RCR 158: Emerging Threats & Trends and the Future of Cybersecurity
Jan 28, 2025Is your business ready to tackle the hidden vulnerabilities lurking within your software supply chains? Discover the profound impact of President Biden's recent cybersecurity executive orders and learn why third-party software is a crucial focal point for safeguarding your organization. From real-world examples to actionable insights, I navigate the complex realm of cybersecurity, especially for small and medium-sized companies operating under the CMMC framework, while addressing the looming cyber threats posed by nation-states.
Explore the intricate web of emerging threats challenging today's digital landscape. As software dependencies and hardware compromises become commonplace, I illuminate the critical need for a future-proof security strategy that addresses the burgeoning power of quantum computing. From the risks of data poisoning and the sophistications of deepfakes to the potent social engineering tactics manipulating political and market environments, this episode uncovers the multifaceted vulnerabilities businesses must contend with to ensure their cybersecurity.
Unlock advanced strategies to build a cyber-resilient organization. By implementing a cybersecurity mesh and embracing identity-first security approaches, your company can stay ahead of sophisticated threats. As I discuss the transformative role of generative AI in both defensive measures and cyber threats, the importance of automated detection and response becomes evident. Cultivating a security-aware culture and ensuring robust supply chain security are essential, as these elements play a pivotal role in maintaining business continuity amidst a rapidly evolving cyber landscape. Join me for a deep dive into continuous improvement and proactive planning, equipping your business with the skills needed to fend off future attacks.
TRANSCRIPT
Speaker 1:
Welcome to the Reduce Cyber Risk Podcast, where we provide you the cybersecurity training, tools and expertise you need to protect your company from the evil hacker horde. Hi, my name is Sean Gerber and I'm your host for this action-packed and informative podcast. Join me each week as I provide the information you need to secure and protect your organization and reduce your cybersecurity risk. All right, let's get started. Give it up. Hey, I'm Sean Gerber with the Reduce Cyber Risk Podcast and hope you all are having an awesome day today. Today we're going to be chatting around threats, trends and the future of cybersecurity, and this is kind of an ongoing saga, I would like to say, of what we're going to be talking about at the Reduce Cyber Risk and Reduce Cyber Risk podcast related to small, medium businesses and realistically, it affects all businesses in general. But the main purpose of the Reduce Cyber Risk podcast is to focus on medium-sized businesses and smaller businesses to kind of provide you the skills and at least the knowledge you need to help protect you from the evil hacker horde. But before we get into that, it was actually a news article I wanted to bring up to your attention today and this relates to some reactions based on the current president, uh biden, the united states, he's looking to do. He put in place some cyber security executive orders. Uh, just recently, and obviously on on January 20th the recording of this podcast is just prior to the new president taking over he put in place some executive orders around cybersecurity and the article gets into what is this do from a cybersecurity standpoint and the fact that it's going to be able to focus on third-party software supply chain, software development, identity and security, internet protocols, quantum, so on and so forth right, a lot of great stuff in there that it's going to help deal with, supposedly. Now one of the concerns around this article is the fact that the new administration from the Trump administration will revoke this executive order and therefore it won't be useful anymore. I think, really, what it does is it highlights the main fact that, whether it's the Biden administration or the Trump administration, somebody's going to have to do something about it.
Speaker 1:
And one of the big aspects and this article kind of gets into and alludes to and I would recommend you go check it out it's on Security Week. One of the things that it alludes to is the third-party supply chain, and I've been doing security for 20-some some years and it's been morphing from one step to the next, but the third party supply chain for most organizations is probably the soft underbelly of what goes on, and if you go to a large enterprise, they have a lot of people in place to help protect organizations. However, they rely a lot on third parties to help them with this process, and so therefore, these third parties sometimes will have connectivity into your organization. One of the things I recommend and you can see it on Reduce Cyber Risk on the actual site itself is a security assessment and do a gap assessment of your company. You can go check it out there. There's a free download for you to get. You just got to give me your email address. But short of that, what it comes down is it will help you understand some of the security gaps within your company and if you're looking at trying to help protect it, this would at least point you in the right direction of some things you can start doing immediately. That's going to come out here in the near future to help you kind of better sure up your organization. But at the end of the day, if you do have third-party supply chains that are helping you with your company or you are the third-party supply chain for another company. You're the feeder type company, then you're going to want to make sure your stuff's in order and if you are working for the US government in some form or fashion, obviously the CMMC requirements the cybersecurity maturity model certification is a requirement for you. You may need to have that in place soon, right, because I know they're coming down a little bit harder on that now, going into 25 and putting some more restrictions in place.
Speaker 1:
So good article kind of talks about some different things that we've all been dealing with in the security space and things we need to be concerned about. But, as we all I mean even the FBI director, just kind of a little bit of a tangent, the FBI director made a comment that his biggest concern is obviously China and them causing chaos and pandemonium in the event of a full-out war. I will tell you point blank, living in that space, if I was China, I would do the same thing. They would have all kinds of little things built into the US infrastructure so that if a shooting war went off, what would they do? They flip this trigger and then things come crashing down and not to be like the sky is falling, but it's very, very possible that this could occur. You, as a business owner especially if you are serving our infrastructure in some form or fashion you have a good plan in place to deal with this. So, good article, check it out. But yeah, let's just roll into what we're going to talk about today.
Speaker 1:
Okay, so this is going to be threats, trends and the future of cybersecurity, and what does it look like? Again, this is based on circa 2025, where we're at, but a lot of the things of where the world is driving to at this point is going to be AI-driven attacks. Now, you've seen this. We've had the traditional phishing attacks that occur out there, and you just think of it this way If I was a bad guy or girl and I'm sitting there trying to get access to your business, what would I do? I'll send you an email, right? Well, now, it used to be where you had to try to figure out what that person was thinking. Well, now, it used to be where you had to try to figure out what that person was thinking. How was their thought process? But now, with AI-driven attacks, I don't need that, and a person that's in the middle of Africa or the middle of Ukraine or the middle of Antarctica, for that matter, could launch an attack against you and utilize it using AI in a way that you would actually probably believe that it's a real person or it's somebody that maybe knows you. So these AI-driven attacks are going to be increasingly challenging, especially with the artificial intelligence and machine learning that is in place.
Speaker 1:
Now you're going to have automated phishing. The point of it is it used to be a very coordinated effect. It took a lot of effort, a lot of education. Creating phishing emails was not easy. It took a lot of effort, a lot of education. Creating phishing emails was not easy. It was very painful. But now, with the automated phishing, it could be much easier and it could be crafted in a very personalized manner. So you need to be prepared for that. Also, they have evasion techniques. The AI can help the malware adapt and evade based on questions you may be asking of the email. It could also I mean, it's amazing how this if you look at what AI can do in making pictures online you just tell it what you want and the chat GPT-LLM type activities will then create a picture for you. It's just incredible.
Speaker 1:
And the deepfake technology Again, these deepfakes we're seeing a big problem in the school systems, especially with young children, and they're getting to the point where they're getting their faces put on pornographic images, and it's not even them, but it doesn't matter, right? It's the deep fake stuff. So these deep fakes can be used to social engineer attacks, creating convincing audio. Audio isn't a big factor. You can actually, from what I understand, based on this podcast. If it's got enough samples which it does, I'm sure of me now it can create its own podcast without me even chatting with you. So it's an imperative that we have a good understanding of what does this specifically look like? So again, audio video.
Speaker 1:
Big challenge Ransomware. So this is something that I think we've thought about it many years ago, when I was in the cyberspace of going how is this going to affect companies? And we really thought, well, at some point, if they decide to burn the house down, it could be bad. Well, it's here today and I know you all have dealt with this. But ransomware, because of the fact that it can destroy your systems as a business owner, can just devastate you. I mean, it can take you out of business, for all you've worked for for 10, 20, 30 years can be gone in a matter of just a few short weeks. So it's an imperative that you have a good plan to deal with this.
Speaker 1:
And this is where an attacker will encrypt the victim's data and obviously demand some sort of ransom behind it. Now, it could be data, it could be systems, it could be a lot of different things, but they'll do this in the way of trying to gain information, or, if they just want to, they'll burn it to the ground. That just depends on them. So you have double extortion where this is where the attackers only encrypt the data but then threaten to publish it if they don't get paid. So these are the parts where they're basically staying extortion If I have dirt on you and I'm going to release it unless you pay me. The other one is ransom as a service.
Speaker 1:
This model allows for less skilled criminals to launch ransomware attacks using tools developed by more experienced hackers, and we had this happen. I had some very strong and positive folks that were really good in the hacking space and we would utilize their tools to do what we needed to do. And you can find people nowadays where we say the script kiddies, where they were very limited in what they could actually do to your organization. But now, because of the fact that all of this technology is pretty easy and you just mash an easy button. It ends up being the situation where people that don't have a lot of skills could actually cause a lot of damage to an organization. And then the targeting of critical infrastructure such as healthcare, energy, transportation. All of these are under attack and they'll continue to be under attack, especially if we get into some sort of war or shooting match that would occur with various countries. You can expect fully expect that there will be ramifications for that. So, again, it's not something that's easy to deal with.
Speaker 1:
Another one is IoT vulnerabilities. Now, this is something that has been I mean, I taught cyber physical systems in colleges in a local college here in Wichita State University at Wichita, kansas, and IoT because of the fact that much of the computer systems that are tied into the internet of things are relatively easy to basically manipulate, and it's because they weren't really designed for something that would be a hardened system, and so, therefore, what happens? Well, you just end up having a situation where they're relatively Easy to take care of and easy to manipulate and cause problems with. So they have weak security built into these and most times they don't have enough security, making them a really easy target for attackers. Botnets will compromise these devices as well, and they'll be launching large-scale denial-of-service attacks, which basically means they fill up your internet pipe with garbage, and then you have privacy risks. Obviously, IoT devices often collect sensitive data. Depending upon where they're at, especially in the healthcare industry and those types of areas, you could have IoT devices collecting this kind of information which could be very, very sensitive. So IoT vulnerabilities and this is also tied a lot into the critical infrastructure pieces as well.
Speaker 1:
Well, now supply chain tax we talked about that just briefly where the third-party supply chains could be well, not could be. They are a large target of bad guys and girls, and so there's a lot of this comes down to software dependencies. I've worked with major organizations that have softwares that are that software is dependent on a specific company and without that software they can't operate. So these software dependencies could lead attackers to just basically compromise libraries specifically associated with this software, and then they can proliferate it throughout the different companies that this software works with and then they can gain access to a larger enterprise through that vendor. So that's a big challenge. And then hardware compromises Obviously, the hardware that was compromised during manufacturing, part of the reason why you see the United States doing a big push towards having its own integrated circuit chips is because the concern is that someone within a foreign country could slip in some malicious software inside the chip manufacturing process. So again, it's totally and this is stuff out of movies. You're like this is crazy, this couldn't happen. Oh yeah, it's totally good, very easily in the realm of possibilities.
Speaker 1:
We talked about deep fakes and then synthetic attacks as well, disinformation campaigns and fraud. All of those things can be set up that can cause issues right, and these are used for disinformation, fraud and other malicious activities and it's just going to become something we're going to have to work through. Now you're going to have to deal with the overall deepfake issue in general. And how do you spot a deepfake? So that's really challenging for businesses, super challenging for businesses. So then we get into quantum computing threats.
Speaker 1:
Now the quantum computings are still in the nascent stages. They're just getting started, brand new. But breaking encryption is a big challenge with the quantum. I would say that the interesting part. There's an article out there where quantum computing was able to crack something, and I'm just kind of quickly grabbing something that I remember reading and I'm just kind of quickly grabbing something that I remember reading. But the part that they don't understand is they think that because of it there's actually multiple universes or multiple time realities, because it shouldn't be able to compute that fast, but it did, and so it's real quickly will mess with your cranium of going. I don't understand what they're talking about.
Speaker 1:
The bottom line is, this quantum stuff is going to be nuts and it's going to continue to escalate. It may not be something that you're going to have to deal with in the next five years, probably in the next 10, for sure within the next 15. So it's going to be a big factor. Now, if you're a business owner, that's also a good thing, because now you can get potentially a Cray supercomputer and now I just dated myself on how old I am but a Cray supercomputer that can operate in your business and give you the same kind of results. Because why It'll be? This scale of the capabilities will be easy enough for a business to be able to purchase and operate. There's also quantum resistant algorithms Now, these algorithms that are designed to be able to be resistant to quantum attacks. Now, if you go to the, I think MIT came out with this and that will be something that will be pushed through different computer systems as well, and there's, I think, requirements that that has to be done. Anything that's a department of defense or government type entity must have quantum resistant algorithms put into it.
Speaker 1:
Then data poisoning Data poisoning involves corrupting of the data used to train AI models, leading to compromised AI systems as well. And then a lot of thing with data poisoning is it undermines your trust. The data poisoning will erode your systems and it'll erode your trust in different types of AI systems. Right, we know about AI causing having hallucinations. That's another part where you're like well, I can't trust the data coming out of it, so do I really want to use it? And then advanced persistent threats. Now we've talked about this on CISSP Cyber Training, another podcast that I have, but we'll be getting more into it here at Reduce Cyber Risk, because these advanced persistent threats are basically bad guys and girls that hang out in your network and their ultimate goal is to steal data and or be able to cause chaos and pandemonium. They have very sophisticated techniques in how they do this to bypass your security measures, and they will maintain this persistence presence within your organization over a period of time. In many cases, it takes months to get these guys and gals out of your company. So you want to make sure that you have a good plan when it relates to security within your company.
Speaker 1:
And then social engineering is another big aspect. Right, we got social engineering with phishing, baiting and pretexting, with all the social media aspects out there. I've seen it time and again that you can get people to do things they wouldn't normally do. My background I had a social media presence when I was back as a red teamer and I was a Jessica and I was a very attractive Jessica and I got people to do all kinds of crazy things because I was an attractive Jessica. Yes, and it works like a champ and people will do it and they fall for it all the time.
Speaker 1:
And then, finally, disinformation campaigns. You have political manipulation and market manipulation. These are areas that are used to influence elections, political decisions, as well as provide false information to manipulate stock prices. One aspect I know was a big factor that occurred back after 9-11. Al-qaeda made a comment that they had connected into the stock market and that they were going to cause the stock market to crash, but they didn't. After it was all said and done, they did not have connectivity into the stock market by any means, but they did mention that they could take the stock market down. So what happened? The stock market went down. The prophecy came to light because they just said it was so. So you can deal with market manipulation in that sense as well, and as everything can go air quotes viral, you can have comments made that go viral that are not true.
Speaker 1:
So what are some trends that we're trying to do to help with this situation? So we have to deal with zero trust architecture. What does that mean? Bottom line? And there's lots of big words behind this, and the one thing I'm trying to do with reduced cyber risk is to try to break through a lot of the smoke that comes out of this information down into a level that a third grader can understand, because if a third grader can understand it, then we all can understand it.
Speaker 1:
So the zero trust architecture basically comes down to is it limits what you can do with that device. So it says every device on a network is limited, untrusted. So I don't trust you. I like you, but I don't trust you, and so therefore, you have to limit your ability within that network to only certain areas. And that deals with what they call micro segmentation or strict verification. So the verification is where every user and device has to be authenticated immediately. Micro segmentation means you divide the network into very small subsets so that if I get into one, I can't necessarily get into another. And then you watch it all with monitoring, continuous monitoring.
Speaker 1:
Now you all are probably going, oh my gosh, this is expensive. And you're right. See, here's the problem. This is where small and medium businesses really will struggle with. This is because it can be expensive, and not necessarily from a technology standpoint, but maybe from an opportunity cost standpoint, because now you've got to dedicate people to deal with this stuff. Again, it's just part of doing business. Now, when we deal with risk, you have to decide do I want to implement all three of those or do I just implement one of those? And that's something that we'll talk about here.
Speaker 1:
On, reduce Cyber Risk is some things for you to consider around risk, cloud security again, data protection, access controls and compliance all are a big factor with cloud security. As more companies are moving to the cloud, this is a big factor as well. So you've got encryption both when you're transiting and when it's sitting up there in the data centers in the air quotes cloud. Who can access it through access management tools? I mean, can Sean get to it? Can Bill get to it? Who can and who cannot? And I think that's who cannot is also as important as who can. Compliance again, there's regulatory requirements that focus on this. Could be from the federal government here in the United States, could be overseas, in EU or China, wherever you might be. There are regulatory requirements that are increasing, especially if you are in an industry that is regulated by the government or has the potential to be regulated by the government.
Speaker 1:
Ai and ML using them for defense I think this is the next best thing we can do is utilizing artificial intelligence and machine learning to defend against these attacks. If they can create a picture by me just saying, create a picture of a frog with a red hat on, and they can do it, and it looks way better than I could ever dream of drawing, which I can't, but if I could, then why not use that same technology to stop bad guys and girls from getting into your network? I think it's totally doable. The problem that's going to come with it, though, is people may have really high expectations at first, and I kind of come back to SpaceX and what happened with Musk. He's blown up a few rockets, but his ultimate point was that I got to test them and blow them up to figure out what not to do, and I think that's what's going to have to happen with AI. But the challenge is you deploy that to your network and it starts blowing stuff up in your network, like blocking people from doing certain things. Then people have a much less tolerance for risk.
Speaker 1:
Automated response respond in the case that something bad were to happen, versus having to pull everybody together. Everybody makes a decision. Then we go forward, have an automated response to a cyber event, or even having predictive analytics to help you with understanding where the bad guys and girls could be coming from. Now regulatory compliance is going to become a bit much bigger factor as well. We kind of alluded to it just briefly. You are going to have, as a business owner, more regulations imposed upon you Lucky you you are and it's going to come either from the state, if you're in the United States, or from the federal government. Depending upon where you're at. It could come from the province or your federal government. It just really depends. But they're coming. You have no choice. It's going to happen and in many cases, it's going to be very reactionary, based on the events of the day. So you're going to have to deal with that.
Speaker 1:
Another one is a cybersecurity skills gap. Yeah, this is a problem. Training and education, diversity and inclusion a round range of different workforces, capabilities it's going to be different, and I mean by training and education. It's hard to find really qualified people and they don't have a lot of experience. Have people within your organization that work from home? Are you going to allow that? They work from another country? Are you going to allow that? Will the regulatory requirements allow you to do that? So, different perspectives, different skills all those kinds of things are going to be a big factor in the skills gap.
Speaker 1:
And then a cybersecurity mesh. This is where you have decentralized security, you have interoperability and you have scalability. You have to have an architect that develops and devises this cybersecurity mesh. Where do you get them? Well, I'll tell you right now, getting architects on the market is a very expensive proposition because they're hard to find and because of that, you don't know what to do and therefore it's this chicken or the egg issue and you're just praying that things don't go bad under your watch. That's the ultimate goal, and I see it time and again. But you better have a good plan and there's ways to help you with that. But I mean, you can reach out to us at Reduce Cyber Risk. We can help you with those things, at least give you the right direction. But at the end of the day, you're going to have to think about it. If you have a network and you produce a product and, based on the margins on your product, you are to create a profit and therefore your company is surviving off of this profit, you're going to have to think about it. Sorry, just you better do it Now, when we're dealing with another trend that you're seeing is identity.
Speaker 1:
First. This is where you have identity governance. This is where you're managing identities of individuals. You want to incorporate multi-factor authentication. How do I do that within your company? And then we talked about zero-factor authentication. How do I do that within your company? And then we talked about zero trust. Identity Identity is an important factor. If you have an identity for somebody or a device, you can then protect your organization or allow access based on this specific identity Generative AI. We talked about the large language models and how that's where things are coming. The threats are going to be utilizing these AI and deep fakes, but there's great opportunities here to help with the automated detection and response piece of this as well.
Speaker 1:
And then supply chain security. We talked about vendor risk management. I think you need to look at doing security assessments of some of the most critical vendors within your company. Now here's the point Depending upon which organization you work with like if you're in the financial industry, they want to do risk assessments of everybody and their dog under the sun and they have strict requirements on doing this. That being said, when you're in other parts of the ecosystem for businesses, that may not necessarily be the case. If you are a business and you have a couple of really critical vendors, that, if they get locked up for whatever reason and you cannot even operate because of that, that's somebody I would want to do a security assessment on. But if you got somebody that delivers paper to your office and say it's the guy or gal that drives up in their car, drops off paper and moves on, that wouldn't be somebody you'd want to do a security assessment on. It's just a waste of time. So you're going to have to balance that risk to your organization and then again, understanding your overall supply chain transparency.
Speaker 1:
One thing I say about the supply chain transparency that's important. You need to understand who's in your supply chain. I've seen it so often where companies will go yeah, we have the supply chain, we have these 10 vendors. But then when you dig deeper, yeah, we have the supply chain, we have these 10 vendors, but then when you dig deeper, oh no, they have like 20. And of those 20, 15 are critical. And then you're like, oh no. So yes, that's an important part of your supply chain.
Speaker 1:
And then behavioral and cultural change you need to understand. You teach your people what they should be aware of. I like to go by the attitude. Every person within your company is a censor. What does that mean? They're attitude every person within your company is a censor. What does that mean? They're watching stuff all the time. Well, if they see something that's out of the ordinary report, it say something. Say something before it becomes even worse, versus taking the attitude of yeah, it's okay, it's not a big deal, my cursor is moving by itself. It's okay, that valve just opened up on its own. It's just ghost frida, she just hangs around the facilities every once in a while and opens up valves. Yeah, no, that's not the case. You need to make sure that if people see stuff that's acting funny, they bring it up to you, and this comes down to security awareness, training, behavior analytics and so forth. So, again, you want to use more of this capability around AI.
Speaker 1:
We want to be able to have more resistant crypto, and then you want to really focus on this last bullet, I think is an important part enhanced cyber resilience. You all need to have a resiliency plan, and it could be as simple as the fact of it's on like three pieces of paper and that's it. But what the reason behind all that is is that you've actually gone through it in your brain and figured out okay, how do I operate my company in the event that it all becomes locked up because of a cyber event? You need to think about it, not just go oh yeah, we're good, you're not good. I'm just going to be blunt you are not good. You may think you're good, but when a little while comes on the road and somebody hits you with a ransomware attack, you'll realize real quick you're not good. And so the point of it is is that reduced cyber risk can help you with that. Again, we can help you with your resiliency planning, because I just don't want to see it. I've seen it so often. There's no reason for it. I mean, you're going to lose a little bit in an event and, depending upon, it's like you cut off your leg to save the body. You may end up doing something like that, but if you don't have a good plan, that infection is just going to ravage you and kill you. It just will. So you better have a good plan around it. I hope I've beaten that to death.
Speaker 1:
Continuous improvement you also want to look at different ways you can update your security measures based on the latest intelligence that you may see and based on past incidents. What does that mean? If you see your neighbor gets eaten by a bear, don't do what your neighbor did. Okay, that just I know it's a very graphic response, but I've seen it. Where I have companies, they will see that their neighbor, their competitor, just gets totally pwned. They get just eaten alive by some malware. And what do they do? Oh, dopey doe, things are just fine. Don't do what your neighbor did. Let your neighbor be a warning to you and if you are the person that gets eaten by the bear. Hopefully your neighbor paid attention to what you did, because there's no reason for it. There's just no reason for it, okay. So again, collaboration you want to have different privacy enhancing technologies are also coming out here as well.
Speaker 1:
Information sharing is an important part you want to share. I know it's hard when you especially when you're in a competitive business and it's all about competitive advantage you obviously don't want to share with your competitors your secret sauce. But if you have competitors, it's always good to build the relationships, at least in some of these spaces, because knowing what they know might be valuable if they're willing to share some of this information. Again, when it comes to these attacks, you are being attacked from every direction. There is a no good side or bad side to this. You're getting attacked from within. I'm just going to use the United States as an example Getting attacked from within this country or getting attacked from outside this country. You have to work with other companies in like minds and in like spaces to understand the threat and to look at ways to help mitigate the risk to your organization.
Speaker 1:
Anonymization, encryption again, encrypt what you can. You can't encrypt everything. It isn't always going to work that way. And then cybersecurity for critical infrastructure. This is one of the things I really beat the drum on. Critical infrastructure is important. Why? Because it's important to everybody. If you have somebody poisons the drinking water, we all die. Doesn't matter if you're Republican, democrat, don't matter, we all die. So I think it needs to be to the focus of. Forget the politics. You need to focus on what do we do to protect our families and to protect our country, whether you're in the United States or whether you're even in China or Russia, the same thing happens there. I've got a really good friend, like a daughter to me, who lives in Russia. Heaven forbid, I would love anything to happen to her. That's bad, juju, not good.
Speaker 1:
So the point of it is, you have to be ones that are looking for ways to protect everything out there under the sun and then secure essential services, regulatory frameworks we kind of talked about all that when it comes to critical infrastructure so human-centric security. We got to focus on behaviors. You got to focus on user education. You also need to integrate cybersecurity into your business strategy. Now, if you own a business or you're buying a business, you need to build it in at the beginning.
Speaker 1:
Again, though, I want to just stress this. It isn't about having the super secret cybersecurity framework. If you have it just built into your thought process, it can help you make logical decisions. And if you decide that you're not going to put implement some security measure, that's okay too. Why? Because the simple fact is is just that you've thought about it. You are making a conscious decision to either mitigate or accept that potential risk. Now you may transfer that risk to something else, like cyber insurance or something along those lines, but at the end of it, you at least have entertained the possibilities that you may have a problem or you may not, or you're willing to accept it. It's kind of up to you. There's new regulations that are coming we talked about all the time. You're going to see them, so plan on them and then also look at the new threat landscapes that are coming.
Speaker 1:
Space cybersecurity the article talked about that as well. That's out there. You're like what, what are we talking about? We got rockets now that launch and they land. Okay, well, how do they do that? Well, they don't just do it through magic. There's all technology that's running in there. So, again, space cybersecurity is an important part. A lot of our communication pieces are going through satellite, yes, so you're going to have to understand that. Biotech, cybersecurity, all those built into the overall space of the healthcare industry. Another big factor Again, technology is getting into everything, and so you better have a plan of how you want to deal with it. That is all I have for you on this.
Speaker 1:
Again, this is around new and emerging threats and trends and the future of cybersecurity in the overall business structure, and I put the spin around small and medium businesses, but it can be for any enterprise, right? It just comes down to small and medium sized businesses. You guys don't have a lot of resources to be able to protect you. Hence, that is why Reduce Cyber Risk is here and it's evolved. The ultimate goal is to provide you the skills and tools you need to help protect your company from the evil hacker horde. That's it, bottom line. That's how we roll. So just check it out. Go to ReduceCyberRiskcom. If you have any questions, just reach out to me. Send me an email. I'm happy to chat with you on the phone. We can set up a 30-minute discussion and figure out what you may need for you and your company. So, again, go check out Reduce Cyber Risk, reducecyberriskcom. All right, thanks a lot for listening to this podcast. I hope you have a wonderful, wonderful day and we will catch you on the flip side, see you.