14. Internet of Things (IoT) - Is Your Fridge a Member of the Russian Mafia?

Justin:

We're live, guys. Welcome to another episode. I believe we're on episode 14 today of unhacked. Now before we get started today, I I really do have a serious question I want, both of you guys to answer. Brian first and then Mario.

Justin:

Now, like, don't lie to me. This is a no shit. If we're gonna be friends, I've got to know this. Brian, are you a member of the Russian mafia?

Bryan:

Oh, wow. No. The French one. No. I'm kidding.

Bryan:

Nah. No. Definitely. You what? Yikes.

Justin:

I'm serious. I need to know this. Mario?

Mario:

I have an application pending.

Justin:

Hey. See, I knew there was somebody here. Okay. So back to you, Brian, and and really both of you still. Do you support them financially in any way, shape, or form?

Bryan:

I mean, I've had clients who've paid brands since before. So

Justin:

So kind of.

Bryan:

Kind of.

Justin:

Yeah. Not directly. Do you provide any other resources to them that you can think of?

Bryan:

Not that I can think of.

Justin:

Are you sure? Alright. Well, I'm gonna ask you guys this again at the end of the episode, but, episode 14 today, we are talking about the Internet of Things. Yes, we are. What in the hell is the Internet of Things?

Justin:

And worse, what is IoT? Listen, in in our world, we understand what this means. Our listening audience may or may not. I again was talking to one of our avid listeners. And, the question once again was asked, hey, what are you talking about today on the podcast?

Justin:

And I said, Internet of Things. And she said, the fuck? Well, she didn't really say that. But what is Mario, what is the Internet of Things? You wanna go ahead and describe that in layman's terms for our audience?

Mario:

So yes. So Internet of Things is pretty much what we've been living through for the last couple of years. And that means anything that is going to be accessed remotely, Like, right now, we have refrigerators, doorbell cameras, toasters, you know, anything that connects to a higher up. Like, for example, Ring doorbells. I have one.

Mario:

I'm actually looking into adding, some more ring, stuff like, flood lights and stuff like that. Anything that communicates, you know, using or is getting an IP address or Internet to for you to conveniently manage it through your cell phone.

Justin:

Okay. Good. Good. So, Brian, question for you. How many devices in this little Internet of Things that we just described exist today?

Bryan:

Right now, we only have about and I say only. It's it's a it's a pile. We have 17,000,000,000 as of today, approximately, obviously, as of 2024. It's estimated that there will be approximately 25,000,000,000 or more by 2020 2030. But listen, a couple years ago, a bunch of years ago, IPV 6, which is a technology for the Internet, and I won't get into the specifics.

Bryan:

I'm sure, we can publish stuff about it. They changed the standards from one format to another that now allow up to 340 unodecillion I can't even pronounce that. Possible combinations. It's essentially, if you are a math guy, 2 to the power of 128. It's there's so many numbers on this thing.

Bryan:

It's, it's long. And they did that because of the Internet of Things and the ability to pay but have every device connected to the Internet.

Justin:

I don't know if you guys, I'll date myself here, but 1999 was a fun year in technology, wasn't it? We, we were afraid the whole thing was gonna collapse because the early programmers only had these 2 digit year fields, because memory was at a premium back then. I mean, now it makes no difference whatsoever if we're using 2 or 4 digits. But back then, 2 digits was a big deal, and so they save that memory. And then the year 2000 comes around, like, oh my god.

Justin:

Are we in 2,000 or 1,000? We don't know. Computers didn't know. We thought planes were gonna fall off the sky and all that. So ipv4, if you're gonna mention that the Internet protocol, basically, this is the addressing scheme for every device that's connected to the Internet.

Justin:

We went through it wasn't as widely publicized, but a similar panic, where we thought we were gonna have to change everything over to ipv6. 6. Do you guys you're around for that. Right? I mean, I panicked, everybody panicked, we started restricting who could use these addresses and whatever else.

Justin:

That panic largely went about, way into the night like 1999 did. But it is still, you know, something that has kind of happened behind the scenes that does allow for all of these connected devices to, I mean, like, all my stuff is still ipv4, at least, you know, web addresses, all that kind of stuff. Almost everything is still ipv4, but we do have this unlimited now because it was very limited before. We had this unlimited addressing scheme for all things that connect to, say the internet, but really it's just anyways, I'm not gonna go there. So, with this, this new way of addressing, we have unlimited access to all this unlimited devices can connect.

Justin:

I don't know. What'd you say? 16, 17,000,000,000 today? Yeah. What this does, the problem this creates is it expands what we call the attack surface.

Justin:

Right? What's an attack service? Somebody anybody bueller bueller.

Bryan:

Well, it's essentially, any anything that anybody can use to, attack you. If you for example, if you get access to a couple of devices, you can then utilize those to attack more devices. And so nobody, you know, hackers don't typically hack a device directly. They always go through intermediaries. So either it's 1, 2, or or, you know, a 100000 intermediate intermediary to get to, their ultimate destination and they'll they'll, you know, the attack surface meaning, you know, if I if I can attack a organization with a 100 devices, yeah, it might affect them a little bit.

Bryan:

But if I can attack them with a 100,000,000 devices, now I could, you know, basically make them fall to their knees because they won't be able to process that much Right. Connections.

Justin:

So Okay. The

Bryan:

larger the attack surface, the better.

Justin:

You're you're kinda talking about in the in the world of bots once you've already, taken over these devices and you marshal the forces. The other way and and this is kinda more what I was thinking. However, both are true. An attack surface if you think about, like, I suck at baseball, like, really, really suck at baseball. When I was a kid, I have trauma over this.

Justin:

My coach was so, disgusted with the way I threw the ball. He's like, can you just try just for fun, humor me. Try throwing it left handed. And and I couldn't even you know, keep wanting to make sure I was really right handed and not left handed because that's how bad anyway

Bryan:

we had the same childhood.

Justin:

Yeah. So, I you know, the the saying goes, I couldn't hit the broadside of a barn. Now true or not, let's put that aside. But if we expanded that wall to, like, a skyscraper, even me with my terrible skills using my left hand probably could hit a skyscraper with a baseball. So when we talk about an exact attack surface where people are trying to break in, we have to mathematically, we take the number of devices, and we multiply it by the number of vulnerabilities per device.

Justin:

And you just threw out a number like 16,000,000,000, whatever it was. Each of these devices probably has at least 1 or more vulnerabilities. Right? Our surface, our our risk has just gone through the roof. It's it's almost as mind boggling as that number you tried to just explain a minute ago.

Justin:

Right? So what we have now is we have, you know, we used to just try to secure our computers. Back in my day, I'm an old man, We would just put a firewall in place. It protected all the little computers that we were managing, and that was it. We were done.

Justin:

That's all we had to worry about. And now we've got this basically infinite number of vulnerabilities that we have to watch over. So big, big, big problem is what I'm trying to say.

Mario:

And they're out of our hands. A lot of these times, it's just that we we trust that these, you know, companies that we're purchasing decent job. But, you know, we there's, you know, the cost as IT people, it's very hard for us to even, govern that because we don't know what they're communicating with.

Justin:

I I would argue that this is one of the biggest, most unaddressed problem in cybersecurity. Yes or no?

Bryan:

Agreed. Yes.

Mario:

Okay.

Bryan:

Question for you, Justin. How Yep. How secure are these devices?

Justin:

Oh, they're they're so secure. And by the time we're done today, we will have solved all of the world's cybersecurity problems, not just this one. So That's good. With that

Bryan:

Stay tuned.

Justin:

Shall we shall we dig into today's episode? So, guys

Mario:

Continue today.

Justin:

Real quick. The today's intro has been a little longer than normal. But, UnHacked, guys, is a weekly cybersecurity podcast where we talk directly to, you know, our target audience is the owners and leaders of small to midsize businesses. Now I'm not gonna get into defining that because, that's like saying what is large or how long is a string. Everybody has a different definition, but we are looking to people who are responsible for, keeping their their people, their assets, their finances, their money, their bank accounts secure from cyber criminals.

Justin:

That's not to say that there isn't value in this for home users, for individuals, for larger organizations, but we are specifically talking to these, this small set of business owners. Now the kind of the intent of the podcast is if we did everything that we were advised to do, recommended to do, we would never end and we would never stop spending money. So we're trying to filter through the noise, the mountains and mountains of suggestions, and narrow it down to what are the things that we can do that cost the least in both time, effort, frustration, and money and produce the biggest results. So, because the the sad truth on cybercrime, I say this over and over, is that with basic security measures, 97% of these breaches that we talk about could have been prevented. But once you get hit, you can never get un hacked.

Justin:

So alright. There we go. Let's go ahead. And like I said, a little bit long today on the introductions, but we do need to introduce my, myself and my cohosts. And I would like to start with Mario, but Mario, I have another question for you.

Justin:

And, what I really need to know is that between you and me, one of us pronounces your name wrong, and I'm not sure who it is. Because I always call you Mario, and you come back with Mario or I don't even know. Is that an accent, or am I pronouncing it wrong?

Mario:

No. It's I I've I've, you know, for 44 years now, I've heard it different ways. I usually just say Mario.

Justin:

Okay. Okay. I just I I had to know. I had to know because every time I introduced you, you come back and you say it different, like, shit. I did it again, but I had to publicly confess, to I've Don't worry about that.

Justin:

Anyways, so tell tell our audience who you are, where you're from, something, interesting about yourself, maybe, the the best thing that happened to you this week.

Mario:

So Mario Zaccio, owner of Mastech IT. We are located in New Jersey, right outside of, Manhattan. We are approaching our 20 year anniversary. So the Nice. Be our 20 year anniversary.

Mario:

And, something interesting that has happened to me this week. You know, business has been good.

Bryan:

Just a little bit.

Mario:

Yeah. I

Justin:

know. We we're all jealous of Mario these days.

Mario:

And, you know, next week, you know, I've been prepping, for my presentation as you guys are aware of in Nashville next week, where we will all be together live. And that I am presenting for as a big deal as a, production, you know, for something called better or best, in a group that we are all involved in. So I'm one of 5 finalists presenting next week. So I'm excited about that.

Justin:

Yeah. Huge huge congrats congrats. God, I can't even talk. On on just being there. Right?

Justin:

Most of us are afraid to even submit the application. Not only did you do that, which is a painful process, but it's not that big. Would you argue that it is it a big deal or not so much to apply? We're all afraid of it, it seems.

Mario:

It's, you know, you just gotta write the essay and, you know How

Justin:

long did it take you to write the essay?

Mario:

It took me a couple days because once I really got into it, I kept going back and forth and adding more stuff to it. And they did comment that it looked like I spent a lot of time in my on my essay when I did submit it. So Couple

Justin:

of days. They did. Okay. Followed by some prep works and practicing, but the prize is it's small. Like, it it's hardly even worth doing.

Justin:

Right? If you if you win, what do you walk away with?

Mario:

It's just a a small, sports, sports car. You know, Jaguar f type.

Justin:

Yeah. Exactly.

Mario:

But I gotta fit this big head at in.

Justin:

It might be worth your 2 days.

Bryan:

Yeah. For the record, Mario's gonna be presenting in front of 2,000 people, and most people would prefer to die than present in front of a stage of that many people. So it's kudos to you mario and, mario. I'm looking forward to it. Thank

Mario:

you. Thank you guys.

Justin:

It'll be a good time and, little teaser, guys. We're gonna be broadcasting live from Nashville. Not Mario's presentation, but we are gonna be, digging in, to what I call the war room. We'll be down there with all the vendors who are trying to tell us how great and important their product is. And like I said, we're here to solve our sort through all that and bring you the stuff that matters the most.

Justin:

So, okay, Brian. What are you all about? Tell us about yourself, something interesting, something fun that happened, you know. Sure. Give us a rundown.

Bryan:

Brian Lachepott with B4 Networks based in, wonderful Ontario, Canada near Niagara Falls. We do we support, all of the local businesses here and then up in Simcoe County. Something interesting about me that probably nobody, knows about in this podcast. So I mean, some of you might, I'm actually an officer in the Canadian Forces. I work with, the Army Cadets.

Bryan:

I've been doing it for over, 30 years. I've just got my Canadian Forces decoration a couple of months ago, for 22 years of service as a as a as an officer, and my responsibilities and job is teaching youth. So I love to teach. I love to to to to teach IT and and also youth leadership. So

Justin:

so I don't Yep. I I did, but I've forgotten. It's been a while. And I'll see some of your stuff on Facebook once in a while, but, yeah, that's that's that's pretty cool. 20 how many years?

Justin:

20 years? 22 years?

Bryan:

22. I've been in the Canadian Forces 20 23 years now, but I've been working with army cadets for

Justin:

30 days. Dang. That that is impressive. Alright. And, guys, sometimes I do forget to introduce myself.

Justin:

I'm Justin Shelly with Phoenix IT Advisors, formerly Master Computing. And I've been doing IT in some way, shape, or form since 1997. In a few years, a few years. I'd like to say, I I wish I knew more than I did, but I will say that, I eat, breathe, and sleep this stuff, and sometimes it wakes me up in the middle of the night, which is partly why we do this podcast to stay sharp because we live in a world of cybercrime. I've said before, I'll say it again.

Justin:

This is not why I got into technology. I didn't come here because I wanted to fight Russian crime rings and find out if my buddies here are actually in the Russian mafia, and I didn't even know it or at least supporting them financially. We're we're we're gonna come back to that. We're not there yet. But,

Bryan:

alright.

Justin:

Enough of my nonsense, guys. Internet of Things. So we've talked about what it is, how many of them are out there. You know, some of the problems which we've already alluded to is that this poses a huge security threat. And that is because, you know, we've we've mentioned before that there's not the the IT industry at large is not regulated.

Justin:

We don't have any government agency looking over our backs telling us how we have to deliver the service, or even, you know, any kind of licensing or, you know, anybody can say, hey, I'm a cybersecurity expert. Anybody can say I'm an IT technician and charge you money and deliver a service. Good or not, right? So that's a problem. And this problem extends to the world of the Internet of Things.

Justin:

There isn't an agreed upon. It's not a regulated industry where there's a an agreed upon set of standards that the developers, the manufacturers have to follow in order to secure those devices. So we hope, that they're doing something to lock them down. But as we're gonna talk about today, we might need to up our game just a little bit. So some other problems with these, you guys wanna jump in, what are what are some of the known issues or the the struggles that we face in our world trying to lock down these devices?

Bryan:

Well, you did mention one of them and that

Justin:

that that

Bryan:

these developers, don't have standards. But more importantly, in most cases, new upstarts are, producing a technology to that that you know, fantastic, you know, great products. And then somebody at the end when they've developed the product goes, hey. By the way, how are we gonna secure this? And then they go, oh, right.

Bryan:

We forgot about that. And then they try to backwards engineer how they're gonna secure something that was not started with security in mind from the get go, and that is a problem. You can't secure something after the fact or very easily. And so, a lot of these new products that are coming out products that have been out for a while and people companies that have been producing these for a while tend to have security in mind from the start, but a lot of these new technologies coming out, it's kind of an afterthought, and, that's really scary.

Justin:

And that honestly is a best case. Well, I mean, best case is, like you said, from from inception, from from the initial design. They're they're security minded. The more common case is it's an afterthought. And then the more frightening case is sometimes when we're buying this cheap garbage from overseas in unnamed countries, made in it can be built in.

Justin:

Right? So Right.

Bryan:

Like, it's it the security flaws are on

Justin:

malicious. Right. It it's malicious by design. So Yeah. I mean, god, I I like to say this about apps that we download onto our phones, but I can say it also on cheap electronics devices.

Justin:

Like, if something if you aren't if you're getting the cheapest thing or the something that's free, god forbid, the people developing it and producing it and delivering it are getting paid. So if you're not paying them, who is and what is the product? Great. What is the product?

Mario:

You're the product.

Bryan:

Well, you are. Product. Yeah. If it's free, you're the product. Right.

Justin:

Google's a great example, you know, everything we type in there is collected and sold. Every search, every movement, we use Google Maps, like everything we do is collected and sold. So, I'm not trying to say, like, we have to run away from all this technology, but I am saying be aware. When you're downloading free stuff, when you're buying cheap garbage, you might be the product. So that's a that's a potential issue with Internet of Things with all these connected devices.

Justin:

What else do we Mauro, you got something for us? Yeah. I mean,

Mario:

essentially, it's a lot of this stuff here. You're depending on them to also fix what they discover, and you don't know if they discovered it or not. Like, you go and buy, like, a camera on Amazon, you know, for $30. You don't know if they actually figure out that there was a problem or not. You know, it's not, like a big, like, car where there will be a recall on it and say, okay.

Mario:

Send us back, which by the way is one of the things I wanna talk about today on a recall. But it's you know, sometimes it's to them, it's not worth it. And even if they do release an update, to fix something, they you know, you have to check be checking their website to say, hey. Do I need to upgrade my my system or not? You know?

Justin:

Yeah. How often do we look at our refrigerator and wonder if it needs to be a security patch or a a firmware update?

Bryan:

Right.

Justin:

Right. So we do. We hope that they're putting out these updates, but who's monitoring them? Who's who's pushing those updates? Yeah.

Justin:

I mean, we'd love to believe that they're automatic. Some of them are, but, not all of them are. So okay. What else?

Bryan:

I'll give you a a a really cool really quick example. Right? So, with vehicles, when you when you purchase a vehicle and you own the vehicle, it it's today, it's all run by software. Everything inside there is run by software. When's the last time your car was updated?

Bryan:

Unless you're a Tesla, then it's updated over the air, but almost every other manufacturer, there are no updates. So if they're a critical flaw found, granted most of them aren't connected to the Internet, the flaws are there, and they're there forever. Yeah. Yeah.

Justin:

Things to think about. I mean, you can take it in the shop, and they can they can update their their I you know, there are there are ways you can do a d y DIY update on your cars, but, yeah, but do we But then everything breaks

Bryan:

on it 2 months later. You're bored. Right.

Justin:

So alright. Yeah. Yeah. Passwords on IoT. Right?

Justin:

This is a big one. Yeah.

Bryan:

Huge.

Justin:

Copy machines, machines, for example. That's one that I became aware of not real long ago that because they all have default passwords. Like, I when I'm working on a client's, you know, the big self standing multifunction printers, copiers, fax machines, and I don't know how to get into it, I can usually Google that device and come up with the admin name and password. Not always, but usually, I can do that. Well, if I can do that, so can a bad guy.

Justin:

So you get into somebody's network, you go, you know, you then you break into their device. Well, what does that matter? Everything they printed is, at least the recent stuff is stored on a hard drive. Mhmm. Right?

Justin:

So you can get into that. Now you've got, you know, any confidential information that was, yeah, that was printed, scanned, copied. So, that's we'll we'll jump way ahead and get to our our takeaways. Change your goddamn passwords on devices that you buy. When it comes set up with a default password, never use that.

Justin:

Alright. So I mean, we could go on here, but, let's let's jump into some real world examples. And Mario slash Mario, you I'm gonna I've got you up first, and you said you had a lot. So I I am afraid actually, I'm I'm maybe a little excited. This might be one of our longer episodes, which I'm okay with, by the way.

Justin:

We can we can dig into this one. I have to quickly tattle on myself. Last week, you know, I thought it was so cute to announce that the topic was something that nobody was interested in or at least one of our top fans was not interested in. And then I wrote the the stupidest headline ever, passwords. Haven't we heard it all already?

Justin:

No. Something like something stupid ass like that. So far, now I know that we're only on episode 14, our least downloaded episode ever. And if I go back to previous podcast that I've been involved in, it still applies. The most, undownloaded, disinterested, don't give a shit episode I've ever recorded.

Justin:

So, lesson learned. Know your audience. And I mean, maybe a better headline. I hope today's was a little bit better. That's why kind of throw the Russian hacker thing in there.

Justin:

Jesus. Anyways, okay. With that intro, Mario, let's try to make this one a little bit more exciting, than last week's title.

Mario:

Yeah. So, an example that I have was actually a couple years ago, I leased a, a Jeep for my wife, And we had it for, I wanna say, 2 weeks. And then all of a sudden, we got a notice, like, hey, there's a big recall on your Jeep that you need to bring back the car for us to update. And then we all, like, oh my god. Are we gonna be doing this with cheap, you know, for the next 3 years of the police?

Mario:

But the the, recall on it was people were actually able to remotely access a jeep just by connecting to its built in Wi Fi. You know, a lot of these cars now have built in, like, 4g or 5g that can give out Internet access, you know, for for, like, the kids sitting in the back with a tablet. They're actually able to remotely access the car and control everything about it, even the steering of the car. You know, they could control your radio. They control your wipers.

Mario:

They could control, what's happening on display. They can turn off your car. They can turn off the steering.

Justin:

Sure I knew they could get at the steering, and you're positive about that.

Mario:

I I just be in preparation for for the show, I actually was just watching a YouTube video about a guys, you know, that actually showed you they took over the car completely. And they were even able to put, like, their own picture on the, radio. You know, they

Justin:

This is why nobody listens to our podcast because we scare the shit out of them. We don't wanna know stuff.

Bryan:

I didn't wanna know that.

Justin:

The steering wheel thing. Damn it, Mario.

Bryan:

Yeah. Okay.

Justin:

Okay. Go on. Go on.

Mario:

So, you know, I when I found out what this recall was about, I was like, yeah, we gotta get this, you know, fixed right away. Since then, I believe they have fixed it, but, you know, it's just an example of if it if it's on the Internet, you know, you don't know who's gonna be able to access it, or how they're gonna be able to access it. And you're trusting that whoever's doing it is doing it correctly.

Justin:

I'm hearing a lot of hope and trust in what you're saying right now.

Mario:

My other thing that I actually and I remember this, a few years ago. I think it was about 7, 8 years ago. Home Depot had a major breach. And, I think it was, like, 60,000,000 people's credit cards were stolen.

Justin:

That was a big one. Yeah.

Mario:

Yeah. And, you know, I don't know the if full details on it, but I do know that it was a vendor's information that got leaked because I believe they were able to access it through the HVAC system. The Correct. Heating and air conditioning Yep. Of of the what, like, the store, you know, I don't know which place, but they were able to get it through there.

Mario:

And then they were able to all of a sudden just piggybacking.

Justin:

They were watching everybody's transactions as they came through. Yeah. Yeah. That was that was a bad one. Yikes.

Mario:

Okay. Those are 2 big ones that I I I remember.

Justin:

Alright. Brian, it seems like you've got, you got some commentary for us.

Bryan:

Well, just playing off of what, because I didn't even think about cars. But playing off of Mario was saying, I remember and I'm not gonna mention brand names because, you know, that's not what I'm here for. But, there was a there was a brand name, very popular, very, very expensive vehicle, that had the way to get into the car to link it with your your your phone so you would you would basically download their app and and the essentially the pin to get in and be able to access the car and connect it to the car was the vin number which is you know, a very long nice string of numbers But unfortunately you can scan

Justin:

with your phone from outside the car

Bryan:

from the outside. Yeah. It's stamped on the outside. So, you know, high high security there. Essentially anybody who hadn't gone in and changed the default, so and most people who bought these vehicles

Justin:

are are are children

Bryan:

of the elderly because they're very expensive. And so mostly people my age or or older, they wouldn't be changing these things. And so criminals were able to come in and just walk up to the car, type type a few keys, unlock the car through the through the the the you know, but the provided unlock my car remotely system, and boom, they were into the car, because that was the default. Nice. Yeah.

Justin:

Again, hope and trust, might be misplaced. Yeah. Maybe maybe that's another secondary purpose for our podcast is to expose these guys. Maybe we should start using brand names and calling them out. I mean

Bryan:

They may have fixed it by now. But

Justin:

I'm sure they did, but, yeah. Wow. Okay. Alright. Now, Mario, were you did you wrap up, or were you still going?

Justin:

You

Mario:

Yeah. Yeah. No. I keep going for a while, but you go you know? That's those are the 2 big ones that I, I did.

Mario:

And I did mention, you know, a couple of them by name because, you know, it's out there. They're very popular.

Justin:

So I go back and forth on whether I mentioned names or not. Sometimes I just like to be a dick. I don't know. I don't wanna call people

Bryan:

out on

Justin:

stuff. So, anybody that knows me, I'll that's not new information, so I'm not worried about. Okay. Brian, what do you have for us?

Bryan:

Sure. So my example so what what Mario just talked about is essentially a 1 on 1. Right? We we you know, you were able to get into the vehicle. You were able to do something with 1 vehicle.

Bryan:

My example is one where, there were, hundreds of thousands of devices out on the Internet all using a specific processor, and, essentially Mirai botnet. I don't know if I pronounced that correctly. And, essentially, when one device got infected, it immediately went and started searching for other devices that it can see on the local network and and and and on the Internet that also had the same vulnerability using the same password or whatever the case may be. And it would infect those in which turn would then turn around and keep and start searching. And so we went from, you know, a couple of devices, and this back in 2016, by the way, a couple of devices, to one of the largest botnets of and a botnet essentially just a group of of infected devices.

Bryan:

And the criminals had access to I don't even know how many because they they don't know, to this point roughly how many it is. They were able to, essentially take down all lot of the very large media companies by doing essentially what's called the denial service. So all these devices try to connect to those websites at the same exact time, which essentially just took down those websites because of the traffic. They just couldn't handle it. So things like Twitter, Reddit, CNN, Netflix.

Bryan:

And so if you were watching Netflix back in 2016 and it went down, that's probably why. And so that was really, you know, one of the more publicized cases of internet of technology devices being infected and and being taken over. And the device is essentially the reason why it happened. 1, they were using outdated software because who updates software on a piece of hardware. Right?

Bryan:

You have got this little camera or this little doorbell or this little device on your on your network. Who would even think to, you know, go and update it? And and back, you know, 5, 6 years, 9 years ago, essentially, that wasn't, you know, something that many manufacturers were really concentrating on. Now, you know, if I go into my app for my cameras, it it says, oh, there's an update. Do you wanna apply?

Bryan:

And, you know, you hit yes, and they go and apply, and then promptly, they disconnect, and you can never get them back up and running, but that's a whole different story. And so a lot of these devices were being shipped with default passwords or worse, no passwords. By default password, a device,

Mario:

you know,

Bryan:

back back then and even in some cases now, you you install a device, you know, back back then. And even in some cases now, you you're not even prompted to change the password. So it's just, you know, here's the password, and it just stays like that. And those devices again all have built in software and They're not set it and forget it They they actually have to be updated on a regular basis to like mario said when the manufacturer detects that there's a problem they can send out an update in a best case scenario because a lot of the times these companies, go bankrupt before, they you know, and then nobody's watching out for those. So, you know, basically, that that's one of the real world examples that's on a larger scale that I really had nothing to do much with, other than helping clients who may have gotten attacked at the time.

Bryan:

But a real world example of something that I personally dealt with, I wanted to touch base if if I'm allowed, if I can. Yeah.

Justin:

For sure. That's the good stuff.

Bryan:

Is, is something that I I dealt with personally. It's not on a grand scale, but I want you to imagine you're a, brand new large medical facility. You know how that, like, these medical facilities are eating up all the local doctors, you know, and, of course, across North America. Right? You used to have, like, local family doctors, and now there's these big, you know, corporations coming in.

Bryan:

And, you know, clinic and a chiropractic, and they have, like they're basically, like, they cover everything from start to finish. Right? And, so this this medical facility, they have, all sorts of technology in there. One of them being a brand new state of the art, HVAC system, you know, air air conditioning and and heating system that controls the whole building. Of course, it has, access connect to it via, you know, the local network, And then they had a parking system also connected via local network.

Bryan:

We're all running, you know, really outdated versions of Windows, but that's besides the point. And then the HVAC companies thought they'd get clever. They wanted to be able to help the client. They, you know, they wanna help them. So they they set up a Rogers Rocket Hub, which Rogers is essentially in Canada, our version of, you know, whatever communication cellular communication networks you guys got they got down there.

Bryan:

Rogers is ours. So they set up a rocket hub, which is essentially just like, you know, Internet through, cellular, and, he hooked that up to, to to to the network without telling anybody. Highly secure, forwarded the the ports. I won't get into the technology, the technical aspects, but basically it up so he can remotely access it and be able to help the building managers do what they need.

Justin:

Let me ask you real quick. Yeah. How was he able to set it up without anybody knowing? Was it on, like, a guest wireless network? Or

Bryan:

Yeah. He was on-site. So he just, like, took this little and this granted, this is not somebody who is utilizing us on an ongoing basis. They was just, like, doing it, by the way.

Justin:

The code for the Wi Fi or was it, like, plugged it into a network?

Bryan:

No. No. It's a physical device. It's a physical box that it has Right.

Justin:

New

Bryan:

antennas that connect it. He just physically plugged it into the network.

Mario:

It's a hot Oh.

Bryan:

Oh. Oh, I'm sorry.

Justin:

This is still this is the hot spot itself that he plugged in.

Bryan:

Is that

Justin:

what you're saying?

Bryan:

Itself. Yeah. Yeah. This is cellular hot spot. He plugged it into the network so he can remotely access the HVAC system on the network.

Bryan:

And so essentially there was 2 routers 22 ways in 2 Internet connections 1 being used by everybody else one being used just by the

Justin:

What's the isn't the right way to do anything, which is why I kinda you lost me for a second. Right. Wait. What? He did what?

Mario:

You don't need to be too logical, but

Justin:

I I know. Though.

Bryan:

Okay. Okay. So it was just all done with the customer's best interest in mind. I'm sure.

Justin:

Sure.

Bryan:

So he had this device and, of course, hackers got

Justin:

through it

Bryan:

because it's not secure. It's not set up properly. It's it's completely done the wrong way. They were able to not only access the HVAC system, turning up and down the temperature, you know, just like literally, like, goofing off with them. And and I'm sure there's turned up and down the temperature.

Bryan:

Right? They would have just left everything as is just so they can continue collecting their their yeah. Stay quiet. And and it wasn't like they were they were taking a 100 of and I don't even know how they did it, but we shut down. Point being, but they were we've detected it because they they kept saying, you know, hey.

Bryan:

Our temperature keeps going up and down, and, you know, we can't figure out what's going on. So we went in and we found this device and found that people were login and password, of course. So right? So, yeah, all all that to say, you never know what vendors will do when they're setting up devices that are essentially Internet of things. It's a it's an HVAC, but it's an Internet of things that was connected to the network.

Justin:

So This is and this is honestly why I said at the beginning that this is probably one of the biggest challenges that we face in in the world of security, cybersecurity, because it's so easy to connect so many different things, and it is hard to detect them. It's hard to know that this is happening, without a lot of effort. We'll come back to that as we wrap things up on on what we can do, but that's exactly what makes this so scary.

Mario:

Well, you know, also too is, like I mean, you can just go on YouTube and and just search for it. Like, you know, there's been plenty of examples of, like, baby monitors or webcams, you know, that have been hijacked or taken over, or, you know, you, you I've never seen videos of a kid sitting in his crib and they there's somebody just sitting there talking to this baby, you know, right through this webcast and, you know, through the baby bomber. You know, there are a lot of stuff out there that, is not regulated that it has. Right.

Justin:

Well, there was a another example, speaking of cameras, And you mentioned a great big one last week, Mario. You kinda got ahead of us with the your camera takeover. This was Nest. I will use their name because again, I'm I'm pulling this from a news article, no personal experience here. But they they showed a video clip of, a white hat hacker.

Justin:

Now this is somebody who hacks with good intentions. I will say that it is still a federal crime to access somebody's technology, somebody's network, without their permission, without their knowledge. So still criminal behavior, but he he was able to hack into somebody's Nest camera and he just starts talking to the guy. He's like, oh, yeah. I'm just a hacker.

Justin:

I'm with anonymous Calgary, In in Canada, of course, you Canadians. And and the guy's like, wait. What? He's like, yeah. I'm just I'm just here to let you know.

Justin:

And the guy's like, well, thanks, I guess. I mean, can you see where I live? I'd like but I mean, the guy's talking to him and watching him in his own home, by a hacked Nest camera.

Bryan:

So, I think online right now, Justin.

Justin:

I know. If you

Bryan:

want me to share the website Sure. There's Yeah. Yeah. Insecam.com. You can go there, and there's live websites all over the world or live camera feeds from all over the world that are in secure cameras, that you can connect to right now.

Bryan:

Some of them are just, like, publicly available cams, so be it, but some of them are are not. And so

Justin:

What was that address again?

Bryan:

I n s e cam. So insacam dotcom.

Justin:

Oh, n s e cam. Okay. See, I I I wanna go to it.

Bryan:

I just

Justin:

typed it wrong.

Bryan:

Because the website is insecure too. So, you know

Justin:

I well, and as I typed it wrong, which is the way they like us to get to bad websites, something else came up completely, which yeah. Who knows? Maybe I just got it now. Yeah. Okay.

Justin:

I'm stopping there, Brian. I don't know what kind of website you're trying to get me to go to, but that one Sorry. Like you said, it's not a secure website.

Bryan:

Yes.

Justin:

I I haven't yet, but I'm gonna set up a a lab, a testing lab that's completely isolated from everything else so I can actually go in and do this kind of stuff. Yeah. But probably not on a live recording.

Mario:

Yeah. One of us is active live on the

Justin:

I know. That would be funny for a minute. Okay. So, what else we got? Brian, were you I think you I kinda interrupted you.

Justin:

What else did you have?

Bryan:

No. That was that was the whole thing.

Justin:

Through all of them?

Bryan:

Yep. I got through what I wanted to talk about.

Justin:

Okay. So one of the ones that I saw that I thought was interesting in it it I don't know if this is what you were talking about with, the unnamed car manufacturer, but I'm I'm in a mood today, so I'm naming names and I'm pointing fingers. This one was Tesla. And, again, this wasn't, it was white hat, but I don't think I don't think it was a proof of concept. Like, I think it was done in a controlled environment, if I remember right.

Justin:

But the guy is a a PhD student. He you know, with a $195 worth of equipment, and I'll I'll keep it short because it gets kind of technical, but he was able to reverse engineer Tesla's security. You know, he got some parts from a a scrapped Tesla, reverse engineered that, figured out how their Bluetooth worked, and he was able to somebody's basically their key fob, but it's just, you know, an app on your phone. And and he was able to assign himself as a a user on the car and started up unlock it, started up, and drive So Yeah. I that again is one that's been identified.

Justin:

It wasn't ever used maliciously. It's been patched. It's been fixed. But it just does illustrate the, you know, I guess I just wanna say the the complacency. So I I was gonna say careless.

Justin:

I don't like careless. I don't think we're careless, but we do get complacent. We get so dependent on technology that, you know, if if I could have one key takeaway today for the audience, it's just pay attention to what you're doing and think it through. Like, everything you do, everything that's convenient, everything that's connected, everything that is a benefit, it comes at a cost. And what is that cost?

Justin:

And just be aware of it. It. Like, I don't think we're gonna I jokingly said, if you didn't catch it, that was sarcasm, that we're gonna solve all the world cybersecurity problems on this episode today. We're not even gonna come close. But if We're not.

Justin:

I know. I'm so sorry. Wrecked everybody.

Mario:

Our users just I

Bryan:

know. Wait. Those are

Justin:

the I'm watching them fall off of the live feed. Everybody's just dropping off right now. But I I do think that awareness is probably our biggest weapon as we're fighting, this war because this is just an ongoing war, and they come up with better weapons and we come up with better defenses. And rarely do we play offense, but I will also kind of piggyback. Today is one of the times where we can play offense because a lot of you know, in some cases when they hack our devices, it's malicious towards us.

Justin:

But like Brian, the one you mentioned, the biggest one ever, it was they were marshaling people's devices to wage war on somebody else. Mhmm. And so, you know, I'm I'm gonna bring this back to my introductory question. Are we members of the Russian mafia? Are we supporting them financially or at least giving them resources?

Justin:

And I will argue that we are. If we aren't paying attention to this, if we aren't locking down our devices, if we aren't changing passwords, if we aren't updating firmware, if we aren't at least aware of what we're doing, every time we download something, every time we plug something into somebody's network, our own network, a client's network, a cut, you know, like, if we aren't paying attention, then we are in fact supporting these nefarious organizations. So, again, awareness, I think is is the number one thing I would like to bring to our audience's attention today. That said, that's awareness isn't really something tangible. It's other than, guys, just keep listening to our podcast, and you're you're gonna be more aware, and you might not sleep at night.

Justin:

Sorry for that side effect. But what are what are some other takeaways guys that you've got out of this? What are some recommendations if we, again, want to boil this down from the 1,000,000,000,000 trillion things that we all have to do and pay for and and give our time and attention to, what are the the biggest bang for your buck that we can recommend, in the world of Internet of Things?

Mario:

I would say, I don't necessarily buy the cheapest thing out there. You know, like, when you're

Justin:

when you're doing research,

Mario:

you know, when you're going out there and you're comparing, like, some products, don't don't compare based on price. You wanna kinda compare, you know, also on reputation. You know, I know we mentioned, like, you know, companies like Nest and and Jeep and stuff like that. These are obviously well known companies, and they they, you know, they admitted to that there was a problem when they they addressed it. But some of these no namers or fly by, you know, companies may not, and they will probably just rather rebrand under a different name, than to sit there and collect back, you know, all these devices or try to figure out all new engineering team to kinda fix their mess.

Mario:

So I, you know, like and, you know, I I know myself. I have, you know, my house, it's wired up. You know, I got light switches that are that I can control from my, phone. Mhmm. I can open up my garage.

Mario:

I could unlock my front door, doorbell. I can, you know, watch

Justin:

When you go home today, Mario, just know that your garage door is gonna be open, and it was me.

Mario:

Yeah. And it's, and I'm using, you know, some major companies, you know, like, and stuff like that. But you know, it, unlike a lot of the things that we've been discussing previously, you know, this is one thing that is going to be hard for us to just give you an answer. Like, this is what you do to be safe, but, you know, you have to kind of do your homework. I feel like you have to kind of go with a company that's been around kind of well known, maybe a little more expensive, but you're paying, you know, you're paying for, you know, name, not just something cheap, you know, out there on the Internet.

Justin:

I'm I wanna tangent a little bit on on cheap versus TCO, total cost of ownership. Okay. So, this honestly is one of my biggest frustrations in working with clients, some of them in particular, some more than others. But I I made this example on selling a workstation to a client and they wanted to go out and find some cheaper brand that was about 30% less. That thing over over its life, number 1, it comes with, less resources.

Justin:

So the employee, the end user is gonna be frustrated with it. It's a poorly built machine, so it's not going to last as long. And, you know, I did the math on on what they wanted to buy versus what I wanted to sell, which came with a 5 year warranty, which is managed end to end. And I can actually show mathematically that the higher cost machine, even though it was almost twice the price, everything that I was proposing to them, was about twice the price, the initial cost of what they were proposing or what they countered with. But the cost of ownership amortized out over 5 years, which is what I was guaranteeing this equipment last for, was about 40% less than their cheap purchase.

Justin:

Right? So, it it it's hard to think this way because we are we have so many ways whether it's Amazon or Walmart or all the other names that I'm naming today. We've become a society of cheap and quick and convenient. And when we look at the overall cost over the life of the device, and especially where security is concerned. So we get a cheap camera or we get a cheap and, you know, not always the case as you pointed out last week, Mario, with the expensive cameras that got breached.

Justin:

But when we get these cheap devices and then they get breached and then the cost that that comes with, man, spend a few bucks and don't get that product off of Amazon whose name you can't pronounce. Right. Because and, honestly, it's getting harder and harder to find name brandy, devices on Amazon. I I I struggle with that the other day. I don't remember what I was looking for, but I couldn't even find a name that I recognized.

Justin:

And so I didn't buy any of them because that kind of scares me. But, yeah, put a little money into it, put a little thought into it, and at least we can hedge our bets there. Back to that hope and trusting we've we've got a little bit if it's a name we know. Okay. What else?

Justin:

What are the some other takeaways, Brian?

Bryan:

Yeah. My takeaway is this, recognize that everything that can connect to the Internet has software.

Justin:

If it can connect to

Bryan:

the Internet, if you can connect to it through Bluetooth, if you can connect to it through some sort of device, if it has a screen on it, it has software that's inside that device. It's not just piece of hardware. And everything that has software should or, can be or can be or should be able to update. And so recognize that if you have devices that you're currently utilizing that you purchased a while ago and haven't done anything with and they connect to the Internet, you may wanna look at them and you may wanna take a look to see if they can be updated. I'll give you a really cool example of what people can do with hardware.

Bryan:

So and you YouTube will know about this. So there's this popular game back in the day called Doom, and they were able to take the game Doom and put it on a pregnancy test screen. Right? Like, they were able to program a pregnancy test screen to play doom, the computer that's built into this pregnancy test. Now they had to, like, mash it up a bit, and they they hacked it a bit.

Bryan:

But point being is that their the hardware built today is extremely, extremely versatile. Just because a manufacturer is using it to, for example, show you the temperature on a screen doesn't necessarily mean that that device can't be reengineered or rehacked to then access your internal network through a Bluetooth connection. Right? So every device you're using, verify that, it has the ability to update. And if it doesn't toss it because if it can't be updated, it's it's it's not good.

Bryan:

And if it can be updated, update it. And and, if they they've stopped supporting it, get rid of it and buy something new. And I know that sounds horrible in today's recycle everything and and and and green, but better be secure than not.

Justin:

Yeah. For sure.

Mario:

It's ironic that they put doom on a pregnancy test because, you know, if your girlfriend tells you here, she's pregnant I'm

Justin:

not I'm not touching that one.

Mario:

I don't know. That's me. I guess, that that's where my mind wandered. I was like, yeah. That's very fitting.

Justin:

Yep. Yep. For sure.

Bryan:

And aren't you married? I am.

Mario:

And I

Bryan:

have 2 kids. And a girlfriend? Yeah. Just kidding. Right?

Bryan:

Again,

Justin:

I'm not touching any of this. You guys Zach is gonna come and attack me now. Guys are all gonna get in trouble. Okay. So I'm I wanna wrap this up.

Justin:

I think we've talked about some good things. We've given some good advice. Probably, maybe done a little more damage than good as far as the fear goes of this. If, you know, we and we've talked about a lot of home devices, cars, you know, personal stuff. So if we bring this back to the, the small to midsize business that we're, we're talking to, and let's say I'm the owner and I'm not an IT guy of a of a company with 50 employees.

Justin:

I'm terrified. I got to this point in your guys' podcast, and I, like, flipped you all off. And I went back to my business and I throw my equipment in the garbage and I walked away and I wouldn't I don't know. I'm whatever. What do I do?

Justin:

Like, as a business owner and now I've got all of my employees bringing in smartwatches, their their BYOD phones that we know about, phones, tablets, hotspots. I mean, like, what else? Like, all this stuff is getting added to my network. What the hell do I do about it? Anybody?

Bryan:

Like, yeah, that one. So because I have a very like, we we we have a lot of greenhouse clients. And greenhouses, I don't know if you're aware of, they they have an tremendous amount of technology in their environment and they're bringing in 3rd party iot devices for temperature sensors for for for all sorts of automation devices. And and so we we implemented this across the board, and I recommend that that anybody who has a business have this. So we recommend having a peer especially a lot of these connect via Wi Fi.

Bryan:

So we use a technology called vLANing. So it's just essentially segregating the network into different segments. We have one segment for, all of devices, any device, whether it's like a a temperature sensor, whether it's a, a TV, connection. They all get segregated onto a separate network that all they can do on there is access the Internet. They can't access each other, and they can't access anything other than the Internet.

Bryan:

Another network for all the internal communications, like your your computers and your your devices, and then a third connection for all of your staff's random stuff. Right? People who bring in a phone and they wanna connect with the Internet, a guest who comes in. And, again, that device, that connection can only access the Internet, can't access each other. So if you set it up in such a way, then the devices that you're connecting to your your systems, they can be programmed.

Bryan:

For example, if if a device does need access to something on the network, I can say, well, that device has access to this device, and and they can program it. It's a little more complex, but that's what you have IT people for. That's what we're here for is, you know, making sure that all of these IoT devices that are being put into a corporation are, a, being tracked, so we know that they're there. And we know when there's a problem, so that, you know, what it is and who made it and, when it was purchased and and serial numbers and and model numbers. And everything is set up in a way that is segregated from everything else.

Bryan:

So so Yeah. That's exactly.

Justin:

Bringing that back to layman's terms, it's it's segregating that work. And I'm not even gonna try to describe it any more than you did. I will just say as a business owner, this is not your world. Don't do it. This is not this is not something that the, DIY, technology person is gonna do, where where security is involved.

Mario:

So

Bryan:

Your grandson or your your your your your nephew's child won't won't be the proper person to do this for you.

Mario:

Maybe if I can

Bryan:

By and large, no.

Mario:

If I can also add on to that, like, even in just not just that, but like, you know, even if you don't have these devices on your network, you should create a guest to Wi Fi on in your business and do it the right way. Like, it has to actually be configured correctly, not just another broadcasting guest, Mhmm.

Justin:

But

Mario:

it's connected to the same network. So, you know, we we set up offices all the time. They want people come in to bring in their laptops and connect to the Internet, they have to be completely different than what you are, using on your on your work computer. So pretend that it's a different Internet service provider completely. But we can do it where it it's like that, but it's not really that way, but it's done securely.

Justin:

Right here again, it's got to be done correctly, professionally, and you need the right equipment to do that right. Because a lot of the Wi Fi access points or routers. Yeah. You can easily create these other networks, but we need to make sure that the network doesn't cross contaminate. Right?

Justin:

So not just for, guest users, but, yes, a separate network for these devices, the Internet of Things devices would make it easier to track them and understand where they live. I will say though, it's gonna become a a game of educating your people once you get these set up. You know, because they bring their laptop in and connect to the corporate network, they need to then pair their, smartwatch to the IoT network. Right? So this is not an easy one.

Justin:

This is this is a big one, guys. What else? So we've got, segregate the network. What I will say though is make it easy for your people to do this because one of we we've talked about shadow IT before, which is basically, an end user trying to accomplish something and doing it without the assistance or knowledge of the IT department or or IT company. And if we can make it easier for them to bring their devices and do the things that they want to do so that we can at least be aware of it, then we're we're at least, you know, we're mitigating a problem.

Justin:

But if we try to say, hey, don't pair your smartwatch, Don't bring in your, you know, connect your phone to Wi Fi or whatever. They're gonna do it anyways, but they're gonna do it the wrong way. So make it easy. Make it easy for them to do the things that they want to do. Make it easy for them to do their jobs and even to do some of the things in their personal life that they're gonna do anyways.

Justin:

Right? So we can tell them not to, but do it. Make it easy so we can control it and manage it.

Mario:

And do it early. Like, it's much easier to to do it when you're first setting up everything. Right. Have to go back and redisect everything that was already done improperly. And I'll probably call through.

Mario:

Too.

Justin:

I'll I'll what I'll say to that though is, when's the best time to plant a tree, Mario? Mario?

Mario:

Right now.

Justin:

20 years ago. 20 years ago is the best time to plant a tree. What's a second best time to plant a tree? Right now.

Mario:

Right now.

Bryan:

Correct.

Justin:

So, yes, ideally, do this from the beginning. I'm guessing most haven't, so let's do it now. And and with that, let's let's kinda come back to our ongoing offer on the podcast here is any any listener, any organization who listens to this is welcome to sign up for a free cybersecurity assessment vulnerability assessment. And to do that, just go to our website, unhacked. Live not.com.

Justin:

I think that one was $10,000,000 to buy that domain. Unhacked.live. And not only can you grab this free assessment, you can schedule that, but it also has links to our social media. So we've got a YouTube channel where we stream live, and then we'll go back and edit and publish. And then we have a Facebook group where we stream live, which is also where we'd like you to join that group and communicate.

Justin:

We will list upcoming episodes. Give us the questions that you've got. Help us create content that is useful for you and not just, like, you know, passwords where nobody wants to hear it. And and, you know, get to know us. Get to know your gut your host.

Justin:

So, join the Facebook group. Next week, by the way, just kind of a precursor, we are going to be in Nashville, like I already said, we are going to go and interview some of the the top security experts in the industry and, you know, possibly some new products, maybe some clarification on some that we already use and recommend. But this should be a really good kind of a a look behind the scenes of of what we do to vet this stuff because, just like we're trying to help you, our audience, kind of boil this down to the key stuff. We as providers, if we went out and and signed up with every vendor who was telling us that their stuff is the only thing that we need, we go broke. Right?

Justin:

And we wouldn't have any customers either. So, we're gonna go through. We're gonna, filter through that and bring you the best of the best.

Mario:

And then last thing Brian our haircut next week too? Like, can we get Yeah.

Justin:

Brian's gonna shave his head a little bit. Yeah. Because you have to be bald. He's getting the beard, so I'm I'm I'm happy about that. But, yeah, we'll, we'll hold him down and shave him up, live next week as well.

Mario:

Well, it'll match. Like, all 3 of us will look exactly the same.

Justin:

I think it's a great idea, Mario. New rule, if you wanna be on the podcast as a, host, you have to have a bald head. It makes you look smarter, by the way. Okay. So, guys, let's go ahead and wrap up.

Justin:

Final invitation. If this has been of any value to you, please share it. Help us spread the word. Let people know about the the podcast. You can listen to it everywhere.

Justin:

Apple, Google. I heard Google Podcast is going away. Did you guys know if that's true?

Mario:

I wouldn't be surprised. Google loves taking away stuff after they

Justin:

I hear you. People

Mario:

have thought.

Justin:

I mean, to be fair, it's it's on YouTube, and they own YouTube. So whatever. We're we're we're there. You can, listen to us on Facebook Live, Spotify, whatever. So take a listen, tune in next week, and we'll bring you the best of the best from the war room in Nashville.

Justin:

With that, let's go ahead and wrap this up. Brian, any final words? Mario, any final words?

Bryan:

The only final words I words I have is, you know, we we love to scare well, love to scare, but we we we do end up scaring people about cybersecurity. But the the one thing I want everybody to take away is just get started. Just do one thing every day. 1 get 1% better every single day. And, by by the end of the year, you'll have gotten so much better.

Justin:

Yep. And we

Mario:

I'm gonna say I just say, if you're gonna do it, do it right. Do it. You have a professional do it because you don't want to think that you did it. You know, you secured your network, and it's not done correctly. So, you know, have another set of eyes, take a look, and confirm if it was done correctly or not.

Mario:

Mhmm.

Justin:

And last thing I'll say is, listen. Nothing's a 100%, but we can get pretty damn close. 97% of the breaches as we talk about were preventable. Right? 97%.

Justin:

That's a lot. But the other 3%, get insurance. Right? And then go to bed and sleep because it's the best we can do. Nothing's perfect, but what we don't wanna do is be that low hanging fruit that we've talked about several times.

Justin:

So, with that, we'll sign off, and we will see you next week live from Nashville. Take care, guys.

Bryan:

Thank you. Bye, guys.

Creators and Guests

Bryan Lachapelle
Host
Bryan Lachapelle
Hi, I’m Bryan, and I’m the President of B4 Networks. I started working with technology since early childhood, and routinely took apart computers as early as age 13. I received my education in Computer Engineering Technology from Niagara College. Starting B4 Networks was always a dream for me, and this dream became true in 2004. I originally started B4 Networks to service the residential market but found that my true passion was in the commercial and industrial sectors where I could truly utilize my experience as a Network Administrator for a large Toronto based Marine Shipping company. My passion today is to ensure that each and every client receives top of the line services. My first love is for my wonderful family. I also enjoy the outdoors, camping, and helping others. I’m an active Canadian Forces Officer working with the 613 Fonthill Army Cadets as a member of their training staff.
Mario Zaki
Host
Mario Zaki
During my career, I have advised clients on effective – and cost-effective – approaches to developing infrastructure that fosters productivity and profitability. My work has provided me with a broad-based knowledge of business from the inside, with an expertise in areas that go beyond IT alone, ranging from strategic planning to cloud computing to workflow automation solutions.
14. Internet of Things (IoT) - Is Your Fridge a Member of the Russian Mafia?
Broadcast by