Aug 8, 2020
Craig discusses the Cost of Data Breaches and the IBM/Ponemon Institute Study.
For more tech tips, news, and updates visit - CraigPeterson.com
Automated Machine-Generated Transcript:
[00:00:00] We got a lot to cover as per usual. We're going to talk about data breaches today. We're gonna talk about cybercrime today. Election interference. What's going on with the big social media sites.
This is Craig Peterson. I'm so glad you guys have decided to join me today. I am doing a little bit more with video today. So if you are online, you might be able to find me. I am not putting this video up until later on, you get to hear me first here on all of our radio stations and affiliates throughout the Northeast, which is really kind of cool.
Now we keep expanding. Yes. And we're doing more in the Facebook realm and the YouTube realm. I got to start out with a little bit of an apology here. we were going back and looking at all of our numbers. We're trying to figure out what's going on because I was getting dozens and dozens and dozens of emails from listeners saying, why did you send me this email?
[00:01:00] Cause I've been opening all your emails. And they were really confused. Well, here's, here's what goes on. Okay. If you don't open my emails for a few weeks, then I'm kind of figuring that maybe you're really busy. Something's going on. Maybe you don't like the sorts of things that I've been saying or doing.
Maybe you want off the list and stuff. And so I sent out all of those emails to people. Well, it turns out we hadn't sent out an email since June 13th. And you might remember that's when one of my daughters got married and we went out to Kentucky then everything happened with the family is just been crazy.
Then I've been trying to get all of this video stuff together and that's been a lot of work. Two. So my apologies to you, if I sent you that email, and you're wondering why, why is he doing this to me? Cause he knows, I like him. So I think I was able to restore everybody back to proper balance here as synergy.
[00:02:00] We'll see how this all goes. And then the other thing that was messing up, this is what I get for not paying enough attention to some of these things is. All of our podcasts are definitely going out. We've been posting those and they're going out by the podcast mechanism. We've even still been including a transcript of the entire podcast.
Craig Peterson: So you can go back and search and everything. Well, they had not been. Going up onto my website since also about June 13th. So I don't know that we're going to catch up on those on the website. You can definitely get them by you're going to my podcast feed, which you'll find online as well. Craig peterson.com.
Slash podcast. And yeah, if you're an iTunes user, go to Craig peterson.com/itunes, uh, slash you know, wherever you'll find me on all your favorite podcast mediums. So it's there, it's not on my way website and the
[00:03:00] emails didn't go out. Yes. It has been one of those summers. And then, yeah, what happened this week?
We had our tornado. Two towns over from me from this, uh, latest storm. I F it's, it's a different name on, I can't remember what it is. Uh, it's like I say, uh, there are other, and, uh, we, so I ran outside. I was in a meeting. I said, Hey, listen, guys, I got to go. And I grabbed some straps and I wrapped them around the beehives and around the pallets the beehives are sitting on because I do keep rocks on top.
Take help them from blowing over in the light wind, but we get wind. We lost power. I had to bring all of the equipment back up in my studio, all of the computers and stuff. It, it just, wasn't a pleasant experience. Anyhow. That was my week, Hell. How was yours?
[00:04:00] Hey, I want to start by talking again about this new report that was put together by the Ponemon Institute. Now you may be familiar with these guys. You may not be familiar with these skies, but it was put together for IBM and IBM has published it. So I'm going to bring it up on the screen. For those of you who are watching this as a video. Uh, this is the cost of a data breach report for 2020. And this I'm showing here for those people who are watching for those that aren't.
If you want to look it up, just go and do a search for the Cost of a Data Breach Report 2020 IBM and you'll find it. So they did a study on over 500 data breaches. Very, very big. And, and this study was done by the Institute and then it was analyzed and published by IBM securities that say right there, the data breach costs are absolutely huge when you get right down to it, right.
[00:05:00] What kind of business are you with? You know, are you doing just a little guy and the data breach costs, won't be a lot while it could easily put you out of business. Most small businesses, really small businesses just fold within six months. It's bad. So this is showing us here.
Yeah. That the global average total cost of a database is 3.86. Million dollars. Now that's down a little bit from last year, one and a half percent. And what is really saving people, what's really saving businesses is automation. See one of the biggest mistakes businesses make when it comes to the computer security network security VPN security is they've got a veritable plethora.
[00:06:00] Of different pieces of equipment and software. So you've got what are called panes of glass. So you've got you whole five, 10 different systems that your analysts have to look at to figure out what's going on. Are the computers up to date? Did someone try to break in, is someone trying to break in right now?
Did they get in what data did they have access to any data exfiltrated did we catch it right? All of those types of questions. So. Automation, where you have one pane of glass, allows you to have all of these what's from your advanced malware prevention, the intrusion detection, intrusion prevention systems, the endpoint.
[00:07:00] Anti-malware that's sending on your computers, the, uh, the DNS that allows you to monitor where people are going and stop places as well as stop ransomware from getting out. Think about all of these different points inside your network. And then if you're a slightly bigger company, you know, small businesses, according to the small business administration go up to 500 employees, that is a lot of data to analyze.
Yeah. A lot of data to look at false reports, false negatives, real positives that you have to drill into. Well, you don't want to have to go to half a dozen. Different pieces of glass to figure out what happened. You don't want to have to go and look at the antivirus software, which failed too, by the way, because it always does.
Uh, and then look, and hopefully you can look at the firewall logs. Hopefully, you've got it. Detection, intrusion prevention. Oh, hopefully, you've got it all tied in. So it automatically, that's our fun machine. That's been compromised from the network. You know how many people have that. But what is being sent here in this IBM study is that there was a reduction in dramatic reduction when security automation was put in place.
[00:08:00] So that's what I'm talking about here, where it notices something that detects something and shuts it down. So we've got a client that has a location down in Mexico and they have their networks, or I should say, had their networks tied together. Now they didn't want to separate the networks because they had people in Mexico that were VPN in and then they could get on a server locally up here in the Northeast and then do all of the work from there.
And that way they don't have to keep these local servers up to date. Hopefully. Which they weren't, but, um, try and keep them up to date and control them through one exchange server. So all of the accounts and stuff would just be in one place. And, uh, what happened is one of these workstations in Mexico got infected and it hopped right, right through the network.
[00:09:00] Up to here in the Northeast here in the US that happens all the time. I've done pieces of training on VPNs and the right way to configure them and the right way to use them. Obviously, this was all wrong, but we had very advanced firepower. The firewall in there that was doing intrusion detection and prevention, and it noticed data starting to be taken out exfiltrated is what it's called via this link to Mexico.
And after a few megabytes, Of data going out. It might've been a gigabyte or so, uh, saying, wait, wait, wait, wait, wait. This isn't normal. And this isn't something that should be going on through to Mexico. Now they are in a different time zone. So the firewall was automatically taking that into account and figuring out how to tie it all together.
[00:10:00] Uh, so it shut it down, just bam and it no longer love that machine. Any access to the network up here in the U S. Now since then we have tightened things up even more. They said, Oh, okay. Well, we'll do what you told us to do 18 months ago. And it is now really quite secure, but that is because we had a fully integrated system.
That's why we use Cisco. Cisco was the only a company right now that has a soup to nuts platform and system that you can use that meat. All federal regulatory requirements. The only one, no, you look at Symantec, they got some really fun stuff. They've got some nice stuff. Doesn't meet the federal requirement.
You can look at SonicWall and they, man, it's like outcomes raiser, right? They, they really walk that fine tight line in what they say and what they provide. But. Having this type of automation in place, according to IBM study here now reduced the average total cost 3.5, $8 million from somebody trying to get in or getting in.
[00:11:00] Now we like to make sure they never get it in the first place, but typically all of these automated systems that we're using and that you could be used as well. We'll detect it almost immediately and we'll shut it down. So stick around. We've got more to talk about here. When it comes to this report, there are so many great stats about what's been happening.
So stick around. We'll be right back.
Thanks for listening and visit me online. Make sure you sign up. Craig peterson.com/subscribe and I promise, promise, promise.
Just started sending out that newsletter again.
We'll be right back.
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: