 Hello, this is Matt Darnell, and we're supporting your tech here on Think Tech Hawaii. Hope you are getting ready for some fabulous holidays. Joined as always with Greg Jackson, also of Comtel.Cloud. Greg, how are you doing? I'm doing great. Are you done with all your shopping? I am. I've got that much left. So I've done about that much. That's what I normally am. Christmas Eve is where you get all the good deals, so that's what you do. Well in case you're looking for something that you want to do right now, if you take a look at the screen here, when you see that, what does that look like to you? It sounds like an opportunity. An opportunity, right? So you look at that phone, and then we have this one here, that model, and also we have that model. Now what if I told you they're about $1,500 each, and they're built around an Amazon Alexa? So literally, on this model here, you've got to go up to the phone, pick up the little receiver, put it to your ear, and you talk into your Alexa that way. No, I'm not doing that. That's not what you're doing. And shy, they're sold out. You cannot buy them right now. They probably had five on stock. They had five, and they sold them all. So I just thought that was just so unusual. And the cord is weathered, and it's supposed to be real bake light, which was before the plastic and all that kind of stuff. It's made of authentic parts for that. So I thought that was great. And we have a lot to cover today. But I just wanted to do this one thing here and show this. And have you ever been the best? What are you the best at? What are you watching here? What we got in this video. This gentleman here, if you want to go and put it on the screen there, is probably the best at making balloon thing. I know we all been in the party where they make balloon animals and balloon tigers. But he makes full dresses that you can wear out. It's amazing. Look at these flowers. So I mean, do you know how much time you must spend practicing? Now I would probably say he is the best in the world at doing that. Let me go and speed up some of the other amazing things that they make out of balloons. And he's real proud of it. And I would too. I mean, look at the flowers to all the different things that I had no idea you could make out of balloons. But so I just thought that was kind of neat that if you went next time you have nothing to do, just get some balloons out, start working on it. Who knows what you're going to make. Cats would hate me. Cats would hate you. Because I'd be popping a lot of balloons. Exactly. Okay, that's enough fun. We got some really great, great stuff to talk about today. So we'll go ahead and bail out of here. And then we're going to bring up security. And that is on the top of everyone's mind and all the kind of things that we have with data breaches that we hear. You hear about that in the news. And it's this person got this data stolen all, you know, you hear about that, you know, you got to change your password and sign up for this. But people ask them, well, what does that mean when you read that this information got stolen? So why don't you kind of level set us here and tell us what is a data breach and how is that defined? Yeah. A data breach is it's where data is in the hands of somebody that's not authorized to have it. So, for instance, if you're a doctor and you're filling out forms, that information is kept under a certain lock and key, if you will. Only certain staff that are working with that particular patient should have access to that file. A data breach would be somebody that's not supposed to be in that access list has that data available to them. That's where logging becomes so important. So anytime data goes from an access list of people being able to get their hands on it to anybody outside that, and that can include internal staff or people outside your organization. And normally we hear from big numbers of data breach. It's got to be electronic because they're sitting somewhere, maybe in a foreign country, maybe on the next floor, maybe in that organization, in a cubicle getting that data. But my wife works in a hospital environment and when she's walking down the hallway with a clipboard with patient information, she has to have a piece of paper on top of that to kind of cover. So technically that's a data breach if she just put the clipboard down and said, oh, such and such is in the hospital and they didn't have that kind of condition. So it goes from the very small... Even some of these hospitals where they have a log, a manual log where they write in who's checking in and who's checking out, that's a breach. I mean the old ways of doing things, there are some instances where you get some, you grandfathered in like faxing, right? That's a grandfathered in technology. But a clipboard? Well, that means everybody should be signing one line. But I'll go in sometimes and if I have to log in, I'll see individuals by name. Who logged in, who checked in before you? Yeah, and that means I know they're a patient. And that's the hard part. When you say like a fax is a legacy technology, because the statistic that we've used that is true, and if you ever watch it in cameras, you'll see it happening, that if a fax is actually read three times before it gets the person that it belongs to. And if it's interesting, it's looked at seven times. I mean if there are social security numbers on there or pay or anything like that, yeah. But we get all then, you know this, in our office, we get faxes from insurance companies, from doctors. And we've called them and said, hey, we're getting these faxes. There's a dollar amount for every infraction and eventually you collect enough of those things and you send them a Christmas present or a hand deliver it and say, look, this is a breach. So a breach is anytime information gets in the wrong hands. Yeah, and wrong is defined by your policies and there's a lot of responsibilities that go behind it. But technically, you're right for noticing there's a physical breach and a digital breach. The digital breaches get more attention because there's tons more records in the breach. No one's going to steal just one record kind of thing. Okay, all right. That's what a breach is. So, and yeah, you have a map here that... Yeah, there's a few of these maps floating around but these maps are really interesting, right? So basically there's live maps that you can look at and what you're looking at right now in real time are attacks made from country to country and we know this because the packets have information on them where they're coming from, from what router, where's the router located. So now you can look at this live, you can pull this up on your computer, you'll notice that some of your security or information technology conferences, they'll have some version of this. It's very interesting. We're talking thousands a day, it's phenomenal. So this is a kind of router that we sell, we install for our clients and what happens is whenever they're getting an attack, they will anonymously report that attack to Fortinet who has a big data center where they're actually taking all these in so that this is real-time information, routers, networks, big main attacks. So you can find it right here on the website there but yeah, just there and that's not the only one that you'll see there but it's just really, it's amazing that throughout the web and you can tell like... It's a really good display for people to understand how it is real-time, right? And it's a partial because they're only getting information from the routers that they have and what percent of the market, I don't know, 10% of the market maybe but you notice China is amazingly quiet because China doesn't allow outside encryption and that kind of thing. So it is tough and coming out of the Soviet, Russia, you don't see the traffic like you do in Canada and Europe and that so it's just, that's probably a small fraction of what is there. They may also not have these routers too. Exactly. When you look at penetration success in terms of vulnerability, a lot of the less developed countries don't have good equipment, they're easy targets. Sure, absolutely. Okay, so let's talk about some of the biggest data breaches, the ones that made the headlines and kind of what was affected and how severe were they? Yeah, so we had a handful of pretty large breaches. One of them was Facebook, that was 50 million. Facebook, I've heard of that site. Yeah, Facebook, a few people know about Facebook. Yeah, I told my wife about it and we're thinking about getting on that. Yeah, yeah. You sure you're not stuck on the, what was that, when you were? My space, my space, hey, lay my space alone. These are French stirrers. Later's gonna hate, yeah. So we've got 50 million's a lot of people. I mean, when you look at the US population, probably south of 400 million, it's a good chunk of people. You've got the Marriott. Well, of the 50 million Facebook accounts, 40 million were fake accounts. 40 years ago. So it's okay. But yeah, 50 million. And I would always tell my sons, they're younger and don't put anything, anything on social media, whether you think it's private, you think that you don't want getting out. Consider it public. Anything, Instagram. You know, they're gonna call Snapchat, just I'm gonna snap this to you or snap that to you. They think it's a private video or just assume it's gonna, whoever you're talking about is gonna hear it. Whatever you're talking about is gonna be put on the front page of the paper. That's right. And Facebook is a great example of that. Yeah, and so their records, they get caught and we'll talk a little bit about what that looks like. But if you show the slide here real quick, you'll notice in this list, you've got the Marriott, 500 million, still not the largest ever. Yahoo, I think still holds the title for that one. Yeah, it's like three, it's huge. It's huge in the billions. And then the next year, they had it again. So then you've got Cora. Fool me once, shame on me, fool me once. Twice, yeah, something like that. Cora, they're a little bit like Reddit, British Airways. And I made a distinction here. Not all records have what you might think. You might have things as simple as your first and last name. You might have your first, last name, address, credit card information, birth date. Then what I get really nervous about are the questions and answers. So I don't, I handle that a little bit differently and I'll let the cat out of the bag, but I don't answer those truthfully. I don't want any. You're meaning like what was your first pet when you asked those security questions? Exactly, so if you got to reset something or part of one of the things I talked about. Do you have a standard fake or do you do it different for each website? Because if it's a standard fake, it doesn't matter if it's true or not. They get it from yes, it's a standard fake. And so I have a procedure that I use. Okay, all right. So if it's a Tuesday, you do this. If it's a Wednesday, you do that. It depends on the site. It depends on the questions. I mean, there's a few things it depends on. But I don't like put real information in there just like I try not to put my real birthdate in these websites, especially the social media ones. It's just too vulnerable. Even though they say, oh, we're not gonna show this. Okay, that's good for you. We're not gonna share it with anybody else. But if we make a mistake, everyone will know it. And anytime you're on any website and you check the checkbox, keep my credit card on file. Or it's linked to your bank account. That's huge. I remember back in the day at PayPal and NetTeller and when we were trying to play poker and online poker before it was illegal, just trying to get the money there was so hard, whether you're gonna play party poker or all those kind of things. So it was, when I think of the chances that I took, what do you need to know? I had to call my credit card company, tell them it was valid. Gambling's not a risk enough. You're gonna throw your financial information, personal information on the website. It was kind of, I mean, they're in Antigua and they are there in all those places. So yeah, it's huge. And probably from each site, there was not a complete picture. Right. Right? And that's exactly where PCI compliance comes in. You don't need a complete picture. What you need are pieces that make the puzzle out. Right, but from Facebook, they got some information. And then they can, from Marriott, they got a little more information. And from British Airways, where you fly, Marriott knows where you stay when you book. And from just little things like that. Exactly. When do they go on vacation? And you can just run a script to know when's the best pace to rob this person's house. Yeah. And just sell a list of, hey, chances are, here's 500,000 people that aren't gonna be home over Thanksgiving. Yeah. Because over the past 10 years, they have this trend. And they don't learn that from one site. And sometimes it's really basic, fundamental. I mean, if you check in and Facebook in the Bay Area, guess what? You're not home. Or using a VPN. But right, but if you show up, pictures, so all those kinds of things. Yeah, pictures are the big ones. You gotta do that. So again, my name is Matt Dardell with Compto.Cloud joined here with Greg Jackson. We're going over the big security breaches of 2018. What you can do to keep yourself protected. We'll see you in a few. Aloha. When it comes to managing your pain, you have a choice. Don't mask your pain with opioids. Choose to treat it with the help of a physical therapist. Physical therapists treat pain through movement and exercise. No warning labels required. And you get to actively participate in your care. Choose to improve your health without the risks of opioids. Choose physical therapy. Hey, loha. My name is Andrew Lanning. I'm the host of Security Matters Hawaii, airing every Wednesday here on Think Tech Hawaii, live from the studios. I'll bring you guests. I'll bring you information about the things in security that matter to keeping you safe, your coworkers safe, your family safe, to keep our community safe. We wanna teach you about those things in our industry that may be a little outside of your experience. So please join me because Security Matters. Aloha. We're back here talking about your cyber threats and breaches in 2018. Again, I'm Matt Darno with Comptile.Cloud, joined by Greg Jackson also with Comptile.Cloud. So Greg, tell us some of the things that happened in 2018 that the government's doing to protect us going forward for all these data breaches. Okay, so I'm gonna sound a little cynical, but when something's broke, you just create another agency. Right? That's how the government rules. So the good news is this one I think is gonna add some value. But I'm sure they took an agency away to make up for that one, right? No, we had. Okay. So I think he flashed up the slide, but if we take a quick look at the slide, you're gonna get an idea here. So if you did not know this, and I didn't find out about this until recently, you've got a new department called Cybersecurity and Infrastructure Security Agency. So that 10 times faster. Yeah, exactly. So our president was kind enough to bring an agency in, and they parallel like the US Secret Service or FEMA, but to give you an idea of what we're talking about here. We've seen communication problems between departments and the federal government for years, especially the real light was shined probably around 2001, just lack of communication. So if you look at the FBI Secret Service, you look at IRS, Financial Crimes Division, those folks, what they do is they have a ton of operations that they have working on, but they don't necessarily share all the information. So there's all the, and they've got some of the same regulations we do. They've got, just because you're in the FBI and you have a secret or top secret clearance, doesn't mean that you get to go into some of these financial records. You have to request, you have to make these requests through different agencies. Same thing happens at a hospital. Some nurse says I need this guy's records and then it's gotta go through a process. This agency's supposed to glue it all together. I think this agency's probably gonna be working with other countries and hopefully it will come up with some better standards and I'm really looking forward to seeing what they're gonna do. And after September 11th, it was some Monday-Monday quarterbacking, but people have said in the know that if the NSA would have shared everything, if the FBI would have shared everything, if the CIA would have shared everything, if there wasn't a whole lot of security. All the pieces make a picture. Then they probably would have been able to put it together. One department knows about money being transferred. One another one knew about these guys were suspicious people taking training lessons on pilot. And other people, when they sent the money back, like why is money flowing the other way? How do we put that together? Well, when you do that, I really hope that they're able to do something. Now, I would imagine they're focused on the higher end, the industrial espionage, the- It's low-hanging fruit, it's big fish. I mean, when you look at these federal agencies, they've got their own budget. They spend it how they want. So they don't necessarily, sometimes they have to borrow from each other. I've seen some agencies borrow, local law enforcement will borrow people from the FBI. FBI, depending on the city you're in, FBI might go to some local law enforcement because law enforcement has different technology, different people. It's really interesting. And without a question, I mean the next Chinese aircraft carrier is gonna look a lot like our latest aircraft carrier. And that's just espionage. And it's been happening since we made countries. That's right. So yeah, okay. So now let's talk about what are your predict- Brad, I want you to break out your crystal ball, look deeply into it. Let me know. What are some of your predictions for 2019? Yeah, so these are not all my predictions, but some of these were on my list. First one was increase in biometric hacking. I think this one's gonna be, we're gonna see it starting in 2019. We're gonna see all kinds of IoT hacking going on, but the biome- So IoT, what does that mean? Information of things? Yeah. Okay. So, or internet of things? Yeah. So you've got, what you have are these things. We're with one customer who has fingerprint entry, we've got optical entry. We've got proximity. All these things that, and we'll go and hopefully have enough time to briefly go over what you have and what you have could also be kind of diced out to who you are, your fingerprint, your eye. What, we were talking about some interesting things earlier, like when I walk up to my car, there's a way that I walk. There's a way I hold my shoulders. There's a way I swing my arm. When is my car gonna know it's me? I don't need a key fob, but it's me. I'm the guy that does. When I sit in the driver's seat, Matt did not lose 120 pounds since last night. So to get in your vehicle, it's what you have. To start your vehicle, it's what you have and what you know. I think it's know because your key has an encryption part in it that it has to be. But it's not me, it's just anyone could have my fob. Yeah, exactly. This fob that I carry, anybody could have that in their pocket and be able to just walk up to the car, pull the handle open, push the button, and see those old cars with the number, the key pads. Absolutely, yeah. And even beyond that where like, and it's only, but even like if you're a drunk and you have too many driving or the influences, you gotta blow into that thing for your car. We'll start, I mean, I would be okay due to a hand print, palm print, something have that built right into my car where I need that to start it. Yeah, I think that's coming. You'll see stuff like that. I think it's inevitable. When you hack these things, you have personal information like your eyes, your fingerprints, maybe you've copied the key on your car. We're seeing a lot of that kind of creep up now, but I think you're gonna see more in 2019. And even we had talked before when you did facial recognition, you could take someone's picture and hold it up to there. Yeah, silly putty, a camera on a phone, or a picture on a phone projected or presented to a camera. It's really, there's some hacks that they're getting better. Did you ever see the movie Gattaca? No. It's Ethan Hawke, I think and another gentleman and he took over someone's identity and you had to, every time you went in, they would draw blood from a finger so you would have a little blood caplet underneath his finger. And so when they pricked him and then, because that, those kinds of things. I mean, it's just, yeah. And you get a mission impossible where they use somebody else's face and that is coming, that is coming. Yeah, I think you're right. So we got, it's a long list here. Real quick, we'll just go over a few. Vehicle cyber attacks, you just got a new vehicle. That's kind of scary, right? And I don't, when I was telling you the story about Jeep getting taken over, you were able to steer the vehicle a little bit. I mean, they've got some really interesting ways that they can hack vehicles. I think that was about two years ago and they had the Jeep thing. Well, I am still probably 10 years away before I would ever turn on a new autopilot, right? I mean, that is- The Jeep's didn't have it. I mean, what they had was the remote phone home. You know, in case of an emergency click here, that was, it's always pinging. It's always online. Right, but there was a way to remotely tell the steering wheel to turn. Yeah. Right, so, I mean, with an autopilot, it's built right in. I mean, it's like a video game. You know, like a night writer kind of a thing that, hey, anybody takes that over, the car right next to you. Somehow they, you know, they hack in and boom, you know, they pull you over or just people causing all kind of, you know, all kind of bad things. More vehicles are getting connected to the internet. It's really amazing. I think within 10 years we'll all be connected and they're gonna start building smart roads, you know, that have, instead of lane lines, there's just these magnets in there that let the car know where you're going. Yeah, so that is huge. And that's the kind of thing where a lot of times the security comes after the technology. Right, oh yeah, that's a lot. You know, we're just so worried, we went, oh, look at this great technology. Like the internet was that way, like the very first virus. Yeah. You know, this, why would anyone ever want to do that? The guy was just thought for fun, you know, how far would it go when you wrote that first virus? Yeah. And then they said, well, maybe we should lock this down a little bit. And I think the same thing is gonna happen with all these other technologies. I agree. One of my other ones that I thought was definitely gonna begin happening is we start looking at using, we're outsourcing some of our DNS servers. You're gonna see targeting higher impact servers. The value of, say, like Dine DNS or something like that, where you funnel all your traffic, you can use that to restrict genre-based filtering for your house, something like that, businesses use it. If you take over one of those, it's kind of like your LMS host file and your Windows machine going back a few years, but that stuff's still relevant, right? And the DNS, what that does is when I type google.com in my browser, that makes it into what's called the IP address, which gets me there. Kind of like on, if I was to go into your cell phone and if you looked at, you know, if I could, you could go into Matt Darnell, you could put another phone number there. Whenever you hit Matt Darnell, it's gonna take you somewhere else. And I could maybe ask you personal questions or pretend like I'm that person. And oh, you're gonna put in your login, you're gonna put in your password, you're gonna tell me all those types of things. And yeah, so DNS, and I remember, this must have been four or five years ago, but GoDaddy's DNS servers went down. And anyone that had any website on GoDaddy just went down. And DNS is an absolute linchpin to the safety of and security and functioning of the internet. And I appreciate you explaining that because for those that don't know, a lot of these DNS servers are housed by your ISP. And they'll, like when you grab an IP address, they'll say, okay, now that you have an IP address, why don't you use our DNS servers? And here they are, by the way. Which they control. They control, yeah. It's like if you type a name of a website that doesn't exist, they send you somewhere else. And you know, it can be very, very malicious. I mean, if you take over someone's DNS, you really own their browsing, their web experience. Exactly. Yeah, so there's a few more on here. That was the biggest one. You'll see some more trends within companies not using social security numbers, collaboration between countries and standardizations. I think we're really starting to grow up in the technology industry where people should talk more to each other. I think you see that with the government agency that they've established this year. And there's a few other ones, but we'll go ahead and move on. And so our last minute here, let's bring it home. Yeah, so there's how to protect yourself. First, you want to check yourself. So how do you do that? What is the name of this? This is the site you like. Yeah, have I been owned? Pwned, have I been pwned, which is owned? Just go in there, you put your email address in and they keep track of all of the different breaches that have been made and what information was in there. And how do they, so they're familiar with the list? For instance, if I put in my email address, I mean, when LinkedIn got hacked, my information got out. So it tells you all these different sites that you, like my kind of a throwaway Gmail address, there's like 40 of them because I use that for every little site. But my corporate address, I mean, LinkedIn, I mean, they got my information from LinkedIn. Yeah, so that's a really good site to go to. And this may be another show, but I think protecting yourself involves using two-factor authentication or multi-factor authentication. You can use password managers. We talked about having key fobs. I've got myself, and one of the things I have is an UbiKey. So if you look at, there's some password managers here. I recommend one of these top three, they work really, really well and you want it something they can actually not, they can actually prevent you from actually typing stuff in. The last one is multi-factor authentication. Facebook has it, Google has it. This allows another way. So if you go to a website and you type in your username and login, then it'll ask you a follow, it'll another screen to come up and say, give me the code for you to log in. Really fun to play with. I think what you'll find is a lot of this stuff is gonna really, really take off. I'm seeing more people ask about the UbiKey. Works well, this one's got the RFID on so I can tap it and go stick it in USB. Especially if you wanna run one of the taxis, right? Yeah, Uber, yeah. Okay, well again, I appreciate that information. We'll be spending more time on security coming in 2019. It's on the top of everyone's mind. How do you keep your data safe? Again, my name's Matt Darnel with Confill.Cloud. You can find us on the web at Confill.Cloud. Thank you again, Greg Jackson. Hope you have a great holidays. Aloha.