Auto Care ON AIR

The Human Firewall: Why Cybersecurity Isn't Just a Technical Problem

Auto Care Association Season 1 Episode 52

Share episode

The digital revolution has transformed our lives, but it's also created unprecedented vulnerabilities. In this eye-opening conversation between our host, Stacey Miller, and cybersecurity expert Tony Perez, we dive deep into how artificial intelligence is supercharging cybercrime at an alarming rate.

Perez, a former US Army Captain and Founder of NetLok, explains why professional cybercriminals aren't just shadowy hackers, but organized businesses with marketing departments and customer service teams. "These are formal businesses," Perez reveals, "and they're laying off the liability to you." With the rise of AI and large language models, these criminal enterprises now have tools that make their attacks nearly impossible to detect. As Perez shares, even the FBI admitted they can't keep pace with AI-accelerated cybercrime.

The conversation takes a particularly fascinating turn when Perez explains why we should focus less on abstract risk and more on potential disruption. While many dismiss their cybersecurity vulnerability because they "don't own much," Perez points out that a single breach can disrupt your life for years. This is especially true for businesses, where recovery from attacks often takes months and costs far more than preventative measures would have.

Most surprisingly, Perez reveals how our vehicles have become massive data collection machines. Your car knows who you call, where you go, and even stores your garage code, information that can be compromised with devastating consequences. In one shocking example, he describes how thieves at sporting events have stolen cars, used the navigation system to find owners' homes, and then used the car's garage opener to gain access.

The most valuable takeaway? "Cybersecurity isn't a technical problem, it's a human problem." Before investing in expensive security systems, educate your team, understand your vulnerabilities, and create a clear disruption plan. By treating cybersecurity as a community responsibility rather than just an IT issue, you'll build your most effective defense, the human firewall.

Want more practical strategies to protect your business in our increasingly connected world? Subscribe to Auto Care ON AIR for insights that keep you ahead of emerging threats and opportunities.

Send us a text

To learn more about the Auto Care Association visit autocare.org.

To learn more about our show and suggest future topics and guests, visit autocare.org/podcast


Speaker 1:

Welcome to Auto Care On Air, a candid podcast for a curious industry. I'm Stacey Miller, vice President of Communications at the Auto Care Association, and this is Traction Control, where we chat about recent news from the global to the local level and what it may mean to the industry, featuring guests on the front lines. Let's roll In the studio. Today we have my friend, tony Perez. Tony is a seasoned entrepreneur and futurist who has built a career around breakthrough innovations in technology, security and product development. He's a former US Army captain and Purple Heart recipient, and his military background instilled a really deep understanding of security best practices. He played a key role in scaling iMagic to $70 million in global video game shipments and later founded Safety Syringes, securing 10 US patents before selling the company to Becton Dickinson. Perez's interest in cybersecurity led him to develop Netlock, a patented user-friendly passwordless authentication technology designed to combat large-scale cyber threats and enhance online security. Say that five times fast. Welcome, tony.

Speaker 2:

Thank you, thank you. I really appreciate you inviting me in. So let's start out with the AI platforms and large language models. Back in January 2023, openai was introduced in the last half of 2022. And I went to a conference up in Silicon Valley and the first, you know, the keynote speaker was a guy from the FBI and the first words out of his mouth is that AI is accelerating cybercrime and there's not much they can't even think about how they're going to catch up to the impact of cybercrime at that level. That was January 23. And, of course, things have blossomed and grown ever since that.

Speaker 2:

But what I want to talk about is you know what is the power of AI and what is? What other advantages does it give the cyber criminal? And I want to define cyber criminal as both nation states as well as professional cyber criminals, right that run actual businesses with marketing, sales, customer support, etc. They are formal businesses. They are formal businesses and because they are formal businesses, well, almost everybody on the Internet today is you know you can make a thousand dollars a week. The da, da, da, da da those are a good portion of those invitations are from these cyber businesses and what they're doing is they're laying off the liability to you. So if you do something illegal, somebody is going to be knocking on your door, not their door. Ok, so let's talk about. You know how AI and large language models have really enhanced their, their capabilities and, quite frankly, it makes it extremely difficult to fight them, and this is the theme behind this. The danger of AI is the power to access, manipulate and control data through AI logarithms, and the danger is that non-human security barriers can be built into that AI algorithm to concentrate economic power in the owners of the platform. That's pretty serious, yeah, and you know what. We are seeing that today. So let me give you a little bit bigger picture of that particular situation.

Speaker 2:

There are three things in the hackers or cyber criminals, toolkit today. The first one that we all know about is the internet itself. However, it's really a global internet because a lot of the professional hackers that are out there are actually hired by nation states. So nation states are attacking and nation states are defending and guess what? There's a ton of money in it. It's not going to curtail. There's a ton of money because they have to protect themselves as well as attack.

Speaker 2:

So that means if you're working on a global internet you can attack from any place in the world and of course, we've seen that. That's why we fear the Russians and the Chinese and the Iranians, et cetera. And there are, you know, I think, probably two to three hundred thousand Attackers from those groups and Americans just in the United States alone. Wow, just in the United States alone. That's a staggering number. Yes, and because I'm in the security business and we try to do things to protect ourselves, we have collected data showing how many attacks we would get on a daily basis and where they're from. And when the Ukraine war started, for example, that really it was, you know, a catalyst for more taxing the United States. And this is what people don't know. It's a global tool. The internet is a global tool for cyber criminals.

Speaker 1:

That geopolitical situation is really amplifying cybersecurity concerns, and it doesn't really matter what type of business you are, what type of user you are. We could all be victim to some sort of cybersecurity attack, which is why it's important to be so vigilant, and we're talking about this topic today.

Speaker 2:

Well, and I'm glad you used the word geopolitical, because I want people to understand what are these tools? Well, the next tool that everybody is using in that world are Bitcoin and cryptocurrencies, because they can now hide their revenue in foreign locations and we cannot tap into that revenue or even measure it. Quite frankly, you know, there's the old statement from Watergate. You know follow the money. How do you follow the money if it's in a cryptocurrency?

Speaker 2:

Very very big problem. So they have access to everybody from any location and they're hidden. And now they're able to hide their money. And now here comes along AI and large language models. Well, what does that provide? They could see an email coming in, see something wrong with the English or the logos and say, okay, this is a bad email and I need to just junk it and erase it With ChatGTP. All the logos, all the grammar, everything is proper now. So it's almost impossible for the average user to really determine what is good email and what is not a good email. Yeah, that's why business email compromise has grown so, so dramatically.

Speaker 1:

Yeah, the spoofing and the phishing and whatever all the other terms are are basically out of control at this point, it feels like are basically out of control at this point it feels like.

Speaker 2:

And what we recommend and I would recommend it to your audience if you don't know the source of that email, just erase it. I probably delete close to 500 emails a day and I would say about 80% of them are automatic now because I rejected them so many times. The other problem is you know it's hard to say, oh okay, I don't want you to send me any more emails, because as soon as you hit that button to you know to unsubscribe, they got five other or 10 others you know email addresses that'll be sending you an email in their place. So the best thing you can do is just delete. That's a very practical way of going and save your time. Don't read them If you don't recognize. Don't read them, especially if something comes from your bank, unless you're dealing with your bank. Currently, the bottom line is don't open anything that would jeopardize your financial information.

Speaker 2:

And emails is the best way they do that.

Speaker 1:

Ultra, ultra discerning. I mean, there is a point where you know, here at Auto Care Association it's like let me go run down the street and go get this done. And now it's like, all right if Bill asks for target cards. It's not real and it's just crazy the amount you know, the extent that these criminals will go to try to trap you into their system to get that information. So the simplest of things.

Speaker 2:

That's a great comment, because you know that's such a simple thing that you guys now realize that, but the word hasn't really gotten out and hopefully with this podcast, some of your people will pick up even your advice from your IT department, because they're right on, you know. The fact is is that the internet is an open source to everybody. The Internet is an open source to everybody and with all the major hacks that have been documented, I believe that almost everybody's personal information, a social security number, et cetera all those things are already on the dark web, yeah, and all they have to do is pay for them. You know, uh, you want a credit card to use for next hour, and and grab something five bucks and you got a credit card, go charge a thousand bucks or whatever. And if they, you know, if the, if the outfit that you're buying from is not sensitive to that and doesn't have a good system, uh, they rip people off every hour.

Speaker 1:

Oh my gosh.

Speaker 2:

And then just burn the card.

Speaker 1:

Wow. And now you know. Transfer that to the scale of a business. Yes, now you've got a real problem. I could turn off my bank card. I may lose some money if I did it on a debit card versus a credit card. You know all those consumer protection things, but for a business that could be absolutely detrimental.

Speaker 2:

Oh, absolutely, and it's happening every day. And the other part about AI? Because, see, here's the problem. We all grew up in a physical world. Right, we understand the car, we love it. We make emotional decisions on the car that we want to buy if we have the money which is getting harder, by the way, it's probably your first major purchase as a young person is getting that car you always desired.

Speaker 2:

I remember I worked for about seven, eight months to save enough money to buy my first Volkswagen, which cost me $900. Wow, those were the days. Those were the days I mean I used to make these Mad Mammoth ski runs and it would cost me, I think cost me four dollars and fifty cents for gasoline for the entire trip.

Speaker 1:

Amazing.

Speaker 2:

Yeah, that dates me, you know, oh man. But yeah, it was. You know it was fun. You mean mobility, personal mobility is freedom, freedom. It's joyful. Yeah, if you're going to business in LA, you can get stuck in the traffic. But on the weekends, when you're buzzing out to the beach or buzzing up to the mountains or going down up to the wine country to enjoy the day, and stuff like that, having your own car or maybe even a convertible with the top down and letting the breeze just go through your hair, nothing can be better. Couldn't agree more.

Speaker 1:

That's why we work in here at Auto Care Association. We want to protect that freedom, allow for you to purchase the vehicle that you choose. That's right for you, service it where it's affordable and convenient to you, not be forced into other options. And, you know, maybe buy a vehicle that you actually own and that isn't spying on you or doing something nefarious or having to worry about, you know, a cybersecurity risk in that too. So there's a lot to consider.

Speaker 2:

You're absolutely right. You're absolutely right and I hope your audience is listening to you quite frankly because that privacy, that sense of freedom, is being attacked Absolutely, and we got to protect ourselves the best we can. So that actually brings me to the third thing, because the other thing about AI AI, you know, it's part of the digital world, and the digital world is really invisible. That's why people don't understand it. You know, cyberspace is invisible. These things just happen, and so and it's getting worse in terms of identity, because you know, basically, companies are in a very difficult situation. They need to protect people's information Right, but at the same time, they need to verify that the information is actually accurate when that person is in the invisible space of the Internet, right, right, so the thing that is developing now, because of AI, is even more difficult or more pervasive, is digital IDs, and the digital IDs are going to collect what they call behavioral biometrics.

Speaker 2:

Now, a biometric is like facial recognition, like your fingerprints and things like that that most people have heard and are probably using on their phone or computer, et cetera. What's happening, though? To make it more effective in identifying a person, they're studying your behavior, and many of these companies are not only asking permission to track you, but they're asking a lot of other questions when things come up. And some of these companies collect as much as 45 or 50 habits, daily habits that you're doing. Who are you calling most frequently? What time do you call them? When do you leave your house for work? What do you do on the weekend? You know when do you leave your house for work, what do you do on the weekend? Every single one of these is used. Well, if these are that person's habit and then they're calling in to do something where the company is using our product and we see an abnormality, something abnormal, then we don't want that call to go through, or we want to put up some barrier to make sure it is that person.

Speaker 2:

Absolutely a great thing to do.

Speaker 1:

Is voice verification one of those behavioral biometrics I think back to. This is so funny. You remember the movie was it the Macaulay Culkin movie? Richie Rich and the parents have to sing into the speaker to open Mount Rushmore and it's like voices match. But then I call my credit card company the other day and they say you can enroll in voice verification and instead of a password we'll just identify your voice no-transcript and things like that, for a number of reasons, and you know, one of the things that we protect against is these type of biometrics.

Speaker 2:

So, anyway, the problem with voice is if a criminal is listening in to your message, it only takes three seconds to be able to duplicate that voice.

Speaker 1:

Wow.

Speaker 2:

And use it against you. So I would never. I would advise your people do not use voice. It's too easy to compromise.

Speaker 1:

Wow.

Speaker 2:

It's three seconds. I couldn't believe it.

Speaker 1:

That's mind blowing, honestly, and probably the rate at how quickly that technology came out and then how quickly a criminal was able to kind of crack and break that technology is even scarier. You know, like there's a lot to keep up with.

Speaker 2:

Oh yeah, well, everybody's heard a deep fake, right, really Okay, and you know where they're using. You know Obama's face and his words and stuff like that. Well, if you can make the voice consistent with what you're seeing on the screen, it looks real and it's the best way in many cases to spread misinformation.

Speaker 1:

Yeah.

Speaker 2:

So there's all kinds of aspects of using these tools. Like every technology, things can be used for the good or things can be used for the bad. Right now, these tools like AI are giving cyber criminals a greater edge and, quite frankly, it's extremely difficult for your IT people or your security people to protect against it, because it's like being in a building and there's a thousand windows somebody can come into.

Speaker 1:

And you mentioned that you went to that conference. You know it's like one of the inaugural conferences about AI and you know you've got someone from the FBI there already. Now clearly you, through what you do at NetLock and I want to talk about that a little bit too you're very aware of the risks and the growing risks that AI kind of brings to the table when it comes to cybersecurity, and we're seeing that increase kind of at an exponential rate. As with any technology comes about, everything changes really rapidly. How are you feeling about the amount of cybercrime that's happening that AI is contributing to? And you know lawmakers, regulations, you know we hear whispers about, hey, we need to, we need to regulate this, we need to make sure that we're keeping people safe. You know, is there progress being made in that realm kind of from your research or do you feel like more needs to be done?

Speaker 2:

Well, we're at the, you know, the dawn of a new technology and we do not have the capability right now to protect against it. All you have to do is be able to. I mean, there is a lot of effort, in fact. The AI area it's predicted to be worth $30 trillion in the next five years Trillion with a T, trillion with a T.

Speaker 2:

Trillion with a T, we're way beyond. I mean, I remember, if you knew a millionaire, wow, that's really great. Now you know there are over 3,000 billionaires, and trillionaires are the next step, and that is going to be because of AI. Okay, so you're asking the right question what is the industry trying to do about that? And, quite frankly, I see a lot of confusion. Yeah, okay, and you can't depend on our legislators to properly, properly, necessarily properly, regulate this, and this is why, you know, I I consider, you know, elon musk the second largest threat that we have out there, because he's unregulated and he's breaking into everybody's personal information. Why is he doing that? Because he's feeding his own AI algorithm with all your personal information. That means all his business competitors. He's in the automobile industry. He has huge government contracts, which is taxpayer money. It's supposed to be used for the good of the taxpayer in a nation and he's using it to get a competitive edge over the competition.

Speaker 2:

Not fair, and you don't see the government doing anything about it. And the fact is, in that regard, like many people, when you mention AI to people, they don't get it. It's beyond their ability. You know, when I was younger, I was in the video game business. I had worked for Mattel and a company called Imagic, and the legislature was considering trying to regulate video games because of you know, the war scenes and all the negatives about that, and so I actually was a witness in that regard for the industry. I went to Washington DC and had a great time while I was there, but it was interesting how uninformed our legislators are. The fact of the matter is, if they do have somebody on their staff that knows what's going on and understands the technology, they're helpless. They're only going to listen to the lobbyists on what to do next.

Speaker 1:

And that's the danger, because I think for most people, AI is oh, I heard about ChatGPT. It'll help make an itinerary for my vacation or help me write a paper for school or for work, and now these image generators that people are using on social media like the fun things right. But I was looking at a conference and they had said there's something like 80,000 AI tools out. The something that you said with me in the beginning, really stuck in it, was that you know, sometimes these, these cyber crimes or criminals, it's a business. It's not. You know. You often think there's one bad actor and it's a person in a dark room doing something on a computer to try to get your or your business's information. But there are whole businesses built around this cyber crime in order to to, to create all of this chaos for people and, you know, in the end to make money right, because cyber crime is about money mostly right, like they're trying to.

Speaker 2:

I mean, I don't know if you saw the movie Bruce Willis, live Free or Die Hard yeah, did you see that? Of course, yeah, and it was fun and a fun movie. But, you know, realistically, this is why I love movies and entertainment, because, in a lot of respects, they are showing us what's where the world is headed. And, you know, the key to that movie was, in the end, it was about the money, stealing the money, right, but at a scale that no criminal ever thought before. I mean, these are crazy theories, you know, and conspiracy theories in some respects, but we're starting to see things happen along those lines, right? So the world is very gray when it comes to cybersecurity and what its impact will be, and tools like AI just make the situation worse.

Speaker 1:

Yeah, absolutely. We've gone through all these different like I think they're called like attack surfaces right, like there's all these vulnerable areas where someone could obtain information about us and then use that information you know for nefar your phone, you know anything you post on social media, all these social platforms. We touched on the car, and not just Tesla, right.

Speaker 1:

Like yeah, tesla is a prime example, but a lot of the cars today have so much technology in them and they are collecting terabytes of data from the driver. You know that's something that we talked about quite a lot at Auto Care Association. There's, you know, there's some privacy issues when it comes to being in the car and what it's collecting about you, who it's being transmitted to and then who it's being sold to, because it's very public information that you're being sold to.

Speaker 1:

Exactly it is being collected and it is being sold. That's a fact, that's not a conspiracy. Anybody can Google that right now.

Speaker 2:

Exactly, and that's why every time you go on the Internet to try a new app, etc. It's asking you all your about all your information, Right? So once again, it's about collecting data and information on people and all their daily habits. So let me give you some simple examples of how the automobile I mean you guys are. Obviously your show has educated people a lot in the data collection that an automobile does, etc. People a lot and the data collection that an automobile does, et cetera.

Speaker 2:

But I remember just before I went into cybersecurity I'm a graduate of USC and that's where I got a lot of my background on looking at future trends. Because I look at future trends and say, okay, what's the problem here, what's the problem here and what can I do to solve that problem with today's technology? But anyway, so you would go to a football game. It's crowded. There's always going to be people that leave their keys in their car. So they just walk through the parking lots, find one, open it up, turn on the car and you know, hit the navigation or map on the computer in that car and it takes them directly, gives them the directions to go to their house and opens up the garage door which allows them to get into the house and steal anything they want. It got so bad at the usc games.

Speaker 2:

At that time they announced please make sure that you have your car keys, because this is the problem, okay, that you know when you think about that was just a real, practical, to a large, not that unsophisticated situation. But with the data that is now collected in the car, With the data that is now collected in the car because you interface with the car with your cell phone, that means it has your complete database of connections who are your friends, where do they live, who do you call All your personal information that's in that cell phone is now captured inside your car, right, and it can be used against you, and it can be used against you and it can be used against your friends.

Speaker 1:

That's very serious.

Speaker 2:

And I, you know, one of the things that I have learned is don't put your life on your cell phone.

Speaker 1:

That's going to be a tough one for most people.

Speaker 2:

Exactly Right yeah.

Speaker 1:

Convenience of having this thing have everything that you need is is worth more than the risk that people take, you know, and that's that can be. That can be a tough pill to swallow sometimes.

Speaker 2:

Yeah Well, I think you just mentioned a word that's rarely really important and that's the word risk. Ok, we are looking at the cybersecurity problem, businesses, personally, et cetera, from the risk and a lot of people say, god, I'm such a small person and I don't own much and my risk is low, so I can afford to put all this stuff on there because it's really convenient. That's the wrong way to look at it. I mean, think about it. Do you have risks every time you drive your car that you might be in a car accident? Of course you do. Even if it's low, you have that risk.

Speaker 2:

The problem is not the risk. The problem is the disruption to your life if you're in a car accident. If you're in a car accident, you have to ask. You know, ask to be policed. You got to notify your insurance. The other person may have road rage. You might get in a fistfight.

Speaker 2:

Look at all the disruption that can happen because of an incident. Risk is the wrong way to look at this. This will, if I do something wrong in this area, this could disrupt my bike not only for a day or an hour, but for years, and that is how you should measure that, and that includes using these devices with your children. If you have children, you know, so one of the great things that you know several states are imposing now is that kids can't bring their cell phones in their classrooms. There you go. You got to train them at that level. That's right, and so you know. And because in the car it's picking up all the radio signals, that means all your passengers, et cetera that data is being compromised as well, so all their lives will be disrupted if something goes wrong when you're in your automobile. Yeah, so it's disruption to your personal life. It's disruption to your business as well, and that's really what people ought to look at when they're looking at cybersecurity and trying to protect themselves better.

Speaker 1:

Yeah, and I, like you, know thinking about it not short term, but long term. That really translates to business as well. Right, if a hacker gets a hold of your information, wipes your systems and holds all of it for ransom, that's not something that you're going to resolve in an hour. You know, through a visit to the doctor's office they slap a bandaid on it and say you're okay. That's like days, weeks, months of remediation, and even at that point you might not be able to get everything back operationally to where it should be. So that risk is a years, could be a years-long issue if you haven't prepared properly and that's the.

Speaker 2:

So, if you understand, if you look at the disruption of having a cyber attack on your business, then you can say, ok, that's the thing that I'm trying to protect, what can, what kind of tactics can I use to protect myself against that? And you can't. You know, you can go to an expert and they'll tell you you can do this, this and this, and this and this. The problem is you have to take it one step at a time because you can't afford to try to solve the entire problem. Right, it's really a people's problem and you have to invest in educating your people, your family members that use devices and establish some security habits. That's going to minimize the disruption if something goes wrong. Let me give you an example.

Speaker 2:

There are about, let's say, a million and a half cell phones lost every year in the United States, and a good 7% of those are actually stolen by somebody. Okay, so there's a term I hate to use terms, but there's a cybersecurity attack term called spear phishing. Instead of general phishing, where they throw out a big net of emails to everybody. They're targeting this specific person. Ok, so that's why, if they're, if they have access to all their daily routines because of these AI digital identity situations. Then they can pick the moment that person is at their weakest, steal their phone, break into their phone and all havoc starts loose because they got their credit card information, etc. It's disastrous. That's a disruption, like you said, may take them a year to resolve, but also draws in their family.

Speaker 2:

Why are they attacking that one family member family? Why are they attacking that one family member? Well, that one family member, if they're very well off or has a very important information, it's going to affect their. You know the businesses that they're associated with, right and everybody else, so you know education and what you guys are doing. You're a public service and that's why I look forward to talking to you. You're doing such a good thing. I really want to thank you for giving me this opportunity, but thank you. I'm sure your audience will thank you, too for all the things that you're teaching on.

Speaker 1:

I mean we appreciate you because obviously you're a really well-seasoned expert in this. This is why we wanted to have you on the show. I mean you said something so again, so pertinent, but it's the human firewall. Right, like those weaknesses happen with the people. And consider, you know, most compromise is not just us but our companies, right. Same thing with our laptops. Right Like you would be lying if you said that you didn't do a little personal work themselves on in order to reduce some of those vulnerabilities, because the personal and the business have really merged. There's a lot of overlap now For a lot of people, there's not that distinction and to me, like that feels like one of the biggest cybersecurity risks to both you know, your personal life and your business life.

Speaker 2:

Yes, you're absolutely right, and just to reemphasize that with what I just said a few minutes ago, if professional criminals are collecting all that data to put it on an AI platform, if you have all that data on your cell phone and then they have your tax records, what on your tax records is going to show what businesses that you're involved with Okay, because you may be taking business deductions on your taxes, and all those records will come out. So the amount of private and personal information that AI is going to have and can therefore can manipulate, put incredible power on the people that are running that, and here's where it's really bad. Only 2% of the entire population in the US is part of AI, so you're talking about being controlled by a very small group of people.

Speaker 1:

Oh, that's creepy. So I mean it feels again, comparing things to stuff we've seen on popular TV and movies. It just feels like an episode of Black Mirror on Netflix, which I can't even watch because it is so dystopian and it really illustrates, you know, the downsides of some of this technology and how you have to be so careful. So we've talked about, you know like, some common mistakes. We've talked about some attack surfaces. We've talked about, you know what are some of the biggest threats. You know AI is a big part of the conversation. It's really amplifying cybersecurity risks. But I want to talk about some practical advice for people and for companies especially companies to protect themselves against some of these risks. Right, I think there's really simple things that we've already talked about. But you know, on a larger scale, on a business scale, what can and should companies be doing to protect themselves?

Speaker 2:

I think the first thing is is that you know for the owner of business or the executive team to really look at what, what kind of disruption would happen to their business if there was a successful attack, a successful attack, if there was a successful attack, a successful attack, and what are the most important parts of that of in businesses? Usually a business starts because a person has an expertise in a certain area and when it comes to budgeting and getting things done, that department always gets the resources that they need. They don't really share it with other things. So if you have an engineering company, engineering budgets are usually going to get, you know, approved. But you know somebody over in manufacturing or somebody over in customer service they may or may not, you know. So you have to look that. You know the business team has to look OK, where, what would if there was a disruption, what would cost us the most pain? Ok, and then that's where they would want to start. If there was a disruption, what would cost us the most pain?

Speaker 1:

Mm-hmm.

Speaker 2:

Okay, and then that's where they would want to start. What are those areas? Can we prioritize that list? And then how can we pick off each one of those? Okay, so they would build a plan for disruption and most companies don't have that.

Speaker 1:

Right.

Speaker 2:

Because it forces them to make decisions like okay, who's going to be in charge? Is it the CEO, who has been a great sales guy or a great marketeer but knows zero about technology? He just knows that he needs people to do that. Is it somebody in the technology department? Because they will know all the systems and what needs to be protected, you know, is it? You know? Is it somebody from legal? Is it somebody that's a CEO? Because of all the customers.

Speaker 2:

So the fact is, there are multiple roles in a company and you have to decide okay, how are we going to work together to cover all these areas? What is going to be your responsibility? And can you put one person in charge to make sure it's coordinated, not only at that level but at the employee level? You know, we kind of got started. You know, when I started Photolock, it was really for NetBlock, it was just going to be a part-time thing to make a couple extra bucks, okay, and. But when Sony hit and that organization was frozen and they lost a lot of money when frozen, when they were hit by the south uh, correction, by the north koreans, that really put that changed the industry. Yeah, okay, and we have only seen those type of attacks. See, here's why it's not.

Speaker 2:

You know, everybody's going to have to look at the budget of this and why it's so sensitive, and they're going to have to learn how to spend their money wisely. Think about it Big companies spend hundreds of millions of dollars every year in cybersecurity and they still get broken into, right? So what is a small company or medium-sized company that doesn't have that kind of budget? What can they do? That's the value of you asking that question. It's a great question and there are things, but first you have to understand what your problem is and where you're going to get hurt the most, and decide how you're going to put human resources behind that, which will also, you know, require that team to look at their employees and educating them on their role. That's really an investment, but they've already made the investment. They hired these people and they're paying for it. All they have to do is put some materials together, let everybody know.

Speaker 2:

If this happens, we may shut down customer support, or we may tell customer support. Legal will say this is what you're going to say to customers if they start calling in. There are inexpensive ways to help you get out of the problem or to minimize the damage, and those are under control of each little company. And that's before you spend a lot of money with other people. Okay, so it's a people problem. And until people really become concerned about their security and see the bigger picture, how their economic life can be disrupted, you know, completely go into chaos if they don't help contribute to the solution. That's where you know we end up hurting ourselves. We're doing it to ourselves.

Speaker 1:

Yeah.

Speaker 2:

And so you know, understand the problem. Make sure that you educate first. Understand the problem, make sure that you educate first and then, if you have been able to prioritize where are the big, where is the biggest damage, then spend your money in those areas and try to get the right advice and the right tools.

Speaker 1:

Absolutely.

Speaker 2:

Yeah, because once you start that, everybody in the world is going to try to sell you something. Okay, and one of the biggest problems that we have in cybersecurity today is the overlap of the same services that we're paying two or three times to get. That is financial killer and I'm telling you, a small business, a medium sized business, cannot afford to buy every tool that's out there because it sounds good. Right, there's a lot of judgment. It comes down to good judgment, understanding what you're trying to protect. It's just a real human response to a problem. Don't look at it as a technical problem. It's a human problem.

Speaker 1:

That's a great quote. Cybersecurity isn't a technical problem, it's a human problem. Yeah, it is. Yeah, I think that's the quote of the episode. I really do appreciate that perspective, because we talk so much about technology but each time we step back and it goes back to, well, who is implementing the technology? You know who is the bad actor, or actors, the organization that is the bad right? It always comes back to a human that's doing it. So I think one that's super important to remember as people are trying to dissect what's happening and how to protect their business.

Speaker 1:

To remember as people are trying to dissect what's happening and how to protect their business, and then also remember that the human firewall is also a very important part of that, because educating yourself, educating your family, your friends and your business, like there's parallels that can be drawn to. You know one of your good friends gets their, you know credit card stolen and you know a $10,000 bill. Okay, now we equate that to how that happens to your business and how you would need to mitigate that. Well, is the best mitigation preparation? Probably. Does it mean we're going to be able to avoid every and all risks? Probably not, but I think that's a really important, you know point to make when you're trying to wrap your brain around this massive conversation around how to keep you know businesses small, medium and large safe in this new era. As you mentioned, it was earlier.

Speaker 2:

Oh yeah, and you know, quite frankly, I think that your people would appreciate you trying to describe the impact and given that picture that, like every job in a business, it's important. Ok, this is an activity that every person participates in, because we're in the, we're actually in the digital world when we're on the Internet conducting business, right, and it spreads to your own personal lives. And I mean we're, you know, with this stuff. I mean I was looking, you know, I was looking at Uber and Lyft and stuff like that. I was looking at Uber and Lyft and stuff like that and when I last time I was up in San Francisco with my daughter, you know, we had Waymo, one of those driverless cars, and it was really cool because they had all these cameras.

Speaker 2:

And then when I did the research for this, I realized I said, you know, I want to look at what's the vulnerability if you're inside one of those vehicles. Oh my gosh, it's incredible, it is a. It's a gosh, it's incredible, it is, it's a wheel, it's a spy on wheels. And if they make you comfortable and feeling good and you get where you want, you know your guard comes down. Yeah, your guard comes down, but they're watching, they have multiple cameras because they want to protect themselves, that if you do something illegal or make a claim that's not realistic, they have it on tape and they can defend themselves. You know our suppliers and et cetera, and ourselves who use those services. That's a. That's a really a disruptive, a disruptive place right now and it really requires trust. We have to trust that the people that are providing these services are doing it in a way that uh is we feel that they're putting us first. Everybody says put the customer first, right, right, okay, security in protecting their data and their private information is part of putting the customer first.

Speaker 1:

Absolutely. Could not agree more. Yeah, yeah, tony, that's some really interesting food for thought. Do you have any final? I want to get your final thoughts on you know anything else that you would like to share, like as a security expert with the auto care industry or just anyone in general? Right, like things to consider. Well, you know.

Speaker 2:

I think that what has happened in our world? We have moved from a time that we could actually leave our front doors open. You know, we trusted our neighbors, we felt that our neighbors are part of the community. I remember as kids, you know, and there were several blocks that we're all located in, but you know, we would have lunch with one mom that would cook lunch for everybody. We'd be out there playing baseball. We'd be, you know, hiding a seat at night and nobody would ever be worried about it because we trusted the community to watch out there and if kids got in trouble stepped up.

Speaker 2:

We need to get back to that type of community now. I know that the idea of communities are very popular on the, on the digital space, uh, but I don't think it's with that as with that value of protecting everybody, yeah, and I would like to see us come back that the community. I want to be in this community because they care about me just as much as I can compare, uh, care about everybody else in the community and everybody can add their little piece. It doesn't have to be dramatic, but we're. I mean, when you get in an elevator, for example, you know you don't want to, you don't stay around and stuff like that. I mean we're you know we're closing our world and we should be opening it up and inviting people in, even though they may be different from us. So I would like to see the community grow where we are concerned about each other as opposed to what can I get from this other person opposed to what can I get from this other person.

Speaker 1:

I appreciate that and a positive message in a world where we've gone so much more digital, so much more virtual and it seems like trust everywhere is kind of broken, sadly, because of all of these things happening in cybersecurity and the geopolitics what's going on in the world right now. But a really, really fascinating conversation today. Tony, thank you so much for joining us.

Speaker 2:

Oh, I appreciate it. Thank you very much. Like I said, this has been fun and you know this doesn't have to be. This conversation doesn't have to be harsh. It's about us, it's about human beings, and we can have fun at it and do the right thing beans and we can have fun at industry and supporting professionals like you.

Speaker 1:

To learn more about the association and its initiatives, visit autocareorg.

People on this episode

Head Shot

Behzad Rassuli

Host
Head Shot

Jacki Lutz

Host
Head Shot

Michael Chung

Host
Head Shot

Stacey Miller

Host