0:02

When it comes to the zero-day attacks, zero-day

0:06

attacks will happen and

0:08

it's

0:09

just a nature of the digital

0:12

world that we live in as

0:14

the Cyber Security Professionals. We

0:16

need to be aware of

0:19

the fact that is the

0:21

reality but

0:22

actors are now casting this wide net. It's

0:25

essentially irresistible and they

0:27

are doing an indiscriminate Target. Don't figure

0:29

it out. they want to Target after they've caught.

0:34

This. Is, see see,

0:37

the podcast below here's A and

0:39

Know People Leader and

0:41

Cyber Security Experts about how

0:44

to say a Nexus and,

0:46

Protected Every Episode

0:48

will explore different. Cyber challenges

0:50

and highlight the many ways we can

0:53

enhance our online security reduce

0:55

the likelihood of, a top and

0:57

improve. our digital confidence

1:01

i'm your host or that mcgowan

1:05

When

1:11

it comes to hackers with malicious intent

1:13

most of them aren't in the business of

1:16

playing said in. fact

1:18

bad actors will do anything they can

1:21

to catch you with your guard down and

1:23

take advantage of any vulnerabilities

1:26

they can identify The Your Network. Zero

1:29

day exploit or a cat refers

1:32

to a cyber security had that

1:34

takes advantage of a flaw or

1:37

vulnerability. In a system for.

1:39

developers aren't even aware of it

1:42

for have time to six it hence

1:44

the term zero day Since

1:47

cyber security issues has skyrocketed

1:50

recent years, it comes as no

1:52

surprise that twenty one was

1:54

the worst year for zero

1:57

the attacks in history.

2:00

With almost double the total number

2:02

of attacks in twenty in,

2:04

this episode my guest and I

2:07

will be exploring the phenomenon of

2:09

zero the attacks. how they

2:11

Work and, most importantly

2:14

How they can be avoided are mitigated. In

2:16

the future.

2:21

That actors are becoming increasingly

2:23

cutting when it comes to finding new

2:25

ways to perform ill intentioned

2:27

hacks. Zero day attacks

2:29

have become one of their sneaky methods

2:32

to date our. first

2:34

guess stephen kerner The

2:36

working and cyber security for upwards

2:38

of a decade. The most recently

2:41

he spent the past few years running TD's

2:43

Cyber Security Operations Center. The

2:46

provided an overview of the growing

2:48

trend of zero day attack.

2:51

So as Euro Day exploit

2:54

is something that has never. seen

2:56

before within the industry, the

2:58

reason that it's called the zero days that are days

3:01

euro the day that it is first

3:03

used on or first discovered

3:05

his is daisy or of so the

3:08

interesting and risky thing about that

3:10

is that. There's. A up at

3:12

that point in time, there is very little known

3:14

about that vulnerabilities, how

3:17

it can be exploited and than most

3:19

importantly, for us on the defensive side

3:21

of things. Is how do we stop it from

3:23

been exploited, how do we stop attackers

3:25

from using this gap

3:27

this one or ability to perform

3:30

some sort of malicious activity against

3:33

the assets? That we protect.

3:35

Then. And the zero day should

3:37

be discovered, hopefully that

3:40

and that they're usually discovered by security

3:42

researchers so people that when

3:44

they find this information is using

3:47

proper discovery techniques, the

3:49

reason. Proper disclosure techniques:

3:51

They're going to inform the right people at the

3:53

right order for good purposes, but

3:55

sometimes threat actors find

3:57

those one abilities first and that's when

3:59

the. The ramp up

4:01

and there's a lot more risk involved in those situations.

4:06

One of the most insidious aspects of

4:08

the zero, the attack. That a bad

4:10

actors were performing them aren't

4:12

necessary. Only after a specific Target

4:14

often, they're

4:16

really just throwing stuff at the wall and

4:19

seeing what sticks. Jake,

4:22

Norwood the lead cybersecurity delivery

4:24

executive for EU and

4:26

the UK at boo. Allen Hamilton

4:29

provided a well known example of

4:31

this Saturday in action.

4:35

There was a a, capable

4:37

actor an espionage motivated actor

4:40

who compromised. little company

4:43

Then. Provided. A fairly common

4:45

piece of software called solar winds

4:48

and then got into the actual patch

4:51

for that, a system, and then

4:53

that compromised patch went out to many

4:55

users. And and some users installed

4:57

it or not all, and some of those

4:59

installed users happened to be on that bad

5:01

actor's target list, so

5:03

I think we used to think that. A bad actor

5:05

would look at a target right they look

5:07

at like the bank and they'd say we

5:09

want to get into this pain when,

5:12

I think is much more. Common and therefore

5:14

a greater risk for most institutions is

5:16

kinda like what happened during solar winds a

5:19

capable after cast wide net.

5:21

they're going to hit Everybody. That they

5:23

can and that a once they've hit

5:26

the landed some successful footholds,

5:29

then they start looking through what they got right

5:31

so it's not fishing with a symbol line and. A hot

5:34

it's fishing with a net in the nerds they

5:36

can a catch and release what they want and don't

5:38

want from inside of that net so.

5:40

the case of zero day especially

5:42

day public to zero day for this couple

5:45

a days between us between know there's a problem

5:47

and there's and patch Or

5:49

would you look at those kinds of scenarios,

5:52

your this really, really dangerous position where

5:54

lots of bad actors are now casting this wide

5:56

net that's essentially irresistible?

6:00

And they are doing an indiscriminate of Target.

6:02

Bill figure it They want the target after they've caught

6:04

it. When

6:06

we hear stories like the one Jake relate

6:08

about solarwinds one of the,

6:10

most common questions that comes is what

6:13

kind of person would do this. or? Of

6:15

course most of. The aren't completely blind

6:18

to the fact that there are bad people

6:20

in the world. That it can often

6:22

be difficult to grasp the concept,

6:24

but there are people who spend their time

6:27

trying to hack into a closed system

6:29

for financial. In or some other

6:31

incentives.

6:33

Analysts curry that is a senior vice

6:35

president of advance cyber defense

6:38

at booz Allen Hamilton. See,

6:41

I see. Her fair share of malicious hackers

6:43

throughout her career. However.

6:46

He explains and zero the attacks

6:48

aren't always the result of ill intent.

6:51

The sad. They can very awesome

6:53

be the result of an unsuspecting Internet

6:55

users stumbling around of the dark

6:58

and coming across a network vulnerability

7:00

without even trying.

7:03

I don't want to necessarily say that marries

7:06

a type of the soccer and attacker.

7:08

You can definitely take different shapes

7:10

and forms I think with Muslim

7:13

forty turned a fan here the.

7:15

type of any Her fan

7:17

or any in a bad actor

7:20

that discovers or even executes

7:22

the AH there, it a tax

7:25

depends purely on the motivation.

7:28

And what I mean by that is.

7:31

The, you know? Though, for example, if a motivation

7:34

is political than maybe it

7:36

would be in a politically motivated

7:39

Ah nation states group

7:41

that is executing it's maybe

7:43

he know. It's something or

7:46

someone I have a fake who is really

7:49

trying to. Okay,

7:51

there, you know, cause whether it's

7:54

climate change is aware that they are

7:56

bullies and so that type

7:58

of you know motivation. Dr.

8:00

Perhaps more increase in that could have

8:02

to this activity when it comes to, it's trying

8:04

to find a zero day and than exploit an attack

8:07

them. They can take different shapes

8:09

and forms, you know, so kinda cyber criminal

8:11

groups hacks it is that. And already

8:13

as well as the other areas of

8:15

what I do want to highlight, though, is that

8:18

a lot of times. The talk about the are they

8:20

being the? The ocean of the bad guys are,

8:22

you know, they hackers but

8:25

quite often. I'm

8:27

on day zero days are actually

8:29

inadvertently discovered. By

8:32

either the you there is, so that's why

8:34

I. I think that finding and defining

8:36

the who is actually. A.

8:38

Bad person in this case kinda

8:40

potential as you're a I use the air us

8:43

or you know me the not have an Arab

8:45

a this is the usage of the software.

8:47

And a user, or you know, even

8:49

have an application, develop our earth

8:52

in a someone who is this working with that, you

8:54

know, environment. What he's and just

8:56

stumbled across and inadvertently exploits

8:59

I see many time.

9:02

It. Happened an exit personally when I

9:04

used to work isn't the data

9:06

in a long, long time and us in our I might

9:08

have the Vienna like done the same because I. Had

9:10

a piece of equipment dice you

9:12

miss consider it's, and I accidentally

9:15

cause the Mississippi tag that know when

9:17

you. They were possible, you know, but

9:19

is it happened because again of Miss Configuration's

9:22

says of kind of finding those flaws can happen,

9:24

you know, not only with an end to it like Melissa

9:26

sentence, but sometimes. You know that

9:29

happens as a youth Arab experience. You're

9:32

asking about the who have zero the

9:34

attacks. The next person might

9:36

be. Why? Anna

9:39

mentioned the reasons for zero the

9:41

attack. The can be complex for

9:43

the most part.

9:44

The peppery comes down to the very thing

9:46

that makes the world go round. You

9:48

guessed it. The money. The

9:51

battle for cyber security. We

9:54

know there are the bad guys. The

9:57

good guy. There are also

9:59

people. In in the background. Seek

10:01

out zero day vulnerabilities, the for

10:04

the bad guys can find them. Ultimately.

10:07

Helping companies avoid an attack.

10:10

That explains.

10:12

Though the way I can think about it,

10:14

you know, there are bad guys that. That race

10:17

they're basically. Trying to

10:19

find all the flaws and then attack

10:21

head and then sell it on the dark markets and him

10:23

on his has it that way, then you have the

10:25

concept of the red team of tidies

10:28

or the red sea Murray's our within a to organization

10:31

that actually well being. void

10:33

by the organization to performance,

10:36

but other that third group of would

10:38

you would consider probably brave hat

10:40

hackers and a,

10:43

you know, would they do it? This

10:45

is just. Professional. Third,

10:47

like finding are like security, like

10:49

finding he know things that are not

10:52

known there, a lot of people that's a thrive

10:54

on that, and so what they do is they. Discovered

10:56

the vulnerabilities, but instead of maliciously

10:58

exploiting them as a Zero day attack. They

11:01

will notify the company even though they

11:03

not employed by them, but they will notify the company.

11:06

And in the early you

11:09

would hope that the company would say, oh, great

11:11

job, but it

11:13

became a business where, you know, there

11:15

is such, you know, what you would consider Brokers

11:18

such as bug Bounty programs. Essentially

11:21

submitted as a bug and then

11:23

they organization who subscribes to the

11:25

bug Bounty.

11:26

They will anonymously or not.

11:28

So anonymously pay you for your researcher

11:30

for your submissions, just kind of, you

11:32

know, that you

11:34

and independent from the company,

11:37

that company subscribes to the bug Bounty. But

11:39

then here are you getting paid by the bug Bounty?

11:41

But that accompanies basically, is

11:44

the bug, bomb discuss. so essentially,

11:46

you know, it's kinda like that broker

11:48

it's ecosystem that was created

11:51

to make sure that they're not unlimited,

11:53

a holiday resorts of faith there

11:56

and defend time he know, the company

11:58

said the benefit of that.

12:00

Crowdsourcing of zero day vulnerabilities

12:02

discovery.

12:05

There are they attack. In effect, individuals.

12:08

For businesses of all shapes and sizes

12:11

and, of course with higher stakes

12:13

comes higher risk of incurring some

12:16

serious losses the company's

12:18

profitability

12:20

This is why taking preventative measures

12:22

in advance to mitigate the damage. The consequences

12:25

is critical.

12:27

They call this practicing good

12:29

cyber hygiene.

12:31

I. Think the best way for have any company

12:33

right, small company big company to

12:36

reduce exposure to

12:38

the vulnerability problem comes down

12:40

to a lot of fundamentals and

12:42

these scale. With your size, a company like you don't

12:44

need a five hundred million

12:46

or a hundred million or billion dollar

12:49

cyber security, much it's do most of these things

12:51

your company is. Bigger, it's harder to do,

12:53

rights is a big difference between fifty and points

12:55

and five hundred thousand and points in your and your

12:57

network, but even as inventories amazing

13:00

push. The start of, the and but what's

13:02

your as or and that's real

13:04

challenge for mature organizations

13:06

all over the world once you have that ass inventory

13:09

but of actual. Physical assets and where they are,

13:11

but also, you know what software you

13:13

running, what do you have on your network, what's

13:16

the middle where are being these extra little

13:18

pieces? Of software in the middle. of

13:20

other software that you're using some of the

13:22

most famous zero days and pseudo zero

13:24

days we've seen over the last couple of years were

13:26

in middleware and so very difficult

13:29

to remediate because you don't even know if your habits

13:32

so learning in advance before

13:34

you find out that there's a big announcement of

13:36

a big vulnerability of what you have

13:39

increases your velocity of response

13:42

That the other big thing that I think

13:44

that. Companies. Need to do is they

13:46

need to do everything in their power to accelerate

13:49

the velocity of response so that

13:51

means preparation right them

13:53

is having an instant response plan it's

13:55

and. That it's response plan covers both what the technical

13:57

responders do and with the executive.

14:00

What? The lawyers do with your public communications

14:02

team still rights, you need to write

14:04

that plan, you need to practice that plan drill

14:07

that plants every time something

14:09

happens, need to actually. Pull the plan out,

14:11

use it and then you realize that you wrote

14:13

of badly and you fix it and,

14:15

you do it again, so a lot of

14:17

what you. Need to do to prepare for prepare bad day is accepting

14:20

that the bad days going to come it will. come

14:22

and maybe it'll be and minor bad day

14:24

and that's great of maybe you'll be a catastrophic

14:27

bad day and that's not great but you need

14:29

to prepare for Know what you have

14:31

good cyber hygiene keep everything

14:33

that you have is up to date as you can you.

14:36

know have process to accelerate

14:38

things and make sure that your answer response

14:40

processed operates quickly

14:42

and efficiently and makes the right decisions

14:44

quickly it's you know because the damage

14:46

that's going to come is mostly gonna

14:48

come as a result of delay Then. Longer

14:50

it takes to make a decision, the more time to bad actor has

14:52

to at once you've kicked a bad actor

14:54

out the longer it takes to communicate with your regulators.

14:57

Or with your clients what's happened, the

14:59

cranky are they getting the board business you lose

15:01

the more reputational damage you suffer so?

15:04

Speed is really, really important of these facts.

15:08

Shake reminds us that bad day

15:10

is going to things so.

15:12

what happens when that bad day finally

15:15

does arrive The

15:17

explains the steps a company should take

15:19

when they become aware of a vulnerability that

15:21

a zero they are. Worker is trying

15:23

to exploit.

15:26

welcoming them is aware of a vulnerability, the

15:28

immediately need to figure out how to mitigate that

15:30

vulnerability, usually that means they read a

15:32

patch. That closes

15:34

off her fixes that vulnerability. Running.

15:37

Apache me difficult because sixty

15:39

one problem could create new problems, sixty one

15:41

problem could just stop the thing from

15:43

working I and one of the things that largest

15:45

at especially large. Enterprises up and deal

15:48

with is what they receive a pass from a company,

15:50

stood the test that patch in their environment

15:52

because that past might not just breaks

15:54

the original. Piece of software that it's fixing

15:57

is it my break, a whole bunch of other stuff is

15:59

critical to an end up. So this through there

16:01

are a ripple cascade problem, but bullets

16:03

let's talk about the kind of instance where a zero

16:05

day becomes publicly known but the

16:07

patches and out yet. Maybe. Either

16:09

way, that the zero day got known as happens in

16:11

some of these big, high profile attacks is

16:14

a instant response company discovers

16:17

and attacked realizes

16:19

that the way to this. Attack happened was that it the

16:21

compromise of parts are the exploitation

16:23

of a particular previously undiscovered

16:25

vulnerabilities and now that vulnerabilities public

16:28

and a developer that owns that vulnerabilities

16:31

freaking. Out trying to figure out how to plug

16:33

this whole rights, so from the moment they

16:35

hear about it until the moment that Patch comes

16:37

out, all they're doing is trying to.

16:39

Find a way to pass it and if they can't

16:41

pass it's coming up with medications

16:44

that will. Reduce. The

16:46

risk or prevent the risk we're

16:48

without patching, for example, if you set your configuration

16:50

to not allowed to next and on certain parts

16:52

that will mitigate the problem until there's. A pass

16:55

out in some cases, they might say this

16:57

is completely unsafe, turn it off. Don't!

16:59

Use this platform

17:01

or the software this tool and

17:03

tell we had we have delivered the patch that's

17:06

a really big problem for a lot of companies, obviously

17:08

because if that's if. That is a software is critical

17:10

to what they do, you could be shutting

17:13

down an entire enterprise and causing substantial

17:15

business impacts to that's what's happening the background,

17:17

meanwhile, your cyber. Security team. They.

17:20

Tried to apply medications they haven't been provided

17:22

with the mitigation, they're trying to invent a mitigation once

17:25

the patches out there to test the past makes her

17:27

doesn't crash other critical. Systems within

17:29

the Enterprise and, then once they perform

17:31

the test they have to get all of these

17:33

dots are application owners

17:36

and server owners and sis

17:38

admins to deploy. The balls,

17:40

and so you end up with this really

17:43

frightening really little life cycle where

17:45

you got that the truth zero day window when

17:47

the bad guy knows about the. vulnerability in the good guy.

17:49

doesn't then you have this window from

17:51

the good guy knowing about the window

17:53

but not being able to do anything about it until

17:55

that passer mitigation as published hopefully

17:58

that's not more than that's couple of days And.

18:00

Then, from that line with the patches

18:02

published until the past is actually

18:04

deployed, could be anywhere from

18:06

three days to three

18:09

months in a in a mature, responsible

18:12

companies and never. Mind companies that never

18:14

get around to patching stuff right, which happens.

18:16

What that means, though, in what we see, is that?

18:19

The truth, he wrote, "A window, you have

18:21

the bad guy splitting it" The mitigated

18:24

rights didn't in that window between

18:27

public announcements and effectively

18:29

applying the patch which again is gonna be anywhere

18:31

from like three days to three

18:34

months in. that window

18:37

Then. Bad guy begins: "You're all

18:39

the bad guys in the world because is now public information

18:42

begin looking for opportunities the cast that

18:44

wide net and to exploit that vulnerability

18:47

out what. We've seen as that frequently

18:49

forty eight hours is all it takes on

18:51

the long and for a bad guy to hear

18:53

about a vulnerability that he didn't know about the day. Before

18:56

and started splitting it twenty.

18:58

four to forty eight hours you're fast

19:00

as companies are frequently patching within three

19:03

days we're looking at generously

19:05

at day two days of unmitigated

19:08

potential accessed if accessed company

19:10

doesn't have a full defense

19:12

in depth approach which is the safe multiple

19:14

defenses against different kinds of attacks

19:16

aren't reliance on knowing the exact

19:18

signature the attack

19:22

Knowing the right defensive strategies is

19:24

key, but as we know it's

19:27

important that companies are. The up on the offense

19:29

to. The been reminded

19:31

us that keeping up with the latest tools

19:33

and technologies is. Critical

19:36

for cyber professionals today.

19:39

Then comes the zero day vulnerabilities and

19:41

sure that you have a process

19:44

in place to continuously.

19:47

Update your systems.

19:50

You know in a robust manner and sure that

19:52

your life cycle for updating

19:54

the, currency of your systems is

19:56

it the software that you use

19:59

his Fairly. Robust and

20:01

utilize, you know, technologies

20:03

such as Cloud to be able to do

20:06

this don't allow your systems to gather

20:08

years and years of technical

20:10

data without updates because that. Just makes

20:12

your job that much harder when they're zero day vulnerabilities.

20:16

And then? From there, you know, invest

20:18

in very simple tools like a vulnerability

20:20

scanner to scan your

20:22

assets, because even just simple

20:25

things like that will give you

20:27

a lot of information about what assets

20:29

you have, what on abilities they have can

20:31

be very helpful. Then when there

20:33

is a new. On ability that is released

20:36

and these systems will automatically

20:38

update themselves with the newest signatures

20:41

when the newest on abilities that be to be detected

20:43

and move of I'd you very simple to use dashboards

20:46

to. They make decisions on

20:48

pardon. What needs to be fixed?

20:52

And I'll also had some wise words to share

20:55

about mitigating the negative consequences

20:57

of a zero day attack or any

21:00

other cyber security disaster for that

21:02

matter. The saying goes,

21:04

keep calm and carry on.

21:07

Then. Wind Organization discovered that they

21:09

have been is it attacked with

21:12

at zero day or any other

21:14

attack, or they were exposed, especially

21:16

to this any type of zero day

21:18

vulnerability that. Might have been

21:20

exploited, I think the very first

21:22

thing that organization needs to

21:24

do or of his assets to keep calm

21:27

when I see him is everybody starts

21:29

panicking, Hessman The. Panic sets

21:31

and a lot of this rest and

21:33

has, you know, like very hasty

21:35

decisions are made, and I think

21:38

the number one thing that any organization

21:40

where they, you know. Senior executives

21:42

are all the way down to the in,

21:45

a signal insists that might be

21:47

involves this U.S. You organize

21:49

themselves and pause.

21:52

Then I don't mean to say "pause" for a very

21:54

long time because time is of innocence,

21:57

but Elsa don't think that diving

21:59

straight in without. Even giving you know

22:01

any kind of time to organize

22:04

and collect the thoughts and really

22:06

understand the. Open impact to come up with

22:08

this very short term impact

22:11

on plan. The gonna do, really.

22:14

More damage as. Rush into it and then you

22:16

know then that said the way I would say I

22:18

would probably say keep calm Vienna.

22:21

and ah Panic and

22:23

for three sets race contain eradicate

22:25

and recovery. So, you know, if you

22:28

keep calm and contain many, you

22:30

feel like, okay? Okay, now, Eurethra,

22:32

the next step of the process, and that is in

22:35

part to keep calm, and you know now that you a third

22:37

eradication, which is basically cleaning

22:39

up everything that. Understanding

22:42

the root cause and then, after that,

22:44

once you have completed that face, you

22:47

know again. Keep calm upgrades, if you

22:49

know, and then recover, and by the

22:51

recovery, I mean, you know, implement

22:53

the. For you might

22:56

have met. You know, in the previous

22:58

steps that led to this attack. Except

23:01

the found that. That's not

23:03

a bad security program. You

23:06

have been exposed to the zero days,

23:09

it's it happens and we work

23:11

in the environment that is ever changing

23:14

and we will never. The

23:16

always hundred percent.

23:18

The cure it, it that's kind of the

23:21

nature of it, so I think. My

23:23

thing is, don't panic, keep calm and

23:25

don't blame yourself.

23:28

Overall, keeping a level headed attitude

23:31

and remaining aware of the risk we face

23:34

in the digital world today. "To

23:36

have the keys to staying", Cyber says.

23:39

A shared some sign up. The word. That

23:42

will help her pick fear out of the equation

23:44

and minimize or risk of a. It's going

23:46

forward. The very

23:49

day tax will happen. And.

23:52

It says, and nature of the

23:55

digital world, that. The live in I.

23:57

think i The fabric,

23:59

the cute. The professionals, as a cyber security

24:01

executive. We need

24:03

to be aware of

24:05

the fact that. That is the reality

24:09

and. The pyramid,

24:11

try to mimic. Our everyday

24:13

lives. When going with cyber

24:15

quite often, I think even the a cyber

24:18

security. "You know college graduate

24:20

since they start thinking about cyber

24:23

being", said said. scary world,

24:25

they are, you know, so complicated or

24:27

if I picked him up" Therein lay with the hit

24:29

or probably sitting and looking at me and

24:31

thing, what is all the cyber? That are you talking about?

24:34

But I would like. Try

24:37

and think of this, I've heard nothing but your

24:40

own personal life, so, for example, if

24:42

you have. High value

24:45

paper is high value assets.

24:48

The happen. You

24:50

know take certain steps to protect the whether

24:52

it is taking it to the bank and

24:54

subscribing to the bank security

24:57

key chain at. that point you go to

24:59

the banking on going to trust the first day You're

25:01

going to go ahead and say okay, Mr.

25:04

Bean for cheaper, so me what? The Keith,

25:06

how would I do the kids is at once you, the two

25:08

kids who is going to be allowing

25:10

me a difference is one person so

25:13

on that? Human level

25:15

will actually validate the security

25:18

controls that if you mimic

25:20

them and the cyber world life will lead

25:22

you to the same type of security controls

25:25

in the computer, so if you buy

25:27

a software and you want to put your passwords on

25:29

there. You know, do little bit of a diligence

25:31

and find out as far as. Wait,

25:34

a second is that the same level of protection

25:36

that I would expect from my bank if I were to put

25:38

much he knows my savings, it may

25:40

remind you know papers and there's

25:43

ah same in the house, you know, if you have

25:45

the health protection. And you use

25:47

the alarm and the lock and the

25:49

guard dog, and all of that his defense

25:52

and deaths, you know that he approached, use

25:54

the word that is the attacker is similar

25:56

needs to be kind of muna thought through the

25:58

computer world so. I

26:00

think you know to me, I just want to make

26:02

sure that. Favorite:

26:04

Not scary, said with access, super exciting

26:07

and Nina Cyber. Nothing

26:10

but taking your a real date concepts

26:12

and applying them to the digital world,

26:15

but everything that we. The you in

26:17

our everyday lives to

26:20

reduce the risk of any it's

26:22

hot. Cyber is

26:24

exactly how you know I personally

26:27

think we should be thinking about. Our

26:29

it is for world because it's

26:31

similar.

26:37

The oh, the attacks are just one way.

26:40

Bad actors are capitalizing on vulnerability.

26:43

In protected networks around the world.

26:45

We hope today's episode has helped you learn

26:48

more about these attacks and how you

26:50

can lower your risk and take action

26:53

when you are inevitably the. exposed

26:55

to a vulnerability in the future.

26:58

recap here, are three key

27:00

insight we can all take away from

27:02

this episode There's

27:05

zero. the attacks are on the rise

27:08

but that does it mean We should lose our cool

27:10

remaining. aware of the rest are healthy

27:12

are pro actively prevent future attacks

27:15

While mean creating a calm and collected attitude.

27:20

It's important that we stay on top of system

27:23

updates and the latest tech tools

27:25

that can help us prevent and

27:27

mitigated. Keep

27:29

your finger on the. Half of the industry

27:32

and take a regular. Inventory of.

27:34

The network to stay safe. And

27:37

final table.

27:39

The never be a time when our risk of

27:41

cyber attacks is that.

27:42

Hero present in. this

27:44

digital world cyber security risk

27:47

come with the territory the learning

27:49

to roll with the punches will take you

27:51

very

28:00

That is the Anna Steven and

28:02

Change.

28:03

For sharing your expert knowledge and,

28:05

thank you for listening to see sweet if

28:07

you like what you heard

28:09

Be sure to leave us a rating and review

28:11

on Apple Podcasts join.

28:13

me for the season finale Aaron

28:16

in June I'm, quite at

28:18

mcgowan and remember with

28:20

over four billion of us online we

28:23

have to do everything possible to

28:25

keep ourselves And that's it and.

28:28

to the