Malware vs. ransomware
"Ransom" hijacking your practice and will cause your business harm and shut you down, possibly permanently
Smishing is the text
Hello and welcome to the amber Stitt show. I am your host Amber Stitt and today we welcome back my colleague Brian from Echelon technologies to share a little bit more about some tips for Cybersecurity Awareness Month. And so welcome back Brian, I appreciate you taking the time to be with us again today.
Thank you. Thanks for having me back. I really appreciate it. It's great to be here.
Yeah. I for the audience that hasn't listened to our first episode together. I'm gonna let you say a little bit about what you do over Echelon and then we're gonna dive into some juicy spooky statistics and stories just to kind of finish up the month of Halloween 2022 or the month of the month of October being Cybersecurity Awareness month but that month also being the holiday of Halloween we'll share some scary stocks and really dive into what's trending, what you see in your world. So I'll pass the mic and let you talk a little bit about what you do and what your day to day is like and we'll dive into some really interesting stories, unfortunate stories, but interesting ones.
Scary month and we've definitely got the scary stories to go with it. Hey, everyone, again, thanks for having me, Amber. I'm Brian and with Echelon technologies. We're a managed IT service provider with a heavy focus on cyber security. That's really first and foremost for us. We've been around that quite a while been since about 2002. And over the time you know We've We've certainly enjoyed the growth of a significant growth of a client base and we service all throughout the valley and also nationwide. So but it and cybersecurity that's the name of the game. That's what we're talking about today.
Yeah. So I always I think stories can hit home. Make it real for us. Maybe let's start with some I'm gonna let you take it from here. I know that you do a lot of presenting out there that's part of your your thing as far as education for different companies. So that's how we met. So I don't know if you want to talk to people, the audience more on an individual basis and we could dive into some business. I know that you have a lot of stories. We'll get to a couple today. So I'm gonna let you take the lead here and just want to give the audience as many facts, interesting facts. I want them to take action today. I always talk about that with my framework of pathways of peak performance, really, take some action, implement some new strategies. I think your stories and statistics are really going to help everybody so yeah, what do you think? We should know to really kick this off?
Let's see. I think I'm gonna start kind of with some light stories by touching on a couple of big stories that we've heard about and then we'll bore you with a few stats because stats do get kind of boring after a while but then I'll get you with a few personal stories that we've dealt with, either me or my colleagues have dealt with, in my time being here at echelon, and there's some there's some doozies in there. Yeah.
So we're ready to get started. Go ahead. Yeah, go for it. Okay, so, last time
we talked, I touched briefly on the fact that when you hear about major ransomware attacks or cyber attacks in the news, data leak, there's at least 100 or more that have happened behind the scenes to small to medium businesses. And with the pandemic. We really saw a major uptick in cyber attacks and there's something very interesting stat if you will, I don't have a numbers but a trend rather that we saw that's extremely scary. Again, for the first time we saw small to medium business become the number one target not enterprise anymore. They can still get money out to enterprises they do but they go after us as individuals were the weak links were the ones that click on the links and open the attachments at will. They hit us from from all different angles. We heard about Colonial Pipeline we've heard about JBS foods. We've heard about target. Now with target is one I want to talk about because that involves a small to medium business. That was actually there. Ah, bad vendor is how that happened. Okay, so the H vac vendor
does interrupt you, Brian, but you're talking about Target. Target the we're trying to read target. We all shop at Target maybe Amazon. Okay, that's correct. Yes. Yeah. And then you're talking about the age back. Whoever they hired within one of the stores?
Correct. Ah, that vendor, right. So for four, he sent an email to someone that worked at Target. I'm not sure if they were actually in corporate. I should probably know that. I don't know if it was a specific store but they had a target email address. So the H vac vendor got spoofed. Now what is spoofed? spoofed means impersonated? Right. So someone that the bad guys got into behind the scenes behind the safeguards of that age back vendor probably wasn't very well guarded, right. Security so we got into their they impersonated that vendor sent an email to the target representative who then opened it up and let the bad guys in the back door and that's how target got breached. Hundreds of 1000s of records got
exposed. Okay. He talks about COVID though, is this. I mean some of these stories happened with your time on the bigger enterprise stores but what did you see trending going with around the time of a two year window essentially? You mentioned that earlier what was that about?
This is what's scary, so no longer do you have to be super technical to be a hacker. So now there's ransomware as a service kids, there's phishing tools. I mean, you can go on the dark web and get whatever you want. So with the pandemic, with a ton of people going being out of work, people got desperate so they did they manually went out of the dark web, ran roll the dice went on there got those ransomware kids teamed up with some hacker, it only takes a couple of few people to bring a company down
kind of like when you go network for the good you go to a leadership conference you shake hands with people, I meet you in a webinar. Okay, so you're saying people were looking for work? And so they're joining, they're literally going to the opposite spectrum, and potentially resources.
Is that scary? Okay.
Yeah, I mean, we've talked about the dark web. I think everyone nods their head. It's like in financial world, we say, oh, yeah, we know what an IRA is. But no one really knows individual retirement accounts or not with your employer. I think not everyone knows that fact. So we nod our head to dark web. Can you just give us a quick glimpse of what it really is? So
the dark web. When I describe the dark web, I use the iceberg illustration, right? So think about the iceberg up at the very top, you have that little top of the iceberg and then down below is the vast majority, right? So the top of that iceberg represents the surface wet. And that's what we use all day every day. That's your Google your, your your Yahoo, your any anything that's publicly index that you can just type in your web address and go to that site that's on the surface web. That's what we deal with all day every day. Below that is what's called the deep web. That's the vast majority of the dark web around the world wide web.
You do you log into these websites that are I mean, how do you it sounds really silly, but how do you get there? I mean, what is the real How would somebody I don't want to teach people how to do this. But I also want, you know that I am, as a parent want parents to know how this is happening. So this is part of the reason why I want this to be more tangible. Like I'm never going to go look for that. But how easy is this and how do people get into this? Far too easy.
So what I'm finding is even Google, is the dark web dangerous or what is onion, the onion Tor browser, so I'm gonna think about it again. It's got layers, right? So the dark web got layers. So with with that, I'm surprised at how many we talked about earlier. Last episode millennials and younger are fully aware of this and think that it is not something to be scared to be to be wary of. But toward t o r. I'll say and you can google it right now. That is a special type of browser that you have to download to get to the dark web. Once you do that. You're on the FBI Washington's guarantee. Yeah, they're keeping an eye on because they want to see the dark web is all about anonymity. So let's let's continue on that path. Right. So the Deep Web is the vast majority, that's government things, medical records, anything that has a layer of security, that you have to type in some credentials to get to it. That's the deep web. Below that is the dark web. So within the national military, the military sort of the dark web way back in like 1996 and then they made it open source so anyone could mess with it. 2000 And that's when the bad
guys got interesting. Oh, so
you 20 years operating down there. Yeah.
Okay. So I know that you had shared a couple stories with me not too long ago. We talked about target some of the bigger ones. There was, there was a story with one of your clients, I think,
a few of you a few good ones. So a dental dental practice. The owner. He was a breakfast fine. It didn't want to pay for proactive flat rate, managed it. He just wanted to call it it's
just I got a problem and recall somebody I'm not going to retain any other core elements of just like the team. It's just that's what that means. Break breaks fix person. Okay. I think a lot of the audience is probably one of those, right? We all kind of lump ourselves into that category. We're saving on expenses, but here's where it could be a problem. So go ahead. Thanks for letting me interrupt.
So he was a break fix. While they only call this when he needed and everything else he did on his own. He had like a NetGear router or something like that, which is something that you might have in your house. It's definitely not suitable for business. And he got hit with ransomware he got breached and it was ransomware. They wanted us to deal with one's point some odd bitcoins they wanted for Bitcoin or you can tell us they'll send you a link on how to go Convert cash to Bitcoin. So you can pay it.
So. Alright, so malware versus ransom, where? I think in my head, I hear malware and ransomware like, Uh huh, okay, but we're talking. There's a word, included, it's grandson. So we're talking about Pacific kidnapping. It's a variation of that. So can we talk about malware versus ransomware? And what, what that really means?
Sure. So malware is basically it's kind of a general term that's gonna refer to anything, any kind of malicious software that can be embedded code, something that can cause harm, right, that can bring your systems down that can pull data, right for PII, personally identifiable information that we talked about poor financial data, things like that, whereas malware ransomware is the nastiest form of malware because not only does is it pulling your data, but it's locking your files down. So when you go to log in you get that skull and crossbones type of a graphic that they oftentimes go out there and let you know that you've been backed and that they demand X amount of bitcoin or whatever form of payment. It's almost always Bitcoin in order to get your money or to get your data back.
Well, Bitcoin is because it's unlike not regulated so they can just guessing there's no
Exactly, exactly and as blockchain becomes more and more prominent than that will be more of a problem for those guys, but they'll find other ways to demand their money. So
you need to pay like okay, so Are there cases where people have actually paid and then they've gotten their records back?
Funny you should ask him. I just spoke this morning. This is
not a staged question. This is a real one.
Last year, they spent like an average of 955,000 per per attack for that was small to medium businesses. That's one stat so I'm willing
to get my stuff back.
That so that tells me that there's a lot of medium businesses out there that will probably hit like 2 million or 3 million, things like that, where and then you're balancing that out with the small guys that were probably hit for 50k 100k, something like that. So it's yeah, I wouldn't say I wouldn't bank on small business with a million dollar. That rarely happens from what I've seen. But but
even quantifying the time you're spending to be sure that you get things back and you're close. If you're not working, you can't work because you're shut down basically from your systems.
Your downtime, you had no one that accounts for downtime, they just think about that now that ransomware but I mean, what a small business that's down for a week, they'll lose hundreds of 1000s of dollars a week of downtime. Yeah,
it's your reputation if it gets known that you're getting breached. We know how that works in the world of media. We certainly wouldn't want to hire businesses that are under breach because we worried about RP I write the PII.
That's right, very good.
stat that I had was that 71% of clients polled said that they would leave a company that got breached. So think about that. Target might be able to handle 71% it to their business, but can SMB a small business, okay.
So when you think of it from the owners perspective, obviously protecting your clients and your business, but how serious is your team going to take you and if they're, you're not protecting your house. So I think it's kind of a full circle. It's very, very important thing for multiple reasons. But I think, yeah, people would leave potentially different variations of what could happen. It's important to just have that, that trust out there for whether the client employee, just anybody that you partner with.
Yeah, absolutely. So that's another thing that business owners have to heavily consider. When looking at vendors is vetting those vendors, how secure are they? enterprises like Target Sure, they might be able to handle a 71% of their business, but the HMI vendor for target, you know, absolutely. Small business.
Okay, so I know there's a number of stories, but we have limited time today. So can you walk the audience through what you mentioned to me about a year ago about you're hanging out in your house, got the kids in the house, I have some friends over and just some simple mechanics of the guest Wi Fi, having people log on to that. I mean, we just don't think that our kids are tapping into anything bad and then sometimes they might go into the app store and buy something Okay, but what if they're clicking on something or their friends are and then your business could be breached? Or even your PII person the personal information? Can you talk about that a little bit because I'd like some of the audience to just go Alright, I'm going to do something new today. I'm going to go get my extra people on my team with the the cybersecurity teams. At some point you will do that right. But what can we do today? To to protect our homes?
Sure. Okay, so great question because as well a lot of us are working from home, right? Or there's some kind of a hybrid some days of the week we're working from home. So now we are trying to couple our work band the bandwidth that we're using that we're taxing our devices through our technology with AR for work, as well as coupling that with all the Netflix streaming the video games and all that at home. So that in itself taxes your technology. So, number one thing you could do if you're noticing latency, it's if it's slow at home, upgrade your router right? More of a business grade router, because with that increase in performance, likely is going to cause an increase in security as well, which is what you want. Not only that, but the ability to segment off guest Wi Fi network versus your internal Wi Fi network, or for that matter, your work versus your home check if you don't have a whole lot of guests over. But you nailed it. So when I talked earlier about the dark web and kids getting trying to you know, it's dangerous, more dangerous than ever because young people aren't afraid of it and they're trying to go down there. So with that, you know if they're trying to go tap into the dark web, some device from your network, yeah, you're in you're in trouble. Or they're bringing their dirty laundry into your place right with on their, their phone, their their laptop, their tablet, something like that. Then then your major risk there. No offense to droid, but Android is a much less secure than iPhones, iPhone, definitely embedded security and all of their updates. They're also much slower to the game when it comes to all the cool gadgets. That
the stuff I use say that because it's almost a political conversation. Apple versus Georgia candy because some people go oh, you're dried up. I'm apple, and there's this IRA. So I get that a lot in business or I love droid products, because of some of the efficiency and the the latest, the camera you know quality. And so the our people will say ours is still as good and I'm like no, I don't think it is so you're validating that but the catch is, the security could be lacking in that arena. So that's interesting that you say that and my husband will appreciate a little bit of a plug to drive. But but the security is not as strong so that's interesting. With
withdraws I don't want to interrupt but I just recommend withdraws you know against security, some kind of something on there, Norton, some there's different Malwarebytes I think or something out there. So different things for the security side of it and only download things from your Google Play Store. Right? Like for Apple, it's only downloads,
okay, because that's all right. If they're on the Play Store, they have to be it's legit. They've been vetted, right?
Yeah, they'll still pull apps off because they slipped through the cracks, if you will, but But yeah, that'd be more vetted. By going through so don't just get some link that's on that comes through or text that's, that's called submission.
Oh, my fishing. Okay, so seeing is more email related. And it's missing
smishing this text I feel so old fishing. All those all those phone calls you did that's called fishing.
Because that's like a voice for the Wii. Yeah. Okay. Yeah. I feel you were mentioning being old in our first episode. Well, we're similar generation but now you're making me feel a lot more hip but it is kind of kind of fun to hear how these acronyms or words they all make sense. They're very clever. Anything
very try. certainly try. But but the text you know phishing stuff. That's that's what's really getting people these days. They'll just click those random links and then you get
in touch. And so I feel like sometimes the older generation, my mother father, they'll be sharing things all over Facebook Messenger. That's another one. Just I would say don't click those links. Would you agree? Because sometimes our parents are sharing things just like oh, this is interesting. And then the hackers can look at that behavior and then once you start clicking on those links, again, it could cause a problem through the app, like Facebook.
God bless them. Our seniors and our toddlers are the most dangerous ones because oh my god, you know your four year old has downloaded every game possible. Your card was by a credit card. Right? Then the seniors they get targeted like no others because they are not as savvy.
And that's a whole other topic. A friend of mine, who's a gerontologist. I mean, this scams that's a whole other multiple episodes in itself, and it's unfortunate so well, I feel like I'm a little spooked, but in a good way. I feel like I'm a little more hip and educated. So hopefully the audience feels like that too. Because of you, Brian. So I really appreciate all the information today.
I really appreciate you having me on. We could go on
forever. If anyone that has questions for you. I'm gonna give your contact information in the description boxes. So I know you're the guy for questions and answers and implement implementation, if necessary, but sounds like majority of the audience will need some, some or all things implemented. So again, I really appreciate it and we'll see you in the next episode. And thank you for all the pathways listeners. All right. Have a good one.
This transcript was generated by https://otter.ai