What Leaders Need to Know About Cyber Security, with CEO Corey White

September 9, 2022 | Featured, Podcast

What Leaders Need to Know About Cyber Security, with CEO Corey White

Podcast: Play in new window | Download

Subscribe: Spotify | Email | RSS

What Leaders Need to Know About Cyber Security

Hi everyone. It’s Jenn DeWall. In this week’s episode of The Leadership Habit podcast, I sat down with Corey White, CEO and founder of Cyvatar AI. We talked about a slightly different topic— one that we need to be more aware of, especially in our roles as leaders— how to prevent a cyber-security attack.

Now, let me tell you a little bit more about Corey White as a transformative servant leader. Corey is a proven entrepreneur focused on innovating and creating new paradigms in the security industry and life. His leadership style is focused on an employee-first approach because of the positive impact of happy employees on their customer relationships. Corey has chosen to take a people-centric approach to life and to let that philosophy drive all outcomes. Twenty-five years of experience in the security industry has prepared him to create the next exponential evolution. You’ll hear more and learn more from Corey as he and I discuss how to prevent a cybersecurity attack.

Full Transcript Below:

Jenn DeWall:  Corey White. It is so great to have you here. Welcome to The Leadership Habit podcast. I’m excited to talk about this topic. One that’s often not necessarily delivered or presented as it relates to our role as leaders, yet something incredibly important to understand in leadership today.

So Corey, before we jump into our topic, which is how to prevent that cybersecurity attack, or maybe how to improve our ability to understand what else could be going out there. Let’s go ahead and turn it over to you. Tell me a little bit more, or introduce yourself to our audience a little bit more about your background, what you do, and heck, anything you would like to share with our audience. We’ll take it!

Corey White:  Okay. Well, Jenn, so glad you have me here. This is going to be a fun topic. I love diving in and demystifying, you know, cyber security. I’ve been doing this for 27 years. I’ve been a penetration tester. I’ve been an incident responder. I’ve run multiple teams around the world around cyber security. So I’ve kind of been there and done that over the last 27 years. And I have lots of insight that I’m looking forward to sharing. So let’s dive in.

Why Should Leaders Care About Cyber Security?

Jenn DeWall:  Yeah. Well, first, let’s level set. I’m going to start with this question first. Why do leaders need to care? Isn’t that just the role of their IT team? supposed to be over there managing all that. do I, as someone who maybe doesn’t feel like my role is directly responsible for cyber security, need to care? Let’s level set there, and then we’re going to go into some myths about it, but why do leaders need to care about this topic?

Corey White:  Well, it’s a few things. If you’re a leader and you’re on the board for your particular company board are now being held accountable for cyber security attacks. And so you have a responsibility to make sure that the companies you’re on the board for are doing proper cyber security controls. Now the other piece—there’s a lot other reasons. Not to go too quickly through them— but you think about compliance just for your business to do business with other companies. You sometimes need to have so two compliance need to have proof that you have a security program in place because there’s a thing called third-party attacks. And you think about Target. When Target got attacked, it was an air conditioning company, Fazio Mechanical Services, that got hacked, and then they were connected to target. And then that’s how they got into Target’s network and hacked them.

So your third parties have to be secure. So if you’re a small company, do business with a bigger company, they’re now forcing you to be secure. The last reason why you as an individual— even you, Jenn—everybody should care about cybersecurity is because of this. I’ll tell you a really quick story. I was doing this incident with this you know, pretty big company in Los Angeles. And the user had clicked on something, gotten themselves compromised and a keylogger got put onto their system. Well, when we get forensics, we could see that, that Friday when they got their check and they, when they checked their bank accounts, they key logged their credentials. So the hacker had their credentials. Okay. So when you’re computer, even at work and you do personal things on it, they get into your account and your identity, your personal information is compromised, not just the company. So you need to care about the company and also your personal information. And I could go on, there are a lot of reasons why you should care, but those are some of top ones.

The Myths About Cyber Security

Jenn DeWall:  My gosh, well, we ha right. Is there any way we can ever not care about cyber security in the age of data? I feel like it’s one of those things that all of us need to be aware of. And I appreciate that perspective because I never thought about even having a third-party vendor, someone that could create more vulnerability for the organization. I honestly never thought about that. Because you would think that, well, our organization likely has everything taken care of. So I don’t have to worry about what maybe the other organization is doing. And so that brings us to some of the myths. What are the myths that you see people have around cybersecurity?

Cyber Security Myth 1: Anti-Virus Software is All We Need

Corey White:  Well, I want to know what some of yours are too, but I’ll throw out some of the common ones. Oh, I got Anti-Virus, and I’m good. Okay.

Jenn DeWall: Yeah, that is my number one. Like, I don’t know, I have my internet security, assume everything is there, and I ran a check or something. I feel like I was much more aware of it even 10 years ago. Then today, I just assume that software is doing whatever I need to protect me. Even though I actually couldn’t tell you what it’s doing.

Corey White:  <Laugh> lemme give you some insight. I’ve spent in my career, 15 years of it, at very large antivirus companies. And so, to provide you with some insight into legacy antivirus was created in 1987. Okay. Last time I checked is what, 2022, if we’re using 1987 technology that just matches signatures. I’m going to take a stab in the dark that the hackers have a way around that. Okay. Yeah, they do <laugh> and so antivirus was actually never really designed or to stop attacks new attacks. So that means if I create some brand new malware that no one’s ever seen before, it doesn’t have a signature to match to detect it. And so I’m going to get in every single time. So the hackers, when they want to attack a new company or whatever, they create a new piece of malware that no one’s ever seen before.

And so they always get in because their traditional antivirus has never seen it. So that’s one of the biggest challenges there. Now there’s newer antivirus, which is called NextGen. Antivirus uses artificial intelligence and has a lot more built into it that can stop this. But the problem is us as cyber security industry. We have this thing called “managed detection and response” or “extended detection and response.” And what that means is that we’re going to install this great endpoint protection antivirus solution. And it’s not, and we’re not going to configure it to stop the virus. We’re just going to detect when something bad happens.

So the malware will execute on your system, and the hacker could do bad stuff. And then you get an alert, but the incident happens, which I think is ridiculous. <Laugh>, so that’s one of the things that I’ve been changing in the last few years is trying to stop that type of approach, but that gives you insight into hell. These attacks happen, what we’re doing wrong, and the basics do not work anymore. The hackers are getting much smarter than that.

Jenn DeWall:  So it’s kind of like the security that we have today is basically like an insurance policy. You know, it’s there like, we know that something bad will happen. And then we’ll figure it out, but it does not necessarily understand what will happen before it happens. Like you said, it’s just more of the response once the ailment or the issue occurs. Is that right?

Corey White:  Yeah, that’s right. But here’s the thing. To stop a cyber attack, frankly. I’ll put it this way. There are two different types of cyber attacks split into simple terms. One is a nation-state cyber attack that is state-sponsored by a government and sophisticated hackers. They’re kind of going to get in. Okay. Eventually. Okay. Now, I’ve done a bunch of those big ones as well. The majority of them are what I call drive-by hacks. So what I mean by that is you look at your, your street that your house is on, and you drive down the road, and your garage door is up, Jenn. And your side gate is cracked open when it becomes dark. Whose house are they breaking into? You’re the low-hanging fruit. That’s the same thing with cyber security. If you don’t have basic multifactor authentication, endpoint protection blocking, and patch all your vulnerabilities, you’re that low-hanging fruit. You’re going to get attacked.

What Do Hackers Want?

Jenn DeWall:  And what are they looking for? When we think about it, I know this is a little off script, but like, what are people looking for? Because when I’ve seen cybersecurity attacks. One thing I saw in an organization in my role as HR was that I worked for a financial institution. And so one of the attacks they were looking for was to try and take money from the financial institution. But what are some of the things that hackers might be looking for?

Corey White: Yeah, yeah. That has evolved quite a bit. I remember when I first started, you know, they, they, hackers sat in the basement. They were just hacking in and defacing websites. And, and that was what you got than when you got hacked.

Jenn DeWall: More of a fun thing to see it to prove they got in, then? Okay.

Hacking for Profit with Ransomware

Corey White:  And then it started just in the late 90s, early 2000s then. And they started realizing, wait a second. We can steal personally identifiable information and steal identities. We can steal credit card information and make credit cards like the Target or Home Depot hack. But if you notice, we haven’t heard of a big credit card hack in a long time. This is because things have evolved. Things called ransomware and business email compromise is out now. So what they’re hacking for is for profit. So let’s talk about ransomware. Ransomware originally was just malicious malware software. Now it is a hack first. So whenever you get the little pop-up on your computer, “Hey, time to update security,” do security updates! Please do this update, and you don’t do it. Then you can be exploited. Just by sitting in on the internet, for instance, about a month, month and a half ago, there was a Microsoft vulnerability.

And I pick on Microsoft. There are a bunch of different companies that have these vulnerabilities. That’s why you should be diligent about your patching, but they allow you to get into any Microsoft system out there. Okay. And so the hackers, if you’re sitting on the internet and you haven’t patched, you can get exploited. And so you have to do the basics of patching your system. And so once they get into your company and they realize, oh, I’m making up a scenario, oh, this company actually has money. Let’s encrypt their systems with ransomware, and malware, and then disable their backups. And then go through and look, see what their cyber security insurance policy is, how much that pays that’s and how much money they have in the bank. And that’s what we set the ransom to. That’s what hacks look like today. So literally, they’re going through and hacking for profit and using the knowledge of your internal network to figure out how high they set the ransom.

Now I’ll give you a quick example of that, which is pretty interesting; about three or four years ago, I did an incident for a company, and they had the ransom. There were five people in the company. The ransom was $50,000. I like that is way too high. They hacked into you. They know you have $50,000. That’s why they set it that way. So to answer your question, they’re hacking for profit, same thing with business email compromise, business email compromise. If they’re able to get into your email, if you just use username on password and not any kind of multifactor authentication, then they’re going to get in and they’re going to redirect your emails. If you normally pay Corey White, 50,000 a month, they’re going to say, Hey, I have a new bank account. Send it to this bank account. It looks like it came from me. It looks valid. And it did because they hacked into my email. So they’ll be able to redirect that money, get a sense to their account. So those are the two prominent hacks that are hack hacking happening today.

Hacking for Intellectual Property

Jenn DeWall:  So is it more always about just that, that financial number that I can get after the hack? Or is it, do you also see people trying to go for someone for trade secrets or IP? Does that happen?

Corey White:  All the time. Absolutely. All the time. There’s this company I was doing instant response for about five, six years ago. They they said it used to be our products. We would see it out on the market, you know, copies of their stuff. It used to take about two years. Then they went down to a year. Then it went down to about six months. Now it is before they released their product, there’s already a copy of it out there. And that was happening in the medical space. So yes, absolutely.

Jenn DeWall:  Well, and this is so important. So bringing it back to, you know, the leader. Depending on the industry you’re in, whether it’s obviously the vulnerability that you might have as an individual and the information or data that’s being collected or that they could take, but that this could eventually, you know, if you don’t understand it, it could lead to your business closing its door, your competitor creating a substitution for something that maybe you were waging all of your fourth quarter revenue targets on. So this really could be down to whether your org, how well your organization understands. Cybersecurity can determine how successful it’ll be and whether it’s doors will even be open in five to 10 years. Is that a fair, like way to look at it?

Corey White:  Oh, oh a hundred percent. I mean, if you have trade secrets or if you have a new business strategy, whatever and that’s out on the internet, the other thing which happens in ransomware quite a bit <laugh> is they will steal your data and they’ll put it up on the internet and it’s distortion. They’re like, Hey, we have your data. And if you don’t pay this ransom, then we’re going to release this to the internet. Okay. And a lot of the companies don’t believe it, but oh yeah. There’s a lot of data out there, and intellectual property out there. This has been released to the internet. Because <inaudible> know, didn’t think that ware hackers had it. But when, when I always do incident response, I always ask, all right, show me, show me. This is our data, this company’s data. So we can see. And then usually they, they can produce it. And then like, okay. And then you can try to negotiate with the hackers, but that’s, that’s what’s happening out there. So it’s very important to make sure you protect your intellectual property.

Cyber Security Myth 2: Your Firewall Protects You

Jenn DeWall:

Well, now I feel like it makes so much more sense where with what you open with that, if you’re on a board or if you’re in a certain level of leadership, this is actually now something that you are held accountable to because it will have so much of an impact of the viability or long term success of the organization. And so I appreciate you saying that maybe it’s time to go back to going, looking at some of our myths. So I know that I am vulnerable to one of those myths, like I’m protective because I have an internet security. What are some of the other myths that people have about cyber security?

Corey White: Yeah. Yeah. I think the other one, which we all gotta really think about is I have a firewall. Hey, my firewall protects me. Well, it’s 2022 after the pandemic. Everybody’s working remote and at home and remote everywhere else. Right? So the firewall you had in your corporate office– that no longer exists, the only firewall you have is in some cases, your username and password and whatever weak antivirus you may or may not have. And so you are essentially wide open if you’re a remote user. And now you’re going through some kind of VPN, which most people are not. They’re just connecting to cloud SaaS applications. You think it like your Salesforce to Office 365, AWS slack, all of those things or username and password. Now the key here is you need to have the two-factor authentication to help secure that because now that becomes your firewall or at least one component of it. So we have to think about things differently now because it’s not what we see in some corporate office anymore. That world has gone away since the pandemic came

Cyber Security in a Hybrid Workplace

Jenn DeWall:  Well. And that’s, so that’s such an important distinction to make because how many companies, obviously at the beginning, you know, might have went from a fully in-person team to a fully remote. Now, a lot of companies are coming back to that blend, that hybrid environment, which means that we still have those vulnerabilities out there. If they’re not logging in through a VPN. Which do you wanna go ahead and describe what a VPN is for someone that might not be familiar with that term?

Corey White:  Yeah, absolutely. It’s a way for you to connect to your corporate network, through what’s called a virtual private network, so you’re tunneling through the internet, but you’re secure as you’re tunneling through the internet. And so it, you know, separate that your computer and your corporate environment into a separate virtual private network, making it secure. Meaning all the hackers sitting on the internet, trying to scan you, they can’t access your system as long as it’s set up properly. But that, that that’s critical if you’re going to do tunnel links back to your company and so that people can’t access what you’re doing. Otherwise it’s just clear access in some cases.

Jenn DeWall:  Yeah. Thank you for just giving the level set because I’ll go, I don’t have the, the same, I would say cybersecurity language literacy that I wish I did. But the VPN, just understanding them when you’re home. And if you don’t have a separate way or security measure to get you into your company’s drives or information. That’s a vulnerability now that you’re at home. And so if you’re maybe a smaller company that doesn’t have that, that’s something that you really need to be thinking about because that’s a potential threat or vulnerability. So I appreciate you saying that. And I might even ask you for some of the other stuff too, because a firewall, but let’s see what Jenn DeWall calls a firewall. A firewall is, again, kind of similar to a VPN, right? Where you put up the, like you say, you have to hit this authentication to be able to access and get into, you know, the information of our organization. It’s still is a firewall the same as the internet security software that we have?

Corey White:  Yeah, yeah. Firewall is, I think of it. Think of it like a door to your house. You can control who comes in and out through the door. But it’s primarily, you should stay closed. So it’s blocking you from the internet. So when people try to come into your company and access you they can’t because that’s blocked on the internet. The only thing that can come in is the things that you want to come in and usually divert those off as well. I used to be a firewall expert back in the day, so I’m very familiar with it. But here’s the thing let’s, let’s, let’s reset here a bit, Jenn. I did a talk about three years ago called the death of the firewall and what killed the firewall, the cloud. Okay. So, you know, most startups and small, medium size companies and even kind of satellite offices, they don’t have firewalls anymore because they access everything in, you know, Dropbox, Office 365 you know, G Suite everything’s in the cloud.

Cyber Security Best Practices – The Two Factor Authentication

Corey White: So there is no need for a firewall. And, and so as long, but that’s why you either have the two-factor authentication because I just to double click on that really quickly, I just have your password. Let me just say that. Just assume they have a password. They, they have your password, even if it’s longer and complicated, they probably have your password, or they could easily crack it literally within seconds. So you need that second factor where it’s coming back, and you were seeing a text to your phone, and you’re typing that code or, or something like that to secure you because the password is most likely compromised. You know, user name, you know, see why that company name dot, whatever. You know, it is easy to guess that. So they have your password and user name’s easy. So you need to have another factor to secure yourself.

Jenn DeWall:  So basically just assume that right now, if someone wanted to, if there was a business case or that motive for profitability, that they likely do have your password, and they could go to that next level. And so you’re vulnerable right there.

Corey White:  Yeah, exactly. Lemme give you an example. So let’s just say they don’t have your password, but you put everything you did over the weekend on social media. So I look at it, and I’m making up a scenario. I don’t know what you did over the weekend, but I say, say you were at a kid’s soccer game and the kids won or whatever, and you posted pictures of it and everything else. Then somebody says, Hey, I wanted to meet you at the game. I was there two, I saw those was 10 to 2 or whatever. I’m making up a scenario. Then you think this is a trusted person because they used everything you posted on social names, places, everything to make it sound like they knew that. Hey, and check out this link for these pictures I took of your kid, and you can look at that. Do you click on the link? Maybe you click on the link? And that was something to your computer. If you don’t have a comprehensive virus, then it’s able to, you know, grab your passwords, all your information hackers, have your password.

Text Scams and Phishing Emails

Jenn DeWall:  Holy cow. It’s just, I mean, it’s just so interesting to think about all the ways that we actually have to try to be ahead of this, just because of how far ahead hackers actually are. And the example that you just shared reminds me of my great aunt, who just turned 94. I appreciate her level of understanding of what could be a scam, but most people don’t, and someone had done that. They had seen that her grandchild was vacationing, you know, on spring break. Hey, by the way, you know, Corey’s down in Orlando right now and can’t get to his phone. Can you send him money? And this is what I loved about my great aunt’s response because I think they call that like the grandma or the grandpa, like hook and scam. And my great aunt was like, are you guys still doing this one? I thought you’d be on to the next one. And she’s 94. I was impressed with her level of understanding. But most people aren’t aware of that.

Corey White: Right, right. Yeah.

Jenn DeWall: I just think it’s, you know, it’s something that we have to be mindful of. Anything that you put out there, even if it seems like it’s related to your organization or not, it might actually be used, as you had said, to start to open the door, to be able to get the information, the money, the profits, the ransom, whatever they’re looking for. And so maybe this is the, you know, the time and the conversation to think about, in what ways can security be breached or in what way can they start to open the door to get more insights into your business dealings, profitability, or that confidential information or IP?

Corey White: Well, it goes back to the way hacks are happening now. A lot of it’s the phishing emails. And so if you think of it from a perspective of, if it, you think about, I love LinkedIn, LinkedIn’s one of my favorite tools. I connect to everybody on LinkedIn. But if I look at, you know, company a, I look okay, who’s IT for this company. Okay. Now I figure out who the IT people are that have administrative access, then I’m going to target them. And I’m not making this up. This is what happened to Sony and Sony Pictures got hacked. They had typed the IT administrators and they sent them a phishing email related to iPhone. This is all public knowledge related to iPhone. And then one or all of them clicked on it eventually. Got their credentials compromised. And then, then at the end of the day, that led to the Sony Pictures hack, you know, that’s how it started.

So that’s happening every single day. And phishing is a big deal. Business email compromise is a big deal. We have to be diligent in what we’re looking for. And I think the other piece of it is the cyber security industry. We gotta be more preventative, do everything we can to prevent it first. And so I’ll say this to leaders of companies ask, ask, what is the outcome that you’re getting from your cyber security program? Because that’s really important for them to understand. Getting an outcome of being secure, as opposed to, oh, we’re just going to say this product and you’re going to figure it out. That won’t work, but we still use some alerts and you’re going to figure it out. You actually have to know what value you’re getting from whatever solution you’re looking at.

Jenn DeWall:  Okay. This is probably a personal question. Because I’ve had this scam twice, I know we’ve talked about email, but the one that I see more and more is the text, and it would be either the text that’s written from the voice of your CEO. Hey, Jenn is stuck in a meeting right now. Can you go ahead and do this? And I just actually got one from another person in a different organization, and this person, I think it was easy for me to understand how they understood my connection to the CEO. Now that one’s pretty straightforward. You can look at it on LinkedIn. You know, Jenn works for Crestcom. Who’s the CEO? Okay. That’s there.

But the second one that I received was actually with someone that was part of our network that I don’t work very don’t work with very often. And so in my head, I’m like, how did they even connect the two of us because we never work together? How do people even find is, is it all just starting from social media? Is that just the starting place of like, what’s our objective, what we want to do. And then we’re going to social media to start to put together this kind of situational experience to motivate you to do this. Like I’m just amazed by the ways that works. Because I was, again, it was very easy to understand the scam coming from the CEO, but I’m more surprised that it now came from a different counterpart.

Is Your Team Vulnerable to Texting Scams?

Corey White: Yeah. They, they’ve got some really sophisticated tools, there are tools that can use social media and leverage on LinkedIn and it can go in and, and figure out relationships and then they can literally automate this stuff. They can say, ah, okay, well, Jenn’s connected to this person. This person has the title of CEO or CFO or whatever. And they can automate it so all the way, because it happens to us every time we hire somebody new, I make sure that they have my cell phone number so that when they do get that text, eventually that saying, I need some gift cards or something. Let me tell you, and it pisses me off being a cybersecurity guy. And then to have, you know, people using my name in a hack like that. And I’m like, come on, come on. But anyway, it happens, even it happens to me.

And so, but they’ve automated this where they can just automatically see, oh, new LinkedIn person, somebody just, you know, updated LinkedIn and now work for X company. They already know who the CEO is and they can automatically you know, there’s tools like Zoom Info and a bunch of the tools out there. They can get cell phone numbers for everybody involved. And then send those text messages. That’s a hundred percent how it happens.

Jenn DeWall: It feels like my entire life slash my company slash everything I do is online. And so, you know, I understand some of these we’re going to go into the solutions now, what can we do to be more mindful? But I mean, from a general sense, like how do I live my life as an individual, knowing that everything I put online can be used against me. Like I know that from the organizational perspective, but how am I supposed to approach it as an individual? Because I wouldn’t necessarily think going back to your example about a soccer game, that my soccer game would bring it right back to my workplace. So let’s go into the solutions. What can we do to essentially make sure that we’re, you know, aware that we’re prepared and that we’re secure to prevent a cybersecurity attack?

Is Your Cyber Security Program Delivering the Outcomes You Need?

Corey White:  Yeah, yeah, absolutely. And I’ll, I’ll go through for solutions. One of the things I alluded to earlier is that I want everybody to put on their outcome hat. Okay. And what I mean by that is when you think about cyber security and I’ll, I’ll use another house analogy just to nail this home. How we, as a cyber security industry, have been failing, and I failed for a very long time as well. Think about people like, oh, you gotta get your yearly penetration test. Well, okay. Let’s think about that.

Jenn DeWall: Wait, what’s a penetration test. I am really outside of it. What does that mean? Yeah.

Corey White: Yeah. Great question. Thank you. So, so what’s been recommended for, I don’t know, let’s just say 25 years is that you need to get a, an independent firm to do a penetration test of your company to see how, what your company defenses look like and see if you actually are secure. And then if they can actually get in, they’ll tell you how they get in and then they’ll tell you what steps you need to do to secure your organization. Okay. Oh,

Jenn DeWall:  Okay. So I think I know what that is. As it relates to the financial institution, they would send out the like fake kind of happy birthday emails to see like how many people would click on it. Is that an example of a penetration test?

Someone Tries to Hack Into Your System Every Two Seconds

Corey White: That’s one example of penetration testing, but you know, phishing, in particular, to see how many people fall for the phishing attacks. So you’re testing to see if there’s resiliency in the cyber security program here. Here’s the issue to this though. Say, say we tested a company and they came out clean, just most of ’em don’t, but say they came out clean. The next day, they change something. Every single company changes on a daily basis, new computers, new setup, new configurations, and then 50 new vulnerabilities come out every single day. And if you’re only testing once a year, once a month, once a quarter, whatever you’re doing, the hackers are hacking you every two seconds. If you’re sitting on the internet, somebody’s scanning you trying to hack into you every two seconds. So if that’s the case, why would you do a yearly penetration test or a six-month or whatever you need to be having security on a continuous basis.

And so that’s one of the flaws in, in the thinking of the cybersecurity industry. So you gotta think about continuous cyber security. Cyber security is not a one time thing. And I just say, apply the same security. They, hopefully we apply to our home security. So at your home, do you just lock your door once a year? Okay. No! You leave your house, you close and lock the door. We close all the windows and at my house we turn the alarm on. Okay. And so why would you not do that for your company in your company? You are doing it on a continuous basis. You’re doing it like patching once a week or once a month or whatever. It needs to be continuous. So that’s the first thing I’ll share. Now, the second thing, just going into the core things that companies should be should have in place. Number one, we talked about this multifactor or two factor authentication. Please use this within your company and your personal life, your, your Gmail, your, you know, whatever mail you use use multifactor authentication. You’ll stop you from getting compromised. Just have it sent to your phone or whatever. It’s easy to configure, It’s not hard at all.

Jenn DeWall: Thing, but can’t they get to your phone? Like, that’s my other piece of like, can’t they quickly see the six digit code as well.

Corey White:Well, Jenn, if they’re looking at your phone, you got bigger problems. Most of aren’t going to have access to your phone. And if like I have an iPhone and I assume the same thing and be configured on, on on a Google phone as well, other phones, but configure multifactor authentication on your iPhone too, everything needs to have it. So it pops up like you’ll like iPhone will pop up and say, Corey, you just attempted to log in from San Monica, California. And you’re like, oh, was that me? Yes, that was me. So you need to have it everywhere. And if your phone’s compromised, it’s probably a nation-state threat actor, the state-sponsored and you’re screwed anyway. <Laugh>

Jenn DeWall:  I mean, I don’t think, I, I don’t think they care enough about me to get to my phone, but just more trying to follow it to say like, well, wouldn’t, they have that too. I mean, they seem so much more sophisticated than what I realized. And I guess maybe a point that, and this is what I saw, but I’m curious if you see this, like, there are people that, and maybe me, right. Millennial, we’ve grown up with technology. I think I’m pretty aware, but yet, I think the thing that we have to realize is I don’t care how smart you are. They are working to be that much smarter than you are. And so, I don’t know if you notice the tie between maybe people thinking like, oh, I’m smart. Like I’m never going to be hacked by this. Or I know all of the phishing schemes. And then do you still see people fall for it?

Corey White:  Oh yeah, of course. I mean, full disclosure. It, it came really close to happening to me. My, my gardener services was sending me a bill and it was something I was expecting to see. And then he sent me the bill and, and said, you know, click here on this. And then it, it asked we need to connect your, your, I think Office 365 account or bank account or something. And I was like, I was about to do it. I was like, why, why? It just, it didn’t make sense. And I, I was, I was literally was typing in, I was like, wait a second. This isn’t the correct website. They’re trying to steal my credentials. And, and I went back and I told my gardener guy but you know, this is, you been hacked and he’d been hacked. And they knew that I was using those services. So it looked legit. Like to me, I was like, oh yeah, there’s the bill I was expecting at the time. So it happens to everybody. And I, I would never get too comfortable because if you’re targeted, they can use all the information they know about you against you.

Cyber Security is an Ongoing Process – Run Your Software Updates!

Jenn DeWall:  Yeah. Thank you for sharing that because I mean, in your role, you’re like, it can happen to anyone. They are very, very sophisticated in how they look at it. So we have to suspend a little bit of ego and replace it with more curiosity about, does this look right? Does this not look right? So going back to the solutions you had said, it has to be ongoing. I loved the metaphor that you don’t just lock your door once a year. You lock it every single day. And then enabling a two-step verification or authentication. What else?

Corey White: Okay. The other thing is when we get the pop-ups on our laptop, computer or phone, whatever, Hey, there’s a new update. If you actually read those release notes, most of the time, it says it fixes multiple security vulnerabilities or fixes security issues or something like that. They don’t always say exactly what they are, but a lot of them lead to you actually being compromised if you don’t do it. So that’s very, very important because every single day, they’re about 50 new vulnerabilities and exports come out every single day across all software. Right? And so at the end of the day, it’s a software that you’re using as a vulnerability or an export, and you don’t patch it, then the hackers have a direct way into your system or your phone or whatever. So that’s very imporant.

Jenn DeWall: I never thought about it like that. I thought about it as like, do I have, do I have time to do this update right now? I don’t know if I have time. I mean, that’s how I make the decisions. Like, I don’t wanna take five minutes to do this. I gotta, I have work to do. And I’m sure that might be why some people deny that as well, or maybe I’m alone. <Laugh>

Corey White:  Yeah. Some of those there tools out there that, that I could run against your computer and they’ll scan your IP address and they’ll know. Ah, okay, well, Jenn’s run up to these things. I could press a button and have a command prompt on your computer, on my computer in a matter of seconds because you didn’t patch. Okay. <Laugh>

Jenn DeWall:  Oh my gosh. So accept the updates. Give yourself some more time to make sure you’re allowing that software update. Even if it feels inconvenient, trust that it will, I guess, save you a headache. And of course the vulnerability or the issue that could come from cyber attacks in the long run.

The Need for Proactive Cyber Security Solutions

Corey White: Yeah. And absolutely the last one that I’ll share. And there’s more you can do, but these are the basics. The last one I’ll share is back to our antivirus story, right? The next-generation antivirus solutions that can actually be configured to block the attack. And I’ll give you another house analogy. Let’s just say you went down to Home Depot and Lowe’s or whatever, and you bought the best AI cloud manageable door lock you could possibly get, and you brought it home and you put it on the kitchen counter. You still had secured your house, or you brought it home. You actually did install it, but you didn’t configure it to automatically lock itself. After you walked out the door, you just figured it would just send you an alert when somebody walked into the door what to your door. That’s just like having a ring camera pointed at the front door, the front door’s wide open, but again, an alert when somebody comes in actually configures your software to block the execution of malware. Okay. That’s very important. If you have the right software that can do it, you’re stopping, ransomware. You’re stopping malware attacks, key loggers, all those things. And that’s, that’s key to securing organization.

Jenn DeWall: Oh my gosh. I appreciate all of those tips. And we have to go in and talk about your organization, Cyvatar.Ai. So how do you help organizations or companies with these challenges? Because obviously, we know that the viability in the long-term success of a company, whether it’s your IP or just your overall profitability because if they’re looking at what you know, you can afford to pay depends on it. So how do you work with organizations and companies?

Corey White:  Yeah. Yeah. Great question, Jenn. So we built a subscription-based cyber security solution focused on small to medium size enterprises because that’s where the biggest gap is. My research, and you know it’s pretty well known, you’ve got fortune 1000, 2000, it’s like 2000 of them. The vast majority of your companies are smaller and medium-sized companies. And so they’re the ones that the hackers are hacking into. And so that’s when we, we reach stats like hats have gone up 15% year over year successful hats have gone up, okay. We are not winning this battle. And so I built a company focused on the core things. I just told you, we had to implement that for them, because at the end of the day, they can’t go out and hire the talent, because it doesn’t really exist out there.

You be hard pressed to find the talent to go out and do it. And then the cost of figuring out what tools to get in and how to implement them. We do all of that for our customers all in a subscription and maintain it for them on a continuous basis. So that’s what we do as a business. I stop being on the other side, making money off of what we call the insecurity of security. And I say, let’s make money off of our customers being secure. So that’s what we do at Cyvatar.

Jenn DeWall:  I love that. Thank you so much for giving a little bit more of an explanation to what you do because in the era of data, like this is the power and we have to make sure that we’re either protecting the assets of the company with the data that we have and also our own personal data, because I, we didn’t touch on it, but like what happens when our own personal security is taken and someone gets our social security number, some identifier number and how that can cause long term, you know, consequences for us, our credit, our, our financial, I guess stability. This is might be a very general or a, a stupid question. I’m going to put it out there. If you’re hacked, like do organizations have insurance against that? That’s like, oh yeah, I’ll cover a hack up to 5 million. I mean, what, what happens when you’re hacked?

Cyber Security Insurance

Corey White: That is actually a fantastic question. And it is not a stupid question at all. So let me explain something really quickly. This is what’s happening out there. Cybersecurity insurance is a big deal. Okay. It about, let’s just say about 10 years ago, companies were signing up for cybersecurity insurance and they would ask, okay, do you have a firewall? You ask all the basic stuff. And then company was like, yeah, yeah, we have it. Check, check, check. Then they get hacked. Okay. Then in I’ve I’ve worked with several cyber security insurance companies too, in particular, once that their claim rate is 90 to a hundred percent over time. Okay. Otherwise like their claim rate on 60 to 70% over time, but those claim rates are too high. Because at the end of the day, the stuff that I just said that you should be doing, most companies are not doing.

And so then they get hacked, and then insurance companies are having to pay out. So what’s happened over the last few years is premiums have started to go up. They’ve started the council policies are denied policies because these companies don’t have proper controls in place. Now to give you an analogy to that, I, I do a lot of public speaking, and this is one I gave in public speaking. Just in my lifetime. You think about securing cars and car safety. Well, when I was a kid and I gotta say when I was born, but back when I was born <laugh> you weren’t required to be in a car seat. I’m so lucky I’m alive. Like I’m just, so car seats didn’t about until like 1984 or something like that. So I was born way before that. And then seat belts, weren’t even a law. Like you just get into car and then you’re just bouncing around.

It’s like, so you think about all the things, you know, and then rear lights and, and, and rear break lights and all, you know, antilock rates, all these things happen over the last say 40 years or so cyber security. We don’t have many preventative controls that are out there that are required. And so it’s very hard for insurance companies to actually secure them. Cause those preventative controls aren’t there. So that’s, what’s broken. There’s a lot of maturity. It has has to happen there, but our company focuses on implementing those preventative controls so that you actually can be safe in your home or work life.

Where to Find Out More About Corey White and Cyvatar AI

Jenn DeWall:  All right. Great. Thank you so much for answering that. And I, you know, just thank you for taking the time to sit down and explain some of these things and even providing the basic level definitions that some people may be less or more familiar with. Corey, how can someone get in touch with you?

Corey White:  Yeah. Yeah. The easiest way is social media and LinkedIn. <Laugh>

Jenn DeWall:  Watch out. I mean, now I’m afraid of that. I don’t wanna connect with you, then I’m going to have to be like, get that text message just says, you want me to buy some gift cards for someone?

Corey White:  Yeah, exactly. Well, at least say, Hey, I heard you on the podcast and then at least I know, okay, I’ll accept this. Because I don’t wanna accept people. I don’t know. I still don’t do that. But, but yeah. Hit me up on LinkedIn. On LinkedIn, under Corey D White definitely go to Cyvatar AI and sign up for our premium offering. We offer free policies, free scans, free risk assessments, all the way built in just to help you solve your problem. Because at the end of the day, one of our mantras here, we don’t charge you to tell you what’s wrong. You already know you probably don’t have good security. We’ll help you figure out what those gaps are. We charge to fix it and then maintain it over time. So I look forward to, you know, helping people actually be secure.

Jenn DeWall: Yes. Oh my gosh. Me too. Thank you so much, Corey, for coming on the show. Thank you for just giving more motivation for all the things that I can be doing, but really just thank you for slowing down, taking some time to help us be more aware, be more vigilant in this fight that we’re all facing against cybersecurity hacks. So thank you so much for coming on the show, Corey. It was great to have you.

Corey White: Yeah, it was such an honor, Jenn! Thank you so much.

Jenn DeWall: Thank you so much for listening to this week’s episode of The Leadership Habit podcast. I hope that you appreciated us switching it up a little bit, and learning something. Something that we actually still have to be super mindful of, which is cybersecurity. Because heck, it could impact our ability to do our jobs, our company’s IP, and so much more. Now, if you want to get to know more about Corey, you can head on over to Cyvatar.Ai. There, you can connect with him, learn more about his business. And of course, if you enjoyed this podcast or if you know anyone else that would like this, or be interested in hearing this perspective, please share it!

And finally, if you are looking for someone to support your leadership development needs, head on over to Crestcom.com. We would love to connect with you. We offer a complimentary leadership skills workshop, and we would love to come in with your team or into your organization to help you show how leadership can be the way to a better day. Thank you so much for coming. Thank you so much for listening. Have a great one.

 

Interested in a free Leadership Skills Workshop with your team?

  • Address instantly fixable issues that impact customer perceptions and employee morale.
  • Learn and practice a habit that will raise employee performance.
  • Set actions with specific and measurable steps that they'll gladly be accountable to achieve.
Book here!