WEBVTT

NOTE
This file was generated by Descript 

00:00:04.114 --> 00:00:06.334
Welcome to the Cyber Traps podcast.

00:00:06.364 --> 00:00:07.444
This is Jethro Jones.

00:00:07.444 --> 00:00:21.814
I am on location for this episode at the Inch 360 Conference and these are panels from that conference, uh, that I think are just really interesting and I hope you enjoy them.

00:00:22.204 --> 00:00:28.414
For more information about the this organization, go to inch three sixty.org.

00:00:28.793 --> 00:00:39.933
Heather Stratford: Okay, so AI and phishing, some of you in this audience are practitioners and you're going to be, what can you teach me?

00:00:40.683 --> 00:00:50.373
But what I'm trying to do with this talk is bring everybody up to a base level of knowledge because the environment is moving so quickly.

00:00:50.573 --> 00:00:54.533
What we've seen with the fast adoption with AI has been incredible.

00:00:54.773 --> 00:01:06.403
Some of you might know this, but there were are, there are a hundred million monthly active users by chat GBT in just the first two months that it was released.

00:01:06.763 --> 00:01:07.723
Two months.

00:01:07.923 --> 00:01:25.083
78% of organizations report that they're actively, regularly using AI in their business, and 35% of the US market says they're using AI on a daily basis.

00:01:25.713 --> 00:01:32.163
The adoption of ai, our world has never seen something impact that fast.

00:01:32.363 --> 00:01:33.563
Now, here's the problem.

00:01:34.343 --> 00:01:37.373
It completely affects cybersecurity.

00:01:38.033 --> 00:01:45.293
So we're gonna go through just a little bit of level setting on terminology and what we're talking about when we're talking about ai.

00:01:45.713 --> 00:01:50.063
So AI covers a lot of different areas, right?

00:01:50.153 --> 00:01:53.663
And all of you're saying, yeah, well what about this, or what about that?

00:01:53.903 --> 00:01:59.273
So we're gonna be talking about these three main machine learning.

00:01:59.663 --> 00:02:04.673
We're gonna talk about natural language processing and also vision.

00:02:05.183 --> 00:02:11.123
These three areas are impacting cybersecurity in a defensive way specifically.

00:02:11.123 --> 00:02:17.363
And we're gonna talk about how, so when we talk about supervised machine learning, this is level setting.

00:02:17.363 --> 00:02:18.683
Everybody remember?

00:02:18.923 --> 00:02:20.423
So that means.

00:02:20.623 --> 00:02:26.883
You can see in the diagram here you've got cats, and then down below the machine is learning.

00:02:27.273 --> 00:02:30.333
Which one of those pictures is a cat, right?

00:02:30.363 --> 00:02:31.383
This is a cat.

00:02:31.443 --> 00:02:32.763
This is not a cat.

00:02:33.183 --> 00:02:35.423
It is learning what to see.

00:02:36.203 --> 00:02:36.953
Machine learning.

00:02:36.953 --> 00:02:44.813
We do all the time, and we've done this for 10, 20 years when we type in, yeah, that's a road sign.

00:02:44.843 --> 00:02:45.683
Yes.

00:02:45.983 --> 00:02:48.113
You know that's a stairwell.

00:02:48.143 --> 00:02:50.213
We do this frequently.

00:02:50.483 --> 00:02:52.973
This is an example of that machine learning.

00:02:53.173 --> 00:02:58.033
Unsupervised machine learning is where it's starting to put patterns together on its own.

00:02:58.483 --> 00:03:04.573
So taking all those animal pictures, running it through and saying, huh, I think these are all birds.

00:03:04.933 --> 00:03:07.543
Or saying, I think these are all cats.

00:03:07.633 --> 00:03:09.133
I think these are all dogs.

00:03:09.343 --> 00:03:11.803
This is unsupervised machine learning.

00:03:12.043 --> 00:03:21.843
Now, we all do this every single day, I would suspect, because we're all on many forms of entertainment.

00:03:22.533 --> 00:03:25.683
How many of you are have a Netflix account?

00:03:25.743 --> 00:03:26.583
Raise your hands.

00:03:26.783 --> 00:03:27.083
Okay.

00:03:27.083 --> 00:03:34.493
How many of you have seen the popup that says, we recommend based on the show you just watched, you would like this show too?

00:03:35.003 --> 00:03:35.813
Yes.

00:03:36.023 --> 00:03:36.743
Raise your hand.

00:03:36.863 --> 00:03:40.553
You've seen that and you're like, well, I've never heard of that one, but I think I'll try it.

00:03:41.243 --> 00:03:46.463
Okay, so this is unsupervised machine learning, and we're doing it every single day.

00:03:46.663 --> 00:03:50.293
Here's another place that we're doing unsupervised machine learning.

00:03:50.743 --> 00:03:54.433
We all have, many of us have Amazon accounts.

00:03:54.463 --> 00:03:57.613
Raise your hand if you have an Amazon account.

00:03:57.813 --> 00:03:58.293
Okay.

00:03:58.293 --> 00:04:01.083
With your Amazon account, you buy something.

00:04:01.143 --> 00:04:06.213
What pops up, down below I'm gonna do some arm exercises.

00:04:06.213 --> 00:04:12.213
I'm gonna buy little weights and you see down below, oh, would you like a yoga mat to go with that?

00:04:12.663 --> 00:04:24.393
It's telling me what it thinks I want to see, and it's unsupervised machine learning, but it's taking everybody that's on Amazon and correlating that data.

00:04:24.593 --> 00:04:26.633
Okay, so now we're gonna go into deep learning.

00:04:26.833 --> 00:04:28.063
Facial recognition.

00:04:28.123 --> 00:04:32.723
This is an area that's been exploding over the last 10 to 15 years.

00:04:32.933 --> 00:04:36.653
And some of us will say, yeah, well, I'm not really in, in the database.

00:04:36.983 --> 00:04:38.183
Yep, we all are.

00:04:38.513 --> 00:04:41.483
We're all being monitored whether we like it or not.

00:04:41.693 --> 00:04:43.373
Now, some of us have volunteered for that.

00:04:43.673 --> 00:04:47.723
How many of you have a TSA or a clear account to get through the airport?

00:04:47.923 --> 00:04:49.483
What do they do when you walk through?

00:04:49.683 --> 00:04:51.093
They scan your face.

00:04:51.293 --> 00:04:52.373
How can they do that?

00:04:52.673 --> 00:04:54.473
Because they have facial recognition.

00:04:54.673 --> 00:04:58.783
So we are moving more and more to this.

00:04:58.783 --> 00:05:06.463
Now there are some countries out there that are doing this on a massive LE level, and I'm not going to name those countries, but we all know who they are.

00:05:07.093 --> 00:05:09.973
But we're all moving this direction.

00:05:10.303 --> 00:05:15.553
So here's another way that we are training the algorithms to find people.

00:05:15.733 --> 00:05:21.913
How many of you have taken a photo, put it on social media and tagged another person?

00:05:22.063 --> 00:05:22.783
Raise your hand.

00:05:22.983 --> 00:05:28.753
Might be at a reunion, might be out with a boyfriend or a girlfriend, right?

00:05:28.813 --> 00:05:29.683
You're tagging.

00:05:29.713 --> 00:05:33.943
What you're doing is you're training that deep learning of that face.

00:05:34.143 --> 00:05:37.593
Okay, so now we're moving to the language models.

00:05:37.793 --> 00:05:44.203
I'm gonna, I'm gonna see now there's a lot more out there, but these are some of the big ones that people regularly use.

00:05:44.203 --> 00:05:46.333
So I'm gonna see what's your flavor.

00:05:46.513 --> 00:05:46.933
Okay.

00:05:47.323 --> 00:05:54.133
If you were to say which one you generally use, who in here uses grok more frequently?

00:05:54.333 --> 00:05:55.863
Who in here uses chat?

00:05:55.863 --> 00:05:56.763
GPT more?

00:05:56.963 --> 00:05:57.863
That's interesting.

00:05:58.103 --> 00:05:58.403
Okay.

00:05:58.403 --> 00:05:59.813
Who uses Claude?

00:06:00.013 --> 00:06:00.853
Okay, interesting.

00:06:00.853 --> 00:06:07.213
So in this sample segment, cha GPT just won out as the most frequently used.

00:06:07.413 --> 00:06:10.473
Now you're getting reasoning capabilities here.

00:06:10.863 --> 00:06:12.033
Here's the issue.

00:06:12.233 --> 00:06:15.973
Anyone can use ai, anyone, right?

00:06:16.363 --> 00:06:22.843
So 900 million active AI users globally.

00:06:23.473 --> 00:06:24.253
Think about that.

00:06:24.553 --> 00:06:28.683
900 million and it's growing exponentially.

00:06:28.783 --> 00:06:30.973
It will be double that in a year.

00:06:31.173 --> 00:06:32.253
So here's the problem.

00:06:32.453 --> 00:06:36.113
Business, government, personal activity.

00:06:36.313 --> 00:06:48.273
I am gonna put us all on the light side of the coin, the white hackers, the defenders, the people who work in the, in all of these businesses of sponsors that are surrounding here.

00:06:48.333 --> 00:06:56.103
I'm looking at Enable, I'm looking at Google Cloud, STCU, drip seven, Palo Alto, ICCU.

00:06:56.493 --> 00:07:01.633
We're all defending, we're all trying to be on the light side of this.

00:07:02.053 --> 00:07:02.533
Okay.

00:07:02.863 --> 00:07:11.943
But we all know there's the dark side and that's not a star Wars term, it's just, it's the criminal activity side.

00:07:12.143 --> 00:07:16.333
And they're using AI too, and they're using it really well.

00:07:16.533 --> 00:07:20.613
So the question is, who's gonna win that arms race?

00:07:20.813 --> 00:07:24.983
So if you were a criminal, how would you use ai?

00:07:25.718 --> 00:07:26.348
Right.

00:07:26.408 --> 00:07:27.758
Let's put on the other hat.

00:07:28.478 --> 00:07:30.398
You know, how you're using it for your business.

00:07:30.398 --> 00:07:32.048
You know how you're using it personally.

00:07:32.498 --> 00:07:36.158
If you were a criminal, I see a smirk down here, right?

00:07:36.218 --> 00:07:37.448
Like, what would you do?

00:07:37.808 --> 00:07:39.038
How would you use it?

00:07:39.238 --> 00:07:49.078
So let's think about these areas very specifically, unsupervised machine learning, where you're talking about Netflix telling you what to watch.

00:07:49.528 --> 00:07:50.728
They're tracking all that.

00:07:50.928 --> 00:07:51.768
They're tracking.

00:07:51.798 --> 00:07:58.048
Hey, this person probably watches breaking Bad, or this person loves rom-coms deep learning.

00:07:58.213 --> 00:07:59.773
They're tagging your face.

00:08:00.523 --> 00:08:09.263
How many of you have had put your face in where you could be a superwoman or Superman or fun pictures?

00:08:09.413 --> 00:08:11.123
Any, how many have tried that?

00:08:11.323 --> 00:08:17.193
Most cyber people are like, hell no, I don't wanna give them my face, but it's already out there.

00:08:17.393 --> 00:08:20.483
Okay, so let's look at the supervised machine learning, right?

00:08:20.563 --> 00:08:21.403
That's the cat.

00:08:21.463 --> 00:08:25.623
That's the, it's already learned how to identify certain things.

00:08:25.823 --> 00:08:29.243
So when you take it on the dark side, what are they doing?

00:08:29.423 --> 00:08:34.963
They're using all of these things together to target the mark better.

00:08:35.163 --> 00:08:36.213
Now, who's the mark?

00:08:36.413 --> 00:08:39.173
If it's personal, the mark is you.

00:08:39.373 --> 00:08:42.043
It could be your elderly parents.

00:08:42.243 --> 00:08:46.413
It could be your kid who's only 12 or eight.

00:08:46.613 --> 00:08:50.513
The mark on a personal note is people, just regular people.

00:08:50.713 --> 00:08:52.543
Who's the mark in business?

00:08:53.128 --> 00:08:59.008
It used to be just the financial institutions and maybe bigger government.

00:08:59.208 --> 00:09:00.468
It's anybody.

00:09:00.468 --> 00:09:02.718
Now, the mark is anybody.

00:09:02.918 --> 00:09:06.668
I get calls from law firms.

00:09:06.868 --> 00:09:12.488
This one call I got, he goes, so what happens if I think somebody's in my system?

00:09:13.028 --> 00:09:14.738
I'm like, okay, what's happened?

00:09:14.768 --> 00:09:27.308
Well, I transferred money at the end of a divorce case, $178,000 transferred to the wife and it didn't arrive.

00:09:27.508 --> 00:09:29.368
I'm like, okay, how long has it been?

00:09:29.638 --> 00:09:31.528
Where's your financial institutions?

00:09:31.528 --> 00:09:31.828
Right?

00:09:31.828 --> 00:09:32.488
The whole thing.

00:09:33.118 --> 00:09:33.778
Lost it.

00:09:34.228 --> 00:09:34.918
It was gone.

00:09:35.218 --> 00:09:36.028
Completely gone.

00:09:36.088 --> 00:09:42.988
$178,000. Small business office of five people, right?

00:09:43.188 --> 00:09:47.568
It's the small businesses that are being crushed.

00:09:47.768 --> 00:09:49.298
So who's the mark?

00:09:49.498 --> 00:09:50.878
Everybody's the mark.

00:09:51.273 --> 00:10:01.658
And it doesn't matter if you're an oil and gas changing, if you're a small credit union or if you're a law firm, it doesn't matter because you're transferring money.

00:10:02.108 --> 00:10:05.798
You have personal data that can get them into other things.

00:10:05.998 --> 00:10:08.408
So let's talk about the MGM breach.

00:10:08.608 --> 00:10:12.498
Raise of hands, how many of you researched, read about the MGM breach?

00:10:12.698 --> 00:10:14.678
It was pretty significant, right?

00:10:14.858 --> 00:10:16.808
But certainly not the only one out there.

00:10:17.008 --> 00:10:17.938
But what happened?

00:10:18.508 --> 00:10:23.698
It was a combination of social engineering impersonating an employee.

00:10:23.878 --> 00:10:28.468
So for those of you who don't know what happened, basically they did research.

00:10:28.528 --> 00:10:32.188
They said, okay, who are the employees?

00:10:32.388 --> 00:10:42.963
And they probably tested and dug some, and really dug into a couple of employees that are, were on a certain level or layer in the organization.

00:10:43.743 --> 00:10:45.333
And then they chose one person.

00:10:45.533 --> 00:10:51.473
And then they took that one person and they said, okay, let's see if we can impersonate this person.

00:10:51.673 --> 00:10:58.963
Voice mannerisms, knowing who their supervisor was, who might be on their team.

00:10:59.163 --> 00:11:00.573
And then they called the help desk.

00:11:00.773 --> 00:11:04.783
And they said, oh I, and I don't know what they said exactly.

00:11:04.813 --> 00:11:11.923
We don't know that, but I can guess, Hey, I'm locked outta my system and hey, this doesn't quite work.

00:11:11.923 --> 00:11:16.333
And hey, I am, I'm on the team with so and so, can you reset it?

00:11:16.333 --> 00:11:17.683
Let me in, blah, blah, blah.

00:11:18.283 --> 00:11:18.763
Right?

00:11:18.963 --> 00:11:19.773
So what happened?

00:11:19.973 --> 00:11:21.443
It goes through, right?

00:11:21.643 --> 00:11:23.593
Massive, massive.

00:11:23.863 --> 00:11:28.623
So the ransomware attack, they choose it has ramifications.

00:11:28.673 --> 00:11:35.753
What I wanna focus on is it's a coordinated effort and it was not just one thing that made it happen.

00:11:36.083 --> 00:11:42.173
So here you see voice impersonation as well as a lot of social engineering.

00:11:42.373 --> 00:11:44.593
So this one you've probably heard about also.

00:11:44.713 --> 00:11:48.193
So this happened in Asia, February of 2024.

00:11:48.703 --> 00:12:01.523
It hit the cybersecurity news feeds really fast because a finance worker got on a Zoom call with their CFO, their coworkers, and it was a full zoom call.

00:12:01.723 --> 00:12:13.063
And the person said, and in that meeting they said, Hey, we need you to transfer $25 million to this other account.

00:12:13.263 --> 00:12:16.863
Now the person said, huh, that doesn't seem right.

00:12:17.193 --> 00:12:18.903
Like, should I really be doing that?

00:12:19.443 --> 00:12:22.743
But they saw their boss.

00:12:22.923 --> 00:12:27.923
They heard their boss on a zoom call, it's called a deep fake.

00:12:28.123 --> 00:12:32.143
And that deep fake, the person says, well, I don't wanna lose my job.

00:12:32.878 --> 00:12:33.628
I see him.

00:12:33.688 --> 00:12:34.558
I hear him.

00:12:34.708 --> 00:12:34.888
Yeah.

00:12:34.888 --> 00:12:37.678
It doesn't quite fit, but I better do it.

00:12:37.948 --> 00:12:38.998
So what happened?

00:12:39.748 --> 00:12:45.498
He transferred the $25 million that transferred to the criminals to the other side.

00:12:45.698 --> 00:12:48.098
So deep fakes are getting better.

00:12:48.298 --> 00:12:49.258
We all know that.

00:12:49.588 --> 00:12:54.038
We see things in the media where it hits the rich and the famous.

00:12:54.398 --> 00:12:55.628
Oh, is that real?

00:12:55.928 --> 00:12:57.368
Oh, it's clickbait, right?

00:12:57.368 --> 00:12:59.738
Like we see this and we're like, that can't be real.

00:12:59.768 --> 00:13:01.028
Oh, it is real, right?

00:13:01.628 --> 00:13:03.158
Lot of deep fakes.

00:13:03.248 --> 00:13:06.338
But how does it impact cybersecurity?

00:13:06.538 --> 00:13:15.108
Because they can deep fake the chain of command and they can deep fake the people that are making decisions.

00:13:15.308 --> 00:13:23.048
So deep fake losses are expected to hit $40 billion by 2027.

00:13:23.438 --> 00:13:31.658
This is one of the fastest growing areas because it kind of brings together all of AI together.

00:13:31.858 --> 00:13:34.338
And I love this picture here.

00:13:34.428 --> 00:13:37.218
'cause I look at it and I'm like, yeah, they're twins, right?

00:13:37.218 --> 00:13:38.058
Same person.

00:13:38.058 --> 00:13:39.588
And I'm like, yep, same person.

00:13:39.618 --> 00:13:40.758
Not the same person.

00:13:40.788 --> 00:13:41.778
It's a deep fake.

00:13:41.978 --> 00:13:45.578
Okay, so here's the million dollar question.

00:13:45.778 --> 00:13:50.278
Could your employees spot or report a deepfake?

00:13:50.478 --> 00:13:52.158
Okay, I'm gonna pick on Todd in the back.

00:13:52.158 --> 00:13:53.178
'cause he's shaking his head.

00:13:53.178 --> 00:13:56.748
He's like, no, my people would never spot the deepfake.

00:13:56.778 --> 00:13:57.108
Right?

00:13:57.258 --> 00:13:59.688
Like, do they even know what to look for?

00:14:00.198 --> 00:14:00.738
Right?

00:14:00.888 --> 00:14:05.508
So think about your employees, think about your organization.

00:14:05.708 --> 00:14:07.148
Can they spot this?

00:14:07.238 --> 00:14:10.208
Do they even know this is on the radar and it could happen?

00:14:10.408 --> 00:14:17.278
So let's go through four different areas that really look at what people are pulling.

00:14:17.548 --> 00:14:18.058
Okay?

00:14:18.258 --> 00:14:22.368
Basic personal data is in general breaches.

00:14:23.028 --> 00:14:29.088
We know all about these, the Equifax, the TransUnion credit report, right?

00:14:29.418 --> 00:14:34.928
All these general Gmail users, Salesforce, I mean, you name it.

00:14:34.958 --> 00:14:39.638
There are a lot of breaches that they can pull and extract data from.

00:14:40.208 --> 00:14:47.948
And this, what they use it for is they personalize the attack and the emails, they personalize everything.

00:14:47.948 --> 00:14:55.228
So basic personal data makes, combined with AI, makes the attack personalized.

00:14:55.768 --> 00:14:57.808
Okay, now let's go to professional information.

00:14:58.008 --> 00:15:01.938
You can do an osint scrape and get a lot of data.

00:15:02.118 --> 00:15:03.498
Where are you pulling it from?

00:15:04.098 --> 00:15:09.948
LinkedIn, social media posts, corporate breaches.

00:15:10.278 --> 00:15:20.628
Most of the people in this room are findable and the this information is out there, so job title, position work history.

00:15:21.138 --> 00:15:26.118
If I have a black hat on, I'm like, oh, I know who your boss is.

00:15:26.178 --> 00:15:27.918
I know who's on your team.

00:15:28.118 --> 00:15:29.228
Okay, medical records.

00:15:29.228 --> 00:15:30.638
Why is this important?

00:15:30.908 --> 00:15:31.298
Right?

00:15:31.688 --> 00:15:33.578
What does it help us understand?

00:15:34.148 --> 00:15:39.848
Also, an osint scrape with LinkedIn, social media, corporate breaches.

00:15:40.268 --> 00:15:46.238
This helps spearfishing and it especially helps with the senior executive level.

00:15:46.688 --> 00:15:48.608
Now, I'm gonna make a big assumption.

00:15:48.808 --> 00:15:53.578
I'm gonna assume that the leadership team in your organization.

00:15:53.778 --> 00:15:55.608
Are over 50 years old.

00:15:55.808 --> 00:15:56.798
Is that accurate?

00:15:56.998 --> 00:15:57.448
Okay.

00:15:57.928 --> 00:15:59.398
Slightly older.

00:16:00.158 --> 00:16:02.408
They're gonna be spearfished as an executive.

00:16:02.608 --> 00:16:04.378
They're gonna have wailing attacks.

00:16:05.068 --> 00:16:08.968
They're gonna be, IM, they're gonna impersonate colleagues to get through.

00:16:09.168 --> 00:16:12.528
And then the final area is just social media in general.

00:16:12.728 --> 00:16:20.738
Your preferences, your likes, your images, your family's images, it is all out there.

00:16:20.938 --> 00:16:27.178
Spearfishing for the executives is probably the biggest one, but also your chief financial officer.

00:16:27.328 --> 00:16:34.578
So anybody in the accounting team, your training, your impact for that accounting team.

00:16:34.608 --> 00:16:41.478
You need to s. Have them in a special group and say, Hey, this is how the attack would come through.

00:16:41.748 --> 00:16:47.478
Hey, if somebody says, I'm a vendor, we changed our bank account information.

00:16:47.538 --> 00:16:49.068
Here's our new bank account.

00:16:49.188 --> 00:16:51.648
Like red flag, how do you verify?

00:16:51.848 --> 00:17:04.078
Okay, so we're pulling together all of these areas, the personal information, the social media information, your work and LinkedIn information, as well as your medical records.

00:17:04.288 --> 00:17:07.438
They have a pretty good idea of who you are.

00:17:07.638 --> 00:17:10.638
So what do criminals do with that?

00:17:11.268 --> 00:17:16.248
Now, this is not a talk about how to become a black hat, right?

00:17:16.448 --> 00:17:21.558
But these are four different very readable resources that are out there.

00:17:22.113 --> 00:17:23.973
Breach forum, right?

00:17:24.273 --> 00:17:25.143
Buying and selling.

00:17:25.143 --> 00:17:28.713
Stolen information, selling hacking tools.

00:17:29.223 --> 00:17:39.773
Very accessible, crack pro cracking, spamming, carding, hacking tools, resources, easy to get ramp.

00:17:39.953 --> 00:17:46.793
The Russian anonymous marketplace sells ransomware to anybody who wants to purchase it.

00:17:46.993 --> 00:17:50.503
Noel buying and selling stolen credentials.

00:17:50.873 --> 00:17:58.163
I put this in here because I think it's really valuable to understand how many people are going to these resources.

00:17:58.673 --> 00:18:13.473
No, says they have 5 million users and they earn over $1 million yearly in revenue by selling things that attack people defending.

00:18:13.673 --> 00:18:15.563
These resources are out there now.

00:18:15.763 --> 00:18:18.943
In my mind, I'm like, okay, so I'm a black hat.

00:18:18.943 --> 00:18:20.173
I'm gonna go get my resources.

00:18:20.173 --> 00:18:22.603
Like, it's gotta, it's gotta be like hard.

00:18:22.723 --> 00:18:23.833
It's gotta be expensive.

00:18:23.833 --> 00:18:24.883
It's gotta be hard.

00:18:25.213 --> 00:18:26.203
It is not.

00:18:26.403 --> 00:18:32.123
So AI as a service is actually a new coined term.

00:18:32.243 --> 00:18:35.723
So AI as a service for phishing.

00:18:36.113 --> 00:18:44.903
Anybody with a laptop and some scruples, I would venture to guess every single one of the eastern kids up here.

00:18:44.963 --> 00:18:46.823
And I call them kids 'cause they're younger than me.

00:18:47.213 --> 00:18:49.913
They've chosen to be white hats, okay?

00:18:50.003 --> 00:18:53.753
But every single one of them knows resources that are on the black hat side.

00:18:53.953 --> 00:18:55.723
So this is what's interesting.

00:18:55.723 --> 00:18:59.983
200% spike recently in the personalized attacks.

00:19:00.313 --> 00:19:09.493
And for $20 you can rent an AI model to automate scams and phishing and attack people 20 bucks.

00:19:09.693 --> 00:19:14.733
The bar is so low that anybody can do it.

00:19:14.913 --> 00:19:25.563
So you're wondering why when you are putting you're blocking all the phishing emails coming in, you are wondering why it's going through the roof.

00:19:25.773 --> 00:19:28.593
It's because it's so easy to do.

00:19:28.793 --> 00:19:33.803
Now, 41% of cybersecurity attacks start with phishing email.

00:19:33.923 --> 00:19:47.723
Now I've seen higher statistics, but a shout out to IBM Security, X-Force who came in, I don't know where they are back there, but they came in from New York to be here at this conference.

00:19:47.933 --> 00:19:55.763
They they run statistical analysis frequently, and it's still one of the primary vectors.

00:19:55.963 --> 00:19:58.543
So is this really different than 10 years ago?

00:19:59.063 --> 00:20:00.323
I mean, is that the question?

00:20:00.623 --> 00:20:04.643
I look at some of you in this audience and I'm like, Hey, I've been around the block.

00:20:04.793 --> 00:20:07.343
I've been in cyber for 10, 20 years.

00:20:07.493 --> 00:20:08.813
Same old story.

00:20:09.013 --> 00:20:09.973
Do you believe that?

00:20:10.303 --> 00:20:11.323
Is it any different?

00:20:11.523 --> 00:20:13.713
How many of you we're gonna take a poll?

00:20:13.833 --> 00:20:15.513
Okay, you all need to vote.

00:20:15.573 --> 00:20:16.833
Can't sit on the edge.

00:20:17.033 --> 00:20:20.693
Are the cyber attacks right now the same as they were 10 years ago?

00:20:21.293 --> 00:20:21.893
Raise your hand.

00:20:22.093 --> 00:20:23.473
Okay, I see a couple.

00:20:23.743 --> 00:20:27.703
Are the cyber attacks really different and are they, have they changed?

00:20:27.733 --> 00:20:28.903
Especially with ai?

00:20:28.903 --> 00:20:29.473
Raise your hand.

00:20:29.673 --> 00:20:30.093
Okay.

00:20:30.303 --> 00:20:36.023
They've changed and they are continuing to change, so this is really different.

00:20:36.233 --> 00:20:36.473
Okay.

00:20:36.473 --> 00:20:38.483
Here's some of the ways that they've changed.

00:20:39.263 --> 00:20:40.913
More targeted.

00:20:41.423 --> 00:20:47.293
Used to take phishing and criminals a lot longer to piece together information.

00:20:47.323 --> 00:20:56.353
With ai, they can have a full picture of who you are at the snap of a finger and then automate their attacks.

00:20:56.593 --> 00:21:01.813
Over a thousand people quickly used to take them a long time to do that.

00:21:02.233 --> 00:21:07.213
Okay, so more targeted, more sophisticated, faster.

00:21:07.303 --> 00:21:09.643
I think that's the main point.

00:21:10.123 --> 00:21:12.943
They're using AI in devious ways.

00:21:12.973 --> 00:21:21.103
They're doing it faster and adapting on the fly with algorithms to see what's working and what's not, and then more frequently.

00:21:21.303 --> 00:21:22.563
All right, so here's the thing.

00:21:22.563 --> 00:21:24.693
I don't wanna be gloom, doom, and gloom.

00:21:25.023 --> 00:21:27.663
I wanna give you actual solutions.

00:21:27.863 --> 00:21:31.853
I put this picture up here because once a year training is not enough.

00:21:32.053 --> 00:21:33.613
How many in here?

00:21:33.643 --> 00:21:38.443
How many people in here have worked out this year?

00:21:38.953 --> 00:21:39.733
Once.

00:21:39.853 --> 00:21:40.813
Once.

00:21:41.143 --> 00:21:42.073
Have you worked out this year?

00:21:42.073 --> 00:21:42.763
Once.

00:21:43.273 --> 00:21:43.813
Okay.

00:21:43.873 --> 00:21:44.383
Good.

00:21:44.563 --> 00:21:44.953
Okay.

00:21:45.163 --> 00:21:50.853
How many people in here have worked out once a month?

00:21:51.453 --> 00:21:52.233
Once a month.

00:21:52.923 --> 00:21:53.193
Okay.

00:21:53.193 --> 00:21:53.643
Good.

00:21:53.673 --> 00:21:53.943
Good.

00:21:53.943 --> 00:21:55.503
That's a good, okay.

00:21:55.683 --> 00:21:59.333
How many people in here have worked out this week?

00:21:59.533 --> 00:21:59.823
Good.

00:22:00.023 --> 00:22:03.203
How many people have worked out in the last 48 hours?

00:22:03.403 --> 00:22:04.423
I'm pretty impressed.

00:22:04.423 --> 00:22:05.293
That's a good number.

00:22:05.353 --> 00:22:06.223
That's a good number.

00:22:06.463 --> 00:22:06.853
Okay.

00:22:07.003 --> 00:22:12.123
So the point is the old school way of saying, Hey, we need to check the box.

00:22:12.633 --> 00:22:15.513
We need to push out some training that people can see.

00:22:15.873 --> 00:22:25.833
It's kind of like going to the gym January one and working out for like four hours and getting all sweaty and like I did my workout.

00:22:26.033 --> 00:22:31.343
And then you don't go back January 2nd, third, fourth, or February or March or April.

00:22:31.493 --> 00:22:32.063
Right?

00:22:32.513 --> 00:22:40.133
So the problem is, if you go to the gym once a year, you really, you're not gonna do anything.

00:22:40.253 --> 00:22:46.763
And you know that, I know that the busiest time of year in a gym is the first two weeks of the year.

00:22:46.853 --> 00:22:48.833
I mean, they are slammed.

00:22:48.833 --> 00:22:54.023
They sell all their packages first two weeks and then everybody doesn't come back.

00:22:54.223 --> 00:22:55.573
It's a weird model.

00:22:55.633 --> 00:22:59.743
They make all their money and then they hope that nobody shows up.

00:22:59.943 --> 00:23:01.923
So how often are you training?

00:23:02.123 --> 00:23:04.283
This is an interesting thought.

00:23:04.483 --> 00:23:05.823
Okay, how many?

00:23:05.873 --> 00:23:15.503
And you don't have to answer if you don't want to, but how many people in here is your organization training you on cybersecurity current events and attacks?

00:23:15.773 --> 00:23:16.643
Once a year.

00:23:16.843 --> 00:23:17.143
Okay.

00:23:17.143 --> 00:23:20.833
How many people are being maybe trained monthly?

00:23:21.033 --> 00:23:24.243
Can anybody raise their hand and say that they're being trained weekly?

00:23:24.443 --> 00:23:29.783
I got a couple of hands in here and let me tell you, half those hands there are drip seven hands.

00:23:29.783 --> 00:23:30.983
So kudos.

00:23:31.463 --> 00:23:31.973
Yeah.

00:23:32.513 --> 00:23:33.443
So it's hard.

00:23:33.503 --> 00:23:47.073
It's hard because the old way of doing it HR is running it or you're on a standard platform, the old way of doing it, it's hard to shift to a much more consistent model because you're like, wow, that'll take a lot of time.

00:23:47.073 --> 00:23:48.153
And who's gonna run that?

00:23:48.153 --> 00:23:50.103
And I don't have the bandwidth for that.

00:23:50.223 --> 00:23:51.843
Those are all the excuses.

00:23:52.233 --> 00:23:56.243
But what I see is training really needs to be weekly.

00:23:56.443 --> 00:23:57.703
Weekly.

00:23:57.903 --> 00:24:00.543
Now, some of you are saying, how do you even do that?

00:24:01.323 --> 00:24:13.173
Well, you know that, that's why I pivoted previous cyber company to develop drip seven is because we've given companies tools to actually do that easily.

00:24:13.683 --> 00:24:17.043
So, weekly training, and it doesn't need to be long.

00:24:17.823 --> 00:24:21.873
Two minutes, three minutes, keep it top of mind, keep it easy, keep it fun.

00:24:22.073 --> 00:24:24.983
And then monthly, how many of you are fishing?

00:24:25.658 --> 00:24:29.948
Monthly to your employees in phishing simulations.

00:24:30.148 --> 00:24:32.728
Now, I know people who do phishing more frequently.

00:24:33.148 --> 00:24:34.648
I don't recommend that.

00:24:34.918 --> 00:24:38.938
But I also know people who are still on a yearly cadence of phishing.

00:24:39.178 --> 00:24:44.008
Now, some people will, and I was on the side that said, phishing really doesn't work.

00:24:44.458 --> 00:24:49.198
And that's why we tried to, over the last several years, fix that model.

00:24:49.858 --> 00:24:55.968
If you don't have training immediately attached to the Phish, I'm like, what do you mean?

00:24:55.968 --> 00:24:59.418
I clicked on something last month and now I'm in a special group?

00:24:59.688 --> 00:25:01.098
Like, what does that mean?

00:25:01.098 --> 00:25:02.178
I didn't learn from it.

00:25:02.178 --> 00:25:03.888
'cause I can't even tell what I clicked on.

00:25:03.948 --> 00:25:04.248
Right?

00:25:04.428 --> 00:25:10.458
So unless it's attached, you're really not training them because they're not seeing what they did wrong.

00:25:10.878 --> 00:25:16.248
So phishing has to be curated properly and then dispersing annual policies.

00:25:16.758 --> 00:25:22.098
How many of you are training specifically on work from home policies?

00:25:22.188 --> 00:25:25.038
Do you have that in your cyber arsenal?

00:25:25.098 --> 00:25:27.168
Raise your hand work from home Policies.

00:25:27.368 --> 00:25:34.143
So the ideal is you've got your, you're work from home policy, maybe a password policy.

00:25:34.478 --> 00:25:49.328
You have several different cyber policies and that your employees actually know what they are and you don't just say, Hey, they're on the website, or, Hey, when you onboarded five years ago, we made you look at these, right?

00:25:49.568 --> 00:25:50.378
Like that.

00:25:50.408 --> 00:25:51.788
That just doesn't work.

00:25:51.788 --> 00:25:54.578
You need to tell them what the current is.

00:25:54.778 --> 00:25:55.438
Okay.

00:25:55.498 --> 00:25:58.098
So phishing is still happening.

00:25:58.818 --> 00:26:04.398
The AI is ramping it up in ways that we've never seen before.

00:26:04.598 --> 00:26:07.958
Types of training that could be covered or should be covered.

00:26:08.158 --> 00:26:11.488
Social engineering being job specific.

00:26:11.548 --> 00:26:25.368
So if you have an accounting department, and most of you do those accounting people, accounts receivable, accounts payable, the CFO, anybody touching the books, they need to have specific training.

00:26:25.568 --> 00:26:31.508
I know here I talked to Gonzaga and they do a lot of recruitment and they do recruitment.

00:26:31.508 --> 00:26:41.038
Both of people in the US and people overseas, they have had fake applicants and a huge increase of fake applicants.

00:26:41.338 --> 00:26:42.808
What are they trying to get?

00:26:42.838 --> 00:26:55.968
They're trying to get accepted to Gonzaga through the vetting process and into financial aid where they get money dumped in their accounts and we're not talking two attacks.

00:26:56.748 --> 00:27:01.098
They have hundreds of these attacks, hundreds.

00:27:01.298 --> 00:27:07.708
So for Gonzaga, even their recruitment departments need special training.

00:27:08.158 --> 00:27:11.518
They need to be able to spot what these flags are.

00:27:11.718 --> 00:27:13.518
Current events and trends.

00:27:13.728 --> 00:27:21.288
This is where you can take things like MGM breach or if you're in the car industry, right?

00:27:21.408 --> 00:27:31.388
We've had major breaches and it's great to bring that in because you might be really interested in it because you're in it, you're in cyber.

00:27:31.538 --> 00:27:36.188
But I'll tell you, most employees, they're gonna be like, ah, so make it interesting.

00:27:36.388 --> 00:27:40.378
Bring in current events, and if you don't have the bandwidth.

00:27:40.873 --> 00:27:44.383
There are platforms and things out there to help you do that.

00:27:45.133 --> 00:27:56.773
AI and privacy by a raise of hands, how many of you have specific training on AI and what people can put into platforms and what they cannot?

00:27:56.923 --> 00:27:58.963
Who has policies right now on that?

00:27:59.163 --> 00:28:03.093
And are you having your employees acknowledge and accept those policies?

00:28:03.423 --> 00:28:03.993
Raise your hand.

00:28:04.193 --> 00:28:10.043
Okay, so some of you, like I saw, about a third or a quarter of the audience.

00:28:10.253 --> 00:28:14.063
The rest of you, that's where we're moving.

00:28:14.243 --> 00:28:16.373
That's where you need to be moving.

00:28:16.913 --> 00:28:17.333
Okay?

00:28:17.363 --> 00:28:18.893
Combination attacks.

00:28:19.613 --> 00:28:23.873
These were really popular a couple years ago and they are back with a vengeance.

00:28:24.323 --> 00:28:30.293
This is people calling to reset, so help desk calling accounting firms.

00:28:30.473 --> 00:28:32.183
It's a personal.

00:28:32.383 --> 00:28:33.913
Somebody on the phone.

00:28:33.943 --> 00:28:35.563
Vishing meaning voice.

00:28:35.953 --> 00:28:40.243
So it's voice and phishing and social engineering together.

00:28:40.513 --> 00:28:45.523
It's a combo attack and they're doing it more and more and it's on the rise right now.

00:28:46.093 --> 00:28:48.913
And then leadership specific attacks.

00:28:49.093 --> 00:28:55.423
Those people that hold the keys to the kingdom, those people who have real access, they need special training.

00:28:56.203 --> 00:29:05.963
So you can create a huge plan and automate it so it's not heavy on your team every single week.

00:29:06.563 --> 00:29:18.863
So AI is going through personalized, targeted social engineering and phishing cyber attacks in a way you've never seen before In five years, it will be completely different.

00:29:19.063 --> 00:29:21.953
I wanna thank you for listening and I'm gonna open it up for q and a now.

00:29:22.153 --> 00:29:23.683
Okay, go ahead.

00:29:23.883 --> 00:29:24.603
Yeah, here.

00:29:24.803 --> 00:29:35.223
Speaker 24: So my company, we like, have an AI policy, but like how do we, how do you make actually like effective trainings versus just like sending out, here's the policy and then people read it.

00:29:35.283 --> 00:29:41.673
We hope they do and accept it, but like, how do we make sure that like the trainings are actually getting through to people and they know what to look out for?

00:29:41.873 --> 00:29:43.343
Heather Stratford: I didn't pay 'em to say that.

00:29:43.343 --> 00:29:45.023
That's a perfect lead question.

00:29:45.233 --> 00:29:52.853
Here's the thing, making it shorter and more specific to the company and their job makes them pay attention.

00:29:53.213 --> 00:30:02.748
If you do a training off the shelf that is long and boring and not part of their job role, they will wanna poke their eyes out and just scream it.

00:30:02.898 --> 00:30:03.738
Stop doing this.

00:30:03.938 --> 00:30:04.268
Okay.

00:30:04.328 --> 00:30:11.588
So more specific, more custom to the company and more custom to their job.

00:30:12.128 --> 00:30:12.368
Okay.

00:30:12.368 --> 00:30:13.328
Who else has a question?

00:30:13.528 --> 00:30:14.698
Okay, over here.

00:30:14.788 --> 00:30:15.688
Oh, Chad's.

00:30:15.688 --> 00:30:16.138
Gotcha.

00:30:16.338 --> 00:30:16.908
Speaker 25: Hi.

00:30:16.968 --> 00:30:26.308
I have, I'm curious about that you said there's many AI and people can buy with $20 and do phishing and harm people.

00:30:26.968 --> 00:30:36.238
So many countries like government does follow, like even with the VPN, what customers are doing, what users are searching and doing.

00:30:36.628 --> 00:30:43.738
So is there any like legal rules or regulation or monitoring, like what AI is out there and what they're doing?

00:30:43.938 --> 00:30:44.208
And

00:30:44.298 --> 00:30:46.038
Heather Stratford: it's a good question, right?

00:30:46.038 --> 00:30:49.338
We expect that our government is going to protect us and help us.

00:30:49.668 --> 00:30:57.948
The problem is, as most people in this room know, they're way behind on rules, regulations and how to even keep up with it.

00:30:58.248 --> 00:31:05.098
So the attacks and how things are happening way faster than the government can stay up with.

00:31:05.278 --> 00:31:11.908
And because of that, as cybersecurity people, we need to not wait for them.

00:31:12.238 --> 00:31:13.618
We need to move forward.

00:31:13.678 --> 00:31:23.958
The other thing is a lot of attacks originate in the US but a lot of tech originate in places that it's very difficult for law enforcement to go after.

00:31:24.168 --> 00:31:35.318
Last year we had a great conversation with Chris Swick from the FBI, who really talked about counter-terrorism and attacks, right?

00:31:35.738 --> 00:31:41.213
So it's hard when they're hiding behind a government and you can't go in and get them.

00:31:41.413 --> 00:31:41.773
Okay.

00:31:41.833 --> 00:31:42.613
Anybody else?

00:31:43.063 --> 00:31:43.603
Go ahead.

00:31:43.673 --> 00:31:44.513
Chad's gotcha.

00:31:44.713 --> 00:31:44.893
Speaker 26: Thank you.

00:31:45.623 --> 00:31:51.233
So you said training frequently, so how do you keep those trainings from not getting boring?

00:31:51.263 --> 00:31:53.483
You said like two minutes monthly training.

00:31:53.843 --> 00:31:54.893
How does that work?

00:31:54.893 --> 00:31:56.453
What kind of training are you talking about?

00:31:56.453 --> 00:32:00.683
And it's not the phishing, simulated phishing and training, but Yeah.

00:32:00.743 --> 00:32:01.923
Heather Stratford: So, how is it different?

00:32:02.123 --> 00:32:07.643
It's called micro learning and really it takes, it keeps it top of mind.

00:32:07.673 --> 00:32:09.413
We all use social media, right?

00:32:09.443 --> 00:32:16.673
If you're scanning through and you're on a, an Instagram account, a LinkedIn account, a we're scanning faster.

00:32:16.943 --> 00:32:22.763
So what you're trying to do is have training be build upon itself, but be short.

00:32:23.123 --> 00:32:28.283
So anywhere between two to four minutes and you're mind someplace else.

00:32:28.483 --> 00:32:32.053
Like, you've gone to s you're thinking about something else.

00:32:32.323 --> 00:32:37.693
So keeping it short and tied to your job and then you get into a habit.

00:32:38.173 --> 00:32:52.363
There are people in this room and I know them 'cause they're customers and they've helped us develop what we've developed and their people do it daily, weekly, and they're in the habit and that's how they become part of your security team.

00:32:52.663 --> 00:32:55.243
That's how they are front and center.

00:32:55.483 --> 00:33:00.673
So there's a whole methodology behind it and it's catching on because it works.

00:33:00.873 --> 00:33:01.113
Yeah.

00:33:01.313 --> 00:33:02.573
Other questions?

00:33:02.688 --> 00:33:03.188
Speaker 20: Hey Heather?

00:33:03.383 --> 00:33:03.953
I have one.

00:33:04.043 --> 00:33:04.373
Yes.

00:33:04.373 --> 00:33:05.903
What are the top two or three?

00:33:06.123 --> 00:33:10.743
Most income producing is it is malware or ransomware?

00:33:10.743 --> 00:33:11.373
Still number one.

00:33:11.928 --> 00:33:12.408
Do we know?

00:33:12.408 --> 00:33:14.448
What, who's making the most money doing what?

00:33:14.648 --> 00:33:24.578
Heather Stratford: I think that's a hard question because there are some really sophisticated ransomware attacks that hit places like oil and gas companies.

00:33:25.038 --> 00:33:33.398
I know that they, because I was involved in some of those circles, they paid out over a seven figure sum on the ransomware.

00:33:33.858 --> 00:33:55.838
So you can have a lot of smaller attacks and get your money a thousand dollars at a time, or you can go for the gold and shut down you know,
processing of the backend of car dealerships, which was a big breach that happened and you shut down 60 or a hundred car dealerships all at once.

00:33:56.018 --> 00:33:56.948
That's a big payday.

00:33:57.308 --> 00:33:57.608
Right.

00:33:57.728 --> 00:34:06.698
So attacks can be very large and coordinated, or you can be small little ones, and so there are different players in the market.

00:34:06.898 --> 00:34:07.108
Yeah.

00:34:07.308 --> 00:34:08.298
Any other questions?

00:34:08.498 --> 00:34:17.408
Alright, so I hope that the one thing that you take away from my talk is that people are still an issue.

00:34:17.768 --> 00:34:32.048
Layer eight is a tricky layer and you can put all the dual factor authentication and fortunate firewalls in place, and if your people go around it and give up the credentials.

00:34:32.483 --> 00:34:33.713
You're in trouble.

00:34:33.783 --> 00:34:39.903
Your network is in trouble, so don't ignore the people and you've gotta up your game.

00:34:40.383 --> 00:34:42.003
Happy to talk to anybody after.

00:34:42.003 --> 00:34:43.053
Thank you very much.

00:34:43.203 --> 00:34:46.863
I think we are headed now into lunch.

00:34:46.893 --> 00:34:52.213
So if you wanna go to the back, they've got full lunch already.

00:34:52.393 --> 00:34:54.303
And please mingle.

00:34:54.493 --> 00:34:59.743
If you're sitting with a table of people that you already know get outta your comfort zone.

00:34:59.773 --> 00:35:03.373
Introduce yourself to somebody and come back here.

00:35:03.373 --> 00:35:05.923
We're gonna have a tabletop exercise after lunch.

00:35:06.253 --> 00:35:09.673
Also, please go talk to these sponsors.

00:35:09.913 --> 00:35:12.883
Even if you know you're not going to be purchasing.

00:35:13.243 --> 00:35:15.853
Go have a conversation, talk to them.

00:35:16.033 --> 00:35:19.993
They spent their day and their time to be here, so please, please go see them.

00:35:20.023 --> 00:35:20.893
Thank you very much.