RCR 006: The Why for Cybersecurity - CISSP Study and Training

Description:  

Shon Gerber from ShonGerber.com reveals to you the steps each week the information you need to best protect your business and reduce your company’s cyber risk.

Shon provides cybersecurity for business training and how you can begin to address the cyber risk for your daily business. In this episode (Part 3), Shon will address, "The Why" and why you should be concerned about cybersecurity for businesses, especially as a Small and Medium sized companies.

Transcript:

Welcome to the reduce cyber risk podcast where we give you the tools you need to meet your regulatory requirements while helping keep the evil hacker Hornet Bay hi my name is Sean Gerber and I'm your host for this action packed and forwarded podcast join me each week cuz I provide the information you need to best protect your business and reduce your company's cyber risk okay so we can talk about cybersecurity for business we're not going to talk about the why why why are we doing this what's the point of it well some some statistics with cyber-security and these may or may not Shock you but at the end of the day that they're basically to give you just kind of an idea of where this whole cybersecurity pieces going and how it potentially could affect you and your business so JP Morgan their cyber security budget 50 million dollars is round what they're spending I think it seems a little high but I know it's in the hundreds of millions of dollars where they are spending on their cyber security budget no JPMorgan obviously they do with gobs of money I mean like trillions of dollars so that makes sense now that doesn't include include people that are involved in securing it housing people to all together who is big as they are that that does make some level of sense I don't know if the hundred million is is correct or not but bottom line they spend God's money double cyber security spending has doubled since 2010 from a statistical standpoint you may be going that's that's good I think that's a lot of money however the amount of data and the amount of systems that have expanded in the cybersecurity space has Wale more than doubled in the number of them so in reality I think I still falling behind and I also believe though that you can't spend your way into protection no matter how much money you spend the hackers are going to get into this you just have to decide on how to spend it wisely one of them was cyber-crime and by 2021 is going to count for six trillion dollars is a Gob of money and boys my mind that it's that much well that makes sense that cybercriminals are going to go after it because it's about the money it's all about the money six trillion dollars it's very lucrative to be a crook that is trying to steal this kind of stuff however there was a serious downside to that you might be thinking by hearing this maybe I should be well is a fact that if you decide to be a crook and and be a cyber hacker and steals people's stuff there's also a lot of organized crime that's already in this space rolling into it one you're going to start impeding into some of their business and they may not look too highly on that the second thing is if you do it from a country that doesn't have reciprocity with United States or other Western Country you might just get a custom to living in that country now that may not be a bad thing if that's all you've ever known but it was a recent class a recent there was a gentleman that was doing a bunch of hacking from the Ukraine and he decided to go to India on holiday he got the India and the FBI was waiting for him so yeah you can't leave Ukraine and that can always change their political winds may move and you may end up getting extradited so cybercrime may sound great as far as from a money standpoint and that people quote unquote don't make Nestle people do it does affect them dramatically and affects everybody so I got a kind of belabor that point just don't do it what is 420 7022 be 2017 to 2021 is expected to be about 1 trillion dollars in spending get me 1 trillion dollars in cybersecurity products and services that are going to go from basically 17 to 2021 what is that for years right roughly about 4 years that's incredible and that's why you're seeing cyber security companies pop up everywhere the attack surface and I say this is that how many things are going to be at on the internet that are going to be available to be attacked they're saying the coast of 6 billion different items by 2022 that is flipping incredible I mean earliest incest everything from the camera that I'm talking to anything I mean basically use your iPhone's to use the sensor that's on your water meter at your house and you like that so all that stuff is connected 302 things so other what are some of the low-hanging fruit so what if your deal with cyber-security from an attacker standpoint are low fat hanging fruit they're just like everybody else they're lazy they don't want to work anymore they have to and I don't blame them I would do so what are they going to do for small and medium-sized businesses we've kind of talked about this before is because lack of cyber knowledge they don't have a budget and the other quote that we've seen before numerous numerous times again is 60% of businesses that are hacked usually go out of business within the first year so I mean in any other thing is we've seen and you'll see it again over and over is that these compromise businesses will be used to Target other companies happened with Target happened with the US power grid with the Russians at Target a third party vendor to get into our Network so again it's should be a good reason why the ransomware just from 2019 equated to 11.5 billion dollars just in ransomware so basically for a piece of data that will encrypt your hard drive and that you have to pay the ransom on was 11 and 1/2 billion dollars I mean it's just crazy you'll be wants intellectual property theft and that's someone's gotten your dear to my heart is that it's what do you do to protect it and there's more and more things out there they're trying to steal our at the IP of companies and it's not just nation-states it's individuals but also think about the the centrifuge centrifuge yeah something that's kind of like The Descent I can't use $10 words very well but bottom line is is that the deception that you see on the internet if if I am you soon that if the Chinese Chinese country was Go China what country is attacking me write my little little island in the middle of the Pacific I have the island of me and they're attacking island of me and I'm taking my stuff Metro property is behind the double doors and all that fun stuff but it's connected internet and they're trying to steal my IP those darn Chinese okay something about what makes you think the Chinese could it be somebody else give me directions to be Israelis Anaheim California that is using a Chinese server to attack you don't know you make the assumption that it's a nation-state now granted Chinese airplane that looks a lot like rf22 and maybe a little but in most cases attacks just because it's coming from a country does not mean if that country that's attacking or somebody was in that country is attacking you good example in China what is an example of China China you'll see a lot of internet cafes right they're all over the place will these internet cafes I've got jobs people in them what makes you think I can't just hack that internet cafe on machine of the internet cafe from let's say Russia and attack United States or attack or someplace else it's coming from China but in reality it's coming from again deception so again intellectual property theft a little bit long on that probably more than I should have but anyway Target's pride and also make a statement that's why they do it a lot of times guys got you go to size of Texas this is a very big state they may have bragging rights with her other nefarious individuals that they did this did that possible make a statement right all these things happened but in many cases that's just a bar what it really comes down to it it's all about the money okay natural incidents disasters man-made net incidents power outages backhoes software error nothing is sulfur's being cranked out so fast right now how do you know that it's all clean if you go to Google Store there's all kinds of apps that get out put out there that they have to take down eventually right cuz they don't have as good a wedding as it possibly could software Hardware updates Logitech mouse Logitech camera watching so I'm assuming the Logitech wants to go and put the firmware on this they put their firmware out there now all of a sudden my camera doesn't work anymore what happened did it basically turn my camera into a brick right didn't plan on doing it but they did so that was basically something like as an incident that was really not planned but it happened we make a lot of assumptions that all of this electronic stuff is like almost magic and it just works but there's a lot of ones and zeros behind the scenes that make all of this stuff happened but there's it's very very fragile and any of it could go down at any point time we talked about some of the impact from having an incident how can range from damage of the information so you have your information say your 11 herbs and spices from KFC and you know that these your 11 herbs and spices however somebody got in there and switched out garlic for tomato paste toothpaste is better from being garlic to toothpaste probably not a good idea so now that could be information data could be manipulator missing penalties in legal fees okay guess what just strap on big boys and girls because when it comes right down to it if you get breached you're going to be paying it through the teeth for getting legal fees it's just going to happen to have every lawyer going to come out of the woodwork going I need to be involved into therefore I'm 300 bucks an hour to have fines and penalties on and it doesn't matter that David a candlelight Levy fines on anybody write gdpr another one what percent of your overall gross revenue okay that's huge so all those things are going to happen to you reputation reputation takes a beating because of a breach so now you got to explain it at your shareholders if you have shareholders what happened explain your customers what happened and you got to have some remediation behind it what if you don't have a remediation and they ask you what's your plan I don't have a plan well that's not usually a good thing well that's where reduce cyber risk is here to help so again that's your reputation loss of critical information information that makes your business work kinda love falls in the lines of Electro property but if it's a critical critical to your business and you lose it that would probably be a bad day credit if you got credit wasn't other vendors and so forth and you could lose customers again back to the reputation aspects so here's some security takeaways write these of these events do affect every business K don't even try to think about that they won't get me it will get you at some point time and if it never does you are one lucky person because it's going to get somebody for some form shaper another couldn't be hacked it could be you know what your database gets corrupted due to Billy Bob hitting the button that he shouldn't he or she shouldn't have so it may have it right small businesses will see you soon formation security is too difficult or too many resources guess what if you think that you're wrong do not think that way nice to cyber security guy telling you that so guess what yeah it's probably a little bit of self-sacrifice something like that my dad got a business Mercury Insurance why because it use Insurance dude that bought cybersecurity insurance this is a guy who 70-something years old and in reality guess what that's like so far beyond it but he's planning for it you got to make sure you do plan for him and view your business as a business strategy and it will reduce your risk you got to look at Cyber as a business strategy for your business otherwise you really are setting yourself up Anthony think about from Brothers being negative asset K1 to keep employee if you're thinking about information security when you innovate ideas and how could this be affected by getting a breach that would be positive right so if you're a developer and app developer think about security from the secure software development life cycle how do you protect your stuff right also understand there's no Silver Bullet at all and no one is completely secure anybody who tells you that we can secure you 100% there lying to you okay it is the only way that you can secure yourself a hundred percent you need to do that then you also need to lock it really good and you need to turn off the power to it okay need to unplug everything and let nobody in it then it's a secure room into secure network there is no Silver Bullet play so when this episode we went over the cybersecurity stats fruit on what does hackers was do their motivations behind it and other incidents from natural disasters man-made and so forth and then the impact from an incident and how that could affect your specific business and what you're trying to accomplish security takeaways on there is no Silver Bullet you need to plan for it