Welcome to the tech in 20 minutes podcast, where you will meet new tech vendors and learn how they can help your business. At Clark Sys, we believe tech should make your life better. Searching Google is a waste of time, and the right vendor is often one you haven't heard of before. I'm Max Clark, and I'm joined by Ivan Painter, our national cybersecurity specialist. Hi, Ivan.

Hey, Max. How are you?

I'm excellent, man. Good to talk to you. So, Ivan, most people think that their business isn't a target. Is that true?

Oh, Max. I I wish that were the case. I I I'm just thinking out just about every business that I know of is absolutely a target. If you have Internet within your environment, you're a target one way or the other. And we can go down a myriad of obstacles that that are there from ransomware.

You can have nation state actors that that are gonna come at you all depending upon who you are, but absolutely every business is a target no matter whom you are.

So beyond a firewall and antivirus software, what do you need for security today?

Well, you know, the hard crunchy shell is now a fallacy. It's a myth. We first and foremost have to look at the device itself. Right? And one of the things that I I preach the most is patching.

Not necessarily a security type measure, but I think it's absolutely imperative that anything that has been discovered, any open port, any open, piece of software, malware, malware, application is gonna require a patch. And that's 1st and foremost. Beyond that, in the current environment that we're in, a great antivirus or and and what I would prefer would be an EDR, an endpoint detection and response application is absolutely required. I would like to even go beyond that once we emerge from where we are now. I think that, an MSSP, a managed security supplier, would be truly the way to go.

Or even beyond that, an MDR, managed detection and response, would be a necessity, especially in today's, environment where you have somebody else looking at your security, for you and understanding what is out there already without you having to go through that effort yourself or what when I say you, I mean, you know, customer base or or that environment.

How does work from home changes, the security landscape for companies?

Well, you know, we'd just kinda discuss that just a little bit. You know, the the whole work from home scenario brings us to that hard, crunchy shell isn't there anymore. Yes. That's true. But now it has expanded to the suburbs.

It has expanded to apartment buildings all throughout, and we have to share that bandwidth as well. So that massive pipe that we all thought we have is being consumed by our children as well playing Fortnite or or anything else to that nature. So that firewall isn't really protecting us anymore, 1. Right? And then we are being attacked in numerous manners.

So not only we're looking at phishing attacks or attempts and things of that nature, but also now what's hitting your home firewall. Right? What are the kids downloading, or what's hitting the kids' machines that could possibly get into another device within your network? And your network now becomes the home network. So we have to think of all those other devices.

Now, Max, you know I'm a little bit of a nerd, so I've got about, just shy of a 100 different devices on my networks. Now I say networks because I have multiple. But that being the case, any of those can be a possibility for an attack. So with that thought in mind, we have to make sure that all of those things are void of compromise, and that's very difficult to do for an administrator who's just worried about their particular device. So it's gone just from that hard crunchy shell that administrator now comes upon that individual to make sure that their systems are not only patched, they're also somewhat fortified.

And what else is going on in the home environment is very important as well.

I mean, can people do security on their own?

You know, I wanna say absolutely yes. Security comes in in many different layers and many different depths. When we talk about where we are now in this current environment, we're going to have to take a step back and slow down a little bit and start looking at some of these things and not feel like you're being overwhelmed. You know, I don't want you to go in and reconfigure your router for for a firewall, and all of a sudden you're down. What what I would like for you to do is to pay attention to your devices in your home.

I would like for you to maybe, if you can, look at your firewall logs and see what's there. So there's a degree of security that can be done. Now once we go beyond this, I I would also like to every individual, I think, requires training, and it's constant. You know? I always like to say the greatest challenge is between the keyboard and the chair.

Right? If you get rid of the individual, you you really shouldn't have a problem. So at the end of the day, if we all remain vigilant there, we can move beyond.

So, so, I mean, from an industry standpoint, you know, we hear things like negative employment rates, and and we see massive financial institutions that are going that are outsourcing their security posture. From an industry standpoint, we look at a corporation. Is it reasonable for a company to go about this and to do this by themselves?

No. I I think you you hit on the main one. I've been in cybersecurity for longer than I'd like to admit, and there's quite a few quotes that are out there. And the one thing that people are looking for more than technology or any type of application is is simply people. People are gonna tell you, well, we have we have AI or we have ML or, you know, machine learning is great, and and I have issues with with AI because it's machine learning at the end of the day.

But it's very difficult to find a seasoned security professional, and once you do find them, to hold on to them. And so that in itself is one one measure. And then the other side of that is the level of exposure that that person has to have to see everything that's current that's in the environment. Right? So when I say in the environment, on the Internet, in the wild, wherever it might be.

Personally, I I've gotta study after my workday is over just to catch up on everything that might be going on in the environment, and that takes hours of reading and focus and concentration just on, you know, my craft because I'm not exposed to everything that goes on. So that what brings us back right to a, you know, security operation center or SOC or whichever you like to to call it. But they're going to see or they have a great deal more of exposure, 1. And then, 2, they're able to keep and maintain their employee base because it's a focus. It's a concentration, and that's where you wanna put them.

So, you know, it it just it's logical to have that type of environment. You have the correct people there and the correct technologies, and that all kind of brings it together. Plus, they have that level of exposure to everything else that's going on in the environment, you know, which, you know, the Internet, what do I call the environment?

I mean, in numbers, how big of a problem is security for companies today?

I don't do numbers, Max. I I can I can guess at things? I I you know, if if you're gonna ask me that kind of question, I wanna say it's a it's a 100% because everybody's coming at you. Look. Let me tell you something.

I don't care who you are. Somebody is knocking you on your door. Right? So if if it's a firewall, your router, I don't care what you have. Somebody is attempting to get at it.

Look. We're all sitting at home right now. We're all watching our kids, and they're schooling from home. Some of those kids somewhere are bored. And you know what they're doing?

They they they're stopped playing Fortnite or whatever that game is, and and they've decided, hey. Let's see if I can get into this device, or let's see if I can get into that one. And these are little kids that are learning or older kids that are learning how to discover, quote, unquote, what's going on around them. Right? And and I think that's phenomenal.

You know, that's a great way to start. However, it it's also a great way to create a hacker because we have the time now to do that. So we are all vulnerable, and and that's why we have to be very diligent about what we do.

So people think about security, you know, with banks. Banks have monies they have to protect. For a business that's not a bank, what do they have that a hacker would want?

You know, the most important thing that's out there is is information. And if you think about the information that we currently have stored, the larger percentage of that data has been gleaned, I think, over the past 2 or 3 years. And we just don't delete anything. You know, I I look at at my Dasey. I look at my hardware space, and it it just keeps growing and growing.

And now I have farms of data, and I I'm I moved them from one location to another because, you know, it's cheap to store that information, and we're not deleting it. Right? Companies store information on us, and and we become trackable. It's very easy to identify who we are. Our fingerprint, what I like to call data hygiene, is quite obvious over a period of time.

It is just a matter of, you know, where we go, what we do. It's a routine. That information, we all have somewhere. There's a great deal of it on Facebook. You see it out there or, you know, the people are posting things and using applications.

So we all have that level of information. So then that brings us right back to HIPAA or some other compliance e CCPA, New York, NYDFS. These are the things that are very important that we focus upon, and companies must be aware that if they are compromised, there are massive fines that they might have to pay for these. So we wanna make sure that number 1, they are secure, and then number 2, they follow these compliances that are required, you know, by different legislations. And if they don't, it's gonna be a a massive fine, and there's gonna be a lot of companies that won't be able to emerge from that type of fine.

So besides not going out of business, how does security make your life better? And then and we can let's phrase this 2 ways. Right? How is security better for the company, and how is security better for its employees? And how is security better for its customers?

A lot of people will tell you security is awful, and they don't wanna be bothered with because they have to remember passwords, or they they have to go through a VPN tunnel, or they have to at the end of the day, if we all look at security as something that we have to endure because everybody is connected now, let's look at where we are headed beyond this. We're going to have connect we're going to have we have connected cities. We have connected cars. There are people driving down the highway right now, you know, that are doing crossword puzzles or reading the comments and not really paying attention to where they're going. Yes.

We've seen a few of them crash, but at the end of the day, all of this is interconnected. So we have to make sure that whatever environment that we're in is secure enough that malware malfeasance doesn't occur there within, and we continue to be able to use all these devices. Look, I've got some vacuums in my house that are Wi Fi connected. Why? My wife has a a pot, instant pot.

I'm sorry. I didn't mean to make you laugh, but she's got an instant pot that's Wi Fi connected. My dog has a don't get me started. You got me started. My dog has a dog bowl that's Wi Fi connected.

I travel a lot, so I gotta make sure he's fit. At the end of the day, all these things are are access points, and they're great to have. But unless they're secure, they're not gonna be used correctly. What a great DDoS tool. Oh, I've got a Wi Fi pod that's sending a DDoS to, you know, to some corporation somewhere.

But we really have to think about what we're putting online, and I think it's too late for that now. So what we have to do is to make sure that we secure to the best of our capabilities these devices. And if we can't do that, then we have to put it inside an environment that is secure for that. I don't know if I answered your question. I just kinda went off there and you suck.

That's All the connected devices I have in my house are ridiculous.

I mean, how much does this cost? Is is security affordable for a business to have a reasonable posture?

You know, and so that's a great question, Max. And security, I I would love to say it's just as expensive as hell, and it's not. It it all depends on the level that you have. Security has many layers. Security is not just one thing that you put down.

Oh, I've got antivirus. It's done. It it should be a layered approach. You really wanna see what you have and make sure that you understand where the family tools are. Where is my secret sauce?

Make sure that that's covered. Right? And then where are the access points to that? Is security expensive? It's gonna be very expensive if you don't have it.

Right? So let's look at insurance. You can't drive your car, or maybe now you can, without insurance and be pulled over. But, you know, shortly when we come out of this event that we're in right now, we're gonna go back to, you don't have insurance on your car. You can't drive.

Well, I've never had an accident. It doesn't matter. You're not putting you're not getting on the road without it. Security should be, viewed in the same exact manner. You know?

It it is absolutely insurance. And I know you're probably gonna go, well, there's cybersecurity insurance out. But you know what that is? That's an after the fact type scenario. And we really we're trying to be as proactive as possible because the bad guys are out there, man, and they want your information.

And they also want to make money, and that's gonna lead us into ransomware.

So let's talk about ransomware. I mean, what what is what is ransomware, and what happens?

Yeah. So ran ransomware is is how, hackers finally went from, look how good I am on the Internet. I I can do a a DDoS attack or or break into somebody's server to, hey. Show me the money. Right?

And when you put funds behind anything, it becomes something that is very easy to do. So my focus is security as a service. Right? Manage security services. Well, now you can do hacking as a service.

So, at the end of the day, ransomware is just a matter of monetization of malware. Right? The hackers are getting paid, and if you want access to your devices, you're gonna have to pay them. Now there are 2 types of ransomware, so you asked what it is. Ransomware is just a matter of your device or the data contained within your device has been locked down or you have been locked out.

And in order to get back in, please pay me in bitcoins whatever the x amount is. Unfortunately, some of us or or some people have been paying this. I would highly suggest that we don't pay a fine. You contact the FBI, and there there are ways around it. But prior to that, we need to have that mentality that this is a possibility that can occur.

Let's make sure we have a great backup plan. Right? So, you know, we wanna get that BCDR in there. Let let's make sure that or what you call business continuity, however you wanna lay it out. But that's part of what I consider a, you know, willful destruction.

And you've gotta be prepared for the inevitable because it's gonna happen. It's not a matter of if but when.

Awesome. Ivan, thank you very much. Always a pleasure.

Oh, thank you, Max. It's a pleasure as well. And, most important, stay secure.

Thanks for joining the Tech in 20 Minutes podcast. At Clark Sys, we believe tech should make your life better. Searching Google is a waste of time, and the right vendor is often one you haven't heard of before. We can help you buy the right tech for your business. Visit us at clarksys.com to schedule an intro call.