Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Dennis Underwood - The Cryptography Dude
88 Plays1 year ago
This week, we've got Dennis Underwood on the show. As the CEO of Cyber Crucible, Underwood brought his extensive experience in cryptography and inventing cybersecurity solutions to shed light on the evolving threat landscape.
Throughout the wide-ranging conversation, Dennis offered illuminating insights into how sophisticated ransomware attacks operate today, often mimicking a criminal supply chain model with specialized roles. By communicating directly with attackers, Dennis revealed he has gathered valuable intelligence to stay steps ahead. He also highlighted the immense scale of the problem, with only an estimated 5-7% of ransomware incidents publicly reported.
A core focus of the episode was on Dennis' innovative approach to real-time prevention at his company Cyber Crucible. By stopping threats within 200 milliseconds, he aims to make cybersecurity feel routine and reliable for businesses again. Dennis stressed the importance of cyber insurance agents remaining insurance specialists, rather than becoming technical experts. He advocates clear communication of cyber risks and striking the right balance.
Touching on his diverse background, Dennis also recounted an amusing anecdote of trying to study cybersecurity materials during military service in extreme heat.
Overall, the conversation provided penetrating insights into the evolution of cyber threats and the foremost strategies to harden defenses. Listeners interested in learning more are encouraged to connect with Dennis on LinkedIn.
Recommended
Transcript
Introduction of Guest Dennis Underwood
00:00:19
Speaker
Welcome to the insurance sec podcast. You got your co-host Ryan Dunn and Abe Gibson here. And today it's not Carrie Underwood, but we have Mr. Dennis Underwood.
00:00:36
Speaker
Dennis, great to have you on, man. Yeah, I used to joke that Blair Underwood was like my brother or whatever. No one ever calling me from the Blair Underwood lawyer firm, but I was waiting for it. I told you I had a good intro. That was a good intro. It was surprising, which is always. So Dennis, why don't you tell the people who you are,
00:01:04
Speaker
You can start from, you know, mom and dad met each other to, you know, career wherever you want to go from.
00:01:13
Speaker
Yeah, and I'm not afraid to bolt the party or something. I'm Dennis, you know, I, I always joke that investors hate it, but I always joke. I'm like, I'm a poor kid from Pittsburgh, you know, like, um, but, uh, I, um, you know, I'm CEO of a cybersecurity company, uh, highly focused on automation. Uh, and I had an act for inventing things that got the government's attention. Uh, it should say it was good.
00:01:38
Speaker
a good recruiting effort.
Dennis' Journey from Military to Cybersecurity
00:01:40
Speaker
It wasn't like handcuff one, that's always important. Let's say it's our security. You know, I did some cool work inventing stuff, and then moved on to the company, you know, and so the skills we have kind of gives us and gives me a way of looking at things that is orthogonal to most of the industry and most of the world.
00:02:03
Speaker
And that always creates some opportunities to kind of find things other people don't always buy. Very cool. You know, I think it was Andrew Correll that put you on my radar. And when I saw in your in your bio, you put like cryptography, dude, I was like, this is somebody I definitely want to be connected with.
00:02:31
Speaker
Like, so should we connect? I don't know. I'm scared. Yeah. People always do that, but I'm like, well, if I'm going to go down, it has to be for enough money to be able to like, you know, I'm hiding the junk one bit of way a little with my life, you know, shmigal particles somewhere, you know, like, and then, you know, like, so the question is, does anyone we know have that much money? Like live on like my
Evolution of Ransomware Tactics
00:02:55
Speaker
store. Right.
00:02:59
Speaker
So to take us through your background, I know that kind of before the call, you mentioned that you were in the military, just kind of take us through your career so far, leading up to where we're at now in cyber crucible and founding that.
00:03:17
Speaker
Absolutely. Yeah. I mean, um, really, I think it kind of started when I was down in UNC Charlotte, I got out of the army, uh, and, uh, just something cool. I found actually a flaw, the authentication used for this like massive, like malware network that nobody could crack. And of course that that's, you know, whenever someone says nobody can do it or it's impossible, will you change?
00:03:41
Speaker
That was pretty much guaranteed, right? It's kind of like finding the remote in the house. Like if you say it's done, I'm buying would be one like guaranteed. So I was going to find remote. So I was like, I'm going to be that guy. You know, so, um, uh, just something cool, you know, they want to figure out a way to take it over.
00:03:57
Speaker
And they got a visit from a couple of folks from the government. And again, the good visit, not the bad. Got a job offer from NSA, did a whole bunch of inventions there essentially for a different kind of customer service now.
00:04:13
Speaker
Um, and what happened was, was that we actually, um, you know, in 2014, I, I made a company and I said, you know what, we're going to start inventing things and not just be government employees. The thing about like government is like, no matter what agency it is, it seems like they're all this, like in every, every scene in the world where you get a buddy or a guy against the bureaucracy, you know?
00:04:35
Speaker
So, uh, 2018 is where it gets interesting actually. So, um, at one point I was introduced to, you know, military space. It was like the best threat clutter of DOD. That's like world's best copy though. Like, like, how do you even like verify that? There's no like global test or whatever, you know? So I think just not a good day. It's awesome. Well, like, um, so, uh, what happened was all you're seeing where the hackers were getting so good at stealing data.
00:05:00
Speaker
that market economics are coming into play where the price of the stolen data dropped out because there's just so much of it. Like the same database being sold 10 times by 10 different hackers. So what I saw was that the hackers were trying to figure out a way to get revenue.
00:05:22
Speaker
And so ransomware wasn't new. If I'm the concept at all, really, it's of course the short industry itself. But what happened was that the hackers were like, we've got to get our money somehow because they're all like organized prime and stuff like that.
00:05:37
Speaker
And so they started stumbling into, well, I'm stealing their data. They're not, no one's buying it. So what I steal their data and that threatened, you know, like basically like encrypted so they can't get their business back. And I charged them for their own data, you know, and then that's, you know, that starts the, um,
00:05:56
Speaker
that Austin Powers kind of see, you know, like, so like, and that's kind of what happened, you know, they, they started finding success in that and honestly, the success outpaced their ability at that moment.
00:06:07
Speaker
Like they kept going around like crazy to attack on people and had to find affiliates and resellers and support teams and all kinds of stuff because the criminals were so successful. So what time period was this? That was around 2019. It was, you know, right at the end, we moved to Pittsburgh. I said, you know, there's a, there's a market here emerging, you know, on the risk.
00:06:31
Speaker
capture it. What was interesting is, and then I'll stop talking, but what's interesting was, during COVID, there were a lot of what I call sloppy extortionists, where they were like, I took a computer science course in college, I'm going to go ahead and make my own whatever. And those were the hardest engagements we ever had, since it was sloppy, their encryption would break.
00:06:55
Speaker
You know, like all the, you'd call them to like pay the ransom and they're like, you're talking to some dude who sounds like he just like walked out of a 7-Eleven convenience store, you know, like, and you're just kind of like, you're trying to work. You're like, you are not the organized mobster. I thought you'd be, you know, like, so there was some of that, but then it kind of formalized just like in the history, like we're at the, the people, I don't know, people who sell cars that break down, it would be hard to see, kind of go away after a while.
00:07:20
Speaker
you end up with cars that go walk. So that's kind of what happened there. It was pretty crazy over COVID, but it's mature since then. Dennis,
Inside the Minds of Hackers
00:07:31
Speaker
you're speaking to these bad actors. You're speaking to all these people that are trying to get rants.
00:07:37
Speaker
What are the most interesting conversations that you've had with these people? Is there anything that comes to mind right away? Absolutely, yeah. You've heard of burner phones from great and bad, where you got a secret phone, you pay for it with cash. We can talk more about that offline.
00:07:58
Speaker
No, I'm kidding. I'm kidding. So what happened was that we started getting these weird phone calls from burner phones from like Eastern Ukraine, from Bangladesh, Pakistan, Northeast China, places like that, like out of the way places that kind of are fully war criminals who are reliving your cyber crime. And what happened was that
00:08:22
Speaker
There were two types of conversations. The first was that, I think you should know that these are all smart people. They're very good software engineers, at least at this stage, that were creating a ransomware, calling the malware, things like that, tackling folks.
00:08:39
Speaker
And there were two types. The one was like a very calm and collected, almost like academic discussion about us, about how they captured us. And they were trying to figure out how to work around us. And they saw it as just one more problem get around as part of their engineering.
00:08:58
Speaker
Um, and then the other group was just highly emotional. Um, I, I joked it like I was doing like a Paul Rudd impression, just like nodding and smiling and like, Oh yeah, great. Not knowing that like I'm totally being cussed out interview or something, you know, like, I mean, like it didn't even know. Right. And so what happened happening was, uh,
00:09:18
Speaker
we came with the realization that the call and collected one were better at attacking people. They were better at being criminals because they were bad at the more business-like attitude. And the ones who were more emotional, I haven't really seen much success. And even then, we thought it was kind of scary to think that we were able to profile these guys, be like, I think the emotional ones probably aren't going to last very long.
00:09:45
Speaker
But the cool and collected one, it's almost like that Russian mafia style, you know, they were just like, it's just Tuesday. Who knows what they did in the morning? Like, did they, you know, like, I don't even want to joke about what they might've been doing, you know, like, and, um, but they, uh, yeah, they were the successful ones. And that's kind of shown through some of these groups of, of who, um, who was a better criminal, really, unfortunately. Yeah. Yeah. It reminds me of the, uh, the, um,
00:10:16
Speaker
the videos on YouTube that I, I, I was addicted to them for like two months of these guys that, uh, try to scam the scammers. Get them all riled up and they start just cursing out. So funny. So you dealt with that. You dealt with that in real life.
00:10:38
Speaker
Yeah, I mean, it wasn't very common. It was like one or two calls each. The only ones that really kept calling back, we had one that was... I was trying to be coy about what our software does and things like that. The whole point of dealing with getting people up was just to get more into products.
00:11:01
Speaker
And I was trying to be coy and say, well, this is how Ford does, you know, A, B and C. And then the guy just like cut me off and he was like, look.
00:11:10
Speaker
I have reverse engineered your entire process, like your entire program. I had your functions up. I had your code out. These are in naming off sections of code. And I was like, okay, there's, there's no more hiding here. They've already had a whole thing or what if trying to figure out what my next steps are, you know? I thought that was really good, but it also gave us insight though. You know, it was interesting because we had a decryptor, uh, that worked. Um, it would like decrypt, uh, all these impossible ransomware variants. It has new keys and stuff like that.
00:11:41
Speaker
And by the way, total technology versus risk management, business side, because like we decrypted this really horrible ransomware called Ryu within minutes, you know, the whole thing automatically, you know, this is wide and all the tech, all the tech bros and engineers like myself rolling us like
00:12:00
Speaker
this is incredible we did it you know and then like the CFO was like so let me get this straight you'd like you let me get it crypted you'll make this just go down just so you could essentially just like show off your new heart attack paddles you're defibrillator to show off all three and i was like oh no total mismatch on the missing side you know like how much the dark business lose by me letting it decrypt you know so um
00:12:25
Speaker
Yeah. Anyway, so now I'm totally off topic, you know, I love
Ransomware Impact on Insurance and Reporting
00:12:30
Speaker
that. That's like.
00:12:32
Speaker
Um, I just, I mean, this is the fact that is analogy of the heart battles. I know. And for me, I was like, the, the chairs went away instantly. You know, what was cool was that the hackers, they realized we're trying to figure out how to get around us, you know? And we could see what they were thinking before they had come up with it yet. So I have one call and I was like, Oh no, they're going to stumble onto a way that makes decryption impossible.
00:12:58
Speaker
Like even, even with us just like cryptography and, um, without getting into all the, you know, nerdy details, I was like, okay, we got to start working on like making us faster to be better. Like now, like today, you know? And so, so it did give us good Intel on what they were thinking because, you know, and eventually they did like within six months, they stumbled into the next upgrade, you know, and we were like, thank goodness we started now. Otherwise, behind the eight ball. Oh.
00:13:26
Speaker
So you've obviously dealt face-to-face figuratively with these attackers. Paint some color for us here.
00:13:41
Speaker
Is the population of these attackers, is it, is it a lot of people or is there generally like a very small group of people around the world that are performing the majority of these, these attacks? That's a, that's a really, that's a really great question. I actually did a whole YouTube, like if you go on YouTube and look up lives, more lives and ran some more statistics, I basically expose like all the stats for being false. So here I am about to tell you the stats, you know, like it's so, um, uh, so.
00:14:11
Speaker
the people that were calling us I think were more on the malware developer side it was like a supply chain where there might be like five malware devs you know um and then like there might be like a hundred people deploying that right and then on top of that there's like one thousand more junior hackers that are out there doing stuff so it definitely um
00:14:33
Speaker
We're not there are people that just negotiate all day and they don't don't know what we know about about intricacies of the encryption or anything like that. But they're good. You know, it's kind of like talking like an FBI, you know, where they're probably not.
00:14:48
Speaker
They're not like in the movies where, you know, they're almost like this, like, you know, grizzled guy happens to be like a triple PhD. You know, like, that's just my thing. You know, like, you know, so, um, they're better people, right? You know? And so the negotiators I know are dealing with like the low level, like it's on the ground. I do know that the hackers had to get call centers because for support, because there were so many attacks, they couldn't even move the volume. Um,
00:15:14
Speaker
So that's interesting, but on the how much we know about it side.
00:15:20
Speaker
One thing that's been interesting to me is that we've been tracking staff to try to find out how big the problem is. Obviously, it's bigger than anyone knows. Otherwise, ransomware payments wouldn't, you know, um, I should say otherwise insurance, cyber insurance wouldn't have this like massive increase in price, right? Or, or be cut and eight balls. So the actual got it wrong. That's not a personal attack. That's just, everyone got it wrong. Um, new industry, right? And, um,
00:15:48
Speaker
What's interesting to me is that I saw an instance where, so just like a, uh, like, like a sales campaign or anything else, you try to sell everything with straws. So you try to swallow straws at a conference or whatever.
00:16:01
Speaker
And then you're like, okay, well, no one else is going to buy straws. So I'm done. You know, it's time to come back to spoons. I don't know. And so like the hackers would, um, after a while they would retire, which really meant they're just like changing from straws to spirits to sell something else, which means more malware, right? They read.
00:16:21
Speaker
And what's interesting is that whenever they retire this after like six months, I guess they figured whoever's going to pay is going to pay because the business can go six months off their server. They're probably not going to pay ever, you know, or their, or their bank or, you know, so they'll release the key. It's like one key per attack. Right. Well.
00:16:39
Speaker
It was always a situation where the plucky security bankers would be like, there were 10 attacks by this guy, worst of the worst, right? And then when the guy retired, they'd be like, well, here's 500 keys from all our attacks. And you're like, wait a second. It's up 10 is 500. So there were four of 95.
00:16:58
Speaker
didn't ever report it or never paid or bankrupt or whatever. So that to me was the best evidence that around 5% to 7% of the tax are actually known about, I'm assuming they're forced to disclose because of regulation and stuff like that, or some employee who violates or NDA calls a news agency. I have no idea how that all works.
00:17:21
Speaker
the the the
00:17:45
Speaker
but the hackers would like not even change their coin wallet addresses so everyone knew what they were and it was just
00:17:52
Speaker
No, these are probably the ones that are fluent through this stuff, right? And, um, and it was like FBI would be like 50 K or a hundred K or whatever. And I was like, well, okay, I guess that's better than nothing. Good. You know, but then I saw where like the hackers were like, they started like recruiting real money launderers from like, you know, Italy and from like the narco groups down in Latin America. So I was like, Oh no.
00:18:17
Speaker
We got the little tiny wind and they bought on the pros, you know, so, so we, we don't even know how much money there isn't bought anymore. I, I, I really don't want that stat to get brushed over like five to 7% of attacks are known. Crazy low. And, you know, I was reading this other stat the other week, if we want to just throw stats out there. Amazing.
00:18:46
Speaker
But it was, they were saying that 88% of American businesses have been compromised or hacked in some horror fashion. So it kind of matches up. I mean, there's a little bit of a difference there, but it kind of matched up. Like I just, I find that fascinating that 88% of businesses have been compromised in some fashion. Five to 7% of them have been reported due to probably regulation and
00:19:15
Speaker
I'm sure a lot of them have been brushed under the rug, just trying to cause any type of reputational harm there. Yeah. Well, I mean, why would you? I did a lot of statistical analysis on some of the ransom payment numbers. And I found this really disturbing trend where you're like a micro entity or a small business.
00:19:45
Speaker
and you don't necessarily know any better. And they seem to be a lot more happy to talk to people asking about ransom, stuff like that, versus like, I mean, Sony just got hit, right? So I'm sure, you know, try calling them
Cybersecurity and Insurance Integration
00:20:00
Speaker
and say, hey, I'm part of like a, you know, a cyber insurance service.
00:20:03
Speaker
Uh, can you tell me how much the ransom payment was and your ongoing costs that we hung up on and probably get served by a lawyer? So it seemed like the people who were small businesses, you know, I think the number right now is like $400,000, like the average, but like, that's mostly small businesses. So that's what like the, that's like the, it's small enough, but just like, you know, not recording your charts claim to like, you know, on your house that there's like what the basement is.
00:20:31
Speaker
It's like one of those games, right? Where you're hiding from insurance as you can, you know, you're not going to record it. And it's just enough to make you really upset, you know, but you figure, let's say you have an SBA loan, you probably have your owner had to sign off on that or your personal assets. So you're not going to let that go. You fall, right? Because you'll lose your house and you know,
00:20:50
Speaker
So I think they really know how much they steal the data normally first. And I've seen before where the hackers know your asset value, they know how much the business can afford, and they make sure it's like just equal enough that you're not bankrupt, that you can make the payments, you know, like that. And it's just like mafia. It is an office point.
00:21:12
Speaker
Yeah, I mean, um, for, you know, we talk to agents every day. Um, most of the time it's agents that are very proficient in cyber insurance and somewhat proficient in cybersecurity. But you know, we do have a large segment of smaller agencies that, uh, talk to scenarios. Um, the, the parent company of scenario cyber and, um,
00:21:41
Speaker
a lot of these agents are just getting into cyber and just starting to wrap their heads around the fact that every single one of their clients has some type of cyber exposure. And I think leading with that, hey, can you afford a $400,000 loss? Because that's what we're looking at here if something happens. And the likelihood of something happening is extremely high because you are a small business. Right.
00:22:10
Speaker
I kept wondering, whenever I saw some stats came out saying around, I think it's like 70%, there was like a 7 or 80%, there was a re-attack. So it's like, it's like extortion is a service. It's honestly, you know, if we were talking to like our great grandparents right now, I'm sure they'd be like, oh yeah, I owe them off. They got 20 bucks a week, you know, like, or whatever to stay open, right? You know?
00:22:33
Speaker
You look at the actuarial stuff, and it was already going the wrong way in 2021. And I saw where they started to beat attacks every 18 months, 24 months. And I always thought, so much of this data breach and ransomware operations,
00:22:52
Speaker
math on the insurance side. So much of it is based on a single loss of bank, right? I mean, it's no different than like Florida. I mean, where, where you have Ryan, you know, and you have like, you know, all this like flooding and hurricanes and stuff. It's just, you know, it's like, Oh, it's a storm of the century kind of thing. And then, but I know it's a storm of 2020s, you know, still in the 2020s and you're seeing it again. Yeah. And I was actually just thinking of this and then I kind of want to like dig into
00:23:21
Speaker
more about, you know, you're almost talking about ransomware and these threat actors as, you know, practically operating like a.
00:23:30
Speaker
like having some type of hierarchy and almost like a business structure. But, you know, I was just kind of thinking of this on the fly, but, you know, here in Florida, we, every year, like when is the hurricane coming? You know, we expect them every year. Um, and you know, we, it's very rare that we get one that like really knocks it, you know, really causes a lot of damage. I mean, and a lot of years since that's happened and.
00:23:57
Speaker
You know, I'm starting to correlate that to like a cat risk from a cyber standpoint, right? Like a systemic type of loss. Like, you know, we may be a little bit in a soft market from a cyber insurance standpoint, because there hasn't been any like crazy systemic loss or crazy cat loss. That's like a, or anything like that. But like, that doesn't mean it's not coming, right? And so I just, I was thinking about that as we were going through this, like,
00:24:26
Speaker
you know, we could be looking at in the next year or two years, like these ransomware attacks start picking back up. And so, um, and then Dennis starts getting a lot more phone calls.
00:24:39
Speaker
Yeah. Well, it's interesting how, you know, there was actually a supply chain or there is a hierarchy, you know, supply chain on the access side, access systems. And then you have a supply chain on the tools, right? So those are the tools folks who are calling us, you know, like frustrating fools while working.
00:25:00
Speaker
And then on the supply chain side, they call them initial access agents or initial access experts. And they're basically hacking. They're like the real OG kind of hackers you could think of. They're one thing that's like gone.
00:25:17
Speaker
hacking and exploiting boxes, getting access, and there's marketplaces where they'll sell access. They'll say, sometimes it's in response to like a sales effort, literally from like the extortionist to say, Hey, I want
00:25:32
Speaker
I don't know. I went to a school near Pittsburgh of at least 1,000 students. You know, like they'd shoot up this round this budget. Other times the hackers will, and then it's almost like a John Wick scene where everyone runs out, they try to climb, you know.
00:25:48
Speaker
Um, and then, um, then you flip that, right? Sometimes like there's some hackers who just like go out there and then they will be the ones that say, Hey, I don't know. Like I got an orphanage in Atlanta, uh, who wants to hack orphan. Well, I assume there's less.
00:26:04
Speaker
There was lots of money in orphanages and there was, you know, pulled the horse grants, probably not as much, you know? So, and so we see both sides happening, but what was interesting, you don't know what the buyer is. So whatever the Ukraine war started, I started to see less and less for sale. I should say that resulted in the ransomware attack, you know, and more just kind of like disappeared. And then our own telemetry chain from less ransomware more to this, like kind of like lurking and slurping data and stuff.
00:26:32
Speaker
And I was kind of like, I had no proof of this, but I was like, you know, if, if someone like Russia was trying to kind of like
Ransom Payment Dilemmas
00:26:40
Speaker
prepare, you know, for like a cyber attack from like a nation state level, that's what they would do. Right. They didn't filtrate and they'd kind of lay low. They wouldn't just, cause they don't, they don't even money. But like, you know, their goals were different, right? You know, they were trying to prepare for war, right? And we saw the different behavior, but it was almost like now that, that, uh,
00:27:03
Speaker
It's like now those military plans have changed. Now the extortionists are like, well, now we're back in business. We're not just hacking the government, now we're hacking the profit again. Yeah. That's super interesting that you're tracking behavioral changes like that. That's super interesting because it does make sense. They were laying low for a little, they probably have been traded laying low and now they're
00:27:30
Speaker
I feel like it's picking back up. I'm curious if you're seeing any exact trend, whether it's proven or not. Are you seeing anything like, yes, I know this is why it's picking back up, or you can see the behavioral
00:27:47
Speaker
I can kind of see it from like a very high level. I think the only people that probably can see from a low level are like, you know, the folks listening in with like a Luke Skywalker email address or something where they're not there. They're not really allowed to interact with the public as soon. You know, like, but we see from the right eye just the metrics, you know. I can't tell you that with all of the identity, you know, kind of attacks recently, like, yeah, and there's other things, right?
00:28:16
Speaker
that in the first half of this year, 52% of the attacks that we stopped were preventing that. Two basic engines that we have, one is like digital identity, like passwords, tokens, API, keys, crypto wallets, that kind of stuff. And the other side is like data. So 52% of the people we had had,
00:28:39
Speaker
Uh, some kind of identity that like where it would be preventative, right? Only 9% had data. So I think everything is like moving over. And I think that's because of cloud adoption. And there was like improved hygiene around like passwords and, uh, you know, using that to factor authentication. So it's actually a good problem to have. Awesome.
00:29:00
Speaker
If they were still just like lobbying with password one, two, three, and you'd know, you know, they're going to pick the easiest way in back. They're not tells me that there's a lot of progress being made on, on some of the cyber hygiene stuff. Um, that the app drills, of course, you know, like Ryan, you mentioned the, uh, like the agents that don't really know cyber. I almost feel like.
00:29:24
Speaker
That's a trap, you know, because like, I don't know much about actual science. I mean, I, I, you know, I think I took one statistical class like in grad school and I was like, you don't have to complain about it, but the guys behind me. And then they were like, Oh, we're meteorologists. This is like first of 10. And I was like, I'm gonna keep quiet. It might be, you know, like, and, and, um,
00:29:46
Speaker
They, uh, you know, but it reminds me of, you know, come out on the actuarial side that like, I don't know much about that. I don't think it's fair to agents get good at like cyber any
Importance of Backup Systems
00:30:00
Speaker
more than if I'm going to sell, I shouldn't be really good at actuarial statistical models. Yeah, a hundred percent. I mean, you know, they, they need to remain insurance specialists. I like they, they should, you know, insurance agents should be proficient in cyber insurance.
00:30:16
Speaker
It doesn't mean you need to be proficient in cybersecurity.
00:30:20
Speaker
You know, I, you know, frankly, I just know the basic of cybersecurity. I just, I focus on the cyber insurance piece and, and working with Abe on translating the cybersecurity to cyber insurance, right? Just working on that translation. And we, you know, we work with specialists on cybersecurity to help do that. Right. And you know, I, that's something that I continuously preach to these agents. It's like, Hey, you don't need to become a cybersecurity expert.
00:30:48
Speaker
But learn how the cybersecurity, the basic controls, MFA, EDR, cloud hygiene, backup strategy, learn how those are affecting insurance premiums. And that's kind of what, and your coverage. And that's what you need to be good at. Stay in that lane and then partner with people on the cybersecurity side to handle what they're really good at. You don't need to solve both problems. It makes perfect sense.
00:31:22
Speaker
whenever, even so there's two sides to the story of the check boxes, which that's kind of all you have to go on, right? You're not gonna assess it kind of depth. On the one side, not like, okay, well, like I'm sitting on like demos right now that like basically just attackers are like nuking every ER on the way. Found it out by accident, we were just kind of like, oh, come, nothing stopped this port of gods.
00:31:42
Speaker
I think it's awesome because the...
00:31:50
Speaker
You know, and then we were like, no, no, that's, you know, now we're, we're in the hot seat, you know, cause we're, we're the only ones left. Um, and we also have the evasion and spiral walls and, you know, there was like automatic backup killers. But what happens is, is that because of the supply chain shortage on the actual hackers, um, they're using, it's called robotic process automation.
00:32:12
Speaker
It's a fancy way of saying, I'm going to have a whole bunch of things to do in a row, almost like a call script, right? Or like more than played on a contract. And I'm going to sit down and I'm going to have this like otherwise junior person, I'm just going to give them a whole bunch of things to run and just be like, follow this script, right? And what's really interesting is you have two sides. The one is, well, the hackers, you know, are already demonstrating they can beat down about our district go out there, right?
00:32:40
Speaker
delete backups and take over Cloud accounts and all that kind of stuff, right? On the other side, what you have is you have a thousand or two thousand more junior developers, nor junior hackers, criminals that are running the scripts, right? And what I've found is that sometimes they'll miss things, right? So sometimes they'll, you know, they don't know about their new,
00:33:04
Speaker
show my, but I always joke like been for 9,000, whatever from like cool time. And like, they don't know about the new bin for backup that the guy installed, right? There's first don't handle that. And they just like, they leave it there. You don't delete backup. Um, as long as the victim doesn't
Cyber Crucible's Preventive Approach
00:33:20
Speaker
come back, because sometimes we get victims on like link and be like, like, we would have totally been deleted except for we had them win for 9,000 version 6.2. And I'm like, Oh no. Like they're coming back in like a month.
00:33:34
Speaker
You know, um, and so that's, um, we see that a lot. And so it's not a case of, um, which of course is now we're in risk and insurance speak. We're not in cyber speak where it's okay. We have this much risk that has been managed, you know, where residual risks have to accept. Um, and that's what's left, right? Which inside cyber guys, they'll talk like that normally.
00:33:59
Speaker
Right. You know, um, and so for me, it's like, no, please install it. Just don't go ahead and, um, like don't let it be a bath water. Don't say, Oh, I'm not going to do anything then. No. But on the other hand, it's one of the situations where you're like, well, just know that there's going to be a little bit of risk or a lot of risks that you're, you're accepting, you know, that you're just going to have to put up with and make sure you have insurance non-technical mean to kind of fill that in. Yeah. Dennis, I'm curious. So.
00:34:31
Speaker
Should we ever pay a ransom? That's a great question. So I think the first is that, I think to understand the environment is that if you're a small business, your finances, there's actually stats around this. I found it frightening. It made me feel better as a business owner, but it was also frightening of how many business owners have co-mingled credit scores.
00:34:58
Speaker
loans and your socials on everything and everything else. So for many people, there might not be a choice. It might be that I'm going to default on this loan and can't go home to my family or whatever. But having said that,
00:35:15
Speaker
You know, I think it has to be a business decision. And there's like things out there saying like, you don't pay the ransom but hacked again. Well, that's a, that's a lot of business behavior, you know, like on the, on the criminal side, you know, so without staff, if you know that's false, right. But, you know, there, there's this comment about like, you know, well, are you helping the hackers? Well, I mean,
00:35:38
Speaker
These guys are bad stuff, you know, so I don't, I don't think it's going to be a situation where they just give up and say, thank you. I'm going to church, you know, like they're, they're going to keep on doing stuff, you know? Um, and from a business side, you had to cross your operations, right? So you got to figure out from the business angle, you know, what, what's worth it. I can't tell you.
00:36:00
Speaker
No matter what happens, there's going to be a lot of costs to your business. It's probably going to be over to the other dimension. Almost like how poor does the fire go before I put it out? You know, I mean, that's really the same analogy, you know? So I always tell people to do what's right for the business, that the greater good becomes very, very, very small when it's your likelihood and your assets online.
00:36:29
Speaker
Um, you know, so that, that's kind of my, my life. I know law enforcement isn't a big fan of that advice necessarily. I've seen, I've seen them go back and forth, but it's like, you can't tell, you know, you can't tell someone who's your kid is sick. You don't want to get the hospital bill.
00:36:47
Speaker
You know what I mean? They're going to do whatever it takes, you know, and it's the same attitude, you know, very, very, very close to the heart at that point. I guess, I guess the theory behind it, and I'm probably lacking so much nuance here, but just conceptually, I'm thinking if we have a robust data backup process and implementation,
00:37:10
Speaker
where we're storing our data offline. We have our data encrypted. We have multiple places that we're storing backups.
00:37:22
Speaker
Would there be a need to pay the ransom? And let's just say hypothetically, that just became standard. Yeah, that's a great question. So we've seen folks who, so I'll give a couple of scenarios. We've seen folks who have had the backup, I'll give you the worst than the more common.
00:37:42
Speaker
where they'll get a hold of the backup administrator's logins and everything. And because everything has a dashboard now, by necessity, you have to manage it somehow, right? And then they'll figure out how to destroy the really old backups that otherwise wouldn't have access to anything, right? Now, I can't tell you how common that is. I can't
00:38:05
Speaker
I can't tell you what happens, you know? Like let's assume that the hackers were just like some, you know, young, more junior person that ran their script and they missed the Bitford offline backup within salt light or radio or something. So, so like, let's say they missed that, right? What I'd see is that you have like all your RFPs and all of your business, like immediate business needs, the transactional kind of stuff, you know, for the clients.
00:38:32
Speaker
that I've seen where that gets wiped out, it's more easily accessible to the backup, you know, to the, to hackers, right? But then what happens is, is you're left with like nine copies of like 2012 tactic, and you're like, well, okay, good, you know, but like, I need the RFP that June has ready to go out for the CRO, you know, like that's, so there are two different needs. Like once you're teaching and one is more operational and operational transactional data seems to be wiped away.
00:39:02
Speaker
which is, you know, it just, it kind of makes sense, right? And it does make it very hard with immediate impact on the business, even strategically, there's some more survivability because you have these offline backups with the assault line once a month or whatever, whatever that is.
00:39:20
Speaker
So, so yes, backups are important. And of course, you know, the more security around them and the, and the more replication, the better, the more automation you have to protect those a lot of tokens, but you have to protect that dashboard access that all costs or otherwise there's that's why we added that drawing. We realized that that was the start of like every attack was get access to the dashboards. And it's,
00:39:48
Speaker
is proven very successful for the hackers, you know, where go in there and we're just like, Oh, this again. Well, you know, like, so, um, uh, so, uh, having said that, um, I'm definitely not saying get rid of
Dennis' Personal Stories and Influences
00:40:00
Speaker
backups, like just that strategy works. I had that called where there was like one desktop left, you know? Um, so.
00:40:08
Speaker
Those are hard calls, right? They're really not much that one versus someone who has at least half their backups and they kind of, you know, they have enough to kind of crawl, you know, like it operate and they can make a business decision based on profitability.
00:40:21
Speaker
Yeah, well kind of take us through that, you know What what problem is cyber crucible solving? Absolutely. Yeah, so I mean we mentioned the whole heart attack battle thing, right? We're like we decrypt that's actually not even possible anymore I saw a company that I had a demo of it and I was like 2012 called buddy, you know, like but on except that was kind of weird but like um
00:40:47
Speaker
The interpret what we do is, you know, that actually spurred us to say, can we speed up the access like, so we can decrypt even faster actually. And then eventually that turned into, okay guys, well, we're heading this vast encryption, you know, and then we realized we can get competitive, you know, with analytics. So what we did essentially was we said, um,
00:41:13
Speaker
from an insurance, I mean, from an insurance angle, business angle, profitability angle, we said prevention has to be where it's at, you know, by the technical necessity and now business necessity, right?
00:41:24
Speaker
And I looked at it and I looked at the situation and I thought about it. And so, of course, most of my engineers like in the twenties, they would never have known this world really. But like, there used to be a world, right? Where like you'd run your Symantec, your Norton antivirus, and that was all you needed. And it was pretty trustworthy, right? And things were nice and calm and quiet.
00:41:44
Speaker
And I said, you know, guys, we need to get back to that where business owners aren't thinking about cybersecurity. This is just one more control in place, just like they check the box for fire spread clips for the restaurant, right? That's just one more control, you know? And so what I ended up doing was, you know, I said, let's see how fast we have to be. We learned that's around 200 milliseconds.
00:42:09
Speaker
And I said, okay, well, let's invent everything necessary to go back to the world of like Norton, only against modern attacks and make it nice and calm and quiet and make it a risk that's just managed. It's yet other business risks has been managed by the client, you know, for the client by us. EDRs were kind of, you know, they, they, they,
00:42:32
Speaker
They serve it for purpose, I'll say, right? So EDRs are kind of like your built-in NCIS where they're just collecting forensic data constantly. It's too slow to respond, you know? But they're collecting data, you know? And I always equate us to like, you know, like a fucking moment marketing guy that lives in Tel Aviv.
00:42:52
Speaker
And he sees those missiles fired by, uh, you know, towards literal constantly the iron dome coming up in time, right. And just phenomenal, you know, I mean, it sounds like sci-fi, right. And I said, you know, we were, we were talking and I said, you know, all the like intelligence analysis you guys do to try to find these rocket people, you know,
00:43:13
Speaker
It has some success, but it's more like a, you know, you figure out afterward, you can't keep up with the rockets, you know? And then here comes this like, just in time, kind of like missile to just take them out in midair, right? And I was like, we're a lot more like Iron Dome and the intelligence analysts who are trying to figure it out later, you know, for later on. So it has worked well. I will tell you that the biggest challenge we had to work around was that we didn't have a whole lot of reporting at first.
00:43:42
Speaker
And so many business owners, once it worked, they treated us just like they're fire sprinklers. We're like, I mean, nobody stays at night at night thinking about it. It's just one more thing. You check the box, you know, that's managed. You have fire insurance, you know, like in your diet, you know? And we saw where people were treating our product now the same way. And then they were like, we're there.
00:44:04
Speaker
Like we were just happily blocking things and saving, you know, and we see in our records, Oh, we saved the business this month. That's great. You know, and the guy would be like, Oh, I don't even check. Sorry. You know, like, and so, um, which really should be right. So, um, so we've, um, we've been very successful in blocking.
00:44:22
Speaker
Identity theft the data theft and the ransom or encryption and I'm using we call it road process prevention, you know, but Essentially we said, you know, let's make it quiet It was back for that world where you know before we knew John McCaffie was kind of a strange cat You know like and you know like back back there, right? Um, just worked his wrong way. Well, by the way, John McCaffie didn't kill himself I would argue
00:44:50
Speaker
that, um, that man lived a very exciting life and it wouldn't, it wouldn't be a surprise to me, you know? I feel like we're to find out that he like slipped on like a, a putter.
Conclusion and Connecting with Dennis
00:45:00
Speaker
Like, like he, he would be chipped by a saps and didn't die off of like some like, there's something completely anti-climatic. Right. Right. He took the wrong Advil or something, you know, that would be a John McCaffey thing right there. Yes. Yeah. You know, I, Dennis said that reminds me, it's like,
00:45:20
Speaker
Uh, you know, you are more into the cyber warfare aspect of things, right? Like you are constantly, um, you know, eliminating attackers and it's while they're in the act, right? Yeah. Yeah. And you're just zapping them.
00:45:39
Speaker
Yeah, which should make the hack world happy. Oh, I'm sorry. Go ahead, Abe. I was saying the technical term is to zap them. That is the technical term.
00:45:56
Speaker
Dennis, you should adopt that for your marketing language. I will. I'm going to use it. I'm going to say when he's at malware. I don't think anyone's saying that. So that should be like a great trademarkable, like, uh, line, you know, Oh, a picture of the, uh, where those, uh, fluorescent ball, uh, zappers outside, you know.
00:46:17
Speaker
That's great. That's great. Yeah. Well, this is a, gosh, we could probably do like a 20 part series on this. I want to get like Dennis's like, like crazy stories. You know, I want to like, like,
00:46:33
Speaker
I want to get the FBI spooks like, what? He did what? Like, I can tell you a funny story. Um, and then I maybe, you know, I know we're, we're over time. Um, so the funny story is, so I had my business to pay for college when I was in college. Um, and that paid the tuition and stuff like that. Right. And then I ended up in Iraq. Right. And there's like, you know, uh, all of a sudden now the war. Right.
00:47:02
Speaker
And in between like combat missions, and when I was back at that, you know, back in that little like, there, I brought a whole bunch of security books with me, because I was like, you know, I had my first like foray like a security event, before I left, like 2003. And then I was like, I'm gonna go back, I'm really, you know, like, really focused on, right, I really got a knack for it, the revenue was good.
00:47:28
Speaker
And so I brought, they're called sand books or songs books. I brought a whole bunch of those with me, a whole other stuff with me. And super technical books, but when it's the 130, 140 degrees outside, the glue on the binding like actually melts, right? So I, you know, and I had all my gear and everything, right? So like, they're all, they're all in these like a rocky kit instead. I'm sure they were given like, you know, $2 to follow us around or whatever, you know?
00:47:55
Speaker
And then the page would fly out of my manuals that I'm trying to study. I've got to get back and support my family and everything. And so it took me a month of chasing after these guys who, even if I didn't have all this gear on, would be five times my speed, even at 23.
00:48:18
Speaker
and try to chase them down because they were grabbing the paper and running away and it took way too long to realize that like I think they thought they were like classified documents or battle plans you know and like how to computer your Cisco router like you know securely stuff
00:48:37
Speaker
And then when I got back in my first jobs actually, like getting back into consulting, I could actually tell which chapters like have blown away, like literally blown away in the desert wind because like, I'd be like, I'd be cranking out code and whatever. And then I'd be like, I have no idea how to do this at all. And then I'd go back and go, yeah.
00:48:59
Speaker
you know, we're like, flew away. So that's kind of interesting story, you know, that's wild. Yeah, that's amazing. What a story. Well, this has been, I think, incredibly interesting, incredibly helpful. It's, you know, for definitely for me, it's helped me just wrap my head around the way that that ransomware works.
00:49:24
Speaker
Um, for people that want to get in touch with you, they want to check out your stuff. They want to talk to cyber crucible. How, how can they, how can they get in touch with you? Yeah. I mean, uh, I think the easiest way is just over LinkedIn. Um, just like you guys, I already, you know, I, I constantly have a ruling 25 voicemails or more from salespeople email and it's kind of a lost cause, you know? Um, but, uh, you know, if I'm late and all, uh, the message will stay there and get to it.
00:49:54
Speaker
I love talking to people. I try to put out a lot of content based like bot leadership. I've been abused by people, but like, you know, informative. So people can get smarter. Some of them kind of get killed. But, you know, I try to keep that going. So feel free to hit me up on LinkedIn. Hi, you know, some memes. And some memes. Yes, I do a lot of memes. I actually, um,
00:50:21
Speaker
And now I'm not telling their story, but like actually when I first saw me, it was on IRC, which is like a really old version of what was before Myspace, you know, like it was a text, right? And then,
00:50:35
Speaker
Something like that was someone who was calling the mains. And I was like, that's weird. You know, but I never thought I'm going to talk about that. Right. I've never verbalized was always just there. And then they said the reason why was I guess this might be toy made operates. So I might be calling myself for any future podcast. Right. Like, but like, I was like, they said, well, it's French for like a gaggle or something like that. You know?
00:51:00
Speaker
I've never validated that. I don't know, because I don't speak French, but it made sense to me. Like, oh, I'm laughing at it. And like, you know, it's like, yeah, I grew up with people like laughing at the picture, right? And, and then like, it took like, I would probably say three years ago, I've been calling it Maine, sir, for two decades, three decades, you know? And, um, and then still it was like, it's actually memes. And I was like, they can like, it's like those flash facts. You're like, Oh my God.
00:51:26
Speaker
How many times did I embarrass myself in public over three days? They're like, what are you talking about, dude? That theme song comes on. Hello, darkness, my old friend.
00:51:41
Speaker
yes exactly i feel like i feel like there could be a meme that like i would get and i would think it's hysterical but no one else will laugh at you have to hopefully get the wrong side of the whole fiction to the last one and it would be like the perseation of memes and it would be up to the side and i would say yes that's me
00:52:02
Speaker
Oh my gosh, dude. I love it. I love it. Well, this has been, this has been one for the books. Um, super appreciative of your time. Thank you for coming on and deal with some of the technical difficulties and everybody go connect with Dennis on LinkedIn. Get to see some great mames or mames or however you say. Yeah. Awesome. Yeah. Awesome. Thanks guys.