WEBVTT 1 00:00:00.040 --> 00:00:02.399 Welcome to our deep dive. And today we're going to 2 00:00:02.439 --> 00:00:08.359 be looking into cyber extortion, specifically ransomware, and we're going 3 00:00:08.400 --> 00:00:11.119 to be using excerpts from the book Ransomware and Cyber 4 00:00:11.160 --> 00:00:15.000 Extortion Response and Prevention to kind of guide our exploration. 5 00:00:15.279 --> 00:00:18.239 Sounds interesting, Yeah, it's pretty wild actually. I mean some 6 00:00:18.280 --> 00:00:22.879 of these stories are just crazy. For instance, right out 7 00:00:22.920 --> 00:00:25.519 of the gate, they open with this story about this 8 00:00:25.600 --> 00:00:29.719 law firm and they got a voicemail from hackers demanding 9 00:00:29.719 --> 00:00:33.600 one point two million dollars. Oh, and these hackers had 10 00:00:33.600 --> 00:00:38.200 stolen five hundred gigle buys of data, client files, payroll, 11 00:00:38.640 --> 00:00:40.320 EHR records, you name it. 12 00:00:40.359 --> 00:00:41.920 They took it and then they encrypted it. 13 00:00:42.039 --> 00:00:44.240 Oh yeah, encrypted everything totally unusable. 14 00:00:44.320 --> 00:00:46.119 So how much did it end up costing them? I mean, 15 00:00:46.159 --> 00:00:47.119 besides the one point too? 16 00:00:47.119 --> 00:00:49.679 Well, that's the thing. The financial impact can be really crippling. 17 00:00:49.920 --> 00:00:55.079 It's not just the ransom, it's business disruption, potential lawsuits 18 00:00:55.119 --> 00:00:58.039 from clients whose data was compromised, oh, legal fees, the 19 00:00:58.079 --> 00:01:00.880 cost of recovering the data, implementing new security measures to 20 00:01:00.920 --> 00:01:03.560 prevent future attacks. It all adds up, it really does. 21 00:01:03.880 --> 00:01:06.640 And actually, the average cost of a ransomware attack in 22 00:01:06.680 --> 00:01:09.560 twenty twenty one was one point eight five million dollars. 23 00:01:09.640 --> 00:01:11.640 Oh really, Yeah, so that's just the average. 24 00:01:11.719 --> 00:01:14.439 Yeah, and that doesn't even include data breaches. If there's 25 00:01:14.439 --> 00:01:16.959 a data breach involved, that number goes up to four 26 00:01:17.000 --> 00:01:20.879 point sixty two million. Wow. Yeah, it's pretty scary stuff. 27 00:01:21.000 --> 00:01:25.159 But it gets even worse. These hackers they didn't just 28 00:01:25.319 --> 00:01:28.359 encrypt the data. They threatened to contact the law firms 29 00:01:28.400 --> 00:01:33.640 clients directly and leak sensitive information if the ransom wasn't paid. 30 00:01:33.799 --> 00:01:36.040 Oh wow, So you can imagine the kind of panic 31 00:01:36.079 --> 00:01:36.719 that would cause. 32 00:01:36.799 --> 00:01:37.799 Yeah, that's crazy. 33 00:01:38.159 --> 00:01:40.480 So before we go any further, I think we should 34 00:01:40.519 --> 00:01:44.000 define what cyber extortion actually is. The book outlines four 35 00:01:44.000 --> 00:01:49.159 main categories exposure, modification, denial info. Okay, so exposure, like 36 00:01:49.239 --> 00:01:51.760 in the case of the law firm, involves sealing data 37 00:01:51.760 --> 00:01:55.079 and threatening to release it publicly. Modification, on the other hand, 38 00:01:55.120 --> 00:01:58.159 is when hackers actually change your data, like maybe changing 39 00:01:58.239 --> 00:02:00.879 financial records or campering with sen set of information for 40 00:02:00.920 --> 00:02:01.599 their own game. 41 00:02:01.840 --> 00:02:04.719 That's scary because even if you could restore your data 42 00:02:04.719 --> 00:02:07.239 from a backup, you would never be totally sure that 43 00:02:07.280 --> 00:02:09.319 it was accurate exactly. 44 00:02:08.919 --> 00:02:12.479 And that could lead to some serious legal and reputational issues. 45 00:02:13.360 --> 00:02:16.439 Then there's denial, which is basically about shutting down your 46 00:02:16.479 --> 00:02:20.400 operations completely, so like ransomware that encrypts your whole system, 47 00:02:20.639 --> 00:02:23.360 or you know those ddalls attacks that flood your website 48 00:02:23.360 --> 00:02:26.199 with traffic and knock you offline. So that's why it's 49 00:02:26.199 --> 00:02:28.919 so important to have really good backup and recovery strategies. 50 00:02:29.599 --> 00:02:31.719 If you have a plan in place to restore your 51 00:02:31.759 --> 00:02:35.560 systems quickly, you can at least minimize the impact of 52 00:02:35.560 --> 00:02:36.400 a denial attack. 53 00:02:36.560 --> 00:02:37.199 That makes sense. 54 00:02:37.439 --> 00:02:39.039 Yeah, it's kind of like having a spare tire in 55 00:02:39.080 --> 00:02:41.400 your car. Hopefully you never need it, but when you do, 56 00:02:41.439 --> 00:02:44.280 you're really glad you have it. And then finally there's foe, 57 00:02:44.680 --> 00:02:48.199 which is more of a deceptive tactic. It might look 58 00:02:48.240 --> 00:02:50.039 like a serious attack, but in reality it's more of 59 00:02:50.080 --> 00:02:53.360 a distraction, maybe to divert your attention while something else 60 00:02:53.439 --> 00:02:54.439 is going on in the background. 61 00:02:54.520 --> 00:02:56.400 So you have to be really careful to figure out 62 00:02:56.400 --> 00:02:57.599 what's really going on. 63 00:02:57.879 --> 00:03:00.240 Yeah, you don't want to jump to conclusions. We got 64 00:03:00.280 --> 00:03:03.240 to take the time to understand the nature of the 65 00:03:03.280 --> 00:03:05.599 attack and what the attacker's real motives are. 66 00:03:05.800 --> 00:03:07.520 Like solving a puzzle exactly. 67 00:03:07.560 --> 00:03:11.240 Okay, because we've got the different types of cyber extortion down, 68 00:03:12.120 --> 00:03:14.599 But why is this such a huge problem. I mean, 69 00:03:14.599 --> 00:03:16.520 it's not like these attacks are new, right. 70 00:03:16.639 --> 00:03:19.120 Well, you're right, cyber extortion has been around for a while, 71 00:03:19.319 --> 00:03:20.960 but there are a couple of things that have changed 72 00:03:21.000 --> 00:03:24.319 recently that have made it much more profitable for criminals. 73 00:03:24.680 --> 00:03:26.159 I have a feeling I know where this is going. 74 00:03:26.840 --> 00:03:30.280 Cryptocurrency, you got it, especially Bitcoin, It's been a game 75 00:03:30.360 --> 00:03:32.000 changer for cyber criminals. 76 00:03:32.439 --> 00:03:32.759 Hel soo. 77 00:03:33.319 --> 00:03:36.199 Well, it provides a way to get paid that's almost 78 00:03:36.199 --> 00:03:39.719 impossible to trace, and it's irreversible, so it's like. 79 00:03:39.680 --> 00:03:43.479 The perfect payment system for criminals pretty much. So you've 80 00:03:43.479 --> 00:03:46.400 got desperate victims willing to pay to get their data back, 81 00:03:46.800 --> 00:03:49.080 a payment system that makes it nearly impossible to track 82 00:03:49.120 --> 00:03:52.560 the criminals, and the potential for huge profits. It's no 83 00:03:52.680 --> 00:03:54.800 wonder this has become such a widespread. 84 00:03:54.319 --> 00:03:57.599 Issue, exactly. And what's even more concerning is that it's 85 00:03:57.680 --> 00:04:01.000 not just a few loan hackers working out of basements anymore. 86 00:04:01.039 --> 00:04:04.599 Oh really, Yeah, it's become much more sophisticated. Cyber extortion 87 00:04:04.759 --> 00:04:08.080 is now an industry with a well defined business model. 88 00:04:08.159 --> 00:04:09.680 So like digital organized crime. 89 00:04:09.960 --> 00:04:13.400 Basically, these cyber extortion groups operate just like any other 90 00:04:13.520 --> 00:04:17.319 criminal enterprise. They have specialists for every stage of the attack. 91 00:04:17.839 --> 00:04:19.519 I actually read about that in the book. It's kind 92 00:04:19.519 --> 00:04:22.600 of fascinating in a disturbing way to see how organized 93 00:04:22.600 --> 00:04:22.920 they are. 94 00:04:23.000 --> 00:04:23.920 Yeah, tell me about it. 95 00:04:24.879 --> 00:04:28.160 So you've got your initial access brokers. They're like digital 96 00:04:28.199 --> 00:04:32.120 lock picks, stealing logging credentials and selling them to the 97 00:04:32.199 --> 00:04:32.879 highest bidder. 98 00:04:33.079 --> 00:04:35.399 And then you've got the ransomware developers. 99 00:04:34.959 --> 00:04:38.120 Right, the masterminds behind the malicious software. And then of 100 00:04:38.160 --> 00:04:41.720 course you've got the negotiators. They handle the ransom demands, 101 00:04:42.079 --> 00:04:45.360 often using psychological tactics to pressure victims into paying. 102 00:04:45.480 --> 00:04:47.399 Wow, so they really have thought of everything. 103 00:04:47.560 --> 00:04:50.639 Yeah, and then you've got money launderers. They're responsible for 104 00:04:50.639 --> 00:04:51.639 cleaning the dirty money. 105 00:04:51.759 --> 00:04:53.879 It really is like a well oiled machine. 106 00:04:53.920 --> 00:04:56.360 It is, and it's pretty scary to think that there 107 00:04:56.360 --> 00:04:59.600 are people out there whose only job is to figure 108 00:04:59.600 --> 00:05:03.160 out how to exploit weaknesses and extort money from innocent 109 00:05:03.639 --> 00:05:06.839 people and businesses. Do you remember that group, the Dark 110 00:05:06.959 --> 00:05:11.639 Overlord pdo? Yeah, vaguely, you were back in twenty sixteen. Yeah, okay, 111 00:05:11.800 --> 00:05:14.319 they were one of the first to combine ransomware with 112 00:05:14.560 --> 00:05:15.439 data exposure. 113 00:05:15.519 --> 00:05:16.160 What does that mean? 114 00:05:16.360 --> 00:05:19.199 Well, it interes encrypt data. They stole it and threatened 115 00:05:19.199 --> 00:05:21.639 to release it publicly if they didn't get paid. Oh wow, 116 00:05:21.720 --> 00:05:26.879 And they targeted everyone, businesses, individuals, even a school district 117 00:05:26.879 --> 00:05:27.519 in Iowa. 118 00:05:27.560 --> 00:05:28.800 What did they do to the school? 119 00:05:28.879 --> 00:05:32.800 They not only encrypted their systems, but they sent threatening 120 00:05:32.839 --> 00:05:36.240 text messages directly to the parents. Oh my gosh, Yeah, 121 00:05:36.240 --> 00:05:38.399 it's awful. Imagine being one of those parents. 122 00:05:38.439 --> 00:05:39.639 I can't even imagine. 123 00:05:39.680 --> 00:05:41.639 It really shows how these attacks can have a huge 124 00:05:41.680 --> 00:05:47.360 impact on individuals, not just organizations. Yeah, scary and sadly, 125 00:05:48.000 --> 00:05:51.879 Tedo's tactics were just the beginning. What do you mean, Well, 126 00:05:51.879 --> 00:05:54.639 they paved the way for even more sophisticated groups like May's. 127 00:05:54.839 --> 00:05:56.560 What did they do well, they kind of took this 128 00:05:56.680 --> 00:05:59.519 double extortion model to the next level. The book talks 129 00:05:59.519 --> 00:06:03.240 about how they attacks Southwire. They're cable manufacturers, okay, and 130 00:06:03.319 --> 00:06:06.959 Mayze demanded six million dollars from them, and when south 131 00:06:07.000 --> 00:06:10.040 Wire refused to pay, what happened? They dumped all the 132 00:06:10.079 --> 00:06:12.600 data they had stolen online. So it's not just about 133 00:06:12.639 --> 00:06:16.519 getting the ransom anymore, it's about causing as much damage 134 00:06:16.519 --> 00:06:19.399 as possible and exploring every avenue for profit. 135 00:06:19.519 --> 00:06:21.639 It makes it so much harder to decide whether to 136 00:06:21.639 --> 00:06:22.639 pay the ransom or not. 137 00:06:22.839 --> 00:06:26.079 It really does. But how do these attacks even happen 138 00:06:26.120 --> 00:06:29.040 in the first place. What's the most common way these 139 00:06:29.079 --> 00:06:29.920 criminals get in. 140 00:06:30.279 --> 00:06:32.240 Well, one word comes to mind, phishing. 141 00:06:32.879 --> 00:06:34.759 You mean those emails that try to trick you into 142 00:06:34.759 --> 00:06:38.319 clicking on links or downloading infected attachments, exactly. 143 00:06:38.879 --> 00:06:42.240 And while some of them are obvious, others are really sophisticated, 144 00:06:42.439 --> 00:06:44.639 designed to look like they're from your bank or a 145 00:06:44.639 --> 00:06:47.680 store you shop at, or even your own coworkers. Wow, 146 00:06:47.759 --> 00:06:49.959 and just one click can give them access to your 147 00:06:50.000 --> 00:06:53.360 whole system, So like a digital trojan horse pretty much. 148 00:06:53.439 --> 00:06:54.519 And once they're in, that's it. 149 00:06:54.920 --> 00:06:59.240 Well, not necessarily, but to understand how to prevent these attacks, 150 00:06:59.319 --> 00:07:02.439 you need to understan how they work. The cyber attack 151 00:07:02.600 --> 00:07:05.360 kill chain. The kill chain, it's basically a series of 152 00:07:05.360 --> 00:07:07.160 steps that attackers usually follow. 153 00:07:07.319 --> 00:07:08.800 Okay, So what's step one. 154 00:07:08.920 --> 00:07:11.439 Entry That's how they get into your system in the 155 00:07:11.439 --> 00:07:13.199 first place. Like we said, it could be through a 156 00:07:13.199 --> 00:07:16.920 phishing email or maybe by exploiting a weakness in a 157 00:07:16.959 --> 00:07:18.000 remote access system. 158 00:07:18.519 --> 00:07:21.000 Okay, So they're in What's next expansion. 159 00:07:21.560 --> 00:07:25.959 That's where they move through your network, stealing credentials, disabling 160 00:07:26.000 --> 00:07:30.240 security software, basically trying to get as much control as possible. 161 00:07:29.839 --> 00:07:33.600 Like digital spies exactly. So what happens once they have control. 162 00:07:33.360 --> 00:07:35.759 That's when they move onto the priming stage. This is 163 00:07:35.800 --> 00:07:41.240 where they identify high value targets, steal data, and get 164 00:07:41.279 --> 00:07:44.519 ready for the main event, which yes, detonation. That's when 165 00:07:44.560 --> 00:07:49.240 they unleash the ransomware, encrypting files and demanding a ransom 166 00:07:49.319 --> 00:07:50.600 to restore access. 167 00:07:50.800 --> 00:07:53.639 And by this point they've already stolen data, so even 168 00:07:53.639 --> 00:07:55.639 if you pay the ransom, you're still at risk of 169 00:07:55.720 --> 00:07:56.920 having that data leaked. 170 00:07:57.120 --> 00:07:57.720 Exactly. 171 00:07:57.959 --> 00:08:01.920 It's a double Whammie actually mentions this veterinary clinic that 172 00:08:01.959 --> 00:08:04.680 got hit by ransomware. Oh no, and you want to 173 00:08:04.680 --> 00:08:08.480 know how it started? How a phishing email disguised as 174 00:08:08.480 --> 00:08:09.519 a shipping notification. 175 00:08:09.680 --> 00:08:11.079 Oh those are so easy to fall for. 176 00:08:11.279 --> 00:08:14.160 I know, right, you're expecting a package, you see that 177 00:08:14.240 --> 00:08:17.720 email and you just click without thinking. It's so sneaky, 178 00:08:17.959 --> 00:08:20.759 And that's exactly what happened to the receptionist at the clinic. 179 00:08:20.879 --> 00:08:24.959 Oh no, she clicked the link and ransomware Wow, it 180 00:08:25.079 --> 00:08:26.360 spread through their whole network. 181 00:08:26.439 --> 00:08:28.800 It's amazing how easily it can happen, it really is. 182 00:08:29.319 --> 00:08:33.720 So what happens if, despite our best efforts, we find 183 00:08:33.759 --> 00:08:37.120 ourselves in the middle of a ransomware attack? What do 184 00:08:37.200 --> 00:08:37.480 we do? 185 00:08:37.840 --> 00:08:41.000 That's where incident response comes in. Having a plan in 186 00:08:41.039 --> 00:08:43.840 place before an attack is crucial, so like. 187 00:08:43.799 --> 00:08:46.840 A fire escape plan, but for our data exactly. So 188 00:08:46.879 --> 00:08:47.679 what does that look like? 189 00:08:47.759 --> 00:08:51.039 You need to know who's in charge, how to communicate, 190 00:08:51.080 --> 00:08:54.279 what your insurance covers, and most importantly, how to make 191 00:08:54.320 --> 00:08:56.440 decisions quickly under pressure. 192 00:08:56.120 --> 00:08:59.480 Because every second counts exactly, the longer they're in your 193 00:08:59.480 --> 00:09:01.000 system than or damage they can do. 194 00:09:01.320 --> 00:09:05.320 A good incident response plan should have steps for containment, investigation, 195 00:09:05.440 --> 00:09:06.080 and recovery. 196 00:09:06.200 --> 00:09:08.919 Okay, So containment sounds like damage control, right, What does 197 00:09:08.960 --> 00:09:09.440 that involve? 198 00:09:09.559 --> 00:09:14.519 Basically stopping the bleeding, halting the encryption, preventing any more 199 00:09:14.639 --> 00:09:18.399 data from being stolen, resolving any denial of service attacks, 200 00:09:18.960 --> 00:09:21.639 and locking the attackers out of your systems. 201 00:09:21.519 --> 00:09:24.480 So basically kicking them out exactly. Okay, and then what 202 00:09:24.519 --> 00:09:25.360 about investigation. 203 00:09:25.840 --> 00:09:29.559 That's about understanding how bad the attack is, who are 204 00:09:29.559 --> 00:09:31.799 the attackers, how did they get in, what data did 205 00:09:31.799 --> 00:09:33.360 they take. We need to know those things to be 206 00:09:33.360 --> 00:09:36.200 able to stop the damage and prevent future attacks. 207 00:09:36.200 --> 00:09:38.840 Okay, and then there's recovery, right, getting things back up 208 00:09:38.840 --> 00:09:39.279 and running. 209 00:09:39.360 --> 00:09:42.480 Yeah, restoring your data and rebuilding your defenses. 210 00:09:42.720 --> 00:09:43.840 That sounds like a lot of work. 211 00:09:44.200 --> 00:09:47.360 It can be. It's not just about restoring data from backups. 212 00:09:47.360 --> 00:09:50.879 It's about rebuilding trust with your customers and reviewing your 213 00:09:50.919 --> 00:09:52.000 security practices. 214 00:09:52.200 --> 00:09:54.960 Okay. So let's say we've done everything right, We've got 215 00:09:55.000 --> 00:09:58.840 a great incident response plan, but we still end up 216 00:09:59.120 --> 00:10:03.279 with a ransom day. Man, do we pay? Do we fight? 217 00:10:04.240 --> 00:10:06.600 That's a tough question, it is. There are pros and 218 00:10:06.600 --> 00:10:07.320 cons to both. 219 00:10:07.639 --> 00:10:09.879 The book actually talks about a company that was hit 220 00:10:09.919 --> 00:10:14.559 by a group called Twisted Spider. Okay, and Twisted Spider 221 00:10:14.720 --> 00:10:18.720 was known for targeting companies with good cyber insurance policies. 222 00:10:18.960 --> 00:10:22.879 Oh wow, Yeah, they were really sophisticated. They did their research, 223 00:10:22.919 --> 00:10:23.919 they knew who to target. 224 00:10:24.279 --> 00:10:25.720 So what happened to this company? 225 00:10:26.000 --> 00:10:28.519 Well, there's cyber insurance ended up paying a six hundred 226 00:10:28.519 --> 00:10:29.559 thousand dollars ransom. 227 00:10:30.279 --> 00:10:30.879 Wow. 228 00:10:31.960 --> 00:10:32.320 Yeah. 229 00:10:32.399 --> 00:10:34.320 Does that mean it's a good idea to pay? 230 00:10:34.600 --> 00:10:36.960 That's a tough question. Yeah, it raises a lot of 231 00:10:36.960 --> 00:10:40.919 ethical questions like does paying the ransom just encourage more attacks? 232 00:10:41.000 --> 00:10:43.120 Does it make cyber insurance less effective? 233 00:10:43.399 --> 00:10:44.639 Yeah? Those are good questions. 234 00:10:44.720 --> 00:10:46.919 Yeah, there are no easy answers. And even if you 235 00:10:46.960 --> 00:10:51.279 do pay, there's no guarantee that you'll get your data back. Really, yeah, 236 00:10:51.320 --> 00:10:53.440 you're basically trusting criminals to keep their work. 237 00:10:53.559 --> 00:10:54.679 That's risky, it is. 238 00:10:55.000 --> 00:10:56.480 And even if they do give you a way to 239 00:10:56.519 --> 00:10:59.159 decrypt your data, there's no way to know if they've 240 00:10:59.240 --> 00:11:02.399 left something behind, like what like some kind of malware 241 00:11:02.679 --> 00:11:04.600 or a back door that lets them back in later. 242 00:11:04.840 --> 00:11:06.679 Oh wow, So you could end up paying and still 243 00:11:06.720 --> 00:11:07.600 be in trouble. 244 00:11:07.399 --> 00:11:10.559 Exactly, And even if you do manage to recover your data, 245 00:11:11.000 --> 00:11:12.000 the damage isn't over. 246 00:11:12.159 --> 00:11:12.679 What do you mean? 247 00:11:13.080 --> 00:11:15.480 Well, the book talks about the long term consequences of 248 00:11:15.519 --> 00:11:21.240 a cyber extortion attack, like what like damage to your reputation, oh, lawsuits, 249 00:11:21.720 --> 00:11:26.440 regulatory investigations, and the ongoing cost of improving your security. 250 00:11:26.559 --> 00:11:28.840 It's like a digital hangover that can last for years. 251 00:11:29.120 --> 00:11:31.480 It really is. So I guess the big question is 252 00:11:32.039 --> 00:11:34.240 what's the most important thing our listeners should take away 253 00:11:34.240 --> 00:11:34.639 from all of this? 254 00:11:34.960 --> 00:11:37.279 Well, I think the most important thing is that prevention 255 00:11:37.519 --> 00:11:41.120 is key. The best defense against cyber extortion is a 256 00:11:41.120 --> 00:11:43.000 strong cybersecurity. 257 00:11:42.279 --> 00:11:44.159 Program, and how do we do that. 258 00:11:44.240 --> 00:11:46.080 Well, that's what we're going to talk about in part two. 259 00:11:46.720 --> 00:11:50.159 Tune Welcome back to our deep dive on cyber extortion. 260 00:11:50.960 --> 00:11:53.840 Last time, we talked about how scary these attacks can be, 261 00:11:54.360 --> 00:11:57.440 but now we're going to shift gears a bit and 262 00:11:57.519 --> 00:11:59.000 talk about how to fight back. 263 00:11:59.480 --> 00:12:02.480 You're hearing all those real world examples in part one. 264 00:12:02.639 --> 00:12:04.559 I was already to throw my computer out the window. 265 00:12:04.679 --> 00:12:07.039 I know it can be overwhelming, but the good news 266 00:12:07.120 --> 00:12:10.240 is there are things you can do to protect yourself. Okay, 267 00:12:10.240 --> 00:12:12.399 good and you don't have to be a tech expert 268 00:12:12.440 --> 00:12:12.879 to do them. 269 00:12:12.919 --> 00:12:14.200 So what's the most important thing? 270 00:12:14.399 --> 00:12:18.200 Multi factor authentication. It's an extra layer of security for 271 00:12:18.240 --> 00:12:19.320 your online accounts. 272 00:12:19.639 --> 00:12:22.600 So it's like instead of just a username and password, Yeah, 273 00:12:22.639 --> 00:12:24.720 you need something else too, like a code from your 274 00:12:24.759 --> 00:12:26.720 phone or a fingerprint. 275 00:12:26.279 --> 00:12:29.480 Scam exactly that way, even if someone gets your password, 276 00:12:30.080 --> 00:12:31.519 they still can't get into your account. 277 00:12:31.679 --> 00:12:35.399 Okay, So multi factor authentication is a must. 278 00:12:35.679 --> 00:12:39.559 Absolutely. We els strong unique passwords for every account. 279 00:12:40.039 --> 00:12:42.720 I know, I know, I know it's a pain, it is, 280 00:12:42.799 --> 00:12:44.519 but it's so important. 281 00:12:44.080 --> 00:12:46.559 Because if one account gets compromised, they can get into 282 00:12:46.600 --> 00:12:49.080 all of them exactly. Okay, So how long should a 283 00:12:49.080 --> 00:12:49.679 password be? 284 00:12:50.200 --> 00:12:56.000 At least twelve characters uppercase in lowercase letters, numbers, and symbols. 285 00:12:56.080 --> 00:12:59.559 Okay, and no birthdays or pet names. But how am 286 00:12:59.559 --> 00:13:01.840 I supposed to remember all of those passwords? 287 00:13:02.120 --> 00:13:03.799 That's where a password manager comes in. 288 00:13:03.879 --> 00:13:04.559 Okay, what's that? 289 00:13:05.120 --> 00:13:08.080 It's basically a digital vault that stores all your passwords 290 00:13:08.120 --> 00:13:11.120 for you. You just have to remember one master password to 291 00:13:11.279 --> 00:13:12.080 unlock the vault. 292 00:13:12.360 --> 00:13:13.399 Okay, that makes sense. 293 00:13:13.440 --> 00:13:16.600 And most password managers can even generate strong passwords for 294 00:13:16.679 --> 00:13:18.799 you so you don't have to come up with them yourself. 295 00:13:19.120 --> 00:13:21.679 Okay, so password manager is on the list too, definitely. 296 00:13:21.720 --> 00:13:22.120 What else? 297 00:13:22.200 --> 00:13:25.000 Be careful about phishing emails? Remember those are one of 298 00:13:25.000 --> 00:13:27.240 the most common ways attackers get in. 299 00:13:27.320 --> 00:13:30.399 So how can we avoid falling for them? Always double 300 00:13:30.480 --> 00:13:33.960 check the sender's email address, look for misspellings or anything 301 00:13:33.960 --> 00:13:37.399 that seems off, and hover over links before you click 302 00:13:37.440 --> 00:13:39.320 on them to see where they really go. 303 00:13:39.639 --> 00:13:40.600 Oh that's a good tip. 304 00:13:40.759 --> 00:13:44.320 Yeah, And never open attachments from people you don't know, okay, 305 00:13:44.360 --> 00:13:46.159 And if something feels weird, just don't click. 306 00:13:46.320 --> 00:13:49.399 Trust your gut exactly. What about software updates? Those are 307 00:13:49.480 --> 00:13:52.279 so annoying, I know, but they're important. Why. 308 00:13:52.440 --> 00:13:55.679 They often include security patches that fix vulnerabilities. 309 00:13:55.919 --> 00:13:58.320 So if I don't do them, I'm leaving myself open 310 00:13:58.320 --> 00:13:58.759 to attack. 311 00:13:59.080 --> 00:14:01.639 Basically, it's like leaving your front door unlocked. 312 00:14:01.639 --> 00:14:05.480 Okay, no more procrastinating on updates. Good? What about backups? 313 00:14:05.679 --> 00:14:09.159 Backups are your lifeline if something goes wrong, if your 314 00:14:09.240 --> 00:14:12.799 data gets encrypted or stolen, a backup can save you. 315 00:14:13.039 --> 00:14:15.000 It's like having an extra copy of everything just in 316 00:14:15.039 --> 00:14:16.559 case exact. So how often. 317 00:14:16.360 --> 00:14:19.679 Should we back up regularly? And store your backups in 318 00:14:19.720 --> 00:14:22.919 a separate location like an external hard drive or a 319 00:14:22.919 --> 00:14:26.120 cloud storage service, and make sure you test your backups 320 00:14:26.240 --> 00:14:29.559 regularly to make sure they're working properly. Yeah, you don't 321 00:14:29.559 --> 00:14:31.519 want to find out they're not working when it's too late. 322 00:14:31.919 --> 00:14:37.360 Okay. So we've covered strong passwords, multi factor authentication, phishing awareness, 323 00:14:38.559 --> 00:14:42.440 software updates, and backups. Is that everything? 324 00:14:42.639 --> 00:14:45.200 It's a good start, But for larger organizations they need 325 00:14:45.240 --> 00:14:48.879 a more comprehensive approach, like what Well, they need to 326 00:14:48.879 --> 00:14:53.440 think about cybersecurity as a multi layered system. Okay, So 327 00:14:53.480 --> 00:14:56.559 the first layer is knowing what you need to protect 328 00:14:57.080 --> 00:15:00.639 what data is most important? Where are the points in 329 00:15:00.679 --> 00:15:01.240 your systems? 330 00:15:01.240 --> 00:15:03.840 Okay, so like taking inventory? And then one then you 331 00:15:03.879 --> 00:15:07.480 need to put security controls in place, like firewalls to 332 00:15:07.559 --> 00:15:12.120 block unauthorized access and intrusion detection systems to monitor for 333 00:15:12.159 --> 00:15:14.720 suspicious activity. Okay, and you need to make sure your 334 00:15:14.720 --> 00:15:17.600 employees are trained on cybersecurity best practices. 335 00:15:17.679 --> 00:15:19.360 So it's not just about the technology, it's about the 336 00:15:19.399 --> 00:15:21.840 people too, exactly, because people make mistakes. 337 00:15:22.000 --> 00:15:22.679 Everyone does. 338 00:15:22.759 --> 00:15:24.720 So what's the best way to train employees? 339 00:15:24.799 --> 00:15:26.480 Well, there are lots of options. You can have in 340 00:15:26.559 --> 00:15:31.440 person training, online courses, even simulated phishing attacks so you 341 00:15:31.440 --> 00:15:34.320 could see how they would react in a real situation exactly. Okay, 342 00:15:34.320 --> 00:15:37.159 so training is important, it is. But what if all 343 00:15:37.200 --> 00:15:39.159 of this is just too much for a company to 344 00:15:39.200 --> 00:15:40.039 handle on their own. 345 00:15:40.240 --> 00:15:43.639 That's when you might want to think about hiring a cybersecurity. 346 00:15:42.879 --> 00:15:44.600 Professional like a consultant. 347 00:15:44.759 --> 00:15:47.799 Yeah, they can help you assess your risks and develop 348 00:15:47.840 --> 00:15:50.159 a security program that's right for your organization. 349 00:15:50.320 --> 00:15:51.240 Okay, that makes sense. 350 00:15:51.279 --> 00:15:53.919 And they can also help you respond to an attack 351 00:15:54.039 --> 00:15:55.440 if one happens. 352 00:15:55.080 --> 00:15:58.440 Because even with the best defenses in place, some attacks 353 00:15:58.480 --> 00:16:01.320 are still going to get through. That's right. So incident 354 00:16:01.360 --> 00:16:04.279 response is still important absolutely. What does a good incident 355 00:16:04.320 --> 00:16:05.440 response plan look like? 356 00:16:05.759 --> 00:16:12.639 It should outline clear roles and responsibilities, communication protocols, escalation procedures, 357 00:16:13.120 --> 00:16:15.639 and steps for containment, investigation, and recovery. 358 00:16:15.960 --> 00:16:18.919 So it's like a roadmap for dealing with an attack exactly, 359 00:16:19.000 --> 00:16:20.320 and it needs to be tested. 360 00:16:20.000 --> 00:16:22.120 Regularly, right, just like a fire drill. 361 00:16:22.519 --> 00:16:24.679 Okay, so we've covered a lot of ground we have. 362 00:16:24.879 --> 00:16:27.399 Can you give us a quick recap of the key takeaways? 363 00:16:27.679 --> 00:16:32.080 Sure, use multi factor authentication, strong passwords, be careful about 364 00:16:32.120 --> 00:16:36.960 phishing emails, keep your software updated, have a good backup system, 365 00:16:37.279 --> 00:16:40.080 and consider hiring a cybersecurity professional. 366 00:16:40.480 --> 00:16:42.080 That's a lot to remember. 367 00:16:41.799 --> 00:16:43.879 It is, but it's all important. 368 00:16:43.960 --> 00:16:45.960 I think the most important thing is to be aware 369 00:16:46.080 --> 00:16:48.840 of the risks, I agree, and to take steps to 370 00:16:48.879 --> 00:16:51.679 protect yourself absolutely, and to remember that you're not alone. 371 00:16:51.759 --> 00:16:52.240 That's right. 372 00:16:52.320 --> 00:16:55.120 There are resources available to help exactly, so don't be 373 00:16:55.120 --> 00:16:59.480 afraid to ask for help. Welcome back to our deep dive. 374 00:16:59.519 --> 00:17:04.119 It's the fine part. And we've talked about how these 375 00:17:04.279 --> 00:17:08.240 attacks work and the people involved and how to protect ourselves. 376 00:17:08.720 --> 00:17:10.319 Now I kind of want to talk about what happens 377 00:17:10.359 --> 00:17:13.319 after an attack. Even if you get your data back, 378 00:17:13.559 --> 00:17:14.880 what are the long term effects? 379 00:17:15.000 --> 00:17:19.759 Yeah, that's important. I think people often overlook the psychological impact. 380 00:17:19.839 --> 00:17:22.359 Oh yeah, on both individuals and organizations. 381 00:17:22.480 --> 00:17:24.960 Right, it's not just about systems and data. It's about 382 00:17:24.960 --> 00:17:28.799 trust and reputation and that feeling of violation, like having 383 00:17:28.799 --> 00:17:33.000 your personal space invaded. Even if nothing is physically stolen, 384 00:17:33.960 --> 00:17:35.240 you still feel vulnerable. 385 00:17:35.319 --> 00:17:36.400 Yeah, you feel exposed. 386 00:17:36.440 --> 00:17:39.599 And in the digital world it's even worse because your 387 00:17:39.680 --> 00:17:42.160 data is out there and who knows what these criminals 388 00:17:42.200 --> 00:17:42.960 are going to do with it. 389 00:17:42.960 --> 00:17:46.480 It's a loss of control and that can be really unsettling. 390 00:17:46.960 --> 00:17:49.359 The book talks about this school district that was attacked. 391 00:17:49.359 --> 00:17:51.960 Oh yeah, and not only did they encrypt their systems, 392 00:17:53.000 --> 00:18:00.519 but they stole sensitive student data, medical records, discipline files. 393 00:18:00.599 --> 00:18:04.160 Oh wow, it's awful. That's terrible because it's not just 394 00:18:04.200 --> 00:18:07.519 about the organization anymore. It's about these kids, right, and 395 00:18:07.559 --> 00:18:11.000 their information could be used for identity theft or blackmail. 396 00:18:11.160 --> 00:18:12.920 It puts the school in a terrible position. 397 00:18:13.039 --> 00:18:15.880 It does. Do they pay the ransom and risk funding 398 00:18:15.920 --> 00:18:19.640 criminal activity, or refuse to pay and risk having their 399 00:18:19.680 --> 00:18:20.799 students data leaked. 400 00:18:21.160 --> 00:18:22.279 There are no easy answers. 401 00:18:22.480 --> 00:18:22.920