
00:23:28,840 --> 00:23:33,240
If you are in a compliance industry, it doesn't really matter what it is.

351
00:23:33,240 --> 00:23:38,760
It is very specifically called out that your senior executive team should have additional

352
00:23:38,760 --> 00:23:42,480
training from the rest of your staff for exactly this reason.

353
00:23:42,480 --> 00:23:45,520
Your board of directors should have specific training.

354
00:23:45,520 --> 00:23:49,880
Your lines of business could potentially require specific training to what the threats

355
00:23:49,880 --> 00:23:52,080
are to them specifically.

356
00:23:52,080 --> 00:23:56,720
But in this case, I think the point that we're really trying to bring home is this impacts

357
00:23:56,720 --> 00:23:57,720
everybody.

358
00:23:57,720 --> 00:24:02,360
I was going to pitch in in the middle of what Matthew was saying and go, but I'm important,

359
00:24:02,360 --> 00:24:05,040
Matthew, I don't want to.

360
00:24:05,040 --> 00:24:06,800
But it's really not true.

361
00:24:06,800 --> 00:24:12,480
I wanted to expand on that piece too, as he was talking about multi-factor and how there

362
00:24:12,480 --> 00:24:14,040
is some friction that goes with it.

363
00:24:14,040 --> 00:24:18,840
It is not always convenient, but the reality is it's not that inefficient.

364
00:24:18,840 --> 00:24:21,400
It's not always that much friction.

365
00:24:21,400 --> 00:24:25,680
If it is, there are plenty of options out there to reduce friction.

366
00:24:25,680 --> 00:24:30,400
The downside if there is one is that friction removal does tend to have a dollar sign that's

367
00:24:30,400 --> 00:24:34,480
associated with it, but there are some excellent tools out there that will help mitigate that

368
00:24:34,480 --> 00:24:40,120
friction for companies as they need it to, especially that group that may feel like their

369
00:24:40,120 --> 00:24:41,720
time is incredibly valuable.

370
00:24:41,720 --> 00:24:44,800
They may be willing to pay for those kinds of things.

371
00:24:44,800 --> 00:24:46,120
I'll agree.

372
00:24:46,120 --> 00:24:51,920
Just quickly on that, there is obviously so many ways to do it, so many different tools.

373
00:24:51,920 --> 00:24:57,000
If you get the right one for your organization, it becomes not just a point of pride, but

374
00:24:57,000 --> 00:24:59,560
a point of excitement.

375
00:24:59,560 --> 00:25:04,680
The amount of times I've been out at implement something that seems like science fiction

376
00:25:04,680 --> 00:25:09,560
and does make life easier at the same time while also increasing security, those are

377
00:25:09,560 --> 00:25:14,600
the moments that I look for the most because it means you're not just making it more secure,

378
00:25:14,600 --> 00:25:16,960
you're creating a more streamlined process.

379
00:25:16,960 --> 00:25:20,560
When we talk about MFA, most people think about having to get a text message or bring

380
00:25:20,560 --> 00:25:25,440
up an authenticator app, but there are hardware keys that you can use, which will sign you

381
00:25:25,440 --> 00:25:31,240
in automatically when you plug them into workstations and provide a fingerprint or an

382
00:25:31,240 --> 00:25:34,600
arse code in healthcare environments.

383
00:25:34,600 --> 00:25:38,560
They can be very time-saving, and that was the scenario I was thinking of.

384
00:25:38,560 --> 00:25:43,240
I had multiple doctors who were annoyed at the login process and then got hardware keys

385
00:25:43,240 --> 00:25:47,320
and would just plug it in and sign in and then pull it out and plug it back because

386
00:25:47,320 --> 00:25:50,200
they were like, look at how easy this is.

387
00:25:50,200 --> 00:25:55,120
If you can save time, especially when you're moving between multiple computers, don't think

388
00:25:55,120 --> 00:26:02,040
of it as just a time sink or as a decrease in availability to your software and hardware

389
00:26:02,040 --> 00:26:04,360
and information.

390
00:26:04,360 --> 00:26:10,280
Look for some of them and remember that while there may be a cost to that, like Todd said,

391
00:26:10,280 --> 00:26:14,520
if it's streamlined your process beyond where it is now, you may actually get a saving out

392
00:26:14,520 --> 00:26:17,880
of it from people being more efficient.

393
00:26:17,880 --> 00:26:20,040
This is not a healthcare podcast.

394
00:26:20,040 --> 00:26:22,600
No, we probably should do one.

395
00:26:22,600 --> 00:26:26,880
What I wanted to emphasize that really quickly too is when you're in healthcare, there are

396
00:26:26,880 --> 00:26:30,440
some people that get paid some significant amounts of dollars, and they tend to be the

397
00:26:30,440 --> 00:26:33,440
ones that are saying this is slowing me down.

398
00:26:33,440 --> 00:26:37,000
When I said that there is potentially a dollar or figure that potentially goes with some

399
00:26:37,000 --> 00:26:42,080
of the solutions to reduce friction to Matthew's point, when those doctors are getting paid

400
00:26:42,080 --> 00:26:46,520
very large dollars, you're willing to pay a couple cents for them to log in very, very

401
00:26:46,520 --> 00:26:51,120
quickly because on the grand scheme of things, that makes them more efficient.

402
00:26:51,120 --> 00:26:53,760
It makes them less frustrated, et cetera, et cetera.

403
00:26:53,760 --> 00:26:58,360
You can see how that would be a huge boom for anybody in that particular industry.

404
00:26:58,360 --> 00:27:00,120
There are absolutely ways forward.

405
00:27:00,120 --> 00:27:03,760
Again, I know I tangent a little bit into healthcare there that I didn't anticipate

406
00:27:03,760 --> 00:27:08,000
doing, but it was just really good information and I felt like we just had to sneak it in

407
00:27:08,000 --> 00:27:09,000
real quick.

408
00:27:09,000 --> 00:27:10,600
Todd, you should have warned me.

409
00:27:10,600 --> 00:27:16,640
Todd, I was reading HIPAA documentation before this podcast, so I've probably guided us down

410
00:27:16,640 --> 00:27:19,440
that as well.

411
00:27:19,440 --> 00:27:25,800
I know we're running short on time, so I just want to mention, definitely read through this

412
00:27:25,800 --> 00:27:26,800
document.

413
00:27:26,800 --> 00:27:30,960
There is risk and awareness of risk that you can gain from reading documents like this

414
00:27:30,960 --> 00:27:33,720
every day or whenever they come up.

415
00:27:33,720 --> 00:27:37,560
You don't have to read them every day like I do.

416
00:27:37,560 --> 00:27:42,960
Keep in mind that it is a select amount of information.

417
00:27:42,960 --> 00:27:48,080
It is self-report as much as we want to take all of this and start making big decisions

418
00:27:48,080 --> 00:27:49,200
from it.

419
00:27:49,200 --> 00:27:52,080
Keep in mind that it's about what's relevant to your business, what's relevant to your

420
00:27:52,080 --> 00:27:56,560
industry.

421
00:27:56,560 --> 00:28:02,120
On top of that, don't use the fact that maybe your state is lower on this list than you

422
00:28:02,120 --> 00:28:07,640
would expect it to be or anything like that as a reason to not care because the numbers

423
00:28:07,640 --> 00:28:08,940
are growing.

424
00:28:08,940 --> 00:28:14,840
Even though your state isn't as high as maybe California, the number for your state is still

425
00:28:14,840 --> 00:28:18,040
increasing.

426
00:28:18,040 --> 00:28:23,200
While people are being targeted, generally these types of attacks happen in a shotgun

427
00:28:23,200 --> 00:28:30,240
blast style effect where it's not just the thing that they're looking for as a big organization,

428
00:28:30,240 --> 00:28:36,120
but every subset and subcontractor and vendor they work with that's being targeted at the

429
00:28:36,120 --> 00:28:40,040
same time.

430
00:28:40,040 --> 00:28:44,320
While you may not be the exact target, you can get caught in the crosshairs of that as

431
00:28:44,320 --> 00:28:48,360
well and that's what you're trying to protect from.

432
00:28:48,360 --> 00:28:49,840
We focused a lot on MFA.

433
00:28:49,840 --> 00:28:53,720
There's a lot of other things that you can do as well, but MFA is a basis and really

434
00:28:53,720 --> 00:28:59,280
everyone should have it by now or should be looking at it at the very least.

435
00:28:59,280 --> 00:29:04,600
I just wanted to mention that.

436
00:29:04,600 --> 00:29:06,160
Any last thoughts from you, Todd?

437
00:29:06,160 --> 00:29:08,600
No, I think we summarized it really, really well.

438
00:29:08,600 --> 00:29:13,320
I think overall, I guess I can throw the training in there again because we did just mention

439
00:29:13,320 --> 00:29:16,440
it, but between those two, those would be the massive thrust.

440
00:29:16,440 --> 00:29:20,160
I'd say these are the good places to focus for this particular report.

441
00:29:20,160 --> 00:29:24,320
There's a lot of good information in there, but that was about it.

442
00:29:24,320 --> 00:29:25,320
That's awesome.

443
00:29:25,320 --> 00:29:28,960
Both of you made that very interesting, which I am not somebody who reads these reports

444
00:29:28,960 --> 00:29:31,040
daily, so thank you.

445
00:29:31,040 --> 00:29:35,440
As we mentioned as Todd alluded to, that we have a lot of previous podcasts to talk about

446
00:29:35,440 --> 00:29:40,560
MFA, EDR, our passwords going away, which covers a lot of this content.

447
00:29:40,560 --> 00:29:44,720
As far as we should do one on healthcare, that's actually, I think, three weeks down

448
00:29:44,720 --> 00:29:48,600
the line we're doing a healthcare one, so we've got it coming.

449
00:29:48,600 --> 00:29:52,360
On that note, this is my marketing promotion to say, yes, please subscribe wherever you

450
00:29:52,360 --> 00:29:54,800
listen to podcasts or watch us on YouTube.

451
00:29:54,800 --> 00:29:57,360
My preference is listening.

452
00:29:57,360 --> 00:30:01,760
But if you want to get in touch with either Todd or Matthew, geek out with them, read

453
00:30:01,760 --> 00:30:07,800
reports daily, get coffee, all the good things, you can always reach out info at cit-net.com

454
00:30:07,800 --> 00:30:14,120
or head out to our website cit-net.com backslash podcast or else this is a bonus episode, which

455
00:30:14,120 --> 00:30:41,280
means we'll be back in less than a week with another episode.