SalesGym Interview Series
The SalesGym Interview Series brings you fresh thinking from Sales Leaders that can help you lead, manage and train a higher performing sales team. You’ll gain insights into what top performing sales professionals are doing that are giving them their competitive advantage.
SalesGym Interview Series
Insights from a Cybersecurity Pro Balancing Career and Family
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Join us as we sit down with Joey Wagner, a Senior Account Executive at Fortra and the voice behind the popular podcast "Cybersecurity for your Mom." Joey takes us on a journey through his career, sharing invaluable insights into the cybersecurity landscape. From his experiences juggling work, earning a master's degree, and family responsibilities, to breaking down the most pressing cybersecurity threats organizations face today, Joey offers a unique perspective that’s both informative and engaging.
We spend time decoding the alarming rise of social engineering attacks and the slick tactics cybercriminals use to deceive unsuspecting victims. Joey explains the anatomy of phishing attacks, the dangers of unpatched systems, and the devastating consequences of ransomware among many other topics, including the integration of AI on both sides of this issue.
If you’re a lay person looking to gain a useful understanding of cybersecurity to protect yourself and/or your organization, this episode is worth a listen.
Cybersecurity Threats and Protection
Speaker 1Welcome to the Sales Gym Podcast , where we discuss topics like sales , training and human behavior . Today , we have with us Joey Wagner , who's a Senior Account Executive at Fortra , which is a cybersecurity and automation solution provider . Joey also runs his own podcast called Cybersecurity for your Mom . That's a fantastic resource for a layperson who's trying to get a better understanding of the cybersecurity landscape . So , with all that in mind , Joey , it's great having you here today . Welcome .
Speaker 2Thanks so much , dean , I'm really excited . So , as Dean mentioned , my name is Joey Wagner and I am a senior account executive at Fortra . I specifically work in our data protection group , but Fortra as a whole sells about 26 different products covering email security , security awareness , training , xcr the whole gamut . So that's what I do as my day job . As Dean mentioned , I also do have a podcast called Cybersecurity for your Mom where I talk about basic cybersecurity principles , kind of break it down for anyone who's not in the industry to understand , right . So if you don't know anything about cybersecurity but you want to get a little bite-sized nugget to listen as you're waiting for your kids to get out of the soccer or something like that , you know they usually are short , digestible and easy to understand .
Speaker 2But I've been in cybersecurity for about 10 years . I've sold a bunch of different products . I've been in sales and channel and business development the whole time . So I've sold mobile security solutions , email security , xdr , data protection , dlp , kind of the whole gamut . And then , within that 10 year period , I also went and got my master's in cybersecurity from the University of San Diego . So I did that during the pandemic , which was a little crazy but also a little fun . I started with one kid , graduated with two , so I don't know what I was thinking , but it was definitely worth it to kind of cement myself in the industry and just get a little bit more knowledge , you know , kind of just deep , deeper into some of the things I didn't know and didn't have the expertise on .
Speaker 1So , yeah , I'm excited to talk today with Dean and hopefully help out some folks Well we're glad to have you on board here today , joey , and I got to say , man , going to school and working with kids , that is brave of you . So I'm glad you did it , because I'm sure we're all a little bit safer as a result . But , man , I'm glad I'm not the one who went through that . Well , let's go and talk a little bit about cybersecurity . So in my mind , there's kind of two categories we're going to talk about today . One is cybersecurity when in relation to organizations , and the other is cybersecurity in relation to individuals like you and I and whenever we're working on the street .
Speaker 1So let's go ahead and start first by talking about organizations , as this is an organizationally focused podcast . So on the organizational side , let's go ahead and start by talking about some of the threats that are common and they're out there to orgs , and I know those threats tend to fall into kind of two categories . I'm a layman so I don't know if I'm categorizing this correct , but generally comes into like the social engineering side . And then there's more of like the technical break inside , where they're trying to do things in a technical manner . So let's go ahead and start first with that social engineering side . What are some of the threats , risk , things that organizations should be aware of as they're protecting themselves in the current space .
Speaker 2Yeah , so I think the first one that we see the most is going to be fishing , and not fishing like you're thinking of , with a rod and reel and a bait and tackle , but fishing with a pH
Tech Security Threats & Protection
Speaker 2. I'm sure people have heard it . They might not know exactly what it means , but basically it is a bad actor trying to gain data , credentials , whatever they want from someone else by using methods of . It could be a text message , it could be an email , it could be LinkedIn , it could be all different ways to get what they want , but what they do is that they basically disguise themselves as someone that they're not . They use different types of fake websites , different fake emails . It could be a link that's not accurate , and what they do is that they take their outreach , let's say , and they target sometimes a whole organization , sometimes it's certain specific individuals , and then what they do is that they'll , let's say , for example , use an email and they'll send out someone and say , hey , you need to change your password . That email could look like it's from Microsoft . It could act like it's from Microsoft , everything on it can look so legit to just like the untrained eye . Let's call it . Then they click on that link , they type in their credentials and boom , that credentials go to the bad actor . They now have access , they basically have their , they open the door into the system because then they have , let's say , my credentials , they can get in , they can start changing things , seeing things .
Speaker 2Now , often they'll do it Like I said , dean , like as a wide net . They'll send it to a whole organization , 10,000 people , hoping that they get one person that they can get in , or a couple that they can start kind of getting in and doing what they , what they want to do really in the organization . That's bad steal data , you know , crash a system , whatever it might be . But that's usually the start , so that when we look at social engineering , that's kind of the what I see as the biggest threat . A lot of times people will have campaigns where they send in for their employees anyway , right , you'll see phishing , awareness , training . So that's to me like the number one threat when it comes to a social engineering aspect of just really acting like there's somebody else to gain whatever information it is that they want .
Speaker 2And oftentimes we see people repeating passwords , using simple passwords , using that on different types of logins . I know it's hard to remember a million different passwords , right . So it's easy to just be like I'm going to use the same email , same password for everything . But a lot of times when you get one , it's like you can then have access to every type of system that they have in their environment , and that can be scary , just depending on how sensitive the data is what they can access . You know companies are getting better and better about protecting that , but you'd still be surprised to see that phishing is really like when you look at it . I think you know there's I'm not going to quote any direct stats , but it's . I think Verizon did one a few years ago and it was like anywhere between 80 and 90% of attacks start with phishing . That's like the basis , and then they can do more , they can move around . So that's what I see from social engineering standpoint .
Speaker 1That makes a lot of sense , and I've actually I've actually heard this brought up not just whenever it comes to sending out emails and stuff , but also phishing in a physical sense , where they'll come in , pretend to be other people , get access to on-premises systems and then they'll actually can do some damage that way . So , yeah , the social engineering aspect of that that's really scary , and I think there's some things that me and you can kind of get into as far as how technology is evolving that practice as well . Before we get into that , though , let's go ahead and kind of break down maybe the technical side of the space , and this is probably what people traditionally think of when they think of hacking and cybersecurity . They don't really think of phishing emails , people calling in and spoofing a number . They think of something physical going on in cyberspace , where somebody is going in , they're actually brute forcing into a company , getting their databases , et cetera . What does that look like ?
Speaker 2What are the actual threats that are occurring on the more technical side of the cybersecurity space . Yeah , so I think there's probably three that I see a lot and kind of hear of when I'm researching and looking at things . The first one that I think a lot of people may be aware of the name is going to be ransomware . So this is where someone gets into a system and , from a technical aspect , they can get in through phishing . There's other ways there could be vulnerabilities . There could be something that a company didn't patch . I talked about this in one of my podcasts like if your operating system tells you to patch something , I'd say like 99% , it's because there's a security flaw and so it's hard from an organizational standpoint when they've got servers and they've got all these different endpoints and they've got so many different people using operating systems and they could be not the right version . If you don't have a good path to upgrading , that's how people can get in . So let's just say we'll use that as example . So there's a known vulnerability with Windows operating system . They find a door in , they get in . Now they have access to that organization's complete repository of data . What these bad actors will do is you know what they have , all this customer data . They have social security numbers . They have you know . Let's just use the example of a financial organization . They've got socials , they have income , they have everything you want . Like if you were to apply for a mortgage , right ? How much data do you give for that , right ? You've give W-2s tax information , every possible thing about me when I applied for my mortgages at least . So now they have all this . And let's say it's a larger organization , even if it's small . But let's say it's large and they've got 10,000 , you know records , 20 , a million records , whatever it is . They're going to go to the company and say , hey , let's XYZ company , we have all of your data , we're in your system , and then maybe they'll give an example If you don't pay us a million dollars by this date , we're going to release it to the dark web . We're going to do it , and it happens all the time . I mean , I get alerts from hey , you were in this data breach , you were in that data breach . You're in this data breach , right ? It's not great . Now you have to think about well , how is that really going to impact me as an individual ? You know my data lies on lots of different companies databases . Is it going to wreck my life Maybe , maybe not , but for the brand itself it's a huge hit to the reputation . They oftentimes have to pay financial repercussions outside of the ransomware . Let's say that they do pay the ransomware If they don't . It's kind of a 50-50 . The FBI actually says don't pay the ransomware fee if they say a million dollars . But some companies are so scared that they do , because they're like we can't be taken down . We can't have this data breach .
Speaker 2There's a documentary I don't know if you've watched it on Netflix but the Ashley Madison scandal that happened . I think it was like one of the largest and most recent . It was actually the first , I think , huge data breach where they just took all this sensitive information of people that were cheating on their spouses and they leaked it Right and that was horrible for the company . The company shut down . It was a huge ordeal . People were embarrassed , people lost their jobs . It was crazy . Right Now , companies don't want that to happen .
Speaker 2Ashley Madison was trying to go public at that time , like they wanted to go public . That was like the next step of their journey . They were . They had millions of subscribers . They were in like 39 different countries Crazy , right and famous people were part of that league Clergy members , people that absolutely were expecting anonymity . So just think of all the different types of verticals and the different types of companies . We have financial . We've got dating websites . We've got health providers that's a huge one , all the sensitive health data . So ransomware is kind of like the big one that I see a lot . It happens to almost every massive company . There was a bunch of casinos that happened to not that long ago . Target had a . It happens . It's a very common place today . So that's one that I see we can pause and I can talk about another one . Or you want to ask me questions on this one , or your call .
Speaker 1Well , let's go ahead and kind of keep on leaning into that . I guess you know you'd mentioned that Target got breached before right . I had conversations with some people and I heard I believe it was Target . They ended up getting their point of sale system hacked through an air conditioning unit , if I remember correctly .
Speaker 2Can you talk a little ?
Speaker 1bit about like where these entry points are to get new organizations , cause that seemed pretty , pretty wild when I heard it For sure .
Speaker 2So that one was . It wasn't through the air conditioning system per se , but it was through a third party vendor that was doing the working on their air conditioning . So they spun up a system that was connecting and that was their entry point . So that is another really interesting
Small Business Cybersecurity Practices
Speaker 2thing to think about . Of you know , I kind of mentioned hey , it could be this unpatched system , it could be a third-party vendor , it could be someone got access because they phished you . It could be that someone got in physically right , like they somehow got in the building and were able to get access to machines . There's so many different ways to get access to a organization and there's people's entire jobs are writing security plans on all the different steps , the redundancy , the backup , right , like that's what people do . But even with the most sophisticated security organizations in the world , some of these massive multinational organizations , there's still ways to get in right . It's always the joke with the CISOs that I talk to is it's not if we're going to get hacked , it's when and it's how well did we prepare for these types of breaches , these types of hacks ? Do we have backup and redundancy ?
Speaker 2There was another one . I'll talk and kind of go on . That would be denial of service . So this is where you basically flood a organization's website with so much traffic that it shuts it down . Now this happened to Amazon a few years ago and it shut down Amazon's site completely . You could not buy anything from Amazon . So imagine what Amazon sells in a minute , right , let's call it an hour even . Just think of the millions and millions and millions of dollars that Amazon sells every day . You know , within a minute hour , whatever it is .
Speaker 2Well , this was shit . They shut down their systems for multiple hours . You couldn't buy anything off Amazon . So this denial of service is just they flood the traffic so hardcore that you it just it breaks the website . Now , again , part of that is building redundancy , building a good plan in place , but at the time this wasn't happening a lot . So people were like , oh , amazon can never go down , it's impossible . I mean , think about it If Amazon went down . Think about when , like , a video game server goes down or Netflix goes down , people lose their minds Like it's a huge deal . Oh , I can't believe . I can't play this video game for an hour because their server has crashed , or I can't buy something for an hour , right , so that's an hour because their server has crashed or I can't buy something for an hour , right ? So those ? That's another one that it can affect organizations . It's not as commonplace as ransomware Ransomware is , I think , probably the biggest but denial of service or DDoS , it happens and it's crazy and scary .
Speaker 2And what I think is , you know , probably more detrimental is to the smaller , mid-sized businesses . Right , like Amazon can take that hit for a few hours . They don't want to . It's a huge , you know , loss . But let's say you have a midsize e-commerce business that you don't have the security or the IT infrastructure in place and all of a sudden your system goes down for an hour a day , a week , whatever it is like it could crush your whole business . And so I think , when we look at you know , down market to smaller orgs , these type of threats can be , you know can be basically like , cost your whole business A lot of times .
Speaker 2Hey , a million dollars . Paying ransomware to someone ? You'll pay it , right , $10 million , even these organizations can do it . Paying ransomware to someone ? You'll pay it right , $10 million , even these organizations can do it . But imagine you're a small dentist office with 10 employees and someone says , hey , you need to give me $50,000 , or we're going to shut . $100,000 , we're going to shut down . We're gonna send all your patient records out . Well , they can't , they can't . They don't not that many smaller , midsize dentist offices have that kind of liquid cash laying around . They might scramble and figure it out . They'd probably be so scared they wouldn't know what to do . You know , and so I think that's where you think about small , medium . You know multinational , huge , large corporations . It all affects them a little bit differently in how it can work and you know what the ramifications are .
Speaker 1Well , I would assume most big organizations have teams full of people . They're paying a lot of money to think about this . So let's really quick , talk about these like small to midsize orgs that are growing . They are going to become increasingly highlighted in kind of the business world and as you get the spotlight on you , you start to get more and more people trying to attack you and take your data right .
Speaker 1So we've talked about things like keeping passwords unique to each login . We talked about don't click on emails you don't recognize or if you can help , but just go to websites and log in instead of clicking an email and maybe getting phished . We talked about compartmentalizing data and kind of keeping authorizations limited so employees can't see everything across your entire business . They can only see little pockets . Well , what are some ideas that maybe small and kind of more medium sized businesses should be thinking about as either maybe services they should be paying for or practices they should be instituting for their employees ? What are some like really critical , maybe first steps , baby steps for companies trying to protect themselves in the cybersecurity space ?
Speaker 2I think that's a super hard question because there are so many vendors that exist and there's so many different facets of cybersecurity that it's really hard to pick , like what is worth it , what's not . How do you protect what ? You have to look at your organization , I would say , and , like what's the most important ? Like , what are the assets that if you had them leaked or if they were stolen or what , could you not really live with that ? What would be a huge impact to your business ? I'll try to think of another different example . Like , let's say that you're a construction company . Well , maybe cybersecurity is not so important because you don't have like data that people could steal , or you don't have plans or record , but maybe you have contracts , maybe you have competitive things , maybe you have something that would matter . Well , those are the assets you want to protect , right ? So you want to make sure that for those people that are handling those assets , maybe you have a good you know some type of antivirus software on their machines . You've got some type of endpoint manager that's scanning and looking for . You know any types of threats it could be . You know a crowd strike a z-scale or send a one a trellis , like there's all these different ones , alert logic with vortra . There's all these different ones that they could maybe have and use , and you know there's they . They cost , but something like that would be a really good first step to have , I think , looking at , maybe , email security , right , having some type of email filtering . A lot of times you use Microsoft , there is something included . So I think that's , if you're trying to be cost conscious , right , and you subscribe to some Microsoft licensing , look at what's included first . I'm not saying that Microsoft is the best with every security product . There's a lot out there that are better . But if you're trying to be cost conscious , that's a way to start and then just see the holes and try to plug what you think is the most important .
Speaker 2If you have sensitive data , well then you got to figure out how to protect that data , how to wrap that data . If you're worried about people stealing data like that's what I sell , is data protection right . How are people exfiltrating the data ? And it could be as simple as you know someone sending customer lists to somebody else that they shouldn't , or the ? Hey , I'm going to leave the organization . I'm a sales rep . I'm going to take all this customer data , all these customer emails , all this stuff . Well , is that important to you ? Do you want to lose that ? Well , then maybe you should put some type of data loss prevention software .
Speaker 2If you're worried that your CEO is really a great guy but he's horrible with tech , right , and he clicks on everything and he's kind of gullible and maybe he hasn't been using a computer for his whole life , then maybe you want to put something on his machine that's a little bit more robust from an email security perspective and tune those roles .
Speaker 2Another thing , too , is there are services called like MSSPs , where people will basically manage it , even for small organizations , where they'll take on the burden of the IT . So if you don't have the staff , the resources , the time , whatever it is , there are organizations that will kind of sell you a stack it's almost like basically what I talked about and they'll charge like a per user amount , like , hey , you've got 10 employees , we're gonna charge a 60 bucks an employee per month and we're gonna manage everything . We're to keep it , we're going to create the rules , we're going to , we're going to have all the logins that we're going to take care of it for you and try to keep you as secure as possible . But I think the first step is really figuring out what's important , what you need to protect , because for those small organizations you can't do everything , you can't have every tool . You know people spend millions and millions of dollars on these tools a year and you got to just figure out what makes the most sense for your organization .
Speaker 1That makes sense . So , from a kind of a broad perspective , institute as many just human practices as you can as far as limiting who has access to what data , make sure that they're using unique passwords , kind of . Just give them the basics of cybersecurity protection and then , whenever it comes to the resource you're putting towards it , prioritize what's most important to your organization . So the dental office example patient records that would obviously be kind of a high priority , or utility bills maybe not necessarily as high of a priority , so that makes a lot of sense . Well , let's spend a little bit of time here talking about individuals , though . So we've talked a little bit about fishing , we've talked about using repeat logins , things like that .
Speaker 1Um , what , realistically , are the biggest uh threats out there for the average individual ? I don't know . I'm not talking tom brady , like everybody knows he's a threat for a lot of actors but you know the average person , you know somebody's making 60 000 a year . They got two kids , they're raising them , they're not not super active on social media and politics and any of that . They're just normal people . What threats do they actually face out there ? Like , what are they actually should be concerned of , and are they coming into any bad habits that are putting them more at risk that they're not aware of no-transcript .
Speaker 2Now it's for , like my parents , sage people , right , that's who uses it , and but it's sadly it's become an incredibly predatory place for bad actors , because they know that these folks didn't grow up with technology . They didn't have their first smartphone when they were 10 . Like they , you know they don't know how to use this stuff correctly , and so it's predatory . And so they're getting phishing links . They're getting invites from friends on Facebook . I think Facebook is a huge breeding ground for cyber crime . There's lots of articles about it . There's lots of data Like it's not great , but even just getting like . Like . There's this sad story . Like one of my mom's friends she doesn't have a lot of money , she's like on a fixed income . She used her debit card for something , so it wasn't protected , and someone's like your computer's infected and they they basically fished her with an email . She clicked on the link , they actually called her , they walked her through stuff and then she ended up spending like $400 to fix her computer . Well , she wasn't on a credit card , so like , well , that was goods and services . Like you , don't get it back . She was , she used her debit card and she was out of that money , right ?
Speaker 2So I think it goes back to what you said is really trying to be as smart as you possibly can . You know , if you think someone's asking for money , maybe try to vet it , right . I think that's another one that I see . Like there's like GoFundMe or there's someone's raising money for a charity , like , try to call that person or direct message that person . Do a little research before you put any banking , any financial information . But I think it just depends on , like you know we kind of talked about this with small or medium sized business , like what's important to the user . If you , if you're using credit card , call your credit card company and say it's fake , most credit cards are insured , they'll back you up . Like you know , I had my wallet stolen in hawaii . The guy went to the apple store and bought a four thousand dollar computer . Mx refunded the money within like 20 minutes . You know like . But not every bank is like that , not every , uh , you know , credit card company is like that , but most of the time it is .
Speaker 2So it's really like , what are you doing that you're worried about ? Um , I use as examples my dad . Like he's marine was a prison guard , like very cautious . Like he deletes all his text messages . He , you know he uses a vpn for everything . I'm like dead for what , dad ? Like what are you doing that anyone would care about ? Like you're not a target ? Uh , if someone steals your credit card information , that's amer . But you have credit cards that would reverse it .
Speaker 2What you're going to find pictures of you know you at the lake , your grandkids , me like you don't have anything weird on your device , you're pretty straightforward with what you do on your computer , like you don't have to be worried . But he does that as just like extra precautions . So that would be the thing I say like if people are really worried about stuff , you can get antivirus software for your mobile devices . You can get antivirus for your computer . You can get things like I think I referenced one before like Malwarebytes is a pretty affordable , like just consumer product where you can throw it on your devices . If you really are worried , you can use a VPN , but just be careful because it can , depending on where it's pointing , it can slow your speed of your device down . So just those are little things to think about , but I don't think there's as much to worry about as an individual unless you're doing like sketchy stuff . Then yeah , maybe , but you know , just again . It's the same kind of
Protecting Personal Information Online
Speaker 2stuff .
Speaker 2Make sure you're being aware , make sure you're knowing what you're clicking on . If someone's asking for money , double check it right . Like make sure there are those wire fraud scams . And the people do try to get your money . And people still fall for it . Crazily , my neighbor said that her law firm sent somebody like a hundred thousand dollars . That was completely wrong wire fraud , and so it happens all the time . But I just think it's like take that extra few seconds to think about like oh , this cause seems really great . I want to donate some money , but is this person who they say they are ? Did their account get hacked ? Send them a note , send them a text , ask them if you can Venmo them instead , or send them a check or something you know . Like they're just ways , I think , anything financial . It's just take that extra second to think like is this legitimate ? But I think as an individual , there's not a ton .
Speaker 2I worry a little bit about AI and like what you share in social media stuff . I talked about that on one of my podcasts of like I personally don't like to put my kids' pictures on the internet anymore because I want to have as clean of a digital footprint , as they can be , so that they can make their own educated choices when they're of age to post their own things on the internet , because those things can be manipulated , they can haunt people . I mean , there's deep fakes that come out . There's AI stuff that's getting better and better and scarier and scarier and I think it's just like well , what you share is it's public , right , nothing is free . Anytime you have anything on any website , it's out there , it's free , like your information is shared .
Speaker 2So just knowing that , I think , is the one thing I would just throw as a caveat , like , just if you don't think you want anyone seeing that picture and holding it and having it stored somewhere , then don't share it or make your profile private . Be really careful on who you add as a friend . Be careful on what you're doing . I have cut back my social media usage like almost completely . I buy surfboards on Facebook Marketplace , that's about it , but I don't share any pictures of my kids , what I'm doing , any family , just because , like the people that I want to have that I'll send them those photos grandma and grandpa , my friends , um , but I don't need the world to see , you know , my camping trip that I just took . It's not important so .
Speaker 1Yeah , that makes a lot of sense . And , um , I've I've largely followed that path as well because , uh , even though I don't have the awareness you do for being in the cybersecurity space , I still felt the instincts of some of that kind of creeping in , or I knew technology's changing quite a bit and I'm not sure what I'm gonna have control over and what I won't . And you'd mentioned using things like using credit cards for online purchases so you can cancel those purchases or kind of dispute them . You'd mentioned VPNs not usually being necessary for most people . You'd mentioned VPNs not usually being necessary for most people . You'd kind of talked about using anti-malware software that you can get access to . I'm curious what your thoughts are on password managers . And then there's that old discussion point do Macs need antivirus software or are they good ? What are your thoughts on those kind of two things right there , Just to touch on the last consumer things I'm curious about , yeah , so I think that the password
Future Cybersecurity Threats and Defense
Speaker 1managers aren't .
Speaker 2They don't hurt and I think they're affordable . So if it doesn't break the bank and it doesn't hurt you , um , it's worth it , you know , and it's not going to slow down your productivity , it's not going to make things harder for you . If you can get something for , let's say , a couple bucks a month or , you know , I always , I always try to gauge it against a Starbucks Like what does one Starbucks drink cost you a month ? Like you know , I don't know , the average Starbucks drink is probably like 650 now . So if you can get something in that range , it's like that's worth it to me . I know when you look at subscriptions and they stack up and you're like I don't need this , but that might be worth it if it just makes life easier and it varies your passwords .
Speaker 2I think some devices now do a really good job about recommending very complex passwords . I know on I personally use Apple devices and I'll often I'll say do you want to use a strong password ? It's multi-character , it's , you know , like cryptographic . It's hard to no one's going to really hack that password . It's possible , right to no one's going to really hack that password . It's possible , right . But very , very , very unlikely . Someone was going to put the work in to hack my password to like my Alaska Airlines app or something like that . But Apple will recommend that for your passwords and then it will store it in its key chain , which to me it's like that's sufficient for me . I had some password managers at one point and I just let them lapse because I'm like , look , this does what it needs . I create enough .
Speaker 2You know complex passwords myself , but as long as you're doing them smart , you're using numbers , you're using symbols , you're varying them , like , that's pretty sufficient for most things . And especially , you're not high profile , you're not . You know somebody that ? That is now from the Mac perspective . Apple products still get hacked Like they do . It's not as commonplace , but they still can get hacked .
Speaker 2My mom is a prime example . She uses a Mac . Her Mac has been hacked before . I have no idea how . I think it's Facebook . She says no , she's , I don't click on anything . I'm like , mom , let's , let's really try to like , let's do some analysis , like the last week , of what you did . But I think it's less likely , but it's still possible .
Speaker 2So make sure you do . When you look at you know , I challenge all listeners the next time if you use an Apple device , when you get your next update , try to read of what it's actually updating . A lot of times it's bug fixes and security problems and you can look at their release notes of what they're actually fixing . A lot of times those updates are for security fixes . So make sure you keep heaven forbid you have like three or four older generations and you don't update your operating system . Update your operating system .
Speaker 2I had a call to Remakecom and he had like three years old of operating systems due to space constraints on his phone and I'm like , bro , you have to update your operating system , you gotta do . He's like I will . I'm gonna get a new phone soon , but I can't touch it now . It works just in a certain way . Um , so yeah , that to me is like just make sure you do those things . It's the simple steps and if you're really worried , like I mentioned , there are consumer grade antivirus for Mac , malware protection , that kind of stuff . That it's pretty affordable . You can get a yearly subscription probably for like 40 bucks and then you're going to be at least have a little bit more peace of mind . It's not perfect , but it's better than nothing .
Speaker 1You know , when you said that about the space , it reminded me of my wife . She had a MacBook Air that she didn't update for like a year and I finally was like , why have you not updated this ? And she had ran out of space on her computer and hadn't deleted anything , so I had to just walk out of the house and go drive somewhere after that . Yeah , yeah , I'm sure that's a way more common problem than we like to think it is . Something else is you know , whenever it comes to Mac , they're not unhackable , but you know , governments and businesses tend to use windows .
Speaker 1That's a bigger target of opportunity for hackers , so that's probably why we see the propensity we do . So I guess the last thing I'd like you to touch on is um , what do you see as maybe the future threats ? You're kind of speculating about AI and that's how , why you're kind of limiting your social media presence , things like that how do you think technology is going to change both the threat and the defense landscape ? So whenever it comes to cybersecurity because I feel like a decade from now , things are going to look so much different than they do today , just because of how quickly technology seems to be changing lately- yeah .
Speaker 2So I think that with AI , the fear I have from a threat perspective is just that you can automate things . So a lot of times today it's more manual with your attacking , but you can spread much a wider net with automation and with AI you can also have people . You can have AI like write you hacking programs , and there's just way more you can do . Like write you hacking programs and you there . There's just
AI Impact on Cybersecurity
Speaker 2way more you can do . I talked about this . One of my podcasts is the language that's used . It used to be when you got a phishing email . It was so poorly written and ridiculous that you could spot it from a mile . You're like all right , nigerian prince , I'm not gonna give you my gold cow and this and that like it . Would there just be . They were so ridiculous to me . I still get something like that , which I laugh . But with ai you plug it in a chat gpt and you say write an email in this tone to dean , like and here's dean's linkedin profile try to . You know there's a ways you can craft . I mean , I use it for business , right , it's , it's powerful , but there's ways you can . To me , that's this one of the scariest . Like what I see , like on the cut , like right now happening , is just because of AI you can voice the way that you write , the grammar , everything can be so sharp , and that takes that margin of error out from the hackers . They can just automate it and say , hey , write an email , boom done , it's perfect , it matches exactly how that person would be . And then for impersonation too , like if you have emails from somebody , you can just kind of create their . You can use those to create somebody's voice tone , intonation and how they would write . Um , there's actually this really interesting like sales tool that I heard of I think it's called air where there's actually an ai system . It's all like it's completely AI but it will do like a sales outreach call and that was insane because it like uses your voice even and like kind of auto generates it . So to me that's like a scary thing that AI can do that . I see right away Now where it's going to go . Who knows ?
Speaker 2Now , on the flip side , from a protection standpoint , there's a lot of really cool things you can do with ai as well . Like the automation to me is like huge if you can have ai plugged in to look at okay , this type , this , this is coming in . We know like we have all these playbooks , all this threat intel this is what we kind of know about these types of threats , how they look , how they act , and then have automated playbooks to then do remediation , to stop , to make changes . That to me is huge . I mean it could completely cut down head count just time to , you know , stopping threats . And that's huge because a lot of times these things need to be stopped so fast that if you're waiting on a human and that human is out to lunch or the human is looking at another thing or threat , it's like stuff can kind of get in .
Speaker 2So if you have this kind of layer of protection with automation set up , where they're looking at and analyzing every bit of traffic , it's just going to take away tons of headache for organizations and it will stop things faster because you can really build in and plug in really , really powerful pieces of threat intel into your security operations center , where it's just going to make things so much easier . So I think it's like a double-edged sword right , there's good and there's bad . I don't think like run away from AI , but just know that it's coming , it's not going anywhere , it's going to get scarier and better and cooler and whatever . But it's just like having that healthy relationship . It's coming , it's not going anywhere , it's going to get scarier and better and cooler and you know whatever . But it's just like having that healthy relationship to know when to use it , when to not how to protect against it when it's really your ally and when it can maybe be your enemy .
Speaker 1Well , this is a fantastic podcast , joey , I really appreciate your time and just kind of breaking down the cybersecurity landscape as it currently stands for all our listeners . As it currently stands for all our listeners . That way , if they're in a position where they can protect their companies , they can do that . Or if they're just individuals living their lives and they want to have a little bit less stress about what's out there and what kind of threats they're facing , they probably have a little bit more information to make decisions with now because of this podcast . So I appreciate your time , everybody . If you enjoyed this .
Speaker 1If you like listening to Joey break down cybersecurity topics , check out his podcast , which is Cybersecurity for your Mom . It's on Spotify , you can go check it out . It's fantastic and it really gives you an insight , in a way that you can understand , into what's happening right now in the world of cybersecurity . Anybody else out there , if you've been listening and you feel like , hey , I've got something to contribute , people should learn about this subject , or I have some insights into human behavior that I'd like to bring on the show , please reach out to me at DNR , at sales gymcom . I'd love to hear from you and get you on the show and for everybody else out there . Hope you're having a great day and hope you enjoyed the podcast . We'll see you next time .