Aug 8, 2020
Craig discusses How to check and see if you have been a victim of Cybercrime.
For more tech tips, news, and updates visit - CraigPeterson.com
Automated Machine-Generated Transcript:
[00:00:00] We've been going through the IBM data breach and we're bound to talk about nation States. What are they doing to us?
Stick around. Here we go.
Hey, Craig Peterson here. I want to thank you guys for joining me. If you are interested in this sort of thing in security in general, whether you're a home user. You're a small business owner. Maybe you're the person responsible for cybersecurity in the organization. Right? Who am I? I'm the operations manager, I am the general business manager and you got stuck with security as part of your job description. Hey, this is the place to be and make sure you are on. My email list, Craigpeterson.com/subscribe, because I want to keep everybody up to date on that. I also enjoy talking about
[00:01:00] some of the cool stuff that's out there and the consumer. So, you know, it's there for kind of everybody that likes the technology. I am somebody that tends to go kind of deep. I don't go so deep here I go a lot deeper in my courses, but I go deeper than anybody else on the radio. I get comments every week from people just so thankful that I do that, right?
It's a bit of a risk. You gotta be really good at explaining things. If you are going to be able to go deep at all, especially on some of these technical topics.
So let's get back to our friends here over at IBM and the latest report that they have released. And let's talk about nation-state attacks. These are a little less common than they used to be. But they come and they go, and I think they're less common because the COVID-19 frankly, but they are also the costliest. IBM saying that
[00:02:00] nation-state actors caused 13% of malicious breaches while 50. 3% were caused by financially motivated attackers, but again, nation-States were the costliest.
So here's what we're looking at here. This is the average total cost in US dollars. And over on the side of you watching this on the video side, you'll see the share malicious breaches per thread, actor type. So nation-States four and a half million dollars average cost. Unknown where it came from. Right.
And the nation-States are pretty good about hiding who they are. A 4.2, $9 million hacktivists 4.28 million. And these are the people who are trying to push their agenda. Right. They have a religion about, uh, you name it global warming or socialism, communism, fascism. Right?
[00:03:00] Those are the hacktivist people and financially motivated.
Right? 4.2, 3 million. Now you notice that although the nation-state actors are the most costly, it's not by much. Okay. So what do we learn from this? Any sort of compromise where they have broken into your systems and stolen data is going to cost you no matter who does it now, the effectiveness of incident response grew over the last year and that's really good.
Really good thing. You should have an incident response team. And I have, if you're interested, I have a handout that we put together. It's I can't remember. It's like eight or 10 pages, just kind of high level, who should be on that incident response team. And I'd be glad to send that to you can just email me M email@example.com, but it explains incident response in
[00:04:00] case this again is kind of new to you.
What the titles of the people who are part of this should be how you should integrate legal human resources. The business owner or CEO. Okay. So I'd be glad to send that to you. M firstname.lastname@example.org, but, uh, you know, organizations that had an incident response team and tested it, average breach costs of 3.29 million.
And. If you didn't have an incident response team or you weren't drilling your incident response within the organization, it costs you $2 million more, 5.29 million for business organizations with neither incident response teams nor testing. That's pretty darn big. A mega-breach. Oh, I should point out too, by the way, the car savings for having an incident response team and I are testing $2 million.
Right. And that's,
[00:05:00] that's the number I just gave you, but I wanted to drive that point. Home is not going to cost you $2 million. I have a good incident response team and to practice incident response drills with everybody in the organization, mega breaches. Now, these are where you have more than one.
Million records that are stolen. That's called a mega breach. It doesn't happen very often, but it happens every year, multiple times. So the average cost for a mega breach of 50 million records, which is nothing. Look at Equifax, right? It was over 200 million people's personally identifiable information. So the average cost of a mega-breach is.
Through almost $400 million. So we'll leave it there. Um, This goes into how many records. So if you just have one to 10 million records that are breached well, that's a $50 million cost to you. Uh, and it goes up from
[00:06:00] there. Okay. So you can find all of this. I've got it up on the screen at the ibm.com/data breach.
I hope you do check it out. Cause this is important information for everybody. Okay. So data breaches are a very, very big deal. And we have to understand them. We have to work with them. And as consumers let's put on a different hat, you really need to be looking and something else. So let me show you something here.
Uh, okay. So I'm going to pull this up. I'm going to put it on the camera so that those people. Who is watching this on video can see it, but this is a site called have I been pawned? So let me pull up puppy here and you can put in your own email address. Now. Some people. Pay for services that are like this.
And you know, if you want to pay for
[00:07:00] them, I guess. Yeah. Go ahead and makes you feel better. Uh, this is absolutely free. In fact, you can sign up and get alerts when things happen. I remember I told you 12th, these mega breaches look at these largest breaches. This particular one had 772 million records. So, what I'm going to do is I'm going to enter my Craig.
At Craig peterson.com email address. Okay. And a, you could certainly send me an email there if you do. I may or may not see it, right. You're better off using me at Craig Peterson, but this is my old address that had been up there for a long time. So have I been pawned is all spelled out, but I shouldn't say pwned, it's spelled Let H A V E I B E EN like, have I been, and then pwned misspelled, P w N E D P w N E D. So, check it out right now! How have I been
[00:08:00] poned.com? So I'm going to check and see, has my email address shown up? So it's saying, Oh no, pwned okay. So it says there were four breached sites and no pastes. Now the pace is a completely different thing, but it's just a different way, of the bad guys sharing your information online.
So it's telling you who I'll look at this one. The password is what you should use. You should have two-factor authentication, which I talk about all the time as well, and subscribe to notifications. Cause he will. Provide with notifications. I suspect his start using one password.com button is probably, he makes a couple of bucks off of it.
So why not? Right. Because poor guy doing all of this, he's trying to sell the company, but he says you're if you buy it, the, have I been pwned you have to continue to make free. So it's saying that Apollo in July 2018, the sales engagement
[00:09:00] startup Apollo luck database containing billions of data points publicly exposed without a password.
There's a subset of the data that had 126 million unique email addresses. And it tells you also what data was compromised. So email addresses, employers, geographical locations, job titles, all kinds of stuff. B2B USA, business data, enrichment exposure from PDL and verifications dot I O. All right. So that's it for now, but we're going to be, be right back.
And we're going to be talking about our next topic for the day, which is going to be. The future and cybercrime. Did you know that the biggest threat may already be here?
Listening to Craig Peterson, stick around. We'll be right back.
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: