Cyber Savvy

Cyber Extortion

DTC, Inc. Season 1 Episode 3

What do cybercriminals do with the information they may take after a successful phishing attempt? On this episode of Cyber Savvy Andrew and Mike will discuss Cyber Extortion. Victims of cyber extortion can range from individuals to small businesses, to huge corporate entities. Listen in as Mike details some of the dangers and costs that can be faced once cybercriminals have gotten their hands on sensitive information.

Andrew Rose began a cybersecurity awareness program in 2016 while at a major agricultural bank after recognizing that the ag sector wasn’t getting the attention it needed about the risks posed by cybercriminals and other adversaries. He helped coordinate several symposiums and events focusing on the topic. He is now an independent contractor and volunteers his time to bringing cybersecurity awareness, education, mitigation, and response to the ag and food supply chain (and other special projects). His focus is on mitigating emerging threats. In addition to his experience in cybersecurity, he has a deep understanding of banking/finance, risk management, and other professional service sectors related to food, agriculture, and climate. 

Michael Urbanik is an Account Executive with R.K Tongue Co., Inc. and is licensed in both Life & Health and Property & Casualty Insurance.  He has experience working with both large and middle market commercial clients.  He enjoys helping his clients understand the risks they face and develop cost effective plans to successfully mitigate and transfer these risks.  

Did you enjoy today’s episode? Personal experience to share? We here at DTC, Inc. would love to hear from you! Please email us your comments and questions at AskUs@DTCtoday.com.

Some cyber crimes are more relatable than others. Join us next time as we discuss Identity Theft and speak to a member of the DTC team that was recently personally affected, and hear the steps they took to protect their personal data from this and future attacks.

Looking for more cybersecurity related content? Check out DTC’s blogspace to read more!

Want to hear more? Past episodes are all posted, including on YouTube! Follow and subscribe on your favorite podcast app to ensure you don’t miss out on the conversation!


[Intro Music]

 

[00:00:06 Andrew Rose] Welcome to Cyber Savvy. This podcast was created by DTC to bring awareness, mitigation and response to cybersecurity threats companies and organizations face daily. Be prepared. Be cyber savvy. 

Good morning, good afternoon or good night, wherever you may be or whenever you may be listening to this cyber savvy podcast with Andrew Rose and Mike Urbanik. Hosted by DTC, an elite IT company that manages computer networks for the dental, specialty medical, 3PL, and other communities with complicated and mission critical systems.

As part of this mission, DTC is offering a continuing series of podcasts focused on cybersecurity awareness, mitigation, and response. Because of the high degree of trust given to us, we only partner with the most elite organizations, and one of those is obviously, of course, R.K. Tongue. Mike, would you be so kind as to introduce yourself and R.K. Tongue?

 

[00:01:05 Mike Urbanik] Yeah, absolutely. So, my name is Michael Urbanik, or Mike Urbanik is perfectly fine. I am an account executive here at R.K. Tongue, and my role is to work with businesses, understand the challenges they face from a risk management component, go to the marketplace, and bring in third parties to help transfer that risk. And those come in the form of insurance carriers.

R.K. Tongue, It's over 100-year-old generalist insurance broker. While we have a large footprint in the dental space, we certainly are what I would call a generalist and can work with any industry or business. 

 

[00:01;42 Andrew Rose] Excellent, and as you know, if you've been following along in our podcast series, this one is going to be an interesting one on extortion.

And it's-it's an incredibly dark topic and it's impacted a lot of people, both financially, emotionally, legally and many other aspects. But in order for us to address the severity of this problem, we need to understand it and understand how do we mitigate against it? And then, God forbid, what do we do? How do we respond to that?

Mike, you've been kind enough to put together just a phenomenal presentation and I got to look at it so… I'm actually excited to have a front row seat in the audience here to listen to this.

 

[00:02:16 Mike Urbanik] Yeah, thank you for that. It's not a fun topic to talk about, but it's something that needs to be discussed. Cyber extortion. We'll start with what is it?

I guess the definition I would say is cyber extortion occurs when cyber criminals threaten to disable the operations of a business or compromise its confidentiality with release of data or information until they receive payment. 

So, we all I think know what extortion is in a non cyber space or blackmail. Someone is holding information over you and in exchange for them not to release that or to give that information back, they want money.

Cyber extortion isn't that much different in concept, although the tools and way it is conducted are a little more sophisticated and nuanced. You know, we'll kind of talk about what those are and the way it takes form so people can be a little more informed. So, with that being said, I'm going to break it up into three categories that cyber extortion takes place.

The first is probably the most simple, and that's just a threat to release sensitive data. Criminals get into your computer system, find something that is of value, come back to you and say, hey, we have this thing of value, and it can take many forms and we'll talk about that a little more in a second, but we will release this to the general public or the government, someone who doesn't want you don't want to see this in exchange for money. Very simple, low, low tech. They just need to be in there, copy and paste files that are important to you. 

The next one is going to be ransomware. Ransomware is more sophisticated. This is designed to shut down computer systems and hold your whole computer network hostage. There are a number of software programs out there, and the list just keeps getting bigger and bigger. Every time we design a solution for one, they come up with a new one; but they install this software onto your computer, renders everything helpless unless you pay them.

And the last one is a DDoS attack, or “Distributed Denial of Service”. And this is really an overwhelming of the computer systems or the computer infrastructure to a point where it collapses. Imagine, you know, someone was ringing your doorbell, knocking on your door, calling your phone, sending you hundreds of emails, making your alarm go off in your home, your alarm system. It'd be pretty hard to think while all that was happening. 

So, they say, hey, we're doing this to you. If you want us to stop, pay us money and we will. So that is a DDOS attack kind of in a nutshell. And what makes cyber extortion challenging, is it's industry agnostic. In the sense any business that depends on computers or would be impacted from a major business interruption is vulnerable.

 So-so that's what the bad guys want to know. You don't have to be a specific industry, although some are more targeted than others. But if you rely on computers, you use computers and I.T. infrastructure to do business and absorb money or pay money, and that goes down, you're at risk for these guys holding you hostage. So that's kind of what it is, some of the ways it takes form and who they go after. 

Let's talk about ransomware a little bit. That's going to be the second of these three categories when it comes to cyber extortion. And this one gets a little more technical. Ransomware is where a cybercriminal gets access to your computer system, is able to install malicious software that is designed to block access of the users of I.T. companies to the computer system until money is paid. 

So, I think we could all imagine the scenario. You boot up your computer and there's a message on the screen and it says, “Hello, you've been hacked. Please pay us $40,000 in Bitcoin, if you want access to your computers.” You can't press escape, you can't restart the computer, you can't pull the plug and put in a new computer. These bad guys are pretty adept, if they're doing this type of crime. Once they install it, they go and lock any sort of backup files. So, they've got you.

You are stuck with this virus on your computer, and you can't access your system. So, any businessperson out there or even individual, what would that do to your business?

I've had clients have that happen and they basically told all their employees to go home for the day and they had to call all their patients or clients and say, “Hey, we can't do business, we're closed or refund your appointments.”

And then they had to deal with it. So not only is there the pain and suffering on their end, there's lost revenue, disgruntled employees. They had to still pay those employees. So, there's dollars bleeding from multiple areas when these types of attacks hit a business. 

So that's the scenario that plays out, a complete shutdown. Even if you work with companies like DTC, very reputable businesses, these viruses or malware are incredibly difficult to get off. I think the average time for a turnaround, if you get one of these attacks, it can be about 11 days. I think it is the average. So, if you're a business owner out there, ask yourself, could I be without computers for 11 days? How would that interrupt my cash flow and my business cycle? 

And so these systems are difficult to get off, they're hard to resolve. It's not a snap of your fingers and it's a quick fix. Sometimes you're able to throw all the computers away and do a complete rebuild, and then you're buying hardware and all new stuff. So, it can be it can be very pricey to fix these. You know, from a software component side, as soon as we find a solution to one another, one pops up.

And some of the names out in the world right now, and the list is very long, but ones you might have heard of or wants to keep an eye on are WannaCry, Locky, REvil, Crypto locker, BitLocker. These are these are just very, very potent problems that are in the cyber space. 

If you get hit with ransomware, it is a major issue, and the bad guys are going to typically hit you out for some form of money. So that's what it is and how hard it is to get resolved. 

 

[00:08:42 Andrew Rose] Well Mike, I’m gonna throw you a softball question because I'm thinking any business owner sitting out there now saying, well I just paid a premium for my cyber insurance. I don't have to worry about ransomware. That's an insurance company problem, isn’t it? I mean, I'm speaking on behalf of what might be in the minds of some of our listeners. I know the answer to this one, but I'll let you go. 

 

[00:08:59 Mike Urbanik] I'll say some cyber liability policies do cover this.

That is something that can be purchased and planned for. You need to read your cyber liability carefully and understand what your limits are. We've had clients have these attacks and they bring in the cyber liability carriers who contract I.T. companies who specifically deal in these spaces.

And sometimes they can fix it in the sense they can put in a USB drive and unwind the virus. Sometimes they throw everything away because they can get to the backups, and they buy new computers and download backups. 

Then sometimes it's as simple as negotiating with the bad guys and saying, okay, you want $40,000 in bitcoins, we'll give you 5000 in Bitcoin and back and forth until a compromise is reached. 

As bizarre as this sounds, I find this hard to believe, that most of the bad guys comply and will remove the software once that happens because they want a reputation in the industry that if you pay they will do what they say. So, more people are likely to pay in the future, as perverse as that sounds. 

So, if you're a business owner out there and this sounds scary to you, certainly work with a I.T. company like DTC to put the armor in place to prevent it. But then the catchall is having a cyber liability policy that can come in. You know, should they get through the walls and the armor and indemnify you in the back end. 

But you need to read your policies carefully. Not all carriers provide this. It's still a dynamic space for coverage. But to answer your question, Andrew, I maybe over answered your question, but yes, this can be this can be managed from an insurance component.

 

[00:10:47 Andrew Rose] Well, another sort of add on to that is if I'm a business owner and I'm going through something like this and yes, the insurance company does cover me in some way, I would want them to step in and negotiate on my behalf. I wouldn't have any clue how to engage in criminal organization or other like this to even begin getting whatever encryption key I need back.

Is that also something that the insurance companies often provide, or is that on the business end to identify a third party? 

 

[00:11:15 Mike Urbanik] No. Great question. And if you have a policy that's going to cover this, it's designed to be a one call solution. You call them and let them know, hey, we have had an issue, explain it, and then they're going to bring in their team, and their team would be the ones who actually interface with the cyber criminals.

And I'm not going to say you can sit back and relax, but they will do the heavy lifting while you can manage the other components of the business that have been impacted by this. 

So, you know, part of the value-added benefit is that you can offload a lot of these conversations and workload to your cyber liability carrier.

 

[00:11:51 Andrew Rose] And more of a nuance question to you since we're on this thread here: I heard recently a cyber story of someone who got infected from their home computer, brought it to one of their work computers, and that work computer then spread it to the larger holding company’s computers as well. 

So, it's not just your work computers that we need to be wary of. It's going to be your home systems as well. Would a cyber policy cover or something like that if it was brought in from a home computer into a work computer? 

 

[00:12:18 Mike Urbanik] Um..that's a great question. My initial reaction is going to say, yes. I'm going to say every claims scenario is very dynamic and different. 

You could have a scenario where they find an employee purposefully brought that in or an owner purposefully brought the virus in as a way to extort their own company for money. And maybe if they find this out, they're not going to pay. 

But if it was a genuine mistake and no one had any idea that this was happening, you know, insurance carriers, they're careful in their contract and they're careful in their language. And people might disagree when I say this, but they want to pay claims. They want to do what they say. They want a good reputation in the industry. So typically, I would say, yes, they're going to try to find a way and a solution to-to protect you. 

But, you know, if you weren't doing anything at all and you were negligent in protecting your asset, they're not going to want to cover you. It's it's the same as if you tell an insurance company, hey, we have a working fire sprinkler system and then you have a fire, and they find out afterwards. No, that sprinkler system was broken. You know, not they're not very keen on paying that claim because they've been lied to.

And cyber is no different. They want to make sure your infrastructure is what you say it is, because they're obviously onboarding that risk in exchange for premium. So, in that scenario, Andrew, my gut tells me yes, but every claims scenario is totally different and they need to be analyzed individually overall.

 

[00:13:51 Andrew Rose] Excellent answer, and that's why I love doing this podcast with, you know we can get out and explore some of these questions that might be on the minds of the business owners yet going in a service. Thank you for that. 

 

[00:14:02 Mike Urbanik] Yeah, I'm more than happy to share it. You know, in the spirit of sharing, I'll give you a couple examples of at least one example of a ransomware where it had catastrophic results.

Southern California Medical Center, victim of a ransomware attack in February 2016. The hospital was unable to continue their daily operations. Medical records were affected. Employees basically had to resort to pen and paper for the day. I think any business out there can relate; the challenge it would be from going from computers back to pen to paper, if not impossible. It was impacting a lot of the medical machinery, so some patients had to be transferred to other hospitals and a major shut down of all daily operations.

The ransomware, they initially wanted 9000 bitcoins. At that time that equated to about $3.6 million. And I think after the insurance carrier was brought in, they negotiated after ten days to get the medical system back up and running.

They paid the bad guys, took ten days just to pay them, and they settled for $17,000. So, I'm not sure who that insurance carrier is, but I know there was one involved. And whoever those claims adjusters are, they deserve a gold star because to me that's a pretty good ROI on your investment in a cyber liability policy. And speaking of the payment, the 17,000, many of these policies will actually cover that amount, it doesn't come out of the pocket of the business owner. 

So, we see this scenario, shuts down the whole operation. Everyone's impacted, dollars get paid out. And then of course, there's soft dollars behind all this, not to mention probably the mountains of paperwork and logistical challenges that go here, just something no operation wants to face and deal with it. Just an absolute catastrophic event for this for this hospital system. Luckily, they had support and they had help. But otherwise, it could have been way worse than what it was. 

 

[00:16:15 Andrew Rose] You know, it might be off topic a little bit, but I would love to do a podcast one day at just tracking all these cybercrimes and then going through the ones that we caught and then what those penalties were.

Cause I know a few of those cybercriminals are facing decades in prison when they were flying from one country to another in Europe and got extradited, pulled up an airplane and sent back to the U.S. So, let's plant that seed for later. That would be a fun one. 

 

[00:16:39 Mike Urbanik] That would be a fun one. These bad guys do get caught, but not always. You know, a lot of businesses who have these attacks, they don't publicly release it or it's still held confidential and they never catch the bad guys. So, I'm sure there's far more fascinating stories that will never make it to the front-page newspaper with sums that are paid out, that are completely undisclosed because it's terrible PR to have this happen to you.

I mean, certainly I can think of a couple of companies Amazon Web Service, Google I know, there's been government actors, Target, you know, major corporations and, maybe people they're big enough that people keep doing business with. 

But let's say it's your local pediatrician. Are you going to keep doing business with them or are you going to go someone else or your local auto body shop? Who knows? 

It can be a major impact on people's perception of your business and typically not in a positive way. So yeah, I think, Andrew, there would be a fascinating story of all those that got caught and how they got caught and what they did, but I bet there's an equally fascinating, if not more fascinating side of who got away with it.

 

[00:17:51 Andrew Rose] And Mike, just to add to that point as well, as you've mentioned before in a prior podcast, the low end of getting into these systems is typically your street level criminals. They're just running different systems, finding vulnerabilities, and selling them upstream that access. The people upstream are buying that or looking for those that have the most leverage. 

And there are certain industries like health care in particular that the folks out there, the one who are adversaries that want to do us harm. They look for those places where they get a fast resolution because lives are on the line. And it's sad to say again, but that leverage piece, too. So, I think kind of impacts the point you make here as a business owner. Understand, what is that crown jewel? What is that one thing that your business will collapse if you don't add? Because you know that's where those criminals are going to go for and hold that as hostage or extortion.

[00:18:36 Mike Urbanik] Yeah, you're absolutely right Andrew. I mean, these criminals are not sympathetic in this regard.  I mean, they go for the throat. I have a good example we'll talk about later. But yet hospitals are a big target for these types of attacks because just like you said, lives are on the line, and it doesn't look good from a PR standpoint If a hospital is haggling with the hackers or they're trying to bring in an I.T. team to fix the problem at a reasonable cost. 

If someone dies, I mean, they're expected to pay the ransom what it is as fast they can to get systems back up and running, and in the modern-day hospital world, you don't have computers, you don’t have health care.

Well, let's talk about sensitive data, extortion. The first of those three points a little bit. 

Every business, I think, has some data that they would consider sensitive, and they would not like released. It could be a proprietary information. It could be a product that you have, a patented system, a secret formula. It could be the company's financial information about themselves, about their clientele, and it could be client information that they hold or information they've painstakingly gathered through business about their clientele, who their businesses are.

And it would be embarrassing if not detrimental if that information was released. I think any business owner out here listening to this or even an individual will can relate to that concept. 

So simple as it is, a cybercriminal infiltrates a computer system, and it could be a myriad of ways. It could be one of those phishing attacks, it could be data breach, it could be any of these other means to access computer systems we've talked about already. 

They locate a file sensitive to the company and then copy paste it, save it on their system, reach out to that company and say, “Hey, we have this of yours. Please pay us X If you want us to delete the files, give it back”.. And anyone can tell you or you can imagine dealing with criminals who hold some type of information is inherently challenging because if you pay them, do they really do what they say? And that's a whole other branch of this conversation. 

But that's, you know, what it is in a nutshell. And they don't necessarily have to be the most I.T. savvy criminal. They just need access to your system. Maybe they got an employee login and they've just painstakingly, over the course of a few weeks, clicked around through all your files until they found stuff that looked pretty bad, or they thought you would pay for.

So that's what it that's what it is and that's how it happens. 

And a famous case happened back in ‘07 for Nokia. Not as big of a phone company as they were then, but in 2007, hackers stole a source code for their proprietary smart phone system. I think about 60% of all of the Nokia phones in the marketplace at that time were running this system. 

So, if the source code gets out, chaos ensues. Whether it's other people are manipulating the code, people are shutting down the network, alternative companies are copying that code. It would have been detrimental. The hackers blackmailed Nokia saying, you know, if you didn't pay, we would release this. And ultimately a multimillion-dollar ransom was paid. And there's a little bit of a Hollywood story here probably behind this.

And maybe, you know, we have movies like BlackBerry out. We might get a movie of this as well. But the FBI was actually involved, and they were attempting to intercept the payment of ransom to the hackers. And I guess the interception got botched. Some of that information is hard to get all the details, but the handoff got botched. The criminals got away with the money and ultimately never released the source code. 

They did what they said, but they could have been ticked off that Nokia went back on their word and tried to intercept them. They involved the FBI and the local police, but they got away. So, you know, that is as simple as it sounds, how it how it played out.

 

[00:22:41 Andrew Rose] And Mike, I think our audience will recall that Sony Pictures had a movie out that was not received as well by North Korea as it was received in American theaters. And when a nation state decides to go in and hack Sony Corporation and get in and release all the other movies out there, there's nothing you do to stop something like that.

The cyber criminals are one level, but with all their different networks or what have you, with a nation state set their sights on you as a business. It's pretty hard to avoid something like that. 

 

[00:23:09 Mike Urbanik] Oh, sure. And you know, we're talking about this mostly from a commercial business standpoint. I mean, a nation state certainly has way more tools and resources, especially North Korea, which has invested heavily into that cyber warfare, cybercrime space.

If they target a company, they're going to get typically what they want. I mean, they got some pretty robust stuff, and you just hope the crosshairs don't fall on you. And like I said, if they get access to these systems, there's something out there most businesses have they would not like to have released into the general public. And you've got to ask yourself, how much would I be willing to pay to prevent that or should I just be paying that on the front end and properly protecting myself? It's as simple as that. 

Lastly, of those three styles of these attacks I talked about earlier is the Distributed Denial of Service, the DDoS attack. These are maybe, in a way more sophisticated, but also less sophisticated than a malware attack. Basically, they don't get into the system and penetrate it and lock it down from the inside. They basically just bombard the system with information, data, requests, and cripple it.

The example I used, and someone told to me, that in trying to get some work done in your home, were every light in the house is flickering on and off. The doorbell is going off, your phone's going off, the email is going off, and just a cacophony of noise where you can't focus, or it would short out the power system of the house, was the example he used, and he said this is for lack of a technical understanding, this is what a DDoS attack is. 

So, a Cybercriminal identifies a business. Let's say you're an HVAC contractor and 50% of your business comes through your web portal. People asking for requests for a quote. And the bad guys say, hey, we're going to shut this down. They are spam bombing your website so much it crashes. Any time people try to load the website, it does not work.

And as a result, you lose 50% of your new business because of this. It goes to your competitors. Existing clients can't click “service my account”, you name it, but it shuts you down. Then they contact you and say, Hey, we're the people behind that DDoS attack. I bet this is hurting your business. If you would like us to stop, pay us $5,000. 

That's as simple as it is. In a nutshell, there's obviously more sophisticated things happening. I'm not the I.T. specialist. I deal with all this stuff from a cyber liability component. So, I know the broad concept. I don't know the technical components. Some businesses are more vulnerable than others.

If you are really a heavily DDoS vulnerable company, you are heavily reliant on computers, think an I.T. company, think mobile gaming, information storage. Any of those businesses would be really, really devastated by this brute force style of attack.

 

[00:26:26 Andrew Rose] And you mentioned early on that a lot of these are coming from computers. A lot of people don't know their computer is being used in a zombie fashion. Sometimes they’re used as DDOS attacks, sometimes are used as surreptitiously as Bitcoin mining or some sort of crypto mining computer. People don't realize that's going on, but the DDoS attacks, one of the biggest vectors is the information of things. 

So, think about that sensor. You talked about your light switch, your doorbell, all those little teeny tiny computers. They can send little bits of data out. A lot of those, I would imagine, are the source of these DDoS attacks. And the criminals know that because your doorbell or even the sensor on your light outside might have a password that was just never set. It was just whatever the admin password was. So, there's a fairly easy entry point in there.

 

[00:27:13 Mike Urbanik] Yeah. How the bad guy’s kind of wrangle up all the devices and leverage them in these attacks is fascinating in its own regard.

One of the earliest guys who did this, talked about in our history podcast, was he went by the handle Mafia boy. He leveraged all the computers at his university. He was able to get access to his university system, leverage the computers and launch these attacks. And you know, basically overwhelm systems, and shut them down. And that's what these bad guys do.

It's obviously evolved and become more sophisticated from there, but equally as effective, to damaging a business and limiting businesses ID and computer infrastructure. 

So, an example of a DDoS attack, one happened back in 2020, Amazon Web Services. I think everyone's familiar with Amazon and hopefully their web services and their cloud computing component at the time and probably today serve over a million companies, governments, individuals. But it was attacked basically using spam bots where they were sending 2.3 terabytes of data per second onto the servers and just overwhelming it, slowing it down, attempting to collapse the servers. 

And two things can happen. One, they can collapse, and they can say, “Hey, we collapsed your server, we’ll keep doing it until you pay us.” Or when these computer systems can become overwhelmed with dealing with the information, they become more vulnerable, and their security features don't work as well. So, use a DDoS attack to then infiltrate it, install malware or get additional information once they're inside. So, this is just an ends to a mean in a lot of ways. But there is ultimately a silver lining in this one. Amazon Web Services was able to identify the attack, shut it down. They had protocols in place to stop this.

But I think this is considered one of the largest DDoS style attacks today. And yes, it targeted a very sophisticated company, and they were able to prevent it. But certainly not all businesses are geared this way. And should you become a victim, it can be a major problem and you might need to contact your cyber liability company, or your I.T. vendor to get a solution, because many of these people are attacking you in reference or they're attacking you with regards to getting money out of you.

So just to summarize those are the three styles of attack. We see cyber extortion taking place, the simple as gaining information and threatening to release it. Very, very typical extortion technique. 

It gets a little more sophisticated with ransomware, which could be even more devastating. They have not just your information, but they have your system in their clutches, and they want money in exchange. 

And then lastly, are those DDoS attacks, which can be used either to gain access to the system or just to extort you to get them to stop. Simple as that. 

So, those are what we're seeing. They are certainly very concerning. If you find yourself on the end of any of those, you really hope you've been working with an I.T. company ahead of time and you've been working with your insurance agent to put a cyber liability policy in place. Otherwise you're going to be in for a pretty rough road. So that's, that's the forms that cyber extortion takes place. 

And just a reminder, most of these breaches aren't hacking. It's the human element. It's passwords left out. It's not doing the due diligence to train your employees on what phishing attacks are. It's not doing your due diligence to work with reputable businesses like DTC to put the safeguards in place. 

And if you leave yourself vulnerable, I think in today's world it's not a matter of if, but a matter of when. And as you can see from our talk today, the repercussions can be pretty, pretty expensive. 

 

[00:31:27 Andrew Rose] Oh, this is absolutely true. I mean, just imagine 11 days without your computer networks. I mean, I'm just trying to fathom that as you're speaking. And it just you know, it's I don't want to think about that. 

 

[00:31:39 Mike Urbanik] I couldn't imagine what my inbox would look like. It'd be in the thousands at that point. I don't know how long it would take me, pain and suffering wise, just to get through all those emails, let alone deal with all the problems that it caused. It would be detrimental. 

 

[00:31:53 Andrew Rose] It certainly would. And one thing that I do want to touch upon, even though we've talked about businesses and applications there, at end of the day, we all go home and we become a family, an individual with our households. And there are types of extortion that occur within the families as well. 

And sometimes there are folks that are younger that might send videos and pictures themselves to folks that they think are real people. And it turns out that that those images are used against them and extortion as well. And that's been a very painful point, not only with the young adults that are being the targets of these extortion, but also the grandparents that are being the targets of these extortion campaigns, too. So, I do want to mention that in the podcast or again, it's not a on topic to talk about, but it's something that we need to be aware of.

 

[00:32:40 Mike Urbanik] Yeah, absolutely. This attack, you know, there's two sides of this coin, probably three sides, government, commercial businesses, and then individuals.  

To your point, Andrew, I don't know if it's considered one of the top films, but Adam Sandler made a pretty interesting one called Punch-Drunk Love, where this this scenario plays out and it has some tough moments. And you can only imagine what someone who goes through one of these individual compromises would feel the pain, the suffering, the money.

Yeah, I mean, they're unfortunately, we live in a world where we can't be trustworthy of everyone, and we need to just conduct ourselves appropriately and protect ourselves appropriately. Especially in the digital space. 

 

[00:33:27 Andrew Rose] And to that point, thank you. And we cannot guarantee that nothing will happen to you. But the one thing that we can say is that your pillow will be a little bit softer at night if you contact R.K Tongue and DTC to manage at least these expose points of your risk profile.

Some people, this might be the first podcast they've listened to. And just to reiterate, we will put together an entire library of all different facets of cybersecurity for professional services and others in our in our series here. So, there might be some topics that we've covered in the past that would be relevant to this, and there might be some of the future as well.

Mike, you want to give folks a little bit about what was coming and maybe touch on a few things that we've had the past as well. 

 

[00:34:08 Mike Urbanik] Yeah, we're definitely going to talk more about what is the future of cybercrime, ways that you can prevent this, most of which involve working with a company like DTC who is adept in managing this for you.

Because while I use computers all day, every day for everything I do, I certainly don't know what goes on behind the screen. So, I work with someone who does to protect your business. 

Things we've talked about in the past or other types of cybercrime. Phishing is a is a big one. That's where a lot of this starts, a little bit of the history of cybercrime, you know, how did we get there? What's the outlook? 

So, if you haven't listened to some of the episodes, strongly encourage you to go back and listen and continue to listen in the future. We're going to do our best to give you the information you need to be informed here. 

 

[00:34:58 Andrew Rose] Yeah, and I do want to give a 12 bells mournful shout out to Kevin Mitnick’s passing. He certainly pioneered a lot of the cybercrime and then after paying his debt to society, turned it around and was a resource for businesses, companies, organizations everywhere in his untimely passing at 59 but 12 bells to get to Kevin Mitnick.

 

[00:35:16 Mike Urbanik] Yeah, absolutely. He was definitely referenced in our previous podcast and like you said, he was a bit of a troubled child early on, but he did a redemption tour and really helped build out the other side of the defense industry here. So absolutely.

 

[00:35:32 Andrew Rose] Well, Mike, once again, thank you so much for joining us today. It's been a been a pleasure to well- it's been a very informative topic. I want to say it's been a pleasurable topic to go over, but we've certainly made the bitter pill a little bit easier to swallow by addressing the issues and then talking about some of the mitigation and response that we have.

The next podcast that we're doing is also of special interest to me because one of DTC family members was the subject of identity theft attack, and that in itself is another one of these paralyzing things that can happen to an individual, a business owner or a company when when that occurs. 

So, I'm looking forward to hearing what you have to say about that and any sneak peeks or anything you can add to that.

 

[00:36:14 Mike Urbanik] I'll say probably for identity theft: most people can relate with this topic the most out of all the ones we've talked to. I think, again, it's not a matter of if, but when you have your identity stolen and the pain and consternation that goes with it. So, this will probably be our most relatable podcast coming up. 

 

[00:36:36 Andrew Rose] Well, that's good. And I guess we'll find out which one has the most listens as well. I'm surprised as that our audience is so engaged. So, we will continue to give you good content to keep you entertained as you drive to work or whatever it is you do and listen to your podcast. Thank you.

 

[Outro Music]

 

[00:36:58 Andrew Rose] We would love to hear from you. Please email us your questions or comments to AskUs@DTCtoday.com. New episodes of Cyber Savvy are posted the second Tuesday of every month. For more detailed information, visit our Web site at DTCtoday.com

Be prepared. Be cyber savvy.

People on this episode