Lessons - How To Protect Yourself Against Cyberattacks? | Mark Sangster - Cybersecurity Author and Expert

I just want to take a second and thank Cornbread Ham for supporting today's episode. Now Cornbread Ham CBD gummies have been this really nice addition to my wellness toolkit. I don't use them every day, just when I want to win wine after those extra busy weeks, but they're perfect for those moments when you want to take the edge off and just find your balance really just shut off from work. Now what makes them special is how Cornbread Ham crafts them. They only use the flower of USDA Organic Hamplants. That's the best part for the purest, most potent experience, no fillers, no artificial fluff, just clean, full spectrum goodness in delicious watermelon berry and peach flavor. I keep them in my nightstand for those moments when I just need a little extra help relaxing and I love how transparent they are too. Every batch is third party lab tests, so you know exactly what you're getting and they put together a special offer for all success story podcast listeners. All listeners can save 30% off their first order. Just head to cornbreadhemp.com slash success and use code success at checkout. That's cornbreadhemp.com slash success code success for 30% off your first order of these amazing gummies. In this lessons episode, explore the rising threat of cyber attacks and their implications for global security. Learn how modern conflicts are shifting from physical to digital warfare. Why companies must prioritize cyber hygiene and the critical role of preparation in mitigating ransomware attacks and safeguarding critical infrastructure. I was so Biden put out that list right of all these, right now they haven't they hit you know the ones that I'm thinking of is JBS meets colonial pipeline like these are the big ones pipeline is definitely core infrastructure JBS meets is big but it's not going to it's not going to ruin a country like shutting down a medical system or a financial system maybe for some people but for for many of us like these these core things that were on that list could truly just cause massive amounts of chaos the power of all these different things they haven't gone after those those types of industries yet do you believe that it's because they haven't been able to or they're waiting for the right time do you think they'll respect the list I'm curious as you see the future of this type of behavior evolving where does it go yeah so I do think that's coming I frankly think we live in a in a bit of a you know cyber cold war that like the 1950s post-World War II right with Soviet Russia and you know the West and you know there's that constant data and right now we sort of exist in the same kind of world right I'm not going to pull the Russian spy in Washington DC and go to town to get their secrets because then I know they're going to pull the CIA spy in Moscow and do the same right and we're sort of in that same I think that same kind of detent now where we're keeping it just south of military action right and it's great the real warfare because you know these smaller nation states know you know they can't fight with the tanks and the bombers and all that kind of stuff but they can certainly fight nails and mountains and caves and jungles and they're really good and I think that's what's going on now will it boil over yeah I think it will right it's almost like you know think of the doomsday clock we had in you know sort of nuclear war where I would say we're definitely in the 11th hour heading to midnight in a cyber one as well because you know I think there'll be that tipping point right it'll be a trade war or something that happens in another part of the world where they can affect you know influence or extort you know what they want by doing this and and a lot of these attacks I think are you know proof of concept right it's the yeah we could shut down a gas line and and we saw what the secondary effects of that right you know shortages at pumps gas prices spiking panic you know all that kind of stuff what happens as you say what happens when we shut off water or we kill the electricity or you know the big one I keep waiting for because it is you know things like attacks on airports and I don't mean traditional terrorist attacks shooting down or blowing up planes I mean shut down a baggage handling system for a day at Chicago or in Atlanta right or Denver and what is major hubs and watch what happens right think of the billions that's going to create an economic chaos and so on and I think those are are the things that are coming so you know at some point you know is the you know what are we going to do in the west here right you know the US Canada the UK and other allies are we fighting back I don't know I probably presume so on some level but yeah at some point I do think it will boil over and I do think you're going to see you know this sort of like you know testing your muscle strength right and and figuring out what works and what doesn't work and I think the more scary part is that's the kinetic side of it but what's the potential energy side of it like how many of these organizations have they already infiltrated and it's you know bit of the nuclear submarine laying off the coast just waiting for the order to you know turn the keys and launch the missiles and I think that that's probably the case because a lot of these companies are simply not prepared they've focused on physical security like a pipeline you know they don't why I said terrorists getting in and blowing it up and they they've not really put enough you know cyber defenses in in in in place to adequately protect themselves are there protection because we we mentioned the the people problem quote what are the other protections that somebody could put in place to protect against something like this so there's there's lots of different security tools and technologies but there's some basic things that I always say to companies brush your teeth and floss right do the hygiene part of this so things like proper password security use two factor multi factor authentication and those things are even offered right in your consumer side like apple iTunes Google Play Amazon all these services will offer you know they might call it OTP but that you know it's where you log in and it'll send you a code to your phone and you have to enter that as well those secondary controls slow these bad guys down using encryption so having a VPN I think now with COVID we all know what a VPN as we didn't before just some of the basic hygiene effectively narrows the entry points and what it does mean now is it's it's a bit like you know channeling them through that canyon I know where they have to come out and I know when they pop out yes there's lots more things they're going to do but those are where I can now put my spotlights or put my centuries and I can wait for them to emerge from that point and it makes it easier to detect them so you know for many companies doing the basics is critical right and and you know and that's going to eliminate the new that's going to eliminate the what I call the background radiation of the internet it's also going to eliminate the kind of the moderates threats and then we get into the high level threats that's that's a different story right that is where you're you're going to absolutely have a Noah's arc two of everything kind of security program to be able to protect yourself a huge shout out to bank on yourself for supporting today's episode entrepreneurs here's the retirement secret that Wall Street doesn't want you to know while you are pouring everything into growing your business they want you gambling your future in their 401k casino with no guarantees as a business owner you already take enough risks why gamble with your retirement too it is time to discover the financial strategies smart entrepreneurs are using to protect their wealth bank on yourself is the proven approach that gives business owners what they need most certainty flexibility and control in their retirement unlike traditional retirement accounts bank on yourself gives you predictable guaranteed growth that isn't at the mercy of market crashes a liquid cash reserve you can tap anytime to seize new business opportunities or whether downturns there's zero penalties or restrictions and tax free retirement income that shields your hard earned wealth from future tax hikes for entrepreneurs who understand the value of financial leverage here's the game changer when you access your money it continues growing as if you never touched it this means your capital works twice as hard just like you do you can get a free report that reveals how you can bank on yourself and enjoy tax free retirement income guaranteed growth and control of your money just go to bank on yourself dot com slash Scott and get your free report that's bank on yourself dot com slash Scott bank on yourself dot com slash Scott and in one point as I was going through the book one one I guess topic or is a gray zone or a gray actor I don't know what that means so what is what is yeah so the gray actors is kind of back to a little bit of what I talked about destabilization right so gray actors are countries that we haven't declared war with China Russia harsh popular you know possibly the Ukraine Iran you know Iran Iraq Syria all these kind of countries where we're not at war so there's not a kind of let's call it a global entitlement to fly you know rockets over airplanes and bomb them they're not doing the same to us but effectively they do seek the same kind of outcome right they wanted to stabilize our economy they are sowing mistrust like everything's going on right now just place under their hands right like look at covid do I wear a mask do I not should I get vaccinated should I not and I'm not trying to advocate for one side of the other but what I am saying is probably 20 years ago we did just done what we were told and now we've bumped right so you've got that going on you've got a distrust of government agencies of science and all that kind of stuff placed into their hands because they're aligned and we're no longer right we don't even want to trust the messenger the messenger and then you've got the economic side of it which is can I take down that big major bank no but you know what I can do I can cause a lot of problem like like your example earlier I can hit a meat you know a meat processing business and what do I know that's going to do that's going to spike the price of chicken and that's going to be one more point of evidence to show that law enforcement is incapable of protecting its constituents or the government you know can't stop a foreign entity from you know extorting control over our economy and you know it's just that sort of cycle and like I said it's everything south of of of you know physical war right of semi tanks and airplanes and ships but we're pretty darn close so what what happens and I guess you know this is it hindsight it's 2020 I probably should have asked this question at the beginning of the podcast but I still think it's a good one to break down so what happens when a company is a victim of a ransomware attack what are the steps that actually take place that they would be experiencing or their employees would be experiencing excuse me or even what happens when law enforcement gets involved do they want to get law enforcement involved will that have an impact on the outcome of them being able to pay off the ransomware attack or maybe give them give law enforcement potentially access to more information that they actually they originally didn't want to even open up to a lot of variables there there are a lot of variables so if a company is in a position where they feel that they have to pay a ransom right so they've been you know absolutely shut down and what we see is really good multi-pronged tactics to extort that right so things like they may not shut down everything but then they say you know pay me now and when the company says we're not going to negotiate with you they shut down something more critical they'll often publish information as well to show that they've gotten in they'll contact partners they'll contact clients and say by the way hey we broke into this company we know there were major supplier of yours we've got access to your you know your secret intellectual property your designs all that kind of stuff just to kind of put more pressure on them to pay when it comes to doing that I would recommend that they engage law enforcement because law enforcement is not there to criminalize the victim they are there to determine attribution and to build a case for prosecution but they also know what's going on in the world right so they see this stuff so they may even have decryption keys that they haven't been rotated by the bad guys and they're being lazy they can help determine whether or not it's a legitimate you know threat like this is okay this is a major ransomware gang you need to take this seriously engaging there insurer so if they have coverage for this kind of thing you insures know how to negotiate right so the other piece to this to understand too is the criminals before they detonate they've probably done a lot of reconnaissance with any environment and one of things we see them going after is things like insurance documents so they figure out what kind of coverage do you have so let's say you have five million in coverage they're going to come in and they're going to negotiate for ten and they know that you can't pay ten but they know they can walk you down to five and you'll walk away thinking you got a bargain per se and they know they knew you were going to be you were capable of paying it right so they understand those kind of things like you have to they've written the rules they already understand it and they haven't told you what the rules are right so it's difficult for you to play law enforcement can help there they can determine like I said they can determine attribution they can they can share the forensics which is critical too because otherwise we all suffer in silence and that's one of the things I talk about in the book right is when these stories don't get shared we don't have a way of vicariously learning so it's like each one of us individually unfortunately learns the same hard lesson instead of us being able to observe what happens to others and and so yeah it is it's a terrible experience because you know one of the things we don't talk about in the security world or in the business world is the emotional human side of it right so you're under a lot of stress you've got a board that's threatening your job right your name is in the paper you have to deal with crisis communications and you know go in front of whoever it is some media outlet that's called you at 4.30 wants to run the story at six o'clock and they've done that to put more pressure on you right nobody's your friend if that point and if you're not prepared you know you're going through a lot because you know again you're trying to determine you know right back the beginning of our conversation is what the IT people telling me is that legitimate how do I even pay in cryptocurrency we don't have a Bitcoin wallet or whatever it might be how do I do this and that's where law enforcement ensures an incident response firms help right that's what that's their you know they're the that's their job their first responders they know how to deal with you know things when they've they've gone wrong but the best thing I'd say for companies is prepare right is the short scoth quote about you know the more you sweat and preparation the less you bleed in battle right and in this case it's the less you bleed in response and it's very true right knowing what to do who to call when having the right people come in like HR marketing help craft communications having a crisis communications player to get involved it reduces a lot of that right so it's still terrifying when it happens but you know at least you know what to do versus you know the first 24 to 72 hours are spent in a kind of a panic of just even determining what the next step is let alone fixing the problem thanks for tuning in if you found this valuable don't forget to hit that subscribe button so you never miss an episode and if you want to dive deeper into this conversation check out the links in the description to watch the full episode see you in the next one