UnHacked

Welcome everybody to episode 40 of unhacked. Guys, we've been doing this for a hot minute. We're talking about before we got started here. Brian, Mario, my regular guest. And today, we're joined by a new face, Matt, and we're gonna do some introductions here to kick this off.

I'm Justin Shelley, CEO of Phoenix IT Advisors. And what we do is we keep the Russians from stealing your money. And if there's anything left, we keep the attorneys from coming around and hoovering that up. So, that's what we do. We work in the Dallas area as well as out west, Nevada, Utah.

That's pretty much it for the most part. Just just a small footprint. Mario, tell everybody who you are, what you do, and who you do it for. Mario. Mario, are you with

us? Sorry. Brian. My system my screen froze.

Oh, there he is.

I'm here. I'm, Mario Zaki, CEO of Nasdaq. We are located in New Jersey right out on the side of, Manhattan. We service small businesses that, wanna be secure from, hackers.

Brian, what do you got for us?

Alright. Bryan Lachapelle with b four Networks, based out of the Niagara Region, Ontario, Canada. And, I like to say that we help business owners throughout Niagara and the Barrie area remove the frustrations and headaches that come with dealing with technology, whether it be cybersecurity or just, improving efficiency in operations.

Beautiful. And Matt making his debut appearance on UnHacked. Matt, tell us what you do and who you do it for.

Well, thanks for having me. My name is Matt Horning. I'm the CEO of Blue Tree Technology. We're based out of Kansas City. Our goal is to help small businesses take the mystery out of their technology and to secure them so they can do what they do best.

Alright.

Guys, today, we're gonna do something a little bit different. We've been, we've had some guests on recently, and we used to have more of a scripted format. We're breaking down headlines of the news and lessons learned and stuff like that. Today, we're gonna kinda just free ball it. So, and I I will give you the my muse a lot of times is Reddit.

It's a dumpster fire, fire, but it's a it's a great place to go to see what people are thinking about. But I I read something that actually caught me off guard. Number one, this is something that was in the entrepreneur subreddit, not in anything technical. And, somebody posted that, ransomware attacks quadrupled in 2024, and this is according to Barracuda. Two things.

Number one, it was interesting as all the comments on, this post, people were just annihilating him saying, why are you why are you telling us this? This is just an ad, whatever. Nobody gave a shit is my point, which was kinda scary to me because this really is important. And in the entrepreneur subreddit, everybody's just blowing it off. So I'm like, okay.

We have a bigger problem than I thought on that front. And then the other problem that and I'm I'm trying to not be too transparent here, but this kinda caught me off guard that ransomware attacks had quadrupled in 2024 because, not that I've let my guard down at all in working to prevent ransomware attacks, but I have also kind of added my attention or my added to my focus, which, you know, the more you add to your focus, the more it's diluted. I'm looking at BEC attacks. You've got email compromises and, you know, Microsoft three sixty five. People are getting in there and and so, anyways, it was just like, alright.

Let's sit down today and just talk about what is going on. What's the landscape? What are you guys worried about? What do you see in the news? What do you see with your clients?

What do you see with your prospects? What is keeping your clients and prospects awake at night? That's it, guys. That's the introduction. So I'm just gonna kinda kick this thing to the other end of the field, and why don't you guys pick it up and run with it?

Go. Yeah. I can I can give a a a little bit of a head start here? Ransomware attacks have been increasing, and it's a combination of many different factors, but primarily, ransomware as a service, which I'm not gonna get into right now. I'll let some of the other, hosts here tackle that one.

But criminals cyber criminals are actually doing what business owners should be doing, and that is using artificial intelligence to rapidly expand their reach. And so they're they're hopping on to the bandwagon of using artificial intelligence to craft new and compelling emails that are free of grammatical and English errors. They're able to send it out in ways that bypass spam filters, and they're able to use artificial intelligence to, tailor their attacks to the individual receiving it. And so instead of just big giant blast out to everybody, they're actually tailoring each and every individual email and or, attack vector specifically to that person that they're trying to target. So it it's it's becoming a lot more focused and a lot harder to detect them.

In the old days, we'd be like, yeah, just look for spelling mistakes and look for, you know, things that don't look right, bad English. You can't do that anymore. I mean, I Yeah.

Yeah. Sometimes you do still see that, and then you're just like, Jesus. We're dealing with an amateur here. But I it is interesting. You bring up a good point.

And a very over generalized statement or observation is that the bad guys typically pick up new technology faster than the good guys do.

Right. Yep. That's fair.

Of course.

They have a financial incentive too.

So do we. But but we're asleep at the wheel. Again, on Reddit, like, entrepreneurs, people who are trying to build their wealth, that's that's the number one goal of an entrepreneur, but we're not gonna try to protect it. I mean, come on. Mario, I think I cut you off.

Did you have something to say?

Well, just to kind of add on to what you guys just said, it like, you know, the thing is when we are sitting with a prospect and we're telling them, like, they they need, like, a BDR, they need all this, like, you know, security stuff, they understand that this stuff is not adding to their bottom line. Right? They're not the the if we whatever we're giving them is not making them more money. Alright? But with these guys, if they actually test and purchase some of the stuff, they can actually test against it and see if it will for them, it's even more like, it will eventually add to their bottom line.

So they are able to invest in some of the stuff because they if they can go get around it, it actually is gonna make them money. And the other thing that I was gonna say too is it with the way we work and with AI and stuff like an automation and stuff like that, we we're trying to get this like, the computers to do a lot of the stuff on the back end by itself. And that's what these guys have already started doing. Now with AI and they're getting templates, they're putting in the software, and they're just letting it run by itself. All they have to do is install, like or maybe upload, like, a CSV file with, like, emails or they're having it automatically scrub like LinkedIn knowing to know who the CEO is or CFO or whatever o or, you know, you know, c suite.

It's automatically doing the work. So a lot of times, this stuff is almost now set it and forget it and just wait for the money to come

in. Yeah. You're 100

And I think you tried to check that a couple times. What did you have to say?

You're 100% correct. The you're dealing with a criminal that is motivated by money, and you're dealing with a notification system that is not not doing the job for small business. The only time that you deal with when you're because we mostly live in the small medium business space, you don't hear in the newspaper that, you know, 10 small businesses went out of business yesterday because of ransomware.

They're just too small to report on.

100% is Hollywood events, MGM, pipelines, governments and even those hospitals and even those are only getting to local unless it's a nationwide hospital. So you live with a large portion of the population out there. And we're talking about business owners, managers of those businesses that it's, oh, I'm too small and I'm not a threat. They won't come after me. I don't have anything.

And the question comes down to is, is can they survive a hit? Statistically, that's not true. Sixty percent of businesses are going out of business within six months of a major cyber event.

Yeah.

That is detrimental to the person that built that business and potentially their retirement and their family and their kids college fund. They don't think of at that point of view, I'm too small. I'm nothing. It's I'm not you know, I don't have the budget, whatever. And it comes down to two things on that one knowledge

of

what their costs are. So are they charging enough for their own services to to actually protect them to run their business correctly? Okay. And our and knowledge about what happens when it does happen. Can they survive that target?

They survive. They got all investors that will that will fund them out of it because they want to keep that going. But can a small business owner really stomach a $50,000 bill? Hundred, 150,000? When does a cutoff happen?

And that is something that they need to really look at.

I mean, you said something horrible.

The statistics say that most businesses will fail after a breach.

Yeah. 100%.

Well and also, I think everybody here has heard this from a prospect, hopefully not from a client, but definitely from prospects where they'll say, I don't have anything to protect. I don't have anything that the bad guys are after. Right? Is anybody here not heard that? It's probably one of the most common pushbacks that I get when I'm trying to help a business protect themselves.

And I just started saying, well, do you have a bank account?

Do you have a

case of college? That that's all they're after. %, they're after your money. And and you don't think you've got anything to protect, but goddamn it. If you've got $5 in the bank, you've got something to protect.

Well, I I can add to that too. It's not even just about money. Let's say you have no money. Let's say you legitimately have nothing that that you believe the criminals want. You have contacts, you have friends, you have business colleagues, and your reputation is something you wanna keep.

They hack you, they're gonna find out that you have nothing that they want, but they might you might know somebody they want and they might be able to use you as a vector to bounce and to get into another, business who does have something they want. But now it came through you and now it's your reputation. They're pissed off at you because you're the one who exposed them because you were too, shortsighted to say like, you know what? I I I don't have anything that people would want, so I won't bother protecting myself. Now all of a sudden, you're sending out spam and junk email and and infecting your peers and your friends and your colleagues, and they're losing millions of dollars, and then you're gonna wish you had it in place.

Yeah. I I don't disagree with that at all. I will say though that our prospects, the people that we are are trying to help, they do have real money that needs to be protected. And they do have real reputation like you said, you know, and and these are the these are the entities we're trying to help people protect. Well keep the hackers out of your bank accounts.

Keep the government out of your bank accounts, and keep the attorneys out of your bank accounts. This is over and over the problem that we're dealing with. And reputation, sure, that's gonna prevent you from building in the future. What you have right now has to be protected because if, like we say on, you know, title of the show, unhacked, you don't get unhacked. If this happens, if you get breached, your reputation is shit, your bank account is shit, and now you're you're in the middle of a lawsuit for I mean, now we're talking about you you're gonna have to make money just to pay back what, the attorneys are coming after you for.

So it's just you can't wait until it happens.

Well, and and we all deal with client we are dealing with clients right now. I mean, there's some of us that are dealing with 11 owner of businesses, right? They one employee, it's the owner and that's it, right? Yeah. But, you know, if you have one employee, you need to think outside of yourself.

So as a business owner, if I go down, we have 10 employees. Okay. Nine other families are affected. Okay. And if I can't bring the business back up, that means there's probably nine other families who can't make a house payment or a car payment.

Right.

Right.

Or a child care payment, whatever their their life is drastically affected because of my shortsightedness. And I think and I believe that we as IT professionals and security professionals need to spend more time educating that side of it. You're right. Your business may not have financially a lot, but can you take a hit and can you bring it back up and then be able to make payroll? Because statistically, when a hacker gets into an environment, they're sitting there for six months before you even know anything.

And a lot of times the only reason you know is because they made themselves known. And you and that's when you get a little screen says pay bitcoin. By that time, they mapped who the controller is, how much money you have in your bank account, when payroll hits, what count that money goes into and how much is there. Right. Conveniently, that that that that ransomware event is usually what All the money that's in payroll is it's a crazy number.

And what's the other thing they look for? They're looking for your cyber insurance.

I was gonna say insurance. They wanna know how much you're gonna pay out on the insurance policy.

So so reading this article, you know, four times it was a four times it went in last year. Well, cyber insurance is still paying these these ransoms. They have an incentive to continue growing. Of course, they're gonna grow. I I'm not surprised.

I, I wish I wasn't surprised. I, I, it's sad to me that it's still growing. I would like to see it go the other way even a little bit.

Right.

But, you know, dealing with the fact that we have an industry that, you know, that is forced to pay because they're not they're not they're not doing they're not pre active. You know, they are they are reactive to the scenario. And I always find it interesting that there's no budget until there's something that happens and all of a sudden there's a budget.

Yeah. But I would like to, like, jump on the the ransomware as a service because I think that's a game changer for the cyber criminals. Like, we we talk about how, you know, we're trying to help our clients protect their systems, and they they have essentially IT as a service. Like, they can buy us as a service. Right?

Our services are our our talent and our pool of knowledge and our tool sets. The criminals have something similar. Right? Yep. They you don't need to be an expert in technology to now ransom other people's networks.

You just subscribe to a platform. They give you all the tools and all the services on how to ransomware. They give you email templates, and they give you the recipe on how to make it successful. And within a short amount of time, I think I'm I'm I'm reading here about seventy four minutes start to finish, they could they could then be on their way. Someone who's never done it before could be on their way into, ransoming them, you know, putting out emails and ransoming their first client.

It's amazing. Their

first their first client. I'd say client.

Listen. That's how they see it. It's business to them. This is business. Right.

It's it's an amazing business model, and it's funny because you deal with a lot of people out there that never consider it that

way. Yeah.

It's a it is a ironed out process with standard, operation procedures. Okay. That is leveraging, latest technologies that is drilling into people's, livelihoods on a daily basis. And it's not a matter of if, it's a matter of when. And not to scare the business owners that are listening to this, What layers do you have in place that if when it happens, how quickly can you recover and stop it?

And that's the goal is to get the.

Or even know what happened in the first place.

Yep. We're working like, we're dealing with technicians that are making sales. Like, imagine your your support team. If you tell them, like, listen, we're gonna give you guys an x amount of, you know, profit every time you close a ticket. And the bigger the ticket, the more money you make.

I know my guys are gonna be taking, you know, 10 times more tickets than, you know, they normally do. But, you know, I I I'll probably get broke. But, you know, that that's that's just the way it is. It's like these guys are they're pretty smart. They are, you know, investing in in in whatever tools they think is gonna be able to help them make a sale.

And they're they're hungry, and they they're they know they're protected.

Yeah. Alright. So guys, I'm gonna I'm gonna take us home here. We're gonna keep today a little bit shorter than normal. But what I wanna do, I'm gonna go around the room, each one of you, Mario, Matt, then Brian.

And I want I want you to answer one or all of these three questions. Alright? Question number one, what are you worried about based on what your observations are? Number two, what are your clients worried about based on their observations? And then number three, is there anything that you see in the news that keeps you up at night?

Alright. So take one or all those. We'll try to keep it to a couple minutes each, and and tell me what you're seeing out there and what we all need to be aware of. Mario, thoughts?

You know, for me, I I worry that there may be, you know, some a gap somewhere or something that ever slips through the crack or that, you know, one day that they're these guys are going to figure out how to get around the layers of security that we put in place, and do we need more, layers? What I think customers are worried about is, do we have too many layers? This is all costing me too much money. Nothing has ever happened. Do I need to spend this much money?

Yeah. You know? And, you know, as far as seeing things on the news, I, I'm not gonna lie. To be honest with you, I stopped watching the news. I I you know, it it's because, you know, the rare times where my wife has the news on or whatever, it it's depressing.

It it just too depressing. You know? Now I'm strictly on on Netflix or whatever is, you know, on Hulu that it was prerecorded.

Fair enough. Fair enough. I I will argue that I watch the news, but I do it in a very different way. And, you know, this today was kind of inspired by something I saw on Reddit, but it is it is information that that got it. It scares me sometimes.

Matt, what do you what do you got for this?

What keeps you have a nice vendors?

Vendors. Okay. Tell me more.

We we are so reliant on other companies to provide a service. And no matter how much how much stuff we do to vet them and work with them, there were humans were all flawed.

Yep.

Software is written by humans. And you have the it's realistically it comes down to their ability to understand the risk. And there are vendors out there. We all know of some that honestly either don't care, don't understand the risk or completely ignorant and just they are clueless. And our job is to figure out who those are and to move away from them and stop feeding the money.

But that's the one that keeps you up at night. Is that a vendor that we've brought in somehow that that has more more bite in our business than we should. And this is as a business owner and as business owners out there. Okay. They should be vetting their vendors.

They should be vetting their I. T. Company. They should be vetting, you know, their their software packages and stuff like that. That's the stuff that keeps you up at night.

And I really like that. And, you know, it's kind of the point of what we're trying to do here on this podcast is help our clients, our prospects vet us, vet our industry because it it can be tricky since we're so unregulated. But you're absolutely right. It is on us to in turn vet the people that we're doing business with because that can get passed right through to our clients. That's kinda scary

for sure.

Brian. Okay. Well, Well, the

thing that worries me the most is that, business owners think the security is a one and done. It's not. Criminals innovate on a regular basis, and we have to do the same. But time and time again, I meet with people and they say, oh, you know what? We've got an antivirus, sir.

We've got we've got it covered. And they're not actually taking proactive steps on an ongoing basis. They think it's a one and done. Like like the people that I've talked to, the clients that I have, a lot of them are just worried about saving dollars. But in my opinion, it's a pay me now or pay me later situation.

You could avoid the oil change, but eventually you have to pay the piper. Right? Something's gonna happen, and it's gonna be a lot bigger than if you had just taken taken the precautionary measures. And what keeps me up at night? Honestly, I hate to say it, but it's AI and how quickly criminals are engaging with AI and able to leverage it to take advantage of people that in ways that we would have never thought that would have been possible just a few short months ago, and they're now leveraging it, faking live, you know, Zoom, meetings where you think you're talking to somebody and you're not.

It's just a completely artificial person being played by, you know, an actor essentially that's superimposing in real time who you think you're talking to. It's it's just absolutely incredible the things that they're able to do now.

And it does not take Am I the AI guy?

Yeah. And it does not take it does not take a technical technically expert technical expert to make it happen either. My account manager or my service manager within a matter of fifteen minutes using publicly available tools was able to completely mimic my entire voice and, and and create, like, a public service announcement for the staff indicating that I was in love with Apple. And anybody who knows me knows that is not true. Anyway, it was it was a it was a funny thing, but it's just incredible where it's going.

And, that that keeps me up at night.

I think you need to share that video or whatever it is because I wanna I'm

on a

podcast here. Yeah. That's our intro and outro from now on. Brian's avatar talking about Apple.

Yeah. Nice. Yeah.

Oh, so guys, here's what keeps me up at night. And quick backstory, I I first got into podcasting. It was just absolute nonsense. Me and a buddy, we drank relatively heavily. There were times I didn't remember the second half of the podcast.

It was a little bit embarrassing also. It was a blast. One thing he would say all the time is, like you know, because we talk about current events or what, you know, whatever. It's a horseshit that's going on out there if this was during COVID. You know?

So, in in talking about the news, what do you see on the news? He would constantly say, be your own reporter. Don't worry about what other people are observing. Go out there and make your own observations. Mhmm.

And I got to a place where, you know, even now, I when I see a news headline, I will rarely read any details from the reporter, but I will immediately go to the comments. And I wanna know what people are thinking. What are they talking about? What are they worried about? And as I do that where cybersecurity is concerned, more and more, I'm seeing this absolute apathy, and that's it's what caught my attention with this article.

The the content got my attention, because I'm a tech nerd and because I live in this world of of cybersecurity. But what truly scared me wasn't that ransomware quadrupled. It was that people were downvoting this guy. They were attacking him. They were saying that he it's just an advertisement.

And, I mean, I look at his profile. I look at his other comments. I don't see anything where he's trying to promote another vendor of any sort. He's definitely not an IT guy. He's trying to bring information, at least from my perspective, to his peers, his entrepreneurial peers, and tell him, hey, guys.

This is a risk, and we need to take it seriously. And he's just getting, like, laughed off the stage. That's the problem, and that's the problem that, honestly, I don't know how to address. Because if when we do it, when we go out and then and evangelize this, we come across like salesmen. We yeah.

Do we financially benefit if you buy our services? Of course, we do. But, also, you get to keep your business. You know? So there's that added bonus.

You get to keep the money in your bank account. You don't have to go to court. How's that, guys? That's something, isn't it? Jesus.

So, I mean, that's Go ahead, Brian.

Here's what you could do. You partner with a criminal organization. I'm kidding, by the way. You partner with a criminal organization. When you meet with a client who's who has apathy, you just forward their name and and number over to the criminals.

That's right.

I'm kidding. Obviously.

From us, or we're gonna get you breached. Oh, god. We're we're all gonna go now we're all gonna go in court. She Yeah. Thank you for that, Brian.

You're welcome. I'm gonna go edit that right out of here. I'm not really. Yeah. I mean, it's it's it is a scary world, and I will tell you that I think our number one problem in the war, because this is a war.

We are fighting thugs. We're fighting criminals. We're, you know, organized crime room, rings, state sponsored crime. Like, this is huge, this this battle that we're fighting. And the number one problem that I believe we have is a culture problem.

Nobody thinks we war. That's the problem. Right. And until we

fix that, until we we change the culture and the mindset around this, we're gonna keep losing. Do you wanna know why ransomware quadrupled four times? It's because of those dumbasses on Reddit who are downvoting the guy that was trying to help him out. Yeah. That's why.

There's my 2¢. Alright, guys. We are, we're kind kind of up against a hard stop, so we're gonna bug out. Thank you for being here. Matt, debut appearance.

Hopefully, you'll join us again. Brian, Mario, as always, thanks for joining us. Guys, say goodbye, and we'll see you next week.

Cheers. See you guys

later.