Tech Talk with Craig Peterson Podcast: Intel, Apple, DDoS, BEC, Ransomware, Hackers, Third-Party Vendors and more

1:20:30
 
シェア
 

Manage episode 288498859 series 1107025
著作 Craig Peterson の情報はPlayer FM及びコミュニティによって発見されました。著作権は出版社によって所持されます。そして、番組のオーディオは、その出版社のサーバから直接にストリーミングされます。Player FMで購読ボタンをタップし、更新できて、または他のポッドキャストアプリにフィードのURLを貼り付けます。

I know that I have been telling you about this course that I have been making for you -- Guess what it is done and this week, I will be making it available. It has taken a lot of work for both my wife, Karen and me but it is well worth it to get you this information on how you can Improve your Windows security. I walk you through all the basics of tightening up your security on Windows 10 and not only that but why you have to. his week was quite busy for me with meetings and presentations for my business. If you have not yet signed up for my email list do so today and you will be getting a large discount coupon for the course. This will be the only time that we offer this type of discount so be sure you are on my list before we release the course.

Craig

Welcome!

Today we will talk about Intel and its war with Apple and what they did that they believe will give them an advantage but might just backfire big time. Then we will talk about DDoS attacks, BEC attacks, and Ransomware. Then we will discuss how hackers are trying to get into Apple by trying to attack their developer's computers. If you have been breached -- what did you learn you might be surprised. Then what can you do if the Feds buy all your location data from one of their security consultants? How much do you trust your security vendors? All that and even more, so be sure to Listen in.

For more tech tips, news, and updates, visit - CraigPeterson.com.

---

Tech Articles Craig Thinks You Should Read:

Intel hires Justin Long to mock Macs in throwback to 2000s “I’m a Mac” ads

~4,300 publicly reachable servers are posing a new DDoS hazard to the Internet

Ransom Payments Have Nearly Tripled

Attackers are trying awfully hard to backdoor iOS developers’ Macs

What CISOs Can Learn From Big Breaches: Focus on the Root Causes

FBI: Business Email Compromise Cost $1.8B in 2020

One company wants to sell the feds location data from every car on Earth

Tech Vendors' Lack of Security Transparency Worries Firms

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] Hey, I did a webinar this week for the Massachusetts society for healthcare risk management. I thought there were some things that everybody needs to know, not just healthcare providers.

Hi everybody. Craig Peterson here. Thanks for joining me today. There is so much to talk about. I have such fun doing it too, which is great. We will be discussing this in some more detail and the ransomware numbers are just scary.

I was approached to give this webinar. You probably know if you've listened for the long time that I have done hundreds. If not thousands of webinars over the years. I have been doing them for our friends at the FBI InfraGard program.

I did them many times, two, three, four a month for years with them all on cybersecurity. Plus, I do the free webinars for. People who are on my email list. I send out little audio grams every week as well, where I do a deeper dive, three minutes or so into a specific topic. It's really fun. I enjoy doing it. So I get approached all of the time, as I'm sure you can imagine doing these webinars for different organizations.

I am always glad to do them. It might take me a little bit of time to schedule it into the schedule. You know how that goes, but I always end up doing them. This particular one was about risk mitigation because that's what these guys do, right? There's this society for healthcare risk management. How do identify the cyber threats? What are they preventing unauthorized access to PHI, which is your patient health information?

Now, we all have personally identifiable information that's supposed to be protected and so is our healthcare information. So that's what we talked about, it was really fun to get into some detail, but there are a few things I wanted to bring up here with you guys. We're going to be including them this week.

By the way, if you haven't noticed in my emails, I've been mentioning this Improving Windows Security course that is starting this next week.

If you responded to one of my emails over the last few months where I said, Hey I'm going to be doing this course on Improving Windows Security. I would have probably responded to you saying, okay great. I'm working on it. We have been for months and because of has been months, what we're going to do for people who have asked for this already in responding to the newsletter that what I am going to do is give you guys coupons for this.

So keep an eye on your email box. Everybody else. Okay. You're not going to get quite the deal. Actually, if you sign up today or tomorrow and get that newsletter should be going out a Sunday morning. Just respond and say Improving Windows Security so that you can get the full course, not just the free stuff that we're going to be giving.

Man, you're going to love this anyway. It's just Craig peterson.com. If you want to sign up for that. I do these all of the time.

One of the things that really stood out to me and I thought I would talk about actually, there's a few things is the security breaches in healthcare, because we all have some form of health care.

If it's Obamacare, and guess what? Obama isn't your doctor. He's not seeing you, right? You've got a local doc. Sure. You go in, you talk to your doctor or they examine you. Maybe you have to go to the hospital, outpatient, whatever it might be. There are records of yours that are private, and there are people who want to get their hands on those records.

Why is that? First of all this statistic just absolutely blew me away. A research company called black book market research, and surveyed about 3000 security professionals from healthcare provider organizations. 96% of those people who were surveyed believed that the bad guys are outpacing healthcare security, 96% of them. Isn't that just amazing?

56% are relying on medical devices using Microsoft windows seven. Seven hasn't been supported in quite some time. Eight isn't supported 8.1 has some support for it, but nowadays you pretty much have to be on Windows 10. If you want any support that is astounding. When you get right down to it.

We also have the problem of medical internet of things, devices, M I O T think about, again, all of the devices a doctor uses. Now they might have an iPad that's relatively safe, but have you noticed there are Bluetooth thermometers now that they might use to check your temperature? Did you notice that even people who are in intensive care might be hooked up to an IV those things are connected via wifi and Bluetooth? The x-ray machines, the cat scans, everything now in the doctor's offices. Practically everything is electronic is hooked up to computers.

We're helping a medical office right now doing a bit of a transition on their phone system so that they have integrated with their phone system. Now, automatic text reminders. If someone calls in or the office calls out, all of that is logged in the patient records, screen pops that come up and tell them, Hey okay is calling in and it shows all of the records before they even answer the phone.

56% of healthcare providers are using unsupported operating systems. That's just on their computers. Most organizations don't even know what is inside their machines. Cause you remember almost every machine nowadays has a computer on it. Then on top of it, they're using this 20-year-old antivirus software and insecure systems. They're really not vetting things, failure to access. It's just absolutely crazy.

Now the bad guys are able to get in about 86% of the time. That's according to Verizon's 2020 data breach investigations report. That's just crazy. 86% of them are about money. The attackers usually take the easiest route to obtain all this information that they need.

43% of the breaches are due to the cloud. How many of our businesses are saying Oh, I'm going to use the cloud. I'm going to use salesforce.com. This is an example. I'm not trying to pick on salesforce.com. They've had their problems, but so has pretty much everybody else it's. We're gonna use salesforce.com for all of our client records and emails going out to et cetera, et cetera.

That's just a word for someone else's computer, the cloud. It is a computer. It is still existing out there. You cannot, whether you're in healthcare or you're a regular business, you cannot just push off the responsibility for your data to a third-party cloud provider.

Now in the medical business, they have these business process agreements, BPA partner agreements that say, okay, you Google, I'm going to be paying you extra for this special healthcare version.

So they pay extra and they get that special healthcare version. And Google says we will keep your data safe. Oh, okay. That's well and good, but you have to pay for that version.

43% almost half of the breaches were due to people trying to use. What's called the cloud.

27% were attributed to ransomware. It is running rampant and we'll get into some of those stats here in a minute.

This is the part that I would think everybody needs to hear and that is your patient health information worth 20 times more than credit cards are worth. Did you hear that? 20 times more, 2000% more than credit cards.

So you might ask yourself why does that matter? What's the big deal with my patient information? If they have your credit card, they can use it a few times, hopefully, you'll notice it pretty quickly. You're using something like a credit monitoring service to notice, Hey, wait a minute. What's going on here.

If they've got your social security number, they could potentially buy a house or a car in your name. You don't know that they bought a car in your name until the tow truck shows up asking for the car back. Because it's now being foreclosed on, but guess what? You don't have it. It's not yours.

You have to spend 300 hours trying and straighten it all out and clear up your name? But when it comes to PHI this patient's health information, probably has your social security number. Remember when you fill out those forms when you go to the doctor's office, criminals can pull off stealing your identity that can go undetected for months, but it's even worse than that, frankly, because if they have a child's information, Oh, so again, we're talking about a birthday to name and address a social security number because you remember the government's forcing us to get social security numbers for all of our babies as they're born.

Yeah. So they've got that social security number, which will never be used to track us. Will only ever be used for social security and can not be asked by anyone outside of the federal government and the social security administration.

Another promise from the federal government was completely ignored.

That child's personal information can now be used for at least 10 years, probably closer to 15 years by a bad guy. It can be sold to illegal aliens who now have a name social security number and maybe a fake birth date because they're really a little bit older than they appear to be on that birth certificate. That's why it's worth 20 times more.

It's really something's going on.

All right. You are listening to Craig Peterson. We're talking about our health care information. We're going to talk a little bit more about that.

We all have healthcare records and they have some of our most personal information. That's what we're talking about today in follow-up to a webinar that I did last week for the healthcare industry. We're going to talk right now a little bit more about your privacy.

Hey everybody. Thanks for tuning in, Craig Peterson here.

Getting right down to the real hard stats here on our healthcare records, a lot of them have been stolen. We covered that, of course, in the last segment. If you miss that, you can catch that online on your favorite podcasting app. I'm pretty much everywhere, nowadays.

It's just crazy to think about because, in reality, we have had millions of records stolen, 300 million healthcare records stolen to be exact since 2015, which is pretty bad.

I'm looking at a chart right now that I showed to this healthcare industry group that showing that the hacking event has almost doubled over the last three years, year to year, every year. So in 2018, 164 major hacks, 2019, 312. That's a good double. 2020, 430, which isn't quite a double. So we are seeing a lot of data being stolen. Of course, stolen data means misused data, which is a very big problem.

Now, in the healthcare industry, they've got a separate problem. That is these HIPAA rules. Now HIPAA has been in place for quite a while. It's supposed to have been provided portability of our records. Does anybody have any real luck with that? I know there are some I haven't.

Portability, I don't even know where my health records have ended up. Frankly, cause my doctor ended up closing up shop and I just have no idea. But it's supposed to be portability and privacy. Well, the most common violations of these HIPAA regulations revolve around professional hackers.

Then you've got business associate disclosure. Remember I mentioned that. The cloud is not an excuse for not protecting your data. You cannot hand that off to a third party. There's many more that I go into in the presentation.

Of course, I talk about some of the ransomware that's been going around the fines they can get from some of these.

Then here's the next thing I wanted to talk with you guys about. And that is the amount of ransomware out there. I'm going to have a little bit of a ransomware offering. Take a look in some training and stuff here. Take a look at your emails. If you get my newsletter, it'll probably, I'm going to try and get this in for tomorrow's newsletter.

The one that comes out on Sunday, if you're not a subscriber right now, go to craig peterson.com/subscribe. You'll actually see it on the site @craigpeterson.com. If you scroll around, do a few things on the site, it should pop up automatically for you.

I'm going to make a note to myself here about the ransomware stuff. So you guys can hop on and get more information about how to protect yourselves too.

Now we're just talking about healthcare and of course, this is every business and every person out there.

I talked about this Conti gang. I don't know if you've heard of them. C O N T I.

Now, remember what I've said before about ransomware. It used to be that you'd get ransomware. Your computer would now have it's data encrypted, and then it would pop up this big red screen up that said you've got ransomware in order to get to all of your data back because what the ransomware did was encrypt it. You need to go to this website. You need to pay this amount of Bitcoin to this Bitcoin wallet and off it goes, right? That's the idea.

According to the FBI, about half of the time, you'll get all your data back half the time. That's even if you pay the ransom. And now, too, that the. The State departments might come after you, and the FBI, if you pay a ransom because now you are supporting terrorist organizations, not just criminal enterprises very big deal.

Now the other side of ransomware, and this is what just hit with a few different medical providers here. What I talked about was the Rehobeth McKinney Christian health center services, New Mexico, because now it's much more advanced instead of just getting on your computer, encrypting your files, demanding a ransom to get the decryption key. They even pre-install the decryptor for you. Isn't that handy? Yeah.

What they are doing is they get onto a computer and then they start East-West spreading. Now we've seen that for years. I remember one of our clients, a car dealer, and this was five-seven years ago. They got some ransomware. Somebody clicked on something that they shouldn't have, and all of a sudden their machine gets ransomware. The machine, of course, is hooked up to the network and. It is also not just hooked up to the network, it is in fact, mounting drives from their file server. So his machine has access to all of these files. This guy was a manager over there at this car dealership. So he had access to all of the files.

Think about that for a minute. What his machine did back then is it said, Oh great. Here's some network drives. It started encrypting the S drive and the H drive and the K drive. All of these different letters for these SMB mounted drives from the file server.

We were in there beforehand and we installed our security stuff. When his machine got this brand new strain of ransomware, and of course he didn't want us looking at what was on his machine. So we couldn't install all of the antivirus software because then we would have access to it. We've got another client that's like that too, where the owner of the business doesn't want us installing software to really keep his machine clean.

I don't know why people do that. It just, are they just trying to play their cards close to the chest? Is that what they're trying to do? Are they looking at something they shouldn't be looking at work or ever? Why do people do that?

If you got hints, let me know. Cause I would love to know me@craigpeterson.com. Why do people do that?

Anyhow, his machine got the ransomware. It tried to start spreading to the file server. Now, we had special hardware and software installed. So we saw that spread start. We immediately shut down. It was all automatic. It was just shut down. I shut down his network port, in fact, so his computer can go anywhere.

His computer had the ransomware. We were able to just go ahead and restore from backup. The bad guys know that if all they're doing is encrypting your data, then who cares? You restore from backup.

Now, hopefully, you're following a three-two-one backup scheme. Most places don't. Hopefully, you're testing it as well. We test every backup that we make for our customers every day. We usually about once a week, will, if it's a server or even a workstation, we will spin up the servers in a virtual environment and make sure that it can boot so that we know we have a good backup. I got to tell you guys, most of the time the backups are not working and it gets to be a real problem.

What these guys have figured, including this Conti gang is we're not going to be able to get as much money out of them by just encrypting their discs. We need to do something else. So while they're trying to spread East-West inside, what they're doing is okay, so they got a hold of this manager's computer. They start scanning for other computers and scanning for vulnerabilities scanning for ways it can gain access.

Unfortunately, the statistics show us that most of us have file share turned on our windows machines. That's one of the things I talk about in my Improving Windows Security course, what to do, how to do, how to turn that off because that is the second target of ransomware. Once it gets onto your machine.

You've got to turn off those file-sharing services. So we'll tell you what Conti and these other guys do once they're there in, and they have found another machine. Maybe it has filesharing services. Maybe it's good old-fashioned vulnerability because nobody patched.

Man, I can't believe how fast this computer is. We just did an upgrade on my iMac here in the studio. It is blindingly fast now.

But we're talking about. Ransomware and what's the Conti gang and others doing, nowadays.

Hello everybody. Craig Peterson here.

Thanks for joining us today. Appreciate you spend a little bit of time and I enjoy helping to bring you guys up to speed on what is happening. There's just so much of it. You wouldn't believe what I have to filter out.

The Conti gang have been very successful, but their money started to dry up fairly recently when people figured out if they had a decent backup, they could just go ahead and ignore the ransom demand. Instead of paying that ransom, just go ahead and restore from backup. So they had to do something different.

What the Conti gang did, as well as pretty much everybody else in the ransomware business, is okay, what we're going to do now is we're going to find all of the other machines we can find on the network. Then we're even going to have real people get onto these computers remotely that they've compromised and have a poke about. See is there patient healthcare information? Are the bank account numbers on this machine? Are there plans on what to do? Where to go? What's the business going to do next week?

But particularly stuff they can sell right away. If you take credit cards, you know that the payment card industry is all over you if credit card numbers are stolen. Those are nowhere near as valuable as patient health record information. As I mentioned a little bit earlier, we're talking about 2000% more than 20 times more value to your healthcare records.

Now what happens is the Conti gang says Oh looky. We've got patient information here. It has names, addresses, social security numbers. It has birth dates. It has diagnostic information, and then they upload it.

We had something like this happened with one of our clients. It wasn't a ransomware attack, ultimately may have been. They came in through an unsecured VPN and that they would not let us shutdown. We told them to shut it down and they didn't.

In come the bad guys, they actually were coming up via Mexico in this case. Although I doubt they were located in Mexico. They took that VPN connection, they used it now to get on to the computer and found something interesting. So they started to exfiltrate the data.

In other words, Take that data and send it out. That's exactly what the Conti gang and others are doing now.

We noticed, wait a minute, this is all automatic. Why is data going out from this host at that speed to this address at this time of day? It wasn't a normal pattern. So our hardware-software that's sitting there in their network automatically shut it down hard.

They were able to exfiltrate just a tad bit of data and then it was stopped instantly.

That's what they're doing nowadays. So the Conti gang gets your data and then they try and say pay up from an extortion standpoint. Instead of just holding your data ransom, they're extorting you. Saying, if you do not pay us we will release this data. The Conti ransomware gang has its own website out there. It's called a leak site. There are many of them out there.

If you go to that site, I'm not going to give you the URL. It's right there. There's their logo. Conti gang has a logo and it says Conti news. It's talking about how you can make your payments to them and what data was released and that this person paid up, but it was too late. We don't have the data anymore, which means it was released and too bad. So sad. I wouldn't want to be you.

Here's another ransomware gang. I've talked about with the Massachusetts society for healthcare risk management in this webinar, and that's the Avedon ransomware gang. So again, they had stolen personal information. They had health information and they had not just the ransom side, but the extortion side built into it. This was in relation to an attack on the Capitol medical center in Olympia, Washington.

They have leaked some of it they're threatening to leak even more. If Washington Olympia capital medical center doesn't pay up.

Now, I went through here with Karen, helped me out with Karen and we got some other stats.

First of all, 70% of the time now, ransomware results in data exfiltration. In other words, 70% of the time, your data is stolen prior to the file encryption. Pretty bad. Pretty bad. Things can get particularly harmful because these ransomware attacks are a growing concern. They're disrupting patient care and healthcare, right?

Disabling critical systems because they have been even holding ransom some of the diagnostic equipment, MRI machines that were connected to the network. There were running Windows. Who would use Windows in the machine that's healthcare critical?

Obviously interrupt revenue flow and they had to now go get involved with real expensive remedies. It really puts him in a very bad spot, very bad.

We've had almost double the number of healthcare institutions attacked this year versus last year.

I'm not going to go through all of these things here. I explained to them the difference between some of these real sites and fake sites and how you can get access to it.

By the way, if you're interested in this, I did record this, I'd be glad to send it out to just let me know, just email me@craigpeterson.com and I can send you some of this healthcare stuff, the slide deck, or whatever you might like.

Phishing campaigns, way up. You probably heard about that. I gave some examples of that emailing patient information without encrypting it. Wireless infusion pumps are, of course, compromised because they're running an operating system that hasn't been patched. Usually Windows. Think of that there's Windows in that infusion pump, but it could be a version of Linux. It's not patched. It's crazy. Vital sign equipment. Oh my gosh.

We're also seeing that this patient's health information being stolen now is being used to create fake insurance claims.

You might've been wondering in a previous segment here, I was talking about how. Much this is worth and it's worth a lot while this is one of the reasons it's worth a lot, your personal, private patient health information.

If you have a diagnostic info and that diagnosis has been stolen, and then they can file a health insurance claim. Yeah. You see where I'm going with your information as though you received some treatment or some care for the diagnosis that was in your healthcare records. It's just that simple.

The average cost of a data breach right now, by the way, if you are a regular business, it's $158 per record for non-healthcare and it's $408 per record. If you are in healthcare at all.

That's a doctor's office. That's not just hospitals, it's anybody. And by the way, mobile breaches are really big 43% of healthcare organizations who reported a mobile breach, said the mobile breach caused long-lasting repercussions.

Now, think about this. If you're a patient. How well are your records protected? I can tell you based on what I've seen and talked with healthcare, people have seen statistics they're not protected very well at all.

People will start going to jail over this. People in the healthcare industry that is.

So just in case, you were thinking that couldn't happen to you.

I'm gonna spend a couple of minutes now talking about what happened a long time ago, in February. 2021 with healthcare records. This is amazing.

Hi everybody. This is not the healthcare network. No, it is not.

I'm looking at these slides that I had put together, of course, based on research that I did, for the Massachusetts society for healthcare risk management.

It was an online webinar. I do webinars all the time. I do them for listeners where we talk about something that's hot in the news. You might see me doing various lives. I haven't done one in a little while.

Do you think I should be doing Facebook lives or YouTube lives? I know a lot of people have a real problem with Facebook. That's certainly understandable from my standpoint, but do you think it's worth it?

Get on and I can answer questions and things. Let me know me@craigpeterson.com. I've done them before. I usually get a handful of people on. I'm not sure how much it's worth or not.

They are coming for you when we're talking about the health organization. So as healthcare organizations. So we're focusing on the bigger ones because that's who I was presenting to. I always make these slide decks. This one took me a week to put together right. Karen and I because there's so much research and I know I shouldn't spend that much time on these things, particularly if I don't charge for them, but I've got to do it.

I was talking to a friend of mine who's an attorney. He said, do you know what? You would be one of the richest men in America if you did not have morals. Oh my.

February 2021, we had Gore medical management out of Griffin, California, with 80,000 people affected. Nevada Orthopedic and spine center. Las Vegas, 50,000 people. UPMC life-changing medicine out of Pittsburgh and only 40,000 people there. Remember, this is February. 2021. Oh, wait. There's more Grand River Medical group out of Dubuque, Iowa, Harvard eye associates out in Laguna Hills, California, Texas spine consultant out of Addison, Texas.

UPMC Health plans out of Pittsburgh, PA. Granite wellness centers, Grass Valley California. Granite is Northeast, people. Aetna Hartford, Connecticut. Isn't this something, February 2021. 12 Oaks recovery center, NAVAIR Florida. Pennsylvania Dalton teen challenge in Pennsylvania. Data Logic software, Harlington, Texas.

Yeah, it goes on here. The house next door, Deland, Florida. Project Vita health center, el Paso, Texas.

Just in February.

Lake Charles Memorial health system, Lake Charles Louisiana. UT Southwestern medical center, Dallas, Texas. Hackley community care center out of Michigan. Rainbow Rehab center, Lavonia, Michigan. Jacobson medical hospital care center Elgin, North Dakota. Pitkin County, Colorado. Piedmont health services, North Carolina. Hope healthcare service, Fort Myers. I like Fort Myers. Jacobson Memorial hospital and healthcare in Elgin. You getting you guys getting the gist here and you pick it up what I'm putting down.

Jacobson Memorial hospital. This was a data accident involving an employee email account potentially exposing current and former patient data to authorized individuals.

You know what, the number one question I had. I got to put that together. Let me just jot this down so I don't forget. Gmail. Doctors.

The Number one question I had was how do we stop doctors from using their Gmail accounts? That's the same type of thing that happened on February 23rd, 2021, right here, where they were forwarding email and this happens.

We see this all the time. Somehow doctors think, I dunno, they're immune to these things, or it's not going to happen to them. I don't know. An email comes in and it comes into a secure email system. Then the doctor configures it to forward his email that comes into the secure clinic, his doctor's office, whatever it is, forwards it to Gmail.

What happens at that point? It's now in Gmail, it may or may not be secure. If you're not paying Gmail for your account, you can be pretty sure it's not terribly secure.

There is an encryption standard, an email called TLS and Gmail does not provide TLS services, guaranteed, for free accounts.

In fact, I don't think they provide them at all for Gmail accounts other than the paid accounts. This is an absolutely huge problem. The FBI and the Department of Homeland security CISA came out with another warning here about healthcare. This is affecting all of us because this is our personal information.

Why are healthcare records so much more valuable? I mentioned earlier a couple of things. One is they usually have a social security number, name, and address, so it can be used now to steal someone's identity. They often have diagnostic information. So that means it can be used to file fraudulent insurance claims.

What else can you do with some of this medical data that is stolen? If they have your medical data, it's so much different than your credit card, because credit card you can cancel.

In fact, even if you don't cancel, if you notice you get a new credit card, every what is it - three to five years, new credit card here it is. There's a new number, at least a new code on the back, right? CVC code. You look at that and say new card okay, whatever.

It's such a pain because you have to go and change it on any website or with anyone that's doing an automatic ordering.

But when you get right down to it, What can happen if your credit card numbers are stolen? They can run up your credit card. You can, before you pay it, file a claim and say, Hey, someone stole my credit card number. That is bad. I did not authorize these charges and they will back out the charges for you, right? You haven't put a dime of your own money out there.

Now, a debit card. Yeah. They've taken your money and now you got to fight a bit to get it back, but you can get it back from all the major credit card issuers, but you get a new credit card number.

What happens if your social security numbers are stolen? Did you know that the social security administration will not issue you a new social security number? Is your number stolen? Did you know that?

How about the rest of your information? Most people live in a home for at least 10 years, not longer. That's a lot longer than your credit card number's going to be around so they can now again, continue to file for loans under your name, your address, your birthdate, maybe for the rest of your life. This is our personal information.

And as you probably noticed early on, I was talking about how upsetting it is to me that we have a national ID stamped on our forehead effectively.

We have a social security number that we now have to use for everything it's called a social security number because it was put in place for this Fake insurance program that the federal government put together because it's not an insurance program. It is not run like an insurance program. They put it together and they called it social security. They gave you a number because they had to keep track of your account. And really it was your account number. Now it's used everywhere. There's proposals out there. Hey, let's come up with a digital ID, a digital identifier. A digital passport, if you will, as though that's going to solve the problem. The problem is we now have our data stolen. It's already out there. It's everywhere. Can you imagine what China might be thinking about doing with it? China has been, it's been verified now. China has stolen the records of pretty much every federal employee, every background check record of every background check that was done for clearance via the FBI. What's going to happen if they decide they really don't like us anymore and they just let loose?

What a great way to shut down our economy. Like overnight, by all of a sudden creating millions of fake accounts. Using real identities, our identities. This is just nuts, it is absolutely nuts.

We've seen these hacks and we just ran through some of the healthcare hacks that happened in February of 2021 one month. These are the ones we know about. Most of them are in fact, probably not reported at all. Add on top of that, now we have doctors that are working from home that are using what we're calling loosely, telemedicine. They're getting onto platforms that were never designed to keep our data safe is not HIPAA compliant. They are exposing our data even more than ever before.

I don't have the answer for this, because they are not, I can guarantee you, they are not pounding down my door to have me come and help them. I could. That's what I do. They're not. In fact, when I reach out to most of them they hardly care at all. Not a big deal, right? Not going to happen to me, can't afford it. Yet they're pushing all of this burden onto us. It is extremely upsetting. Something has to be done. Something has to be done about healthcare. We need to enforce these HIPAA rules and regulations, and people need to go to jail for blatantly ignoring what they've been saying, by signing these forms, blatantly ignoring what they've been saying. They've been doing now for what 20 years?

Visit me online. Craig peterson.com. Make sure you get on that newsletter so that you don't miss a thing.

I think we beat healthcare to death in the last hour.

We're going to be getting into a bunch of new topics here. This whole thing about Intel hiring Justin Long has stuck in my craw too. So we'll start with that.

Hi everybody, Craig Peterson here. Of course, it sounds like its a stuck in my craw week, but we got to keep you guys informed and it just really irks me, that so many businesses are trying to do the right thing. They are spending money. They're getting training for their people. They're getting the right kinds of equipment. They might be buying stuff from me or whomever. It really doesn't matter. They're trying to do it right. That costs them. There's no question about it.

They are competing against people who don't care. That's what really bothers me. They're competing against people that are barely spent a dime. Maybe they bought a SonicWall firewall 10 years ago, but that's the last time they did anything for security.

To me, that is a sin and should be a crime. If you've got a company, like maybe you've got a DOD contractor, and they've spent 200,000, maybe as much as a million dollars if their really quite a bit bigger on just trying to secure their networks and okay they sell to the DOD, but they sell to a lot of other companies as well.

How do they compete? How do they compete against somebody that just hung up a shingle and is out there selling a competing product?

Nowadays, you can't tell. This is an old one, right? Do you remember the Lycos commercials on the internet? No one can tell you're a dog. That's exactly what this is about. No one can tell going to the website. How good are you? How long have you been around? How much have you spent on cybersecurity? Is it any good? It's just nasty. It is really bad, bad stuff.

We are getting attacked so much. Ransomware attacks have tripled in 2020 and remember ransomware isn't just ransomware anymore. Most of the time it's also got extortion built-in. It's just crazy.

Make sure you are on my email list. If you're a home user, that's great. There's lots for you to learn. If you're a business that's great, there's lots for you to learn as well, and I'll let you sort it out. But even when I have stuff specifically for business or targeted to business concerns, there's stuff you can learn from it as an individual.

I want you to pay attention to it, but you can only do that if you have my newsletter coming to you every week. Of course, the best way to do that is this go to my website, Craig peterson.com. You'll find it all there.

I appreciate you guys. I, again, I just can't say it enough. You have been great. I appreciate all of the feedback I get and I answer all of the emails. Again. It might take me a little while it usually takes a few days. But I do answer them and I answer them personally. Most people are really shocked when they get a newsletter, they hit reply. I replied to them. Thinking that I must be some big internet marketer, which I'm not, I'm here for you.

I appreciate everybody that signs up for the list. You guys referring to people. It's interesting. Every time I send out my weekly newsletter, I get even more people signing up for the newsletter. So you guys must be forwarding it to your friends. Who is then signing up? I really appreciate that too. Cause I want to get the word out. 99% of what I do, what I say, is absolutely free to anybody who will care to listen. It's there for you. I really do want to help.

You might remember these commercials from way back in the two thousand in the double ots, triple ots. Hello, I'm a Mac and I'm a PC.

Hey Mac. Did you hear the good news PC choice chat? Sorry, I didn't hear you there. What'd you say, allow me to introduce the top-of-the-line PC? Okay. What are you doing in a pizza box? Go on, rip it in half. And since it's beautiful that he needs an upgrade and I'm having a very difficult time finding pictures of my friend. I couldn't hear you through my virus-proof mask. Bongiorno. Hello. Let's go to the commercial. We are a commercial. Let's go to another commercial, your first class, all the way PC and Danesh. You are banished.

I have to chuckle when I hear those. Isn't that great? Those are just excerpts from some of those commercials from years ago. Of course, get a Mac.

What Apple was doing at the time performed by John Hodgman. He was the guy that did the PC side and Justin Long, who was the guy that did the Mac side saying I'm a Mac. It's fascinating to me now that Intel has decided to go ahead and hire Justin.

Now what's most fascinating about it is that Intel hires Justin. Wait, what are we comparing here? A PC is when you think of it, it's Windows, right? You're not thinking about Intel inside. You're buying a Windows machine. You're not buying a computer because of the chip it has in it, most of the time, right? You might buy this is when I said faster chip or that one has a slower chip. That makes a lot of sense.

You're buying a computer so you can run an application. I remember very well back when the Apple two came out, the two-plus and people bought them in droves because of an application. You could get VisiCalc on there, a spreadsheet program. It was the first, it was the best. It was the most popular at the time. Then others came out that were arguably a lot better. But it still sold. VisiCalc still sold and went over to the Windows platform.

So Justin is now doing commercials talking about Intel. So he's saying on the Mac, you can't touch the screen, which by the way, you can if you get a touch screen for the Mac, No two ways about it.

I have one sitting right in front of me. I use this on my Mac it's a touch screen. I use it for doing presentations. I can highlight things, move things around, touch things, open them up, click on them with my finger right there on this screen.

None of those have anything to do with the fact that inside that might be an Intel processor.

We've got Intel now out there with I think misleading, but potentially you could argue, that they're misrepresenting Intel. All Intel is doing is providing the main processor maybe some other support chips on there. Maybe it's using Intel memory. I don't know, but in reality, what we should be comparing is our Mac, our Intel-based Mac versus our Intel-based Windows computer. Remember Macs will still run Intel.

I just gave it away. Did you catch that?

What's really going on here. What's really going on is, Apple is upset with Intel for some very good reasons. Intel has been massively overcharging for its processors for a very long time. Intel processors have never been that great, frankly, but because of what was called the WinTel monopoly.

Intel really went along for the ride. They went along with the ride with Microsoft because people bought Windows so they could run Excel or whatever the other applications were, that they wanted to run.

So what has Apple done? When Apple came out with the iPhone, it never had an Intel processor in it.

The same thing's true now, with all of the new Apple equipment that's coming out. So your I-phones don't use Intel processors, your iPads, don't use Intel processors. I have sitting right in front of me, a Mac mini that has an M1 processor from Apple. And in fact, Apple right now is trying to get rid of Qualcomm as well. It can help increase their profit margins, but these things are not easy to design and implement.

It took Apple years to get to the point where they had one that was really quite a good processor. I can buy a Mac mini with an Apple processor in it that is better than a hundred percent faster than a Mac mini with an Intel processor, for less money.

The Apple chip costs me less money than the Intel-based processor and it's twice as fast according to Adobe, who just released their performance metrics on illustrator and Photoshop.

Intel is getting very nervous because they're seeing their business go down the tubes. Intel has not been able to deliver on lower power processors. It has not been able to deliver on faster processors other than going to multiple cores. It's also having problems with manufacturing, the smaller, thinner, and thinner processors, which help with of course, using less power that makes them faster and they have less heat.

Intel is saying, Oh my gosh, we're in trouble here because even Windows runs without Intel processors now. You can get a surface tablet that doesn't have any Intel in it and run windows on it. So they're in trouble there.

They're seeing to the market share that's being taken from Microsoft by these Google Chrome tablets. Chromebooks, which are laptops, which are very inexpensive, very fast, very user-friendly, and very secure.

Although, Google does spy on you a bit and they don't use Intel.

What does Intel do? We're going to hire Justin and make people very confused about what's really going on.

Don't worry about those ads, stick with anything you need to use. If you can get out of the space of windows. Get out of this space of Apple. Go with something as simple as you can. Maybe Linux, maybe ChromeOS.

Hey, it's 2021, and ransom payments have nearly tripled then targeting many factoring healthcare, construction and the average ransom is now $312,000.

Hi everybody Craig Peterson here. We were talking a little bit earlier about ransom and ransomware gangs. We've talked about how it can just totally destroy somebody.

If you're a home user and let's say that they get onto your computer and they encrypt all of your photos your grandpa, grandma, your parents. You've got pictures of the kids and grandkids, great-grandkids, whatever it might be on your computer. Now, they're demanding $10,000. If you ever want to see your pictures again.

That is a very good reason to have your photos and other documents you care about somewhere else, not on your local computer.

I know far too many people who hook up a local hard disc to their computer and then back up to it.

They're backing up to a USB drive that just isn't going to cut it. That USB drive is attached to your computer. If your computer gets ransomware on it, it's going to encrypt your USB drive.

That's why I advise people if you are going to have to use a USB drive, let's say you've got a database that you have to open, but you don't have to have it open all day long. Put it in an encrypted volume and only mount it up and decrypt it when you're using it. Then go ahead and re-encrypt it when you're done.

That's called data at rest. The idea is when you're not using it, nobody has access to it. That's what you should be doing. Remember too that if you still have that disc plugged in, and if that disc is encrypted, they can still encrypt it and hold you ransom. But they're not going to be able to do the extortion because the data they have is encrypted. They have no idea what they have. They may not even grab it because some of this ransomware software is just that smart.

Ransomware gangs now that are aiming at businesses are grabbing even more money than they've ever been able to get before. The average amount that's paid, jumped 171% in 2020.

There's a new report out from Palo Alto Networks. They provide all kinds of networking equipment. You probably know, I already use Cisco primarily we've used some Palo Alto. We've stuck with Cisco. I like that integrated environment, but Palo Alto is good. Just not great.

Palo Alto uses data from ransomware investigations, these data leak sites, as I mentioned earlier, where some of these ransomware gangs post to the data that they have stolen from people. Those are called data leak sites. They looked at some of those things to try and figure out what's going on out there in the industry.

They found that these main industries, which are manufacturing and healthcare, construction companies had almost 40% of all ransomware attacks in 2020.

It's just amazing because again, the ransomware attacks are being fine-tuned to go after organizations that have data that is very valuable. The highest ransom paid that we know of was $10 million. Isn't that amazing. The highest ransom demand was $30 million.

Almost a third of the average demand paid more than $312,000. So it's just crazy. When you start looking into this and these ransomware groups are really getting ahead of the defenders.

They are using all kinds of different types of innovation, which is again, why antivirus software does not work. I put that into my presentation. In fact, I had in the presentation here, some slides with John McAfee, I had him for one of them, and then I had a quote from now trying to remember what he was. He was a high-end guy in Symantec which makes Norton, and both of them said this, "their software is just useless" bottom line. It's useless because these ransomware gangs are using different techniques, different styles, they're improving things, pretty dramatically, frankly, and getting these ransoms up higher and higher. By the way, they are still being paid using cryptocurrency and that surged 311% last year.

By the end of 2020, ransomware payments began to decline. A lot of that seems to be because the victims don't believe they're going to be able to get their data back, which is correct as I've mentioned before.

Be very careful out there. If you are a victim of ransomware, realize guys, you're probably not going to get your data back even if you pay. Also, realize that there is another extortion coming your way in most of these cases. That extortion is to pay up or I'm going to release your data to everybody. Then you're going to have to decide what to do. Cleaning up after ransomware isn't cheap. The average cost of forensic engagement is over $73,000 for enterprises and 40 grand for small and medium businesses.

It's pretty bad what they're doing right now. All right next up here. We've got attackers who are going after specific targets. Now I mentioned that just now, but in this case, what they're doing is they're trying to get back doors into iOS developers' Macs. Here's how it works.

If you have an iPhone or an iPad that is running an operating system. That's based on a Unix kernel called iOS that's Apple's operating system for those mobile devices. It behaves differently than the desktop operating system. That makes sense, right?

Windows trying to shoehorn in the touch screens without really considering all of the implications of that, I think was a huge mistake. If you want to go back many years in Windows eight when they introduced tiles. On my archive, you will find me saying that very thing. However, If you are a developer for iOS, you're not going to be using Windows. You are going to be using a Mac.

What the Mac developers use is something called X code. This is a developer tool that Apple makes available to developers who are writing apps for iOS or Mac OS, as well. The bad guys are doing a supply chain attack and they are putting fake libraries that are being used by the developers, into the developer pool. The idea behind that is if they can get this fake little library in there, they can then take control of any machine that's running that library.

I don't want to get into this too techie here and have people zone out, but it tells you something here that the bad guys, rather than attacking iOS head-on like they do with Windows. They are trying to get into the developer libraries and get in that way.

Now they are, don't get me wrong, they are trying to do this with Windows. It's just usually so easy to use a new zero-day on Windows, as opposed to going into all the trouble to try to get into developers' machines in order to install these back doors. It's also known as a home watering hole attack, and they send this to targeted developers.

There's a visual studio project that's available right now with a proof of concept exploit for some of this stuff, but we're aware of it. We're trying to deal with it. Apple is trying to deal with it. Windows eight is happening in that area as well.

GitHub has seen a whole lot of problems with this type of injection and the whole industry is working hard to stop it. I think that makes a whole lot of sense. All right.

Let's talk about selling the feds, location data from every car on earth. Does that make sense? I don't know.

Apple made a change in its podcasts. We'll talk about that as well.

Hey, are you somebody who listens to podcasts as well as the radio Apple figured something out to the most other podcasters really figured out some years ago? So we're going to talk about the one-word change. Apple just made it.

You're listening to Craig Peterson here on news radio, WGAN AM 560 and FM 98.5. Thanks for joining me today.

As we've been talking about some of the great articles out this week that I was going to say the great questions that have plagued humanity, but. I don't think that's quite true. There certainly are questions we all need to have answered and I answer your questions as well.

Make sure you go to Craig peterson.com. You can right there. Sign up for my newsletter. You can send me a question if you'd like to right there, or you can just email me M E@craigpeterson.com. I'd be more than glad to answer them. It is a wonderful thing to be able to help you guys out. I appreciate you so much for spending these two hours here with me on your Saturday.

Podcasts are something that Apple really kicked into gear. I've been for more than 20 years doing what today we would call podcasts, and that is making available audio from our radio show. Audio from interviews. All kinds of audio for people to listen to. Many other people do. It has become a huge thing. Now there are millions of podcasts out there covering every topic you can think of talking about long tail, just microscopic and lead nailed down different topics.

Apple had the iPod. You might even remember that. And I still use an iPod to this very day. I still have my iPod classic and I that's the one I use. So it is how old now? 12, 13, 14 years old. I don't know, pretty old. And I've had to replace pieces in it. But I really liked that user interface. It's pretty easy to use.

I have over the years, I've put a lot of different music on there and I've also put podcast. It is an iPod with video, which means that it can play certain videos. It has been a wonderful little device. Because of the iPod and the popularity of people listening to the audio, like my show, Apple was able to really dominate that market. They became known as podcasts because of the Apple iPod. People could carry them around with them.

Nowadays we stream, for instance, you can listen to WGAN on tune-in, which is available as an app. It's a website. You can listen any time anywhere. It just couldn't get much easier for any of us. It's fantastic. You can certainly download them into the app. You can download them into the Apple podcast app that's there on your iPhone. On Android with Google play. In fact, you'll find my podcast on all of those platforms, but what is really different about all of this is that now Apple is no longer the leader.

It looks like Spotify is about to take over the leadership position in the podcast if they haven't already. I've made sure my podcast was on Spotify. I hadn't had it on there. They had changed the rules. I don't know some time ago might've been last week. I really don't know. But they changed the rule since the last time I looked. It was easy enough to get mine on there. I think they wanted me to pay before.

Now I have a podcast that's in the top 10% of all podcasts worldwide, which I think is pretty darn cool, frankly. We're having thousands of people listen every week and that just does my heart good. I stopped doing the podcast for a while and it really hurt me, while it was like a year and a half- two years and I wasn't releasing content.

I really lost traction because I had 20 million-plus downloads of the podcast, which I can still say, because that's true, but I've only had about a quarter-million downloads in the last little while still top 10% of all podcasts worldwide.

What Apple is trying to do now, is try and help people understand a little better and get rid of fear by changing one word in podcast land. If you go to Apple for instance, if you go to Craigpeterson.com/apple. That's what it is you'll see. It'll take you automatically to the Apple podcast page.

Once you're on the Apple podcast page, you'll see that you can listen right there on the page. It might open your podcast app or on your Mac. It might automatically open your music player, they keep changing the names of some of these things and let you subscribe.

If you do, I would really appreciate it.

The word is "subscribe." That word has been a problem apparently for Apple because most people when they think of subscribing they're thinking they have to pay for something. You see where they're coming from. So a lot of people didn't want to subscribe because they didn't want to pay.

Podcasts are free. No one charges you for them. Now, there are some subscription models. Don't get me wrong, but in general, podcasts are free. What Apple has done now is they changed the word, subscribe to follow. Which they think most people will understand. Following someone doesn't cost you anything. That comes from all of the social media platforms that have really changed things up for them. This change to the Apple podcasts app is going to come with the release of iOS 14.5 and. We'll see if it actually makes it in there.

It was noticed by PodNews, which is a website that reports on the podcasting industry. They were showing, Hey, look at this beta version of iOS where they're changing it. So that's how we know it's coming. I think it makes sense.

Edison research I've quoted them before they're a market analysis company. They found that 47% of people who don't listen to podcasts thought it cost money to subscribe to podcasts.

That's true with most of these apps nowadays, you can get it for free, but they also have paid versions. In Tune-In the paid version, lets you pause, live radio, and go back and listen to it later. I used to use that a lot back in the day. You also have different features on these different podcast listening apps.

Most people are confused about it. 47% think it costs money to listen. So Edison research vice president or senior VP Tom Webster said the reason for this is because of the one word subscribe. That's a huge problem with nearly half the people surveyed. Won't listen to a podcast because they think they have to pay for it.

Now, Spotify, which is edging up, if not surpassing Apple with the number of people who listen to podcasts has already switched. They're using the word follow to describe the feature that adds your favorite podcasts to your playlist. Spotify has also played around with this idea of paid podcast subscriptions, which could be separate from the idea of a paid podcast offering. It's a premium paid music and everything else. So it's I think it's going to be interesting. We'll see.

Apple has switched pretty clear to help get rid of some of the confusion on its platform.

Have a look for me, Craig Peterson in your favorite podcast app. Sometimes the easiest way to find me is just to go to Craig peterson.com/the name of your favorite podcast app.

All right we've got one more segment here before we leave for the day.

So don't go anywhere.

We've got one company that wants to sell the U.S. Federal government location data from every car on earth. Did you even know that was possible? We're going to talk about what's going on.

Hey everybody. Thanks for listening. This is, of course, Craig Peterson.

Man, we have a problem coming our way and then get another one. This has to do with our cars. You might have heard, I heard that Massachusetts decided that they would start charging attacks based on how many miles you drove in the Commonwealth, and the reason behind all of this, supposedly, and it probably is, was that we have cars that don't burn any gas, electric cars, and they are using the same roads. They need the same law enforcement people. They need the same bridge repairs as everybody else, but they're not paying any gas tax. So how do we make them pay as they should? Mass it hasn't gotten very far with that yet.

There's this port in your car called an ODB port or ODB2. This is a port that was mandated by the Federal Government I think in the late seventies when they started this whole mess up.

That port gives them access to the onboard computer. That's there in your car? Hint. ODB, onboard computer. Important there in your car. There's so many three-letter abbreviations that sometimes I kind of mess them up.

So Mass was saying, we can just hook up your car now we're hooking it up anyways when we're checking the emissions cause your car squeals on you. It's not like the days back in the eighties where they would stick a sensor up the tailpipe. To see what your emissions were like. They just ask the computer. What are the emissions like? What's the NOx? The CO2 emissions? How fast is he accelerating?

That same port has been used to give trap traffic tickets but in different areas. Yeah. OBD port, I just looked it up just to make sure I had the right name for it. And it's been used to give tickets up in Canada and Montreal. There's a report that came in of somebody that was racing up and down one of the main streets in Montreal and the police got there and nobody was racing up and down. But a car by the description was there. So they pulled the car over, they hooked up the OBD reader to the port in the car. The car said, yeah, I have been going at this speed recently. The cops gave the guy ticket just based on that.

Our cars had been squealing on us for a long time. Mass wants to use it to say, how many miles has the car driven? Then there's questions about can you charge people mileage, not in your state? Obviously, they are already. If you live in New Hampshire and you happen to drive into Mass one time and you buy gas there, you are paying mass gas tax, which by the way, Charlie Baker apparently wants to double. There are some limits, but I don't know how far they go.

There's a lawsuit right now in the Supreme court between New Hampshire and Mass, over Massachusetts charging income tax to New Hampshire residents that never even stepped set foot in the state of Mass. So it's really convoluted.

We have over 9,000 different tax jurisdictions here in the United States, and that makes things really crazy. When you think about all these different government agencies that want to put their hands in the Till and want to do stuff.

How does that tie into the cars? Our cars are getting smarter and smarter. This port that was put in decades ago was the first step. The car's squeal on ya and the tell information that should be private. Some of the cars now, these better, faster, smarter cars, like the Teslas keep track of everywhere you've gone. Where you're driving? How fast you're driving? The cameras are actually recording all of the activity, everything that they see. There's seven cameras on these cars and all of that stuff is stored and could be pulled out, certainly in a court of law. We're seeing in some jurisdictions that their police want to get their hands on it. There is something going on right now.

There's a company out there called Ulysses. They are a surveillance contractor, and they're claiming that they can remotely geo-locate vehicles in nearly every country, except for North Korea and Cuba on a near real-time basis. That's from Vice motherboard.

So Ulysses is obtaining vehicle telematics from data that's coming out of these embedded sensors and communication centers that are in our cars and in the roadways. Some of these cars are now sharing data. This is a technology that was pioneered by NASCAR and formula one so that the cars could avoid accidents with each other. So the cars could be much safer for the drivers. That makes sense. The cars all talk to each other on this mesh network.

Now we have these companies that have these autonomous features self-driving cars if you will, that are doing much the same thing. They are looking to use mesh communications and some of them already are. By grabbing things from these connected cars, like the engine temperature, your acceleration, where you started your journey, where you're ending the journey, it is a real problem.

There are more new cars now being added to cellular networks. The new cell phones. Here's an article from ARS Technica from a couple of years back, it says in particular, this Shanta Sharman Consulting noted that AT&T has been adding a million or more new cars to its network each quarter for the last 11 quarters. While they didn't break out the numbers for other service providers. It also revealed that Verizon is set to make at least $1 billion from the internet of things and telematics and previous research from Gartner suggested that in this year, a few years back, 98% of new cars will be equipped with embedded modems. It's probably close to a hundred percent by now, by the way.

Our Teslas and pretty much any other self-driving car is guaranteed to be called home because they use that call home function in order to upload new software for the car in case there's some sort of a problem to upload driving data so that they can figure out why did the driver have to hit the brakes or grab the steering wheel to make it smarter?

So our cars are recording all of that data is coming together. Ulysses claims it can currently access more than 15 billion vehicle locations around the world each month and estimate that by 2025, 100% of new cars will be connected and transmitting gigabytes of collectible data. Definitely a concern here. Definitely concern.

Keep an eye out for that. Maybe, I'm gonna keep my 1980 Mercedes diesel. I chuckle because it's rusting out, rusting up pretty badly, but I don't know that I want one of these cars getting tracked everywhere. Bad enough having an easy pass on the cars.

Let's talk about tech vendors and their lack of security. I really picked on healthcare for the first hour of today's show, but a majority of companies are saying they're more likely to buy from suppliers that are open about security issues.

The federal government is now enforcing this SPRS, which is a score that is from zero to 110, that it has to be self-generated at this point by DOD contractors to indicate how secure they are. Then the Department of Defense can look at that and say, okay it's a nut or a bolt and we only buy this once a year. I really don't care if they score highly or not. All the way on the other side.

We don't see this for regular businesses. An increasing number of companies have identified security as a major consideration in their decisions to purchase hardware, software, and services. We just had this conversation with a manufacturer. We had this conversation within the last week with, again, some of these medical providers, the Ponemon Institute says that nearly two-thirds of the people, that were polled in the survey, consider it very important for their technology providers to be transparent about vulnerabilities, security, updates, and ways to patch security issues. But most vendors failed to offer that transparency. According to 47% of the people who say they're not satisfied with the security information provided by vendors.

I was really harping on this near the beginning of the show today that it is bothersome to me that so many businesses are trying to do the right thing. They're pouring a lot of money into cybersecurity, and yet they have to compete with businesses that don't care. That don't know how to do it. They don't care to learn how to do it. That's what I mean by don't care.

I think everybody cares to some degree about cybersecurity, but in reality, if you're not doing enough about it and you just don't care enough.

So I really want to extol to everybody. Take some time, make sure you are on my email list. Cause I have a lot of stuff I send out over all kinds of free tools, third-party tools, right?

Not everything I send out is from me, about me, buying me. I send links to other websites and things, and I do that every week to help keep you informed.

I also have some special programs that I do and this next week I am starting a course for Improving your Windows Security.

If you let me know by sending me an email Craig at me, me@craigpeterson.com, and tell me that you're interested in Improving your Windows Security. I'm going to be giving you a special coupon that nobody else can get for this core course that you need for cybersecurity.

So check it out online, make sure you are on my email list. So you get all of this great free stuff you find out about paid stuff.

If you can do it. If you can't, don't worry about it. I want to help. Craig peterson.com.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553

1452 つのエピソード