Jul 25, 2019
Soon we will 50 years of the moon landing, why do some think we were never there?
The cybersecurity gap and flaws in both iOS and Android apps.
The U.S. launches a cyberattack on Iran
How much liability do you have for a data breach?
I am planning a Security Summer for my listeners. I will have some free courses. I will also introduce you to some of the software that I use for my clients and how you can use it too. Also, I have some limited opportunities for businesses who have had enough with their security issues to work with me and my team and put their security problems to rest once and for all. So watch out for announcements on those.
For more tech tips, news, and updates visit - CraigPeterson.com
---
Transcript:
Below is a rush transcript of this segment; it might contain errors.
Airing date: 07/06/2019
In a few short weeks, we will celebrate 50 years of the moon landing. The cybersecurity gap and flaws in both iOS and Android apps, the cyberattack on Iran and data breach liability.
----
Craig Peterson
Hello, everybody and welcome course, this is Craig Peterson, your
host for the next time, give or take 27 minutes, we're going
without commercial interruption again, we are going to be talking
about some of the details of our lives are digital lives. And with
the 50th anniversary of the moon landing coming up, we wanted to go
through some of the facts there, because we've had a lot of people
who seem to be confused about it. And it's kind of amazing to me
because I remember it so well like it was yesterday. But it's
amazing to me to think that more than half of the people alive
today. Were not alive when the moon landing occurred. And, you
know, that's just a matter of perspective. So you're, you're
talking to me, and I'm a little bit older, I guess. And then most
people if that's the case, but anyways, talk a little bit about
that, the cybersecurity gap. And some interesting observations that
were in Forbes magazine here this past week about it. flaws in our
iOS and Android apps, you might be surprised. But there are
security flaws in almost as many iOS apps from Apple, as our
Android will tell you why. And what those are. We have some new Mac
malware that's out there right now. And this is an interesting one
because this could go both ways. You could call this a user error.
Or you might want to call it a security problem that Apple has, or
maybe Apple created, but it is behaving the way it's supposed to.
Third-Party contractors, this comes from this week, I did a big
presentation for University of New Hampshire group here. It is a
mastermind group of CEOs. And we were talking about the biggest
liabilities, and more than 60% scent of your fast is coming from
inside. And that includes contractors. So we'll talk a little bit
about that couple of warnings here from 3 am, about business
travelers, we got to talk about this, the US has launched a cyber
attack, instead of launch launching a kinetic attack, and we'll
talk a little bit about the implications to you and your business
because of that. And there could be some enormous implications
there. And a little bit more here about liability for a data
breach. So we're going to talk about all of this right now. So
let's get into it. First off liability for a data breach. As I
mentioned, I had a great presentation, and I think it was created
at a lot of compliments on it, as I spoke at this mastermind group
for the University of New Hampshire. And it was kind of fascinating
because there were several different CEOs, I guess this group has
kind of a non compete thing where none of the members can compete
with each other. I'm in a mastermind group, a paid group and there,
they don't have that restriction, you have to be a good person. But
there are people in your same line of work, I kind of like that. As
a general rule, there is a lot of business out there for everybody.
When you can talk to someone that speaks your language in your line
of work about what's happening is important. I had a few people
comment afterward, the stories that I will Vin about clients of
mine, that have had security problems, we're unable to solve them
themselves. You know, they tried, obviously, but they weren't
successful, because they got hacked, they got breached. So, you
know, I use a lot of stories with some of these things. And when
we're talking about a data breach and your liability, I did bring
that up this week. But it's huge. And we're talking about an
average cost right now, for a data breach of over $7 million. Here
in the US, it's 3.8 million average, worldwide. But it's about
twice that here in the United States. As we look at some of the
data breaches, it's going to continue to grow. There's going to be
more and more companies that are failing to assess their systems
for security flaws. And that's why you got to have a third party
come in, and you can't trust your CIA. So your security person to
do these types of audits, you need a third person to do it. And
then you have to plug the holes. And sometimes you can have that
third party do it because maybe they know what they're doing. Many
times, if you're a slightly bigger company, and you have your own
IT staff than your it, the staff is going to do it. But you got to
think about who when you get hacked. What are you going to do? Your
data is gone, you know, are you out of business is your goose
cooked is the expression, great article, and Kiplinger that I have
up on my website right now about it? And are you as a business
person on the hook for any losses sustained by the client, and I
spent some time in the presentation talking about insurance. And
that is an essential thing to have. for your business. However,
more and more of the cyber liability insurance claims are getting
cut back or even denied. Because the company hasn't been doing
everything that they should have been doing, even not doing things
are listed in the contract insurance contract. So two main ways
that civil liability for a data breach can occur. One is finding
negligence. You have to be aligned with the peers in your industry,
the best practices if you will. If you're not if you could have had
better protection, then yes, indeed, you may have civil financial
liability and some of those governmental fines we've talked about
on the show before. And secondly, even if you did everything that
was required to prevent a data breach, it could still happen. So
then the next stage is, did you do enough after the event to reduce
the harm to the people affected? You know, did you notify them
right away? Did you take immediate investigation remediation steps?
Did you contact law enforcement? What did you do after the fact is
considered reasonable? All the things we need to keep in mind as we
are business people. And having that plan in advance can save you a
ton. I went through some of those statistics as well. Here are some
good points for everyone to pay attention to one have a breach
coach who can help you put together your breach plan and then run
the ball response and get an attorney involved getting them
involved early. Everyone should know what their roles are. That's
part of what we have, that's going to be part of our security
summer this year. So make sure you're signed up. Because we have
some documents about what your plan should look like who should be
involved whose responsibility is each part of that, then so that it
just makes a huge, huge difference. These people who are most
liable if you're a consumer, and you've had your information
breached, pay attention to this as well, because you have the other
side. One, if you collect payment information for online sales, if
you maintain a database of personal information on current past or
prospective customers, and say you have employees, if you store
information about employees digitally, including social security
numbers, medical information, guess what we're getting into their
the HIPAA regulations, I bet you thought if you weren't a medical
practice, you didn't have to worry about it HIPAA while you do if
you have employees, if you rely heavily on technology for daily
operations, remember, you're going to be out of business out of
operation for days, weeks, or even longer. If you are located in
any jurisdiction that has a mandatory Breach Notification laws.
Right now, that is true of everywhere in the world. Well, you know,
the first world countries, if you will, the United States has them.
For every state, there are some federal notification laws.
Depending on what type of business you have. Same things true in
Canada, the same things true throughout Europe. So be careful here
too, with cyber insurance coverage. And we talked about that this
week with the UNH co people, and what you should have what you can
expect from cyber insurance coverage. And again, we'll talk more
about this during our security summer, and if you haven't already,
make sure you sign up, go to Craig Peterson dot com, and you'll see
a sign-up, come up right at the top of the homepage, you can sign
up right there. And I'll let you know when the security summer
starts. But we're going to be covering all kinds of stuff about
firewalls about backups about the liabilities, CEO type things
through home users, and what you can do what you should do. Mac
This is called malware. As I said, I kind of debate, whether it is
malware, because the software is behaving as expected. Mac OS has
something now called gatekeeper. And it keeps an eye on the
programs on your computer, what you download where it came from, is
it signed. And it allows developers to have software that you
download that is signed, and then refers offsite to allow you then
to get additional files, get it a database server. And in this
particular case, that is being talked about over on ZD net. At
lunch, you gain access to a file server, and it's called an NFL
server. And this is the calling that ZD next call is a security
flaw. I'm not so sure it's a security flaw. Apple has known about
it for a month, they haven't patched it, it would be easy enough to
patch, but it would also break a lot of good software out there. So
here's the trick. If you're running a Mac or a PC or anything, do
not download software from sites that you are not 100% confident
can be trusted. It's just that simple. It's back to the brass
tacks. get right back to it. What are the brass tacks and security
one of the first is don't click on stuff? In particularly don't
look download and run software that is on your, you know, on a web
browser that you're putting on your computer. Now we know President
Trump said he was going to respond to the Iranian aggression and
shooting down is drunk. And there's dispute by Iran whether or not
the drone was in the Iranian airspace. And there's some question
about that, too, because the United States, for instance, claims a
200-mile jurisdiction. the international agreement says it's a
12-mile zone, and some are 20 miles, and the Straits of Hormuz are
I think it's 12 miles there the narrowest point. So was it an
international space? Technically, yes. Did Iran claim the space it
was in as their own? Well, they did. So President Trump pulled out
of this kinetic attack, we were going to bomb, there, the radar
installations and the missile launch in facilities. It came out
this last weekend that we hacked them. Now, I found out something
exciting about this Russian power security breach that happened a
couple of weeks ago, don't know if you heard about that. But
apparently, we broke into and had control of several Russian power
stations located in Russia. We flipped the lights on and off a few
times to let them know - Hey, guys, we're here, Quit messing around
with our elections and Quit messing around with any other stuff
that's out there. We have that capability. President Obama put some
cyber offensive capabilities in place, and President Trump has
upped the game there. And apparently what he did this was the
report from last week weekends he authorized our cybersecurity guys
to attack Iran. Now, when Russia attacked Ukraine, of course, that
piece of malware spread worldwide and brought down hundreds,
thousands of computers, s down, taken off the internet, and many
others were ransom because Russia did not have control over that
malware. We got malware into some of their missile launch systems.
And we were able to shut them down. And possibly it didn't spend
any farther. Just like when we got into their centrifuges for
making bombs for their purification of uranium, that code did not
get any further than the centrifuges and destroyed them. Now, we
went after them, and US businesses now should be ready for what's
going to be a massive attack from Iran. We remember Iran doesn't
have the finesse we do, and they don't have all of the talent that
we do. And they don't care if they're hitting a military target or
not. When it comes to CYBER WARS, these retaliatory strikes from
there are very likely to hit pretty much anybody here in the US.
They've already been attacking us before President Trump launched
this attack, apparently against them. According to The Washington
Post, Iran has been bombarding US businesses with software designed
to wipe the contents of networks and computers, rather than to
steal their data, which is rather interesting. It was from Chris
Krebs, a director of the Homeland Security department's Cyber
Security Division. And what that means is if the Iranians get ahold
of your business systems are your home system, they are going to
wipe it clean. So make sure you have excellent backups.
Again, if you don't make sure you attend my training here my security summer because we're going to be going over that this is free people. It's free for anyone to attend, you can upgrade if you want to that's paid. But you're going to get all of the core information absolutely for free. And I think we're going to do it is no matter where whether they pay you or not, you're going to get all the information for free. The same data, let me put it that way. Whether you decide to get the golden ticket, or Jessica can do it for free, that that's what I'm doing for the radio listeners, anyone can attend because I want to get this information out there. So be prepared for the Iranian attack, they've already started attacking our businesses, we've already had North Korea attack Russia. I mentioned this that the CEO presentation I gave this last week for the UNH group. I was looking at one of our customers, just at their website, and looking at the firewall because we have some very advanced firewalls sitting in front of even web servers. These firewalls that we were looking at just for that one web server, we were logging, five attacks, which was just crazy. Five attacks from Russia! It wasn't as I said, it wasn't only five attacks from Russia, it was five attacks per second, on average, over the last 36 or 48 hours. It was just crazy how they were getting just nailed, nailed, hammered. You guys already know, if you listen to me for a while about a client that we picked up, that had been having email issues. We looked into it, and we ended up we asked the client, it was okay to do this. We ended up bringing the FBI in because we found Chinese back doors into their systems. And they were a manufacturer, they had all of their plans, of course, electronically, all of the manufacturing, etc., etc. So now what now they get to compete against China, with their designs. Amen. To me, that blows my mind, frankly, how could you? How could you do that? It's, but it's ignorance. It thinks you're okay. Going back to this story, let me go back to this is the one from Kiplinger, I was referring to earlier here, here's a great little quote from the author here, Dennis Beaver. He said my father is a dentist, and up in years, his office has all of his patients records stored electronically, which he accesses from home from his laptop by leaving the server always on at the office. I mentioned this to a geeky friend. And the next day, he showed me dental records from my dad's office that he had hacked, he claimed to be doing this as a favor to get my father's attention about cybersecurity, and I believe them. So by the way, be careful, don't just to that without permission. We have ethical hackers in my business here, who are doing penetration testing, but we make sure we've got full approval from the company. So don't, don't just go and do this. So the story goes on. I told that, and he immediately changes passwords but didn't seem too bothered. There was another one. I knew one fortune 500 companies CFO who used the same password for over ten years, most think that it's a joke, but it was improved. It was not so funny after they found his credentials in seven data breaches used to hack the company's email servers, spoof emails, and steal 10s of thousands of dollars without anyone noticing for months. We picked up a client here, a local one here in the northeast who had had $80,000 taken out of their operating account. Of course, they noticed it quickly, but not before the money was gone entirely. So be very, very careful, we're going to cover these things in our security summer, again, just Craig peterson.com. And subscribe right there on the homepage. And we'll let you know when that starts. That's probably going to be mid-July by the looks of things right now. And we're talking about 10 to 15 minutes sessions a couple of times a week. And we're going to keep them up for least a week in case you miss it so that you can watch one of the replays a little bit later on. Okay, man, we are almost out of time here. 76% of mobile apps have flaws, allowing hackers to steal passwords, money, and text. These are some high-risk vulnerabilities that are common across Android and iOS, Android has a little bit more risk than iOS, were talking about, but 5% higher risk. And this is according to a company called positive technology. And they went in and looked at some of these mobile apps and the biggest problem in secure data storage. So be careful about that.
Again, Cisco has an answer to that. And with iOS, it's just phenomenal. Nobody has anything like this other than Cisco. But be very, very careful because there are other products out there that could be useful to you. But remember, any data stored can be stolen, you can't necessarily trust the app developers, they might be taking your data. Great article, you'll see it on my website. It is from Forbes, and this is about the cybersecurity skills gap and how classrooms are not the solution. Have a look on my website for that one. Business travelers, something new called visual hacking coming from the Czech Republic. Again, that's up on my website and in this morning's newsletter, and the US launches a cyber attack aimed at Iranian rocket and missile systems. I'll talk a little bit about that. We've got a couple of great articles, online. I spoke with the UNH CEO mastermind group this week about third party contractors and why they are our weakest cybersecurity link. And they're just not being held accountable. You know, if you ask people who are the biggest cybersecurity threats out there, who have I talked about today? I've mentioned what Russia, China, I mentioned North Korea and Iran. You'd be right. But those countries are the most significant foreign threats. As I said this week at the speech I gave, the real problem is internal. And by internal, I don't just mean your employees, I mean, your contractors. It's one of the things you have to go through you have to consider penetration testing, taking an analysis of your business, and the data security. Here's the Customs and Border Protection. I talked about this a couple of months ago, on May 31. So it wasn't even two months ago, they had a breach where 100,000 people were photographed inside vehicles, crossing the border in a couple of lanes, and included images of the vehicle license plates, maybe some other stuff that was that stolen, it was taken through a third-party contractor that was doing work for Customs and Border Patrol. The most signal severe breaches of the last ten years have also been self-inflicted. So let's look at this one. It appears in The Hill from Flexiera. Patches were available for 86% of the vulnerabilities on the day of disclosure. In other words, when these companies came forward and told people about the hacks that had happened 86% of those hacked, it didn't have to happen, because there were patches out already. Okay, other breaches. They gained access by compromising third-party vendors like were talking about and stealing their credentials to log into the corporate network of the eventual target. Speaking of Target, back in 20 1340 million credit cards lost through a third party air conditioning provider that was hooked up to the corporate network, all they had to do is break into the air conditioning system. And now they had a launchpad. Think of what happened out in Las Vegas, a beautiful big fish tank, and they put a smart controller in it that would warn them when their temperature got too cold because the fish are so expensive. It was hooked up to their network, and it was compromised and used it as a launching pad.
We see that all the time with cameras security cameras. They breached the Office of Personnel Management through Key Point government solutions. A third party used by the Office of Personnel Management. And it gave China 21 million personnel files including background checks on top security clearances. In 2017, Australian defense subcontractor lost 30 gigabytes of highly sensitive data, including information on the Joint Strike for Strike Fighter program. Crazy. By the way, they had not updated their software in 12 months. In 2018 China compromising network of yet another defense contractor doing work for the Navy. Our technology, our advances our military superiority were stolen from us, again, from the hill in an assessment delivered to Navy SECRETARY RICHARD Spencer in March and reviewed by the Wall Street Journal, the Navy and its industry partners are under cyber siege by Chinese and Russian hackers. So think about all of that when you are thinking about your business and even your home computer.
Segment your networks, break them up, use good passwords, this
is all stuff we're going to review in our security summer. Again,
Craig Peterson calm, you can say him, email me and I'll let you
know when it happens. Me at Craig Peterson calm. We're going to
cover all of this. So you guys know what to do, whether you're an
individual, or small-medium business because in most companies face
it, who's the computer guy or gal? It's whoever likes computers the
most, or maybe whoever wanted to raise they're not necessarily
computer professionals. And it's extremely, rare that their
security professionals, security professionals, you know, we're
working every day trying to keep up to date. And I've been doing
this for 30 years, and I'm still learning stuff. So be careful,
hire outside firms.
Okay, blah, blah, okay. On to the Apollo program. There are many
people I read a book, and I remember reading this back in the early
80s. And I marked it all up. And it was about how the lunar landing
was a hoax. Hollywood has made some films about it. And more and
more kids nowadays think the whole thing was a setup. So this is a
great article, written by Ethan Siegel. There you go. And we are
talking a little bit about the moon landing. So let's go through
this. People are saying that the entire space program and NASA is
nothing more than a hoax. But let's get go through a little bit of
evidence. Number one, we can still see the evidence of the Apollo
program on the moon even today. If you walk on the sand on a beach,
the waves are going to level it out, and there won't be any sign
that you were ever there. Right. But none of that exists on the
moon. Even in the Sahara Desert on the sand, you've got the
shifting winds that shift that sand around. That is not true on the
moon. We have pictures from regular people of the moon of the
landing site, Apollo 12,14, and 17. They photographed those from
Earth. On the Apollo 12 landing sites. There is a ton of stuff
you'll see this article. You can view all of the pictures. It is
from Forbes magazine. You can see it up on my website at Craig
Peter song calm. I have a link to a number to extensive
photographic and video evidence from the Apollo missions
themselves. The one I like the best is one that I am most
personally familiar is the lunar Laser Ranging retro-reflector, and
there are many others. But this is one that we HAM's us we can
bounce off of the moon there's a reflector that was left up there
by the Apollo missions we can bounce a laser off, and we use that
scientifically to figure out how far the moon is away. But there
are also lunar sighs month the seismometers there is the solar wind
composition spectrum lunar surface Magnum, Magnum, meter,
magnetometer, lunar dust collector, many more. All were left up
there all ran for years. Some of this stuff is still running so we
were there to let them tell you otherwise. Take care, everybody.
Make sure you sign up for the security summer. Craig Peterson dot
com, take care, everybody. Bye-bye.
---
Related articles:
Hillary Clinton and CyberSecurity — In What Universe?
What Did You Say? The Forever Recordings of Alexa
The Landscape of Streaming TV is Changing be prepared to Pay More
IoT Insecurity Its a Problem for Businesses and Consumers Alike
Didn’t Update Your Outlook — Watch Out For Iranians Hacks
Crypto trust is costly and hidden
Organized crimes latest drive-by’s attacking website visitors
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553