Today there is a ton of stuff going on in the world of Technology and we are going to hit a number of topics today. How will Iran Retaliate – Kinetic or Cyber retaliation, Automotive Automation and LIDAR Sensors, CCPA Takes Full Effect, Updating Legacy Technology, Cloud Migration Considerations, Cybercrime Metrics, Industrial Control Systems under Fire from Hackers, Ramping up Insider Threat Intelligence, Budget and Security Decision Surrounding Cloud Adoption and more on Tech Talk With Craig Peterson today on WGANand even more.  It is a busy show — so stay tuned.

For more tech tips, news, and updates visit – CraigPeterson.com

Related Articles:

Bombs will not be Iran’s retaliation – Technological hacks are more likely

Soon Most New Cars May feature Light Detecting, and Ranging (LIDAR) Sensors

Businesses In For Rude Awakening as CCPA Takes Full Effect

Hackers Preying on Old and Decrepit Technology

Cloud Migration Considerations to Take into Account

Metrics Can Not Adequately Describe The Pain of Cybercrime

Zeroing In On our Industrial Control Systems 

How Mature is Your Insider Threat Intelligence?

Nebulous Budget and Security Concerns Affecting Cloudy Decisions

Machine Automated Transcript:

Hello, Everybody, Welcome. Welcome. Of course, this is Craig Peterson. I’m live on the radio and WGAN and also heard on the Internet at Craig Peterson dot com. I’m on Facebook and YouTube. I did a couple of lives this week that hopefully, you were able to watch. If you didn’t see them live, they’re essential to know because I was talking specifically about attacks that were underway from Iran this week. And I’m going to be getting into that a little bit as well today. So continue to pay attention to today’s show. Now, if you are a Facebook fan, I love it. If you would go ahead and like my page over on Facebook, Follow me just go to Craig Peterson dot com slash Facebook, Craig Peterson dot com slash Facebook now. You know that I’m continually warning people about Facebook and some of the things Facebook is doing some of the things that are well, perfectly legal, but maybe things you don’t want to have done to you, like all of the tracking Facebook does. But that means you might want to use something else. So what else you’re going to use? Well, Google YouTube, right? Oh, wait a minute. There are problems with YouTube too. Thus, the lesser of two evils for now, and that’s where we’re at for the time being. I’m thinking about trying to use WhatsApp for this as well. So we’ll see how that goes. Let me know if you’d like to watch this on WhatsApp. But if you go to Craig Peterson comm slash YouTube, you will be able to watch those videos right there because I did them lives on in fact, and I can do simultaneously now on YouTube and Facebook. So make sure you check them out and learn a little bit about what you can do. I went through this article from this week here from the US Department of Homeland Security. And I, you know, I didn’t go through all of the details because this is restricted distribution. And so there are some things in here that they don’t want generally shared. But I am going to go into more detail and to do that, what I’m going to be doing is some specialized pieces of training now these have always 100% free. I give you great information, you should see all of the compliments I have from people, but it’s coming up in a probably about a week from now. So you have to be on my email list if you are going to be able to be informed about this stuff. Okay. So on my email list, what does that mean? Go to Craig Peterson comm slash subscribe. Now when you do that, it’s going to ask for your name and your email address. Make sure After you submit that Go to that email box, verify that you got the email the confirmation email, and click okay. What I don’t want to have happen is for someone to go in and sign up 100,000 people who don’t want to be on my email list. And so I send it out to all these people who don’t want to be on my email list.

And then I get a bad reputation right as a spammer because people say, why don’t you send me this email. So what I’ve done to help protect my reputation online, is I make you do what’s called a double opt-in. So you’re going to fill out that form at Craig Peterson com slash subscribe. And then, once you fill out that form, it’s going to send you an email to that email address, and you have to click that confirmation. So make sure you do that because if you don’t click the confirmation, and I noticed there’s like 100 people who have not clicked the confirmation. I want to make sure that you do click it so that you get the information that you need, including these pop-up training webinars that I’m going to be doing coming up here in another week. So Craig Peterson calm slash subscribe right now. You can do it on your mobile phone you can do it on your laptop on your computer. And man, I hate to say this, but I’m not sure if it’s working right now, but I have a texting thing as well. Where you can text me directly at 855-385-5553, but as I said, I’m not sure it’s working. So you know emails easiest way and sign up right there glad to have you on board, and I believe me I don’t spam you. I’m not sitting there trying to sell you stuff all of the time my webinars on one of these Hey, hammer, hammer, hammer, bye, bye-bye, hammer, you know, that’s not what I do. I want to get the information out. And you know, I do have things for sale, right? I have to keep the lights on. And so for that You know, I’ll ask permission from you. Before I ever offer anything, I don’t offer things very often. So I guess, I guess that’s a good thing to consider. Alright, so let’s get into our first article here. We’ve got a lot today. We’re going to be covering your networks and why they need to be updated today. Many businesses are now doing something called unclouding. They’re leaving the cloud. So we’re going to talk about why they are leaving me why you might want to leave as well. Of course, we’re going to get into Iran. It turns out that they are hacking us, and the hacks this week are up over 50%. And so we’ll tell you a little bit about what you can do about that. They’re also targeting the Trump campaign for 2020. Like that’s a surprise, right. We’re going to talk about what Iran is doing to our industrial control systems right now. And how that can affect all of us. Right, you don’t have to have the kinetic war, you don’t have to be sending bombs back and forth. To have an impact on us a little bit more about the cloud, we’re going to talk about the decision to move to the cloud, not use the cloud, some of the things involved in that today. And I’m probably going to put together a course on cloud migration a little bit later on this year, and we’ll see how that goes. major changes to our automobiles. But this is kind of cool. Because these LIDAR sensors, I did a scan online, I did a little search and now I’m able to find them for under 100 bucks. That’s going to change the automobile industry. So we’ll talk about what LIDAR is and why it’s going to change. California man, if you are a business, you got to pay attention to this. We’re going to talk about the new California Consumer Privacy Act, which is in full force now. And we’re going to talk about these insider threat programs that businesses have been Frankly, how they need to grow up. So a lot to cover today. And if you miss anything, you’re going to find it in the newsletter I send out every week. And again, where are you going to find that? How are you going to sign up? Craig Peterson comm slash subscribe, so make sure you sign up and sign up right

there. Okay, so let’s get into our first article of the day. This one’s from dark reading. And it’s talking about cybersecurity misery index. Now, you know a little bit about this whole misery index thing you hear about it when it’s a hot, humid day outside. Oh, my gosh, what should I be doing? It’s just too hot. I don’t want to do anything. Right. And so you’ve got the wind chill effect. You’ve got the humidity effect, all of these things that can affect you. So what does this mean? cybersecurity misery. Well, we already know that about 10 to 20% of businesses. bump 20% will file for bankruptcy almost the next day if they get ransomware. Or if they get this wiper software that we’ll talk about later from Iran. 20% of businesses Think about that. If you are responsible for the security for your business, how long is your job going to last when the business has filed for bankruptcy the very next day? Not long. How about you as a business owner, where is your retirement, all your money’s tied up in your business? How long is that going to last again? pretty much never. So there is a lot of pain when it comes to cybersecurity breaches. that people don’t think about it. It’s not just dollars lost, like, you know, we get calls from businesses that say, Hey, listen, we just had our operating account emptied. In cases we have been involved with the amounts varied from about $80,000 up through almost a million dollars. One company had money stolen right out of their main operating bank account. Well, that’s miserable because you can’t make payroll, right? You can’t pay your vendors back vendor payments as part of the way they get some of this information. But there is another side to this. You know, no records loss doesn’t mean that there is not going to be any sort of a cost to your business. There are other metrics that matter, as well. So this is from Deloitte and Touche married Galligan. She says you would have to take into account the cost of whether there’s going to be an increase in insurance premiums, a loss of customer relationships because right now, most businesses could lose 30 to 50% of their customers. If word of a breach got out, is it going to be last contract revenue is my company’s name going to be of less value in the marketplace? I guess it goes back to retirement, right? Are you going to be able to retire by selling that business? What’s your exit strategy? So there’s a whole lot you have to consider here. They go into some stories here, but a small bank, their web-facing patient portal, was hit by a bot swarm. And they did the credential stuffing. And man, there’s just so many things that that you have to consider. This week, we found one of our clients had been under attack, and we’re trying to figure it out. It kind of looks like it spread in from someone else in an adjacent business. Their Bluetooth was compromised, and Bluetooth on a laptop and then tried to break into and compromise my client systems. So we caught it. We noticed it because we’ve got this more advanced threat protection, and that’s what you have to have this ATP nowadays, Advanced Threat Protection, which is not Norton. Okay? Currently, there’s only one product on the market that meets the requirements at Homeland Security for businesses. It turns out that it is the product that we’ve been selling for quite a while. I’m not trying to sell anything right now. But pain is inevitable, even if you don’t get hacked. Because what ends up happening is your personnel have to track it all down. It’s 24 seven, that pager goes off, the phone call comes in. They have to review thousands of log entries, and hopefully not make a mistake. So pull up your socks, and we’ll be talking about that a little bit more when we get into Iran. All right, everybody, you listening to me on w GAN? You’re watching me on YouTube on Facebook and Craig Peterson. com. Stick around because we’ll be right back.


Hi, Craig Peterson back here WGAN and online and Craig Peterson dot com. Hey, if you’re a Facebook fan, you’ll find me on Facebook. One of the easiest ways to get there is Craig Peterson com slash Facebook. And if your YouTube fan Craig Peterson com slash YouTube. Now this week, I did a couple of pieces of training that I hope you’re were able to attend these live! The first one was rather short. It was like three, four minutes. The second one was in my book short, it was about 15 minutes, and I went through some of the things you should be doing. When it comes to the Iranian hacks, then I do those fairly frequently, and really, I should be sending out emails. I did send out some text alerts to people about them, and I may do that tomorrow as well. If you want to be on my text alert system, make sure you just email me Me at Craig Peterson calm, let me know you want to be on the text alerts, and I’ll be more than glad to add you. I’ll need your phone number, and I’ll get you all set up for that. Many of us, I think, are a lot like me. Where I am just, you know, hunky-dory happy to have a computer that’s ten years old. Because man has, it paid for itself over those ten years. I keep the hardware until it fails. My last laptop was probably the most short-lived I have ever had. It was about three-four years old. And it was an Apple MacBook Pro. And it ended up having like three problems in one year. Apple refunded me 100% of my original purchase price. If you can believe that. Can you believe that? They a three-year-old computer 100% the original purchase price now I had to Apple care on it, and It had been in the shop three times in the last 12 months. So they just gave me my money back. And then, of course, I use that turned around and bought another MacBook Pro. Right. So that’s kind of cool. I guess this one will have the same problem in three years. But typically they last us seven to 10 years. Honestly, they do. They’re just fantastic computers. I think my wife’s Macbook Air is almost 11 years old. They work well while you’re using them, plus you have the advantage of their longevity. But the problem is that not everything in that computer is patchable. You take a look at the hardware that’s in its like your Bluetooth hardware. What we have found is that while Bluetooth is getting hacked and particularly the old stuff because the chipsets that are in the devices are running a full operating system. It’s not like the old days where they only did one little thing. They have a full operating system because they have to handle the interrupt, they have to handle multiple different types of Bluetooth, you know, the new low power extreme low power. Bluetooth is used to control the amount of power that’s being output as you walk away from your device, right? That 30-foot range that nowadays can be as far as a quarter-mile. All of that requires some real smart inside this little teeny tiny chip. That’s the Bluetooth control chip for your computer. So what happens is like what happened, as I mentioned earlier this week to one of my clients, which is somebody else’s Bluetooth, went ahead and kept it to their computer and tried to infect it. Now all of this was caught because of the Advanced Threat Protection that we have in place. That’s what we’re going to talk about right now. We are All have this old equipment, our operational technology as Derek command key puts it here. And it’s not just our laptops, and it’s not just the Bluetooth, it’s all the devices we have. And those devices, when they become old, have a real drawback. Now it might be that the drawback is, hey, listen, it kind of kinds of a bummer. But you know, this Bluetooth chip has been deprecated and is known to be vulnerable. Okay, well, okay, I get that one. That’s a bit of a problem, right? What happens to those computers in the vast majority of businesses? They don’t do upgrades. They don’t try and fix any problems with the software and the vulnerability in the computer. So what’s happening here? what he’s talking about is that the cybercriminals, instead of innovating, you know, don’t get me wrong, they do innovate. But instead of innovating, they look at these older computers and say, Hey, why are we innovating? I can take you right now on to the dark web on to these websites that sell hacker tools. It includes ransomware, and you can buy some of the old tools for as little as 20 bucks online. That’s cheap. Now 20 bucks, is cheap. But to that guy’s selling it to are in Eastern Europe or somewhere else in the world, where 20 bucks is a lot of money. Well, to them. Well, as I just said, it’s a lot of money, right? So why would hackers spend weeks hours months or a million dollars, which is what it costs for some of these newer zero-day attacks? Why would they try and do any of that when they can just spend 20 bucks? So what they do is they say, Well, I’m going to spend 20 bucks and go out, and they are going to scan systems for different vulnerabilities. We see them every day with our clients and, and our people have to get involved and look into the systems and trying to understand, you know, what’s going on here. Is this legit? Is this an attack already protected against it is the system upgraded, right? But most businesses aren’t doing any of this stuff. It’s usually just the big guys, and we do it for small guys, as well as for ourselves. So we’re seeing this all the time.

So if your systems are older and not patched, what do you think is going to happen? The bad guys, rather than spending a lot of money or a lot of time, are just going to use old tools. So even though they can innovate, they just don’t bother. So for doing that has a stat out right now. And saying that cybercriminals target vulnerabilities ten or more years old, more often than they focus on new attacks. Look at some of these significant breaches that have occurred? They involved vulnerabilities for which patches (fixes) have been available for months or sometimes years. But the organization’s never bothered applying the patches, right. They target vulnerabilities from every year between 2007 and now at the same rate as they do vulnerabilities discovered in 2018 and 2019. So that’s just huge. They’re maximizing their opportunity. It is low hanging fruit to them. And we’ve got this convergence of operational technology environment with it with our information technology. So I want to make this even a little bit bigger. We’re going to talk about this a little bit later on when we get into these control systems we have in our businesses. But when was the last time you patched your photocopier? I got two of them sitting right there. Printers. Okay, well, obviously, it’s one in the same scanners. When was the last time you updated the software in your smart light bulbs in cameras? I’ve got a camera sitting right in front of me, right. Have you been updating all of the software in this operational technology side of things? As well as all of our computers to see, that’s where we are falling short, because we got to be thinking about if you’re a manufacturing customer, customer, and we have manufacturing customers, right? But if you’re in the manufacturing business, how well protected are the valves that control systems, the automated systems that are running your lives, or the robots on the floor? Are those up to date? Think about that are operational technology. We got to learn new tricks. You’ve got to protect them, right? We got to make sure it all works. Alright, that’s it. For right now. We’re going to be back. So make sure you stick around. We’re going to talk about unclouding. You’ve heard about cloud services. Have you heard about unclouding services? Right here on WGAN and Craig Peterson dot com.


Hello, everybody, Craig Peter song here on WGAN radio and of course online at Craig Peterson dot com. We’re going to talk right now about something you may have never heard about before. If you are using anything basically on the internet, you’re using what’s generically called “the cloud.”. Now “the cloud” is used for email. It is for, and well come to think of it, everything, right, Facebook, etc. But in general, terms, when we’re talking about the cloud, we’re talking about a business process that is online that you have moved from your business, like the server room in the back, the computer closet, etc. You’ve taken that function, and you’ve moved it somewhere like to the Amazon Web Services or Maybe Microsoft Azure, or maybe IBM, all of these places have something that’s generically known as the cloud. And frankly, the cloud is just another word for somebody else’s computer.

Now, why have businesses moved to the cloud? What is this whole unclouding thing, all about? There’s a great article over on dark reading by Matt Middleton that got me thinking about this. What is “the cloud”? What is “unclouding”? What does this all mean? Well, I have been involved with cloud services and helping businesses migrate for quite a few years. And as a general rule, I still am on the side of don’t move to the cloud. Hey, if it’s a core function of your business, do you want it to be on the other end of that internet connection, right? What happens when the internet connection goes down in the data center somewhere? You have no control over the data center. You don’t know what kind of security the data center has. Or even what type of system is storing your data. Do you want it to be in the cloud and a data center where you don’t know if they’re backing up? And you don’t know even if they are backing up? Have they tried to do a restore of your data? You don’t know if they are handling your data in a way that meets all of these federal and state data handling regulations. And we’re going to get into California’s new laws here in just a little bit. Do you want all of that? So that’s one of the reasons businesses are moving away from the car. In other words, they were on the cloud to bring it back home.

That’s called uncloudy. Security is a very, very big reason they’re doing this. Another big reason that they’re doing this is cost. One of the significant promised benefits to the cloud is it is going to save us a lot of money. We will have fewer headaches because we’re not going to have to have the equipment, we’re not going to have to pay for people to run it, right? We’re not going to have to do any of that stuff. It’s just going to be cheaper. And yeah, in some cases, it is more affordable. But where the cloud makes sense is in kind of a mixed environment. And we’ve set this up for many customers in the past quite a number, where we have a cluster of computers at their facility, so they have for, you know, anywhere between 50 really and 100 2200 employees, so 50 to a couple hundred employees, and from time to time, they need more resources. So what we do is we have a cluster that is sitting there on site. That cluster allows us to grow that machine as it needs to because of a more massive load, maybe the end of the month, end of the quarter, perhaps when new shipments come in, etc., and also allows us, so that’s just within their walls. But it also allows us to ship their machines up to another data center. Now, frankly, that’s pretty cool. We can use the cloud then to extend our current processing capability. So we need some more CPU some more horsepower. Maybe they’ve brought in some temporary workers that are coming in for some seasonal work, and we throw their stuff up in the cloud. But again, being very cautious of security. So what has happened here is kind of something people weren’t expecting and goes right back to businesses unclouding because, frankly, the cloud is not what it was all cracked up to be. Gartner group, you probably know those guys, they’re forecasting the cloud revenues going to hit almost $400 billion within the next few years. So Cloud revenue is going to be massive. It’s not as though everybody’s moving away from the cloud, because they’re not. And Microsoft has now shown how, frankly, the cloud has become a core element in their business. Amazon makes a good chunk of the profit. I’ve seen numbers that show it’s more than half of the money that they pulled to the bottom line comes from their cloud services. And Microsoft is now moving salesforce.com over to the Azure cloud. So really, the cloud momentum looks unstoppable.

But cloud customers are bumping up against the hard reality. So 48% of organizations, the store sensitive data in the cloud, are considering moving that data back on-premise. Now, that’s a very costly and very time-consuming proposition. But businesses are thinking about doing it. The question is, why are half of the companies that are already in the cloud, are thinking about moving off the cloud moving services back in-house? So I want to get right into that right now. Excuse me here, a couple of coughs. So this is according to a recent cloud data security report. And as shown in most cases, organizations are unclouded Because they faced unexpected issues. These moves take a lot of planning, and that’s why we’re going to talk about cloud migration a little bit later here. But initially, 31% of organizations migrated to the cloud to cut costs. 26% migrated to ensure availability for remote workers, which you don’t need the cloud to have remote workers. But the survey results show that organizations are ready to unclouded due to their inability to ensure the desired level of protection one-quarter of the businesses. Due to all of these regulations that have come into play for DFARS, HIPAA, FINRA, the FRCP, the new California protection rules, the GDPR out of Europe, companies are facing some real problems. Now among those who moved data to the cloud to cut costs, 29% are ready to uncloud due to unexpectedly high price, though, among those who move data to the cloud for security reasons, 27% would uncloud due to considerable security concerns. All of this is very legitimate. There are secure clouds that meet these requirements. The federal government has a cloud. The military, and you might have just heard the whole back and forth because it came down to Microsoft Azure and Amazon’s web services to run this high-security top-secret cloud for information for the military. And Amazon lost it, and Microsoft picked it up and sold them there’s a whole lot of people that are very upset. But that is critically acclaimed. And I don’t know that the military is going to have a win by moving to the cloud. And mainly when we’re talking about these types of expensive secured clouds. The biggest problem with moving to the cloud is most companies weren’t able to figure out correctly, what is migrating? What data is moving? How much data got transferred? You get charged for everything in the cloud. Okay. So it is a huge deal and understanding what your data is understanding what data you have. Doing that inventory of your data assets is something critical, no matter what, because you have to know what to protect, how much you protect it if you need to be able to recover it. How do I have an incident response? You got to figure that out, and that’s something we’ll be covering later. Listening to Craig Peterson, we’ll be right back.


Hello, everybody, welcome. Welcome, Craig Peterson, here. We are going to talk a little bit about retaliation here right now. Of course, you’re joining me on WGAN and online at Craig Peterson dot com. Hopefully, you’ll see everything up there. We’ve been trying to, you know, keep everything up to date. There’s just so much going on. And frankly, it’s my wife and me. So, you know, keeps us crazy, crazy busy trying to get this information out to everybody. Hey, if you have a kind word to say to word of encouragement for us for doing all of this, because this takes days every week, out of my time out of my wife’s time, and that’s time that we can’t spend trying to make some money, and it’s time we can’t spend with our family. So words of encouragement are always appreciated. Let us know what Do you get out of the show? What is it you appreciate? What is it you like about the show? And you can send that to just me at Craig Peterson calm and he at Craig Peterson. com. I’d love to hear from you, as would my wife and just words of encouragement, I will pass them along to her. And then we have a couple of other people that help as well. So, you know, thanks to them to Well, let’s get into this now. Because this I think it is kind of fascinating for a lot of people. And that is Iran retaliation, and I talked about this week on my FacebookLive, and you can see those videos by going to Craig Peterson dot com slash Facebook. Make sure you hit the Follow button on the Facebook page. So you get notified when I have another one of these little pop-up pieces of training. The same thing On YouTube, if you follow me on youtube at Craig Peterson comm slash YouTube, you hit the subscribe button, it will ding you it’ll ding in your browser when I go live. And I’m always there to answer your questions. There’s a chat channel, and you can add chats to as well. So make sure you check it out online again, Craig Peterson dot com slash Facebook or Craig Peterson dot com slash YouTube. Now coming up in about a week, we’re going to be starting some more training so that you know what to do and exactly how to do it. We’ve got some free training, and we’re going to be doing a few of these things on webinars so you can join us online. And for those of you who don’t attend webinars, and that’s about 70% of you. I’m going to be sending out some written information. There will be some videos afterward as well If you sign up that you’ll be able to watch, okay? Just to do that training, you get that information out. Now, if you’ve been to webinars before, you might think that I’m going to be beating you to death. But if you’ve ever attended any of mine, you know that really, I’m trying to get good information out to you and make sure it’s in your hands. And that’s what I’m doing. That’s my primary goal. They usually last about 45 minutes to an hour, an hour and a half, depending on what we’re covering. And I try and answer every one of your questions from everybody that Sarah on the webinar, because, again, they’re LIVE, it’s to answer questions to get you going down the right path. So we’re going to be talking about all of these things. Most of them came out for Homeland Security this week, with their alert, and there’s some of the software. We cannot cover that is lightly classified as though they tell me anything that was classified, right? So we’ll be covering those things. What is it that Homeland Security is saying that we should be doing so that this guy can take over our computers, our systems, and I want to put a plug out there for the FBI Infragard program. If you are involved with security and you are at a business, and particularly if it’s critical infrastructure, which nowadays means almost anybody that is manufacturing that’s providing services. I don’t get this, but you know, they even consider lawyers to be critical. Sorry, sorry about that. Glenn and Ken, but and all of you other lawyers who are out there, but if you are the security person, you will do Well to join these because the FBI does give us information not going to get anywhere else period. Okay? So infragard.org is where you’re going to find out more. I volunteered, and talk did webinars for the whole National Infragard community for about two years. And it was even more work. You know, we’re doing all of this stuff for you guys. But this was kind of in the national interest. So it’s about to give back and help out. And that’s, that’s what I’m t. But so if you’re a security person, make sure you check that out. I’m also thinking later on this year, probably in Septemberish, to have a summit on security, a whole SMB summit, and we’re trying to figure that out. If you think that might be interesting. I love to hear from you. What is it that you’d like to get from a cybersecurity summit? Or maybe a more General Security Summit. Is that something that might interest you if you’re a small business, a medium business owner? If you have one employee or if you have 200 employees or maybe even bigger organizations, we should be covering as well. Like we did, you know, when I was teaching stuff for the FBI Infragard program, so let me know just me at Craig Peterson calm. So make sure you spend a couple of minutes go to Craig Peterson dot com slash Facebook or slash YouTube. Look at the live training I did this week, where I reviewed some of the alerts from Homeland Security and talked a little bit more about this guy over my shoulder. He kind of kicked off our worries and legitimate worries, legitimate concerns, frankly because they are attacking a solid. Let’s get into this right now.

Iran has to do something about all of these criminal activities with which they are involved. If you’re as old as me, you remember the Shah of Iran, and Iran used to be very Western very, very pro-United States. You know, it was kind of a cool place very, very progressive. Women could have real jobs and didn’t have to walk multiple steps behind their men. They could be out without having a male escort, which I just don’t understand these people that think that Iran has been a beautiful place and that Islam is is the way it’s absolutely the way it doesn’t make a lot of sense to me. I’m all for everybody having rights, right, everybody having equal rights, not some people having more rights than others, but that’s my libertarian band coming out. Widely considered to be one of the world’s most malicious online actors. So you’ve got Iran,

you’ve got China, you’ve got Russia. You’ve got North Korea right there.

We have defined the four worst actors when it comes to cybersecurity in the world, okay? It’s a very, very big deal. There were charges brought up here in the US back in 2016. Again, seven Iranians, apparently they had infiltrated computers, a dozen American dozens of American banks tend to take control of a small dam and a New York suburb. We’re going to be talking about that in the next segment about what they’re doing there. They these defendants regularly work for is Ron’s Islamic Revolutionary Guard Corps quarter the Justice Justice Department, a tax disabled some of the bank’s computers. They’re doing what’s called a DD are distributed denial of service attack, which brings websites and other types of communications down.

Sheldon Adelson, a big supporter of the President they attacked a Las Vegas Sands corporation that he owns runs okay. A cripple the casino and replace the company’s websites with a photograph of Adelson with Israeli Prime Minister Benjamin Netanyahu. Can you believe that? Yeah, So going on and on, we’ve got to be very careful because this is a real problem. We must stop Iran from doing this. Now how is it discontinued? Well, that’s why I want you to watch them live from this week either on Facebook or on YouTube that I put up there because I explain the basics of what you should do. I’m going to be going into more detail in about a week is going to take us that long to put all of this training together for you guys. But the Allies here are considered fair game. Iran has been hacking this for years as I just mentioned, they have defaced a state site. It was a state treasurer Department website. They are attacking according to the statistics I’ve seen this week. They are also b attacking federal government sites. State sites trying to find vulnerabilities, throwing every username and password they can at the site to see if they can log in, which is why you should not ever reuse passwords and usernames. However, Nowadays, most of these sites are requiring you to use your email as your username, which is frankly a security problem. I don’t like that sort of stuff. But the Saudis are very nervous because Saudi Aramco, which is their biggest oil producer, there, it’s state-owned in Saudi Arabia. They were hit and had 30,000 computers destroyed effectively. So what Iran is doing is something called a wiper attack. And that is where they get onto your computer. They erase the data on it. Now they’re coming after you. They want small-medium businesses in the United States to suffer these attacks.

You might wonder why, well, I explain all of that in the live training this week. So if you watch those, you’re going to get all of the detail. But really, we’re concerned. Mike Pompeo came out this week. He’s the Secretary of State. He’s acknowledging some of the dangers of an Iranian response. said the Iranians have a deep and complex cyber capability to sure know that we’ve certainly considered that risk. So our federal government is I would say about 70 to 80% protected if I don’t think that’s insider information. And our businesses are about 20%, protected 20%. So that server, we’re going to get in about a week into advanced threat protection help you guys understand, on a small business front what you should be doing, and how you should be doing that. Alright, stick around. When we get back, we’re going to be talking more about some of the security stuff and things you need to know. We’re going to be talking about these industrial control systems, and what the bad guys are doing to them. So stick around, because we’ll be right back. You’re listening to Craig Peterson. On  WGAN and online Craig Peterson calm.


Hello, everybody, here we go. Welcome back. Craig Peterson, here. Hopefully, you are enjoying the show today, as we go through some of the things in the tech world. We’re going to talk about some non-security stuff a little bit from now. But, because of what’s been happening in Iran, the show is heavier than usual. I am trying to go through all of this security stuff because you have to understand this. You know, one of the articles I did not get to in the last segment that I wanted to make sure that I brought up is that Iranian hackers have targeted the Trump campaign. You know, I mentioned it in passing, frankly, but this is a huge thing because the 2020 elections are What now it’s a November so ten months away from now. And this is back in October as a statistic that Microsoft reported, saying that they had seen 2700 plus attempt to identify the email accounts of current and former United States government officials, journalists covering political campaigns and accounts associated with a presidential campaign. That is my friend, a huge thing. Because frankly, when those bad guys start getting involved and start going after all of these accounts, they’ve got a door into politics, and this door into politics, maybe a lot more than you realize. Because what we’re talking about here is the Potential ability to track people. I don’t think I got to this, what about two weeks ago? I think it was. The New York Times was able to locate and follow President Trump based on information. It was able to glean from open sources, in other words, from public information, and also found out the name of some of the Secret Service detail people where they lived their family information. So this is critical. You ask yourself, Well, why would anyone care 2700 plus attempt to identify these people back in October? Well, once identified, you can figure out a lot more because now you can get into the email accounts using social engineering. You might be able to get more information. Remember President Obama, when he first became president, was using the His blackberry that was not secured, because that’s what he’s used to using. And President Trump had his phone that he was using. I can’t remember I think it was, was it an iPhone? I can’t remember anyways, and he had his phone that he was using. And we tend to carry multiple phones. And that’s a bit of an issue to you know if you got the president, okay. He’s got his highly secured phone that he’s using for his important emails and messages, etc. I am not sure if he is carrying around his iPhone that he uses to tweet with, but if he is, what information does that give out? So Iran, this is back in October, we know, was going after the Trump campaign. And today, it’s, of course, gotten a little bit worse. Well, let’s talk about another area of Iran’s hacking, and this is about industrial control systems. Now, if you’re not sure Or what these things are industrial control systems, are the computers used to control things like valves in industrial facilities, they control numerical machines that do the lathing and other types of things in an industrial area. Nowadays, everything is computer-controlled. Now, some of these machines, I have a client, we had to put in special networks to protect them, a client who has Windows XP down on the manufacturing floor, and it’s Windows XP because again, it’s what we talked about a couple of segments ago. It’s older operational technology that is not up to date. If it’s not broken, don’t fix it. And the manufacturers aren’t going to update the control systems from Windows XP to Windows 10. They don’t even provide patches for when Those XP systems. So what are you going to do if you’re a manufacturer? Do you want to spend another 200 grand or more on a new piece of equipment? Are you going to stick with what you have? So we’ve got all of this critical infrastructure manufacturing, but we also have a critical infrastructure. For instance, in our hospitals. You probably know for ten years, I was a volunteer in EMS, emergency medical services. And in the back of our ambulance, I was using all kinds of equipment to monitor cardiac rhythms to do defibrillation, to draw blood to, to give d-50 to help people with diabetes who are in a diabetic coma, if you will. So, all of that equipment When was the last time that was updated? When was the last time they did an update in the hospital? We know about problems with pacemakers and people’s chests because there are security vulnerabilities All these pacemakers now, Oh, isn’t this cool, we got Bluetooth we can control the pacemaker, when you see your doctor, he makes a couple of changes. You can make some minor changes, as well, as and I’m about to exercise, I need to up my heart rate, or my heart rates going to get high, so don’t shock me right with an auto defib unit. How about our water processing plants? We’ve got gates that go up and down to move water between one area and another. Same thing with fresh water as with black water, where we have our waste from our sewage systems that treated and being run through different channels and into ponds. There are electric systems. Hydro Systems, with all of those gates, move up and down, and they go through different turbines. It’s moved around inside, depending on power requirements at that time of day. We have coal and our electrical grid, there are thousands of controls across our electrical grid. One of the things I did when I was running the FBI is Infragard program is made sure we did training on these types of industrial control systems because they are so critical to our businesses. We have to understand these we have to take care of them. We can no longer just say, well, it’s working, we’re not going to touch it anymore. So, there was a cyberwar conference in Arlington, Virginia, just about two months ago, and Microsoft security researcher by the name of Ted Morin said that he found a shift in the activity in the Iranian hacker group is called ABT33. In this case, all known by a few other names, but Microsoft just watch the group carry out so-called past Word sprain attacks. Over the past year, the try few common passwords across user account at 10s of thousands of organizations. And they’re saying that the Iranians have narrowed its password sprain to about 2000 organizations per month. More targets, different targets, and what are they trying to get at? They’re trying to get at these industrial control systems. We do know how we were able to nail the Iranians with their nuclear ambitions. It came out that it was the Israelis and us. We had come up with a virus, a particular virus that attacked their industrial control systems inside the nuclear refineries where the refining the yellowcake Basically, and we were able to destroy those. So they learn something from that. And they the Iranians are destructive or in their cyber world here, right? We talked about the wiper attacks, or they’re doing during my Facebook Lives this week and YouTube lives, how they’re trying to destroy equipment. That’s what they want. So this represents, according to Microsoft, a disconcerting move as they moved on here. They haven’t named any specific control systems. We know some of them. In December of 2016, Russia used a piece of malware that briefly caused a blackout in the Ukrainian capital of Kiev.

Some hackers deployed a piece of malware in Saudi Arabia and an oil refinery in 2017, designed to disable the safety systems, which is what we did to the Iranians. So Those attacks had the potential to inflict physical harm as well as mayhem. So we’ve got to be very, very careful. If you are a business and you have control systems, make sure they are up to date. I can’t say that enough. And make

sure the manufacturer the networks are providing you with patches demand the patches, tell them Homeland Security says that they have to deliver updates because they can’t expect you to replace all of these control systems. Part of the problem many businesses have is even finding all of these control systems that are out there. It gets to be tough, frankly. What are what do we have? Are they up to date? What are they running? You know, I mentioned already, the Windows XP control systems that some of my clients are still running, and they’re slowly but surely upgrading some of their systems. So it’s a problem. Make sure you watch this week’s Facebook Lives that I recorded this past week. They were alive when they were alive. But you’ll find them at Craig Peterson comm slash Facebook I go into this Iranian problem a little bit more. I give you some solution, some actionable steps that you can take, and if you don’t like Facebook, you’ll find them at Craig Peterson comm slash YouTube as well. And I hope you do check them out. I think it’s essential. We got to understand this stuff, and we’ve got to make sure that we are taking care of the problem as we go forward. We got more training coming up, But anyways, you’ll find all of that make sure you’re on my email list. So you find out about all of these pop-up training, free training I’m doing Craig Peterson dot com slash subscribe. You’re listening on WGAN and online.


Hello, everybody welcomes welcome. Of course, this is Craig Peterson. Here we are on WGAN the also find us online at Craig Peterson dot com. We’ve been covering a lot about what’s going on with Iran and security. There have been updates this week from our friends at Homeland Security. The FBI, CIA, NSA, I guess not the CIA so much, but the NSA even are warning us about these types of attacks. So we’ve been talking a lot about that today. You’ll find out more online at Craig Peterson comm slash Facebook. Make sure you follow my page there so that you’ll get informed when I have these Facebook Lives. So I’ve got about 20 minutes, 25 minutes worth of content there. I think you’ll appreciate it tonight. include some graphics things getting fancy here. And then, of course, this show is up on my website you’ll see it there I podcast pretty much anywhere tune in radio, of course where you’ll find ga n and many other great stations and shows. And I also have a YouTube channel and everything out. So you know, trying to do it all be everywhere all at once. So, man, it’s just the way it goes sometimes, isn’t it? So we are going to talk right now about this particular problem, which is how do we as business people know if we should be moving to the cloud should not be moving to the cloud, what should we be doing and how we should be doing it? Right. Does that make sense to you guys? And so that’s what we’re going to talk about right now. There is a great little article from insights for professionals. They have a lot of details on it. I’m also going to be having some specialized training coming up probably in a couple of months here on cloud migration. Now, if you’ve been listening to the whole show, you know how several companies are unclouding, about half of the companies that are in the cloud right now are thinking about leaving the cloud. And, and it’s because of two big problems that I can’t tell you how many people I know how many businesses I know, are thinking about going to the cloud for these reasons, which are number one security, because they look at the cloud as being more secure. They don’t have to worry about hiring security people or about having the right hardware. Go to the cloud and have no worries about any of that. And then number two cost savings, they think they’re going to have cost savings. So about half of the companies in the cloud are looking at it, saying it’s not as secure as I wanted it to be. It’s not as cures I needed to be. It doesn’t comply with the regulations that I must comply with, which, by the way, is almost every business out there. If you have a single employee, you probably have some HIPAA requirements, medical requirements, because you’re providing health insurance. You’ve probably got their social security number, their name, the home address, any one of which is considered personally identifiable information. So are you just going to throw that up on the cloud, randomly? And then you’ve heard about, of course, all of the cloud hacks that have happened and it’s scary. So, security is kind of the number one reason, and the second reason is they have not seen the savings promised by the cloud. They haven’t seen the savings and personnel in overall expenditures, etc. So about half of the companies that have moved are saying, we want to move back. One of the first things you have to do if you’re considering moving to the cloud is how a good data inventory. Now your data inventory is something you should be doing anyway, frankly, with data inventory, you know what data you have, where it is how much there is. And you have to do that now. And we’ll be talking about the new California regulations here in a few minutes. But you have to do that right now. And if you have any European customers, you already had to do this. If you haven’t re, yet, count yourself lucky. The fines have started coming all the way down to small companies. With California starting to fine companies as of the first of this year. It’s kind of a Greenfield for these scam artists that like to sue companies. And all they have to do is say, yeah, I’m a California resident, and I went to this website, and I asked the company for all the information they have on me, and I have a right to be forgotten under this category. law. And they didn’t do that they didn’t do any of it. So now they get to sue you because you didn’t comply with the crazy California law. So know where your assets are, know where your data is knowing which data needs the most protection, you should do that no matter what. When we’re talking about this cloud migration and a cloud decision framework for moving your data to the cloud. We’re also talking about taking all of that data, including the security required for that data, and transferring it to the cloud, and it is essential that we fully understand what that is. But don’t forget, half of the companies are now thinking about getting out of the cloud. Getting out of the cloud means how do I migrate my data out of the cloud? Because in many, many cases, you got vendor locked in you, you can’t do anything about it. It’s a big deal. So how are you? You’re going to deal with that. So migrating to the cloud and the decision around the migration is one of the most important and consequential decisions that any IT director can ever make for their firm. Absolutely. It’s a highly complex process, especially for larger businesses. And it is something that really could mean the end to your business. I say that, but it’s true. I also want to point out another discouraging fact about cloud migrations. About a third of them are considered failures. That’s a huge number. Now we already know things if you’re a business person, you know things like ERP systems, these systems designed to help your business run and it kind of covers everything from the customers and the sales process through the ordering the manufacturing the show. Shipping, right? The just in time inventory, these big era p systems, you already know that more than half of those are considered failures. So just talking about cloud migrations, third of them are considered failures. So how do you do this? How do you take care of this? And how do you make sure the unclouded migrations going to go well, a little bit later on. That’s what a cloud decision framework is all about. That’s why you have to spend some time here. You have to assess the benefits of moving an application to the cloud, whether it is to office 365. Online, whether it is an application that’s integral to your business. I know a lot of businesses now that are moving their era p systems like car dealers and others to the cloud. But is that the right decision, particularly considering half of the businesses Want to move back out of the cloud? Okay, what impact is that going to have on your wider business? What’s going to happen when the cloud server crashes? When your network doesn’t work? When there’s too much bandwidth on your network because transfers are going on? Or maybe as we’ve seen many, many times, people are streaming YouTube and other videos in their offices that are showing up all your bandwidth, and you don’t have any way to throttle that type of access. Okay, the most common myths of cloud computing can hinder you. So here we go. Some executives MV worry of the cloud is I believe the cloud is inherently less secure than on-premise alternatives. Alternatively, they may have gone and bought into the idea that the cloud is good for everything. Neither one of those is true, the cloud is not more secure than the premise, and on-premise is not necessarily more secure than the cloud. It depends, right? And that’s what all this research is about, you know, you got to do planning and evaluation, you’ve got to select the right solution. There are a lot of cloud vendors out there right now. Are you going for software as a service platform as a service? I access all of those things, right? How are they going to handle your data? How are they going to manage your data? How are they going to back it up? How are they going to test the backups? validation and management, anyways, if you are interested in finding out more if your business is thinking about moving to the cloud, let me know. In case I’m thinking about putting together a little bit of training on that as well. Again, me and Craig Peterson Congress drop me a quick note. I’d love to hear from you. And let’s see. I think that’s it for now. We’re going to come back with a LIDAR. It is kind of cool because we’re talking about Kaz, who doesn’t love that.


Hello everybody, Craig Peterson, here WGAN and, of course online, you’ll find me at Craig Peterson dot com. Of course, that’s Peterson with an O. Hope you have enjoyed this week, and you’re able to attend some of my FacebookLives. There is a lot of training. We’ve got a lot more coming up. If you want to find out about the training, the best bet is to subscribe to my email list. That’s Craig Peterson comm slash subscribe. All free training. I give away hours every year, you know, hundreds literally of hours of different types of training. So make sure that you’re on that list Craig Peterson, calm, slash subscribe. Well, I want to talk about something cool right now. And this is something that you’re going to be seeing in your life in the fairly near future. It’s something called LIDAR. Now I’ve had the makers and designers of LIDAR on my radio show before. And we talked about what the technology was about how it’s going to improve things. But a LIDAR was very, very expensive. It’s some of the LIDAR equipment that they use on these test vehicles. Those you see driving around from our friends at Waymo and many others. Even Uber is in the game and, and apples in the game, some others in the game. Still, these cars are driving around with a quarter-million dollars worth of LIDAR on the cars. Now, if you have seen any of these LIDAR pictures in, in the news, it’s kind of cool. Let me see if I can pull off up for you. I think I’ve got Yeah, I do. Okay, so I’m going to pull this up here on the screen. If you’re watching and you can see this again at Craig Peterson dot com slash YouTube. Here is a LIDAR picture. Here is showing what looks to be New York Central Park and some of the buildings around, and I’m quite sure that’s what it is. And it’s a kind of laser radar. And the idea with the laser radar, is I keep wanting to do laser-like our friend. Austin Powers did, right. But this is a kind of laser radar, and you can see it showing the trees and showing buildings and streets and the tops of the buildings. It’s very cool stuff. And the idea behind putting this on cars is it gives the car a truly three-dimensional view. What’s around it down to the millimeter down to we’re just fractions of an inch. It is very cool and beneficial. Now we’ve got people like Ilan musk out there, who, with his Tesla cars, is exclusively using cameras. And he says LIDAR is useless. We’re not going to use LIDAR, and no one’s going to use LIDAR forget about LIDAR, why bother with LIDAR? And I can kind of understand why he might want to go that way. When you’re talking about a quarter-million dollars worth of equipment in a car. That’s a whole different beast. However, I went online today, and I did some searching, and I found those hockey pucks sized LIDAR units wholesale for 100 bucks apiece. That makes it extremely affordable. But you might not want to use those you might want to if you’re a car manufacturer have a much better

what’s word I’m looking for, but a much better provider of the LIDAR. And so this is where everything changes. Bosh, who is a company that makes all kinds of fantastic equipment for cars already, including fuel injection systems, and many other things. Bosh is now entering this crowded LIDAR market. Now what’s important about this is Bosh is considered a tier-one provider. They are one of the top providers for automobile equipment in the world. They do some amazing things, things and this Thursday, this last Thursday, Bosh announced that they are going to be providing LIDAR units. Now Bosh can scale this. They’ve got the infrastructure to do it. unlike so many These smaller companies like the one I found for $99 for a LIDAR unit, okay. Right now, we don’t know much about the Bosch LIDAR system. There are several companies. As I said, I interviewed the first one, the guys that came up with the patent. Now, this picture that I have here, this is outing. Here is an Audi. And they have already started shipping some cars with a LIDAR. A Bosch rival makes it by the name of Valeo, and we can expect more carmakers to follow their lead. So the LIDAR doesn’t have to be solely in an autonomous vehicle. It can be used for functions like Cadillac uses and many others now. These uses quite a literal radar to track the car in front of you knows it stopped quickly, it’ll automatically apply the brakes, that you’re getting too close to the jersey barrier in the middle of the road. And so it kind of steers you away from that. There’s a lot of things LIDAR in use right now. That’s what some of these manufacturers are starting to use it. In the future. The beauty of LIDAR is that it can see everything in 3d. Remember that lady in Phoenix that darted out in front of that autonomous car and was struck. and she probably would have been struck by any driver, whether or not it was autonomous. But she was struck, because the cameras can’t see everything, particularly in the dark. And even if you have a camera on each side of the car, looking forward, which gives the car some stereoscopic vision, it is nowhere near as accurate as LIDAR is so this is just a, frankly a huge, huge thing. Another major advantage of LIDAR is the distance involved. LIDAR can see, again, with millimeter precision, over 200 meters in front of the car.

So that’s the high-end stuff. Audi putting into their cars, they’re not going to put a $200,000 LIDAR unit in it, like Google uses when it’s driving around neighborhoods, okay? But rumors are suggesting that the LIDAR from Vallejo costs hundreds of dollars in quantity, and it’s probably pretty good. So they have a lower range, they have a lower resolution, but they can add a lot of value expect over time. Radar sensors have some real limitations. They have a flat horizontal, vertical resolution like, unlike the LIDAR you saw in that picture. I’ll bring it up again here. Let me pull it up. OK, that’s up, and behind me, it’s put it up big on the screen for those people watching. But you can see the resolution on that this is an expensive LIDAR that took this picture of New York City wall of part of Central Park and part of the buildings. But you can see how good the detail is. And it’s plenty of detail for a vehicle to kind of figure out where it is and where it’s going. So this is going to improve frankly, everything. Radar can’t necessarily distinguish between things like a fire truck and a small car that might be in traveling. Still, it is going to help, and the next generation of this advanced collision avoidance and detection systems are going to be using this used massively. So I think this is very, very cool. So congratulations to Bosch, and Audi for coming up with some of this stuff. And we’re seeing More this over at CES this year the Consumer Electronics Show. There are taxis while there’s at least one Russian taxi that is over in Vegas right now driving the street with no one behind the wheel at all. And reports are that it hasn’t had one accident. Now, if you’ve driven in Vegas lately, you know how bad the traffic is in Vegas? It has gotten terrible. I was just out there at a wedding just about a month ago and I couldn’t believe how bad it now is. Stick around. When we come back. We’re going to talk about the new privacy laws. What does that mean to us a consumer? What does it mean to businesses as well? Stick around us into Craig Peterson on WGAN and online.


Hey, hello everybody, Craig Peterson here, man, I can’t believe it’s been an hour. It just goes so, so fast. Hey, welcome back. Of course, you’ll find me here every Saturday on WGAN from one till 3 pm. I also have this recorded in the video. And you can see the video by going to YouTube. But also you’ll see it over on my website at Craig Peterson dot com. I do a lot of training. I do a lot of FacebookLives, and YouTube lives, you know, pop-up training like I did this week, where we’re talking about what you need to do right now, to help protect yourself from the Iranian attacks that are already underway. They’ve been underway for many years now, but they’ve gone up over 50% this year. That is a dramatic number. And I’m just I’m sad to see that sort of thing happening, but you know, it’s going to happen. You know, guess what, right? So anyhow, be that as it may. It is a pleasure to be here. We have covered a lot today. And I want to get now into just the last couple of things. We’ve got a big deal now. Hey, if you’re a business and you have any medical records, you are covered by HIPAA, you have to comply. There are fines and all kinds of things. If if you are a manufacturer, who sells things to government bodies, and particularly military, where on the military side they have multiple vendors that are selling components and you’re selling these components to the military. Well, now you’ve probably got DFARS. requirements and door ITAR requirements if you are involved in the financial business at all. You also have requirements that are that fall under FINRA. And it just goes on and on, right that the courts all put every business under FRCP, the Federal Rules of Civil Procedure, and where you have to keep emails, you have to keep documents. You have to do all of this stuff. Are you doing it? How about GDPR that came out a couple of years ago now it’s been a few years and then last year, got teeth, and they started finding companies, even small companies huge amounts of money. Well, now we’ve got our friends in California. They have passed what they call the California consumer Privacy Act (CCPA.) This act is starting to cause some problems and some questions here as companies are trying to figure out organizations, including volunteer organizations, including insurance companies, banking companies, they have to comply. This law went into effect on January 1, 2019. And then January 1 of 2020. This year, it got teeth; you had to comply. And one of the provisions of this law is that if someone requests their information, what is it that you have on me? What is it that you’re maintaining about me? If they request that you have 45 days to give them all of their information because they have to know what you know about them. That doesn’t seem too bad, and 45 days you should be able to handle that, right? Well, consider California has got 30 million people in it. And what happens if a small percentage of them decide they want that information from you? Maybe they think that, hey, listen, it’s going to be cool because I’ll be able to make some money because, under this California law, I can sue them. And I can get a whole bunch of money because they have a Nexus in California because they’re doing business with me. Or at least they’re keeping my information because I visited their website. That’s all it takes visiting your website because now you have some information about them. And then, of course, there’s the right to be forgotten. But let’s get rid of that 45-day thing because that only applies until I think it’s March 1 this year. As of the

second quarter of 2020. You only have seven days to comply with a request. That is huge. And that is going to topple. IT departments have a lot of businesses. Now the big guys, the big enterprises that have a great security staff and they have a huge compliance staff that can afford this stuff. They’re already compliant with this California law because they had to comply with the European law, the GDPR last year. So if you’re complying fully with GDPR, and you know what data you have on people, you know, who looked at that data, including every person in your organization? Now, that’s kind of new, right? GDPR doesn’t even have that as I recall. But if you have that kind of resolution, God bless you because nobody else does. Itis huge. So we immediately have some of the big guy’s banks and insurance companies who have crazy amounts of data on everybody located all All over the place. Think about your business. It isn’t just on your server, and it might be on your phone, you might have it in the contacts, it might be on your laptop because you pulled some data to work on a spreadsheet and you took that home. You took it on the airplane, and you took it on a business trip, this data can be all over the place inside a business. Okay, now, here’s who the law applies to business is subject to the CCPA. The California Consumer Privacy Act, if it generates gross revenue of at least 25 million. So if you only make 5 million, you don’t have to comply. It’s $25 million is where it kicks in. If you annually buy, receive, sell or share personally identifiable by personally identifiable information of 50,000 or more capital For new residents, okay? So, in other words, if you are an information broker, if you are selling stuff on the internet, you might have that. How are you going to know if the California residents, unless you’ve been keeping tabs on that, right? Or you have to comply if you derive at least half of your annual revenue from selling residents’ data. So obviously, it’s aimed at companies like Google and Facebook. But in reality, this law means that you, as a smaller business, may get nailed by this. But what happens if you’re an information broker, and you only have a couple of employees, and you have a specific type of information on people that are interested in buying these types of shoes, and that’s what you deal with and your list broker. In contrast, you have to comply with this California law. It is crazy here. And if you again, if you’re complying with the European law, this isn’t such a big stretch, but most companies aren’t business enough to start from scratch. It’s already in effect. We’re just going to get nailed by this. Frankly, I was warning about it last year. If you are considering this, you need to ensure there is someone responsible for data privacy. You must have a data privacy officer, or third-party tasked with making sure various teams are doing what they need to do, etc., etc., a multi-pronged approach? And this is something I’ve been doing for companies on a consulting basis. You know, looking at the data privacy laws looking at how everything’s structured. We’re heading off to New York here to do a deep dive into the IT systems of a company and look at it from not only the California law. This new California law, but also because of the federal regulations that are in place governing what they should be doing what they shouldn’t be doing. So this is kind of interesting. major companies, including Microsoft and Mozilla, are extending compliance to everyone in the US again, remember 50,000 people in California, but do you know who on your list is actually from California, right? Most companies don’t, and this is going to be very, very difficult. They’re also going to be deleting telemetry data from the browsers. The larger the company, the bigger this problem is. And I want before we go out here, I want to point out one other thing, and this is insider threat programs. But it is a bigger deal.ut Than I think most people are aware of, we’ve got to be careful. You know, bottom line, how are we going to deal with this? How are we going to know what sort of things we should be doing? When it comes to insiders and insider threats. We’re talking when we’re talking about insider threats, and we’re talking about the sales guy that might take off with your client list because now, that’s an insider. Thirty used to be bad at up because they try and poach your clients from you because the sales guy took your information or the engineer took your information. Now, if that sales guy takes personal data, which is the information they’re going to need in their new sales job. You’ve now got responsibilities under this California Data Protection Law. You need to know where the data is. Who has the data? Where did it go? Or you’re going to get fine. So insider threats are huge now. It’s getting worse. In an insider threat report published by crowd research partners, they found that while 86% of organizations had started creating an insider threat program, many are still developing the policies and programs. Only a third of all companies considered their insider threat program to be mature. And I think they’re lying. Most of them okay. But that’s part of what I have when you know if you buy one of my packages, is all of your employee handbook stuff for everything dealing with data and insider threats, etc., etc. Okay, Forrester Research has a whole bunch of stuff on this as well. Well, today, we covered just a ton of stuff. We started with, of course, our Yeah, our misery index every go, I pulled it up behind me. Those people involved in cybersecurity things are a lot worse than most people think. And then we went into our old networks and frankly, we need new tricks for those networks. We can no longer just let it idle by and say everything will be fine. businesses who are on clouding, we covered Iran hacking, industrial control systems, and quite a few other things, in fact, so we can’t get to them all today, but you can watch all of the videos. You can see me. You can see the scenes behind me the screenshots and everything by going to Craig Peterson dot com. Make sure you sign up for my mailing list Craig Peterson comm slash subscribe. We’ve got more pieces of training coming up with more free stuff. We got to get this information out, and thanks for listening to WGAN online. Till Next Week!

More stories and tech updates at:


Don’t miss an episode from Craig. Subscribe and give us a rating:


Follow me on Twitter for the latest in tech at:


For questions, call or text:


Listen to this episode

Malcare WordPress Security