Connected: Protecting from Changing Cyber Threats | Proton Dealership IT and Cybersecurity

Services
- IT Management
- Cybersecurity
- Compliance
- Incident Response
- Account Shield
- vCIO
Resources
SOC
- Security Operations Center
Company

[Music] hi I'm Greg Yen with Reynolds and Reynolds and this is connected uh today

0:09

we're kicking off cyber security month and I get to sit down with Brad Holton Brad's the founder of proton dealership

0:14

it uh Brad's been with us as as part of Reynolds since July of 2022 and surprisingly you've only been on once

0:21

Brad so I feel like every you know every October for cyber security month we should have you on but uh uh excited to

0:28

have you back and looking forward to chatting no I appreciate it yeah we've been a little busy since the acquisition

0:33

so we haven't quite got a chance to do all the things we wanted to do but with all the work we we put together to you know really integrate our teams yeah

0:40

we've been pretty busy but it's good good to grab some time together well and plus you're you're everywhere right you

0:45

can't make time for me because you're on uh you know especially since like this summer you're on CNN and you're on

0:50

everywhere else I look you know you're out there pretty pretty high demand definitely a busy summer I it was

0:55

not the summer I was expecting not the summer my wife was expecting either but yes thanks to things that happen in the industry uh pretty in demand for the

1:03

specific knowledge that that we have you know as a group of not just Automotive but cyber and being able to put those

1:08

two together and how does that affect dealers and you know kind of digging through all the intricacies that it's really a very unique set of knowledge

1:14

that so yeah when that when that happened everybody came to us to try to figure out you know what it meant and what to do yeah yeah know it's um quite

1:22

quite the uh series of events for sure so Brad you started proton in 2013 right

1:28

yeah yep okay so kind of a different world today than it was then I was hoping maybe we could start um looking

1:35

back a little bit and you could share um you know how things have changed obviously it's changed a lot but from

1:41

your perspective you know contrast 2013 to today and kind of how how different

1:47

things really are you know 2013 um cyber security was really just kind of it

1:52

wasn't even a buzzword it was kind of you know something that was an afterthought nobody really paid a whole lot of attention to it the main thing

1:58

even we were focused on when I started the company was just the it support you know getting the dealers running keeping running you know making sure the DMS was

2:05

up and they could get to it and just all that sort of stuff we didn't really you know everybody had any rivers um you

2:10

might have a spam filter but that was about it and you know the hackers back then the scammers it was it was a fairly

2:17

small operation most of the time it was It was kind of the hoodie that you see living in his mom's basement you know it

2:23

wasn't the the massive players you see now so it was just kind of something you didn't really think too much about and

2:29

dealers really didn't pay a whole lot of attention to it at all it wasn't until I'd say around 2016 2017 we started to

2:36

see attacks that were you know far more devastating uh previously you know if

2:41

you get R somewhere uh it would start activating right away so someone clicks on it might be your finance manager

2:47

sales manager you know service advisor it usually just just does damage to that PC and it stopped around 2018 we started

2:54

seeing massive damage where it would not just damage that PC and instead of immediately encrypting it it would

3:00

actually start scanning and investigating and looking around the network and it would take more of a a

3:05

longplay approach you know it they would basically stay the hacker we get in and stay there for two weeks figure out

3:10

everything and then deliver a catastrophic attack so starting around 2018 you really started seeing a huge

3:16

change in the way people were attacking and instead of getting you know one or two Bitcoins at the time was you know

3:23

maybe a thousand $2,000 $3,000 you started seeing those demands upwards of 100,000 and of course now you see

3:29

demands you know 25 million and up you know or it's not unheard of it's not even uncommon to see demands you north

3:36

of $10 million and the level of you know intricacy the the sophistication the speed of the attacks you know you're

3:42

seeing millions of attacks a day instead of you know a handful of guys launching a thousand attacks you're seeing an army

3:48

of individuals well funded you know sitting in nice Office Buildings in Eastern Europe launching millions of

3:54

attacks so it's it's just a totally different environment than it ever was before yeah how do you think maybe you

4:00

have a perspective maybe you don't but like how do you think we got here right going from $1,000 Ransom to $25 million

4:08

Ransom um going to the almost the normalization of this happening and there's like this this social perception

4:15

that it's almost a part of doing business and like there's there's a moral issue with that there's you know a

4:21

legal issue with that but it it just it feels like it's almost normalized which seems strange to me I don't know if you

4:26

have a perspective well yeah I mean so now like I City it used to be you had an attacker might be anywhere in the world

4:33

and it could be any individual and you know to some degree there's still you know groups all over the country all

4:38

over the world that are that are attacking but the vast majority of it is coming out of Eastern Europe and you're seeing it in areas where it's not

4:45

illegal to do so you know if you have a hacker sitting in SOI Russia right now he can attack the West all he wants to

4:52

and he's not gonna there's no repercussions so I mean they even have software built into their toolkits that

4:57

looks for the Russian keyboard being installed or looks for an IP address that's based in belus or Russia anywhere

5:03

over there if it sees those things it deactivates itself so the purpose is to make sure that they don't actually attack uh you know any Eastern European

5:10

countries and by doing so you know they're not breaking any laws over there any laws that they break over here and

5:16

affecting us in in Western Europe is it's not punishable matter of fact it's it's to some degree even encouraged and

5:23

uh you know as long as they assist the nation states whenever they're needed then it's just kind of looked the other

5:29

way uh they're basically protected and so when you have you know massive Financial opportunity and gain and

5:36

you're protected from incrimination or any kind of punishment I mean you get this thing flourishing and so you've got

5:42

you know North Korea Russia China to some degree you know with just a massive

5:47

group of intellectual guys and girls that are able to you know run these attacks all over the world without ever

5:55

threat of you know being punished and make hundreds of millions of dollars a year so that's what you wind up yeah

6:01

that's really wild so talk a little bit too brght about the tactics I guess like how how it's happening so you mentioned

6:07

a minute ago um you know just the volume of attacks just going up and up and up

6:13

and on a daily basis seeing you know hundreds or thousands of attacks or more than that um you know talk about some of

6:20

those tactics and and just the sheer volume that we're seeing now yeah so I mean it used to be you know back in in

6:26

the earlier days that you would have a for instance an email attack you know if someone's going to send out a fishing

6:31

attack they would write a an invoice a fake invoice and send a fake email and

6:36

it would be you know deliberately crafted the whole thing would take them a day or so to put together and then they would send it out to maybe 100,000

6:43

email addresses they got off some you know dark web list now what what the way

6:48

they build this thing out is AI will basically scrape the internet and compile a list of we'll call it five

6:55

million email addresses uh they will then use that same AI platform to write

7:00

uh maybe a thousand different permutations of that email so instead of seeing one email and then the company

7:06

knows okay and our spam filters know this specific email is is Spam let's block it now you're getting thousands of

7:12

permutations and you have to look at each email and look at the signature and try to figure out if it's spam they're also using AI to disguise and to change

7:20

the payload so now you're seeing an invoice that has you know some m in it or links to other sites and that invoice

7:26

is being changed subtly and slightly and almost every single permutation as well or iteration so now you're using AI to

7:33

create millions of emails going out in a matter of minutes using compromised email servers uh you're using AI to

7:40

actually infiltrate and do the hacking you're using AI to create the emails AI to create the malware so that is kind of

7:47

becoming the new Norm that we're starting to see it's only been in the last six months to a year and in just last week HP uh identified the first

7:54

actual kind of malware dropper exploit that was fully AI written U but I think you know in two years or even you know

8:01

next year when we have this conversation it's it's not going to be unusual to say okay AI is doing the entire attack from

8:07

beginning to end uh you know we're seeing it millions of times a day so the the speed at which they can deploy this

8:13

with the new tools using those those tools for good as tools for bad you wind up with you know just a massive quantity

8:20

of attacks yeah and that only adds to um you know the the I guess lack

8:27

of uh moral issue right when when AI is writing everything about it um somebody

8:33

a person an individual protect it or not um that that throws the morality right out out the window right sure I mean all

8:39

they're doing is just kicking off a you know an attack and they just kind of give it some commands and it goes from

8:45

there right and you know as that grows faster and more powerful um you know they only need one out of five million

8:53

attacks to succeed and they can launch you know they can launch five million in a day comfortably so I mean well and

8:58

talk a little bit so you mentioned earlier about spam filters right so that that leads me to this other kind of maybe it's Rabbit Hole maybe it's not

9:05

but thinking about you know traditional spam filter and you mentioned you know being able to have different permutations of an email or of an

9:11

attachment um so that spam filter doesn't catch it can you talk a little bit about how traditionally those have

9:16

worked like how do they function um and why are they why do they struggle I guess in today's world yeah so you know

9:24

email itself it was never built as a really secure environment it's almost like you know an analog phone system you

9:30

know your your phone can be spoofed uh you know anybody can make up a phone number and call you from an app that

9:36

shows any phone number they want because the phone system was never meant to be secure it was never built that way we

9:41

just built it you know since since dial tones well emails kind of the same way there's a lot of different things that

9:47

are inherently insecure in email that make it easy to spoof who it's coming from you know you can change the display

9:53

name uh you can change header information you can do some really interesting routing with emails to make

9:58

it appear as it if it came from inside a company it came from the CEO when it really didn't it came from a Gmail or Yahoo address so because of that uh that

10:06

native that native kind of insecurity that's built into our platform that we haven't overcome yet it makes it really

10:11

easy for for people to disguise where things are coming from so a spam filter is only as good as the information

10:17

coming to it and only as good as the database it has at the end of the day you know spam filters have generally

10:22

just been a have I seen this before yes or no does it have these characteristics yes or no is it good or bad and they try

10:28

to make a decision and if you get overly aggressive with it you wind up eliminating a ton of email that you need

10:33

and if you don't get aggressive with it then you wind up with a ton of spam or malware or viruses so it's this delicate

10:39

Balancing Act of how aggressive can I be you know without being overly aggressive and we're starting to see now just in

10:45

the last year or so AI being integrated under the the tools for good where you can now start to look at you know what

10:50

they call heris modeling of you know what is actually the intent of the email you can look for a lot more kind of

10:57

unique things about the email characteristics and try to try to weed her at so you're getting better at spam filtering but

11:03

it's a cat and mouse game because every time you get a little better at spam filtering the bad guys are getting a little bit better at producing spam um

11:10

and you know we say spam and spam itself is just you know the act of a ton of email but it's really the fishing part

11:16

of that spam because you know spam could include marketing and things as well it's the fishing pieces where you're trying to get someone to go to a bad

11:23

website and put their information in or you're trying to get them to give you credentials or you're trying to get them

11:28

to download know a PDF or something else that has links in it or malware in it and those are the ones that we're really

11:34

kind of trying to make sure we can get knocked down like I said just a constant battle well and and everything that I

11:41

read and you you know firsthand so I just want to confirm I mean really email and fishing emails specifically I mean

11:48

that's a vast vast majority of the the starting entry point for any attack right I mean is that is that a fair

11:53

statement absolutely it's north than 90% starts with an email so if you can knock that down you know significantly then

12:00

your hards your environment a lot right there yeah yeah and you see a lot about employee training and things like that

12:06

too I mean we we do it at Reynolds right we get you know it's every I forget the frequency but it's fairly frequent that

12:11

you know we kind of have to go through this formal training and it's updated um pretty regularly um you know when you're

12:17

working with dealerships what do you typically see or maybe recommend as like what's the right Cadence how detailed

12:23

should you be um who needs to go through this type of training um you know we

12:29

talk about the human firewall right I don't know if it's internal or if it's if it's a industry kind of term but you

12:34

know having educated employees that won't click on the stuff that does make it through um what do you see from a

12:40

training perspective as sort of the appropriate amount yeah you know we always refer to the to as the human firewall and that's kind of a term

12:46

that's caught on somewhere in the industry here and there yeah but you know the idea is that yes you teach your people you know to pay attention to

12:52

think twice because you know you get a service manager or service adviser who's got people lined up out the door he's

12:57

just trying to get through his day and he's got a ton of email and he click click click click and then he gets one that looks like it came from payroll it

13:03

looks like it came from HR that says I need you to click on this he's not thinking twice he clicks on it next thing you know he thinks he's logging

13:09

into ADP or you know whatever payroll system you're using and they're not he's giving his credentials to somebody else

13:15

and that hacker then immediately logs in changes his bank account direct deposit to a prepaid debit card and his money up

13:23

the next payroll is gone um so you know getting people to actually stop and think is is the first part beating that

13:29

into their heads no matter how you know important how much other stuff you have going on stop and think about what you're doing and understand the

13:35

consequences of your actions but you know having that training on an ongoing basis uh you know typically once a month

13:40

having some sort of short tidbit of training it doesn't really do a whole lot of good to train you know once a

13:45

year with a whole bunch of you know take an hour out of your day and train for it's not going to matter you're going to lose it within 30 minutes to an hour

13:52

going back to work so doing little little trainings you know every month and then you know simulated fishing uh

13:57

we do a lot of simulated emails uh that go out if someone clicks on it then they get a little link says hey you

14:02

know you clicked on something you shouldn't have here are some things that were kind of indicative that it was maybe something you shouldn't clicked on

14:09

uh you know number one you clicked on you know something that said that your your Chase account have been compromised

14:14

and guess what you don't even have a Chase account right you know or you know you're your Pandora account you don't have Pandora so looking you know do

14:22

doing those things and kind of looking and following up and then reinforcing that so that you get people used to that

14:27

Cadence of paying attention and you know encouraging them to to reach out to their it or their cyber teams uh setting

14:33

making it very easy and and building a culture of it's okay to just completely inundate your cyber guys and your it

14:40

support guys with with questions you know we want all these questions coming in is this real is this legit should I

14:46

click on this if you're not sure send it down you know and and if your it guys are the ones that push back and go man

14:52

these guys are wasting our time sending us all these emails well then have a conversation with them and explain that you know this is what you want this is a

14:59

culture you want you want them just sending anything that looks suspicious and should I click on this yes or no so

15:05

building that culture and getting people to pay attention to it makes all the difference no it's it makes a lot of sense I mean it is hard though right in

15:11

a retail environment you're busy like you have three customers in front of you the phone's ringing somebody's on hold

15:16

like you're busy it's I I hate to say it but in so many instances it's going to happen right we had um uh Frank abigil

15:24

at amplify here like last month and and he talked for quite a while but a lot of what he talked about was was really I

15:31

don't know it almost had this tone of look something's going to happen it's really about limiting your exposure you

15:36

know he talked about you know always using a credit card instead of instead of a debit card he talked about freezing your credit if you don't have a reason

15:42

to have you know ask for credit lines like these these simple things um but

15:47

the the underlying tone was hey somebody's probably going to get into either your personal stuff your business

15:53

stuff like some type of event is going to happen which is scary to think about right um but

15:59

I don't know I've I've heard you talk about it and I'm hoping you can elaborate on it this concept of you know

16:04

if an event happens or maybe when an event happens how do you make it a 15minute event and not a 15-day event um

16:11

so I don't know maybe you could talk about that a little bit because it it is just this this underlying concept that

16:17

all right we have to be ready for when this does happen maybe it's not even if no I mean yeah Frank's absolutely right

16:22

and that's something he he really drills in a lot on it's it's actually I use a very similar topic when I talk at n very

16:28

you know very other places that you remember the the insurance commercials where you have Mayhem and it's like

16:34

mayhem's always going to happen you got to be prepared with insurance uh so you know when I talk I talk about stupid you

16:40

know it's you're gonna have stupid in your dealership it's not that you have stupid employees or stupid people but people are going to do stupid things

16:46

that they normally would never actually do if they were sitting down and logically thinking about things I mean

16:53

i' I've worked with you know brilliant individuals to recover from issues where

16:58

they've done something clicked on something it made no sense whatsoever and when they look back on it they say I have no idea why I would ever click on

17:04

that much less than you know answer follow-up questions and even have a conversation with a scammer thinking I

17:10

was talking to our Banker you know because it just makes no sense when you're not in an emotional moment but

17:16

when you're under pressure and you're trying to get something done and you're in the moment you just you get this

17:22

human nature to turn things off that are logical and to try to get through whatever event you're you're trying to

17:28

get through and it makes you do things that are not intelligent so you can wind up doing something totally stupid you

17:33

would never actually do in your life normally right if you're not so you know a good go ahead I didn't me inter just

17:40

you know figuring out okay we're gonna have we're gonna have people do St things right we're gonna have things that happen that should not happen that

17:46

are mistakes so when that happens if we've got the right tools we've got the right processes we've got the right

17:51

people we're monitoring everything we're really kind of dialed in then I you know I talk a lot about it's a 15 minute not

17:57

a 15-day experience right 15 minutes meaning okay finance manager clicks on something he shouldn't

18:03

have thought he was responding to an email from the controller now we've got something running on his computer so it downloads it gets intercepted by the the

18:10

management detection tools you know you should have a good inpoint detection platform on there so that inpoint

18:16

detection platform sees that we've got an hour attempted to launch it's going to intercept it and we're going to

18:21

isolate his computer so at this point he's now dead in the water he can't do anything uh the Cyber team's going to

18:27

take a look at it and say okay you know this is nefarious or this is suspicious or this is an you know this is harmless

18:34

and we'll evaluate it and then if it's harmless then boom computer's you know unisolated he's able to go back to work

18:40

in in 10 minutes if it is you know something that is harmful then we'll

18:45

probably need about 30 more minutes to kind of investigate the computer and and see if there were any other additional processes launched or anything things

18:50

that it spawned anything it left behind but once that's cleaned up he's back to work if you don't have the right tools

18:57

and the right processes and you don't have someone monitoring this 24/7 then once that click happens it runs in the

19:03

background it starts scanning his PC it starts scanning the whole network it uh does what's called privilege escalation

19:08

meaning it becomes instead of a user it becomes an administrator once it becomes an administrator it then makes its way

19:14

around the network gets on everything figures everything out and then typically sometime after 10 pm Eastern

19:20

Standard Time it's going to launch an attack a lot of times on a Saturday or Sunday and when you come back in on

19:26

Monday every single computer is frozen they all have messages popped up on them none of them work you can't do anything

19:32

uh and basically your entire environment's just been trashed and at that point you're looking at you know I say 15 day but that's conservative uh

19:39

you know I've seen it Go 30 days and 45 days till really everything's back to normal oh

19:46

yeah no that's that's wild so it's really about it when you're

19:51

responding to something like this right it's really about it sounds like isolation so getting that PC essentially

19:57

off the network where can't go harm anything else you're almost it sounds bad but you're almost sacrificing that

20:03

that PC that Hardware um to make sure that nothing else is gonna gonna be yeah

20:09

I mean it really is you know and there's multiple stages of the attack and if you can catch something in that first stage

20:14

of attack when it's just landing on an endpoint Just landing on a PC you can nip it in the bud right there said it's

20:20

not a big deal you might have one employee that you know has a bad 15 minutes or 30 minutes and then

20:26

everything's back to work everybody's you know back to their business and and we're we're going fine but if you don't

20:31

then you know it just really gets bad really quick um right anywhere from a

20:37

day to maybe five or six days where they're late in exploring the network but once they decide to launch uh you

20:43

know everything goes down nothing works and it's just GNA it's going to be a very very painful experience getting it back up and you know having to talk to

20:50

the employees and explain okay you know we can't work all the PCS are are you know trashed or or you know infected and

20:57

we've got to go either clean them up or white b or whatever we're going to do but um it's it's going to be you know

21:02

very long lines uh at the service drive if there's even if you're even doing anything usually it's a couple days

21:09

until you know everybody starts to get back to work at a trickle and then by the end of 10 to 14 days you're kind of

21:15

mostly back to work yeah so how how quick do you need to be right I think

21:20

about it and you were talking earlier about AI uh kind of launching this stuff and executing all these processes when I

21:26

think about that I think almost instantaneous right like so how quick do you need to be to respond to this stuff

21:32

let's say you know an inpoint detection tool says Hey over here over here there's something bad going on um how

21:39

quick do you need to be to to make sure that that doesn't spread across the network so instantaneous was a great

21:45

answer um you know but at least uh three to five minutes is probably a pretty

21:50

good response time uh you know if you've got the tools set up correctly then a lot of the tools are going to respond

21:55

instantaneously and it's going to give you a little more breathing room so for instance I'll give you I'll give you two examples there was a a group that we

22:02

were called in to work with u maybe a year ago that had some decent Tools in

22:07

place but they had set the tools to only alert their it team and the IT team it

22:13

was the alerts were going to an inbox that nobody was really paying attention to it probably had 4,000 alerts in it

22:19

that nobody even noticed and we know every now and then they would log in and kind of clean it all out and so in this

22:24

case the tools were set to not really take action on their own just to let the it guys know that there was a problem and then the it

22:30

guys were supposed to log in and fix it and that didn't happen and they wound up with you know multiple locations fully

22:35

Ransom word everything shut down for for quite some time so we take the the

22:41

opposite approach we are extremely aggressive meaning that if something is

22:46

highly suspicious doesn't need to be confirmed it just needs to look highly suspicious we're going to go ahead and intercept

22:52

that process we're not going to isolate the PC completely but we're going to intercept that process and really do a

22:57

deep dive into what's going on with that process if it looks you know malicious confirm then we will go ahead and take

23:02

the PC down and that'll all happen automatically so as soon as you click on it we're going to get that detection

23:09

within you know five to 30 seconds at that point the PC will then be you know

23:14

either just the process will be neutralized or the actual entire thing will be isolated and it's all under

23:21

we'll call it 45 to 60 seconds then you'll have the alert that goes into the the knock or the sock that allows us to

23:28

then investigate that and that's usually you know 3 to four minutes from there till somebody's actually looking at it

23:33

diving into it and then deciding whether it is malicious or how malicious is it or what was it you know what was the

23:39

intention of it what was they trying to do and what do we need to do to back that out uh and and put everything back the way it should have been yeah it's

23:46

wild just like even just talking through it it makes me anxious it makes me anxious about even even my personal

23:53

computer at home you know and just and you know your whole life's on these these devices uh um it's just wild and

24:00

you know if you think about I don't know my mind goes these places where you know all right Chrome saves every password

24:06

that I have for everything right and if somebody somebody logs in or or is able to access that like it's it's pretty

24:13

terrifying it really is so just just a quick heads up by the way the Chrome uh is so easy to dump those in clear Tex to

24:20

a hacker there's so many tools out there that just as soon as they hit your PC they dump all those and Export them um

24:25

we did that for a uh a deal group a couple years ago that was told by their

24:32

internal team yeah they're fine they're secure no problems uh they got our name from a 20 group and asked us to take a

24:37

look at it we did an assessment for them and we were able to dump the passwords off their it manager's computer uh

24:43

fairly quickly uh and it was just same thing just run a quick little tool dumps all the Chrome browser passwords

24:48

internet you know Edge as well all that stuff stored in plain text it's encrypted but it's easy to decrypt

24:53

basically plain text yeah so maybe password manager that's fully encrypted tends to be a better a better solution

25:00

yeah and once that happens I mean it doesn't matter where the rest of it doesn't matter right if you can access

25:06

the network and you have the passwords you can pretty much do whatever you want right yeah and what people don't even think about is you know if we get an

25:13

attack on a dealership and there's 50 we'll call it 75 people in that dealership and this thing scans the

25:20

first thing it's going to do is scan all the computers as soon as it gets domain privileges it's going to scan all them it's going to dump every password out of

25:26

every browser so even your service manager who's been going to his banking site he's been going to his uh you know

25:33

HR I mean Homeowner Association whatever any anything he's gone to that he's saving the password in the browser he's

25:39

now Exposed on all that within his personal life as well as everything that relates to the business so a lot of

25:45

people don't realize the depth of you know employee exposure when you get a hack is not just you know their their

25:51

social security number and their payroll information that got that we you was hacked from payroll it's all the other stuff that they did while they were in

25:57

the dealership that has been stored on that computer and God forbid they have an Excel spreadsheet on their desktop

26:03

called passwords that has every single password in it and you laugh but I have seen it so many times it drives me crazy

26:11

when I walk into a new dealership and sit down at a controller's PC and there's a Excel spreadsheet called

26:17

passwords on the desktop yeah well and thinking about to I mean just going back to that Chrome example right maybe maybe

26:23

your service manager didn't even log into his US Bank site but if he uses

26:29

Chrome and he's logged into chrome chrome has all that stuff saved from when he accesses it at home right like

26:34

doesn't even matter that he was on that site or not on that site um if he's logged into Chrome or whatever browser

26:40

that has those passwords save they're they're there yeah we see that all the time where employees will come in and they'll log into Chrome with their

26:45

personal information personal account and then if they're terminated we go back to the PC and you're looking at

26:51

their Gmail you're looking at all their personal bank you know all their their passwords are all right there so definitely that whole you know process

26:58

is is just a little um a little risky for for personal information yeah no

27:04

that's that's a great a great Point um you know one of the things Brett I wanted to get your perspective on while

27:09

I have you uh fairly timely you know it's it's hurricane season we just had a bad one in the Southeast for sure um you

27:16

know we were talking about it a little bit earlier and just hoping that everybody's okay um but uh you know how

27:22

do natural disasters and things like that impact the Cyber secur landscape I would imagine that there's um if if

27:31

nothing else new ways for people that are fishing and sending out these emails to to try to get into a network or to

27:37

get people to click yeah I mean you know there's a lot more social engineering you see anytime there's an event in the

27:42

headlines for forance you know this past summer when we had the huge you know cyber outage that affected the

27:48

automotive industry we saw tons of attacks that were related to kind of playing on that impersonating or you

27:54

know just language all the emails that were going out about that and therefore

28:00

it kind of made it much more likely someone was click on it so whenever you see a hurricane you see you know a lot

28:05

more emails come out that are purported to be maybe the Red Cross or you know different uh Charities uh you know

28:12

different Aid groups and they're they're trying to get you know people to to click on that and and put in information

28:19

you know fishing information things like that or charity scams we see a ton of that but I mean it's it's also an

28:24

opportunity for malware and hackers to come in and just anything that's a Hot Topic that they think you're going to

28:30

click on that you're more incentivized to click on because it is something you've just seen and it plays an emotional you know part of of what

28:36

you're reacting to that's going on in your life uh is is much to click on yeah and isn't that really the anchor of this

28:42

whole concept fishing and and those types of things is is it's all about

28:47

emotion right it's all about creating false urgency it's all about every bit of it is about emotion eliciting that

28:53

emotional response yeah you know one of the the things that I've kind of try to beat home to people is you know as we

28:58

were talking about earlier you're slammed at work you've got all these going on the expected response time for

29:04

an email from someone who sends an email on average tends to be measured in hours

29:10

all right so if someone sends an email they typically resp expect the response that day uh you know or or sometime

29:16

measured in hours not measured in minutes text messages things like that we tend to expect more immediate response that's going to be you know a

29:22

couple minutes so it's not necessarily that urgent that you respond to every single email as fast as you think you

29:29

should right it to it is okay to kind of sit down slow down evaluate what you're doing right now evaluate priorties and

29:35

then respond in a way that you know you can be clear-minded and think about what you're typing and what you're reading

29:41

before you respond to the email and you know getting people to understand and prioritize their time and and not get in

29:46

that Panic uh you know there was an article I read just the other day where a guy lost his entire life savings $450,000 to a scammer and it was a

29:54

social engineering scam it started off with an email and then the emails led to phone pH calls and you know was like Hey

30:00

call this number you know you you owe something and back taxes and you know he just kept going and going and going

30:06

until the guy was like cashing out everything he had and putting it in packages and they were having Uber pick it up telling him it was you know I

30:14

remember what the story was but the guy looks back on him he's like I have no idea what I was thinking but it was so

30:19

urgent and so critical you know they got my emotions so riled up that I did whatever they told me to do even though

30:26

logically now looking at it he's like I couldn't believe how stupid I was so you're right it is all about emotion if

30:31

they can trigger those emotional you know responses then that outweighs logic every time and you wind up you that's

30:37

like Pavo you just wind up going on emotion and you know reacting to core nature rather than you know thinking

30:43

with your brain yeah yeah and you know you mentioned you mentioned email in the response times and and it's crazy

30:49

because we have so many methods that we get pinged on email right you know it's you got your airpods in and it

30:55

interrupts whatever you're listening to to tell you that you have an email or you know your your watch dings because you got an email or your phone dings and

31:01

and it's I don't know your work stuff can certainly be connected to that so um

31:06

you can often get caught in an environment where maybe you aren't thinking clearly right you're not you're not sitting at your desk right or at

31:13

your computer and and kind of in that that clear head space you're off doing something else and you get pinged on and

31:18

it's like I'll just respond to that real quick or I'll click on this real quick and and having that front of Mind where

31:25

every time you're going to click on something you have to really kind of think through it yeah and you to your point it is much easier to get tricked

31:31

on a mobile device than it is on a desktop on the desktop when you're looking at it you have all the data there all right you've got a bigger

31:37

screen you can clearly see everything you can kind of but on a mobile device because to your point A lot of times you're doing it in between 10 other

31:43

things and you know it looks fairly normal the logo is small so you can't really tell the logo slightly off or you

31:50

don't notice you know that someone is addressing you as Dear Sir or Madam and this is your buddy all right so you know

31:56

because you're just kind of flying through and you're flipping through it with your right thumb while you're ordering a Starbucks coffee or you know

32:02

in between while you're on a while you're on a podcast right I mean you know you got it over here and you're kind of multitasking and so people tend

32:08

to multitask far more reading email on their phone they're far more more likely to be susceptible to a to a scam or a

32:14

hour you know something like that they fishing attack on their phone yeah no that's good well Brett one other thing I

32:19

wanted to uh to get your perspective on you know you've worked with a lot of dealerships over the years um obviously

32:25

in this it space in this cyber security space the last couple years have been um you know crazy for you I know but when

32:32

when a dealership's thinking about you know building out a plan for their store whether that's starting from scratch

32:37

which hopefully nobody is at this point or it's you know evaluating where they're at today and then um figuring

32:43

out what else they need um I don't know is there a brief checklist in your head

32:49

just just some things that people can think about when they're thinking okay it's probably time to make sure that our

32:55

bases are covered on this is there is there a checklist or process or how do you go about really building a plan and

33:00

evaluating where you're at so you I would say start with a general incident response pan not necessarily a cyber

33:05

response plan just incident response plan so you know a perfect example is you know we've got a ton of dealers in

33:11

Western North Carolina and Georgia you know that now have no power no internet um you know we're trying to figure out

33:17

how to get them back up power not much we can do unless they can get a generator in uh internet we've got

33:22

hotspots we've got uh vsat we've got starlink you know so we can spend up

33:27

starlinks wherever we need to you but kind of figuring out if something happens to my dealership that prevents

33:34

me from doing X Y or Z and X Y or Z happen to be critical functions so I don't have internet I don't have DMS uh

33:41

you know I don't have power what what am I going to do let start with those things and kind of work through all the permutations and variables of how do you

33:47

overcome those obstacles then you know you can kind of talk through the more nuanced things of okay so now I have a

33:52

Cyber attack which is taken away my ability to do one of those things as well my computers don't work or or you

33:58

know I don't have access to you know my firewalls got hacked I mean you can take out physical equipment as well there's all sorts of different attacks so as

34:04

you're looking at that you kind of identify you know how many different ways can my dealership be attacked or be

34:10

subject to outside influence outside events that prevent me from being able to do my job uh and you know on the

34:15

Cyber side you know Simply Having a response plan which you know in emergency break glass pull it out all

34:21

right you know we've detected malware what do we do we're going to call the it guys we're going to call the Cyber team hopefully you have each one of those

34:27

teams in place place and those typically are very different teams it guys the automotive World it guys will call it

34:33

keep the engine running cyber guys keep the door shut all right so the it guys

34:38

typically are really good at you know desktop support understanding basic networking things like that

34:44

understanding installing applications cyber guys totally different mentality totally different skill set totally

34:50

different training they're looking you know how to prevent things how to detect things and those guys are dialed into a

34:55

totally different world than your it guys if you have the same people doing it that's probably a problem because

35:00

there's just no way that that skill set is usually carried across you know in one individual so you know building out

35:07

notifying those guys and then notifying your attorneys your insurance company uh you know even PR you know you got to

35:12

figure out how am I going to control this what's gonna you know what's going to happen how is it going to be viewed what's the news going to say because it

35:18

does happen so there's a lot of steps that go in and thinking it through ahead of time um you know coming to the table

35:24

because it is going to happen at some point it it's just it's not something you know it happens sporadically here or

35:30

there it happens all the time and no matter how good you are you're going to have something happen you know in your

35:36

dealership unless you've really really done a great job of getting the right pieces and people and processes in place in which case the hackers are going to

35:42

go to the easier targets right if if you're buttoned up really well then they're going to go look somewhere else

35:48

because it's much easier to find groups that are still using Windows 7 and you know don't have firewalls and don't have

35:54

teams in place and and all that sort of stuff yeah yeah so I mean I guess to boil it down force yourself to ask the

36:01

questions before you're in a situation right and just kind of have have an idea of where you need to go um before you

36:08

get there sort of thing absolutely yeah I mean you know kind of run through almost like role playing or yeah you doing doing events where you've kind of

36:14

gone through the stages and figuring out you know I said not just cyber but just about any incident you know it's

36:20

definitely worthwhile so that when something does happen you you've kind of already got a game plan of at least the

36:25

basic stuff you know how you're going to address everything which who the players are who needs to be involved in making the decisions and all that sort of stuff

36:32

so this going to sound probably ridiculous to you but is that like is that a Sunday morning exercise bringing

36:38

donuts for everybody like it just it's one of those things that's very important right and it has to be done and you have to do it but it's so easy

36:44

to push it off till tomorrow or next week or next week and and I think back to honestly when I was a kid and doing

36:50

like inventory like physical inventory in the parts store right and we'd all come in on Sunday morning or Saturday

36:56

morning and and you know have have Donuts we get there at 6:00 a.m. and try to be done by 10:00 um just getting

37:02

through everything right and everybody get their sheets of paper you'd partner up you'd have a clipboard and you go through and You' Circle how many there were um and you just you did it you just

37:10

hammered it out is is that a time to do this where it's like okay no other distractions this is what we're doing

37:15

this morning um let's let's just Hammer through it yep I mean once a quarter you

37:21

know I think it's probably a great way to just revisit it once you kind of go through the pieces nothing really changes the whole lot the names are

37:26

going to change who's my my current you know person that's in charge of this but the position and the role of responsibility is going to stay the same

37:32

you know we we typically don't recommend building out 50 page documents you know that that goes into every single thing

37:38

you're going to do because it's going to change so much that by the time you need it it's going to be completely outdated

37:44

but you know putting together you know a couple pages of okay here's a high level who's going to be responsible for what

37:49

what are they going to do how are we going to address this you know for any kind of disaster that might hit including cyber certainly is worth doing

37:55

once a quarter so no good good thoughts good information um well Brad I definitely appreciate

38:01

your time I want to be super super respectful though um anything else that we haven't talked about that that we

38:06

should anything I didn't ask you that we should anything you want to touch on I me I think we had a pretty good conversation about everything that's

38:12

going on it's just you know it's a crazy world and you I like to say I've got job

38:17

security unfortunately because you know it is is only getting worse and worse you know every and and every month I say

38:24

that or every two months or every quarter and then I shake my head and I go oh my God it's only getting worse and worse you know it's the tools that are

38:30

coming out that that are being developed for you know that can be used for good and amazing things can also be used for

38:36

horrible things and so we're going to see you know the attacks getting far more uh nuanced far more detailed far

38:43

more specific U you know and far more aggressive and and just going to see millions and millions and millions of

38:49

them so if you're not paying attention to this you're going to be you know you're going to pay attention at some point when you have to yeah yeah all

38:56

right well Brad thank you thank you so much for for chatting it's always a pleasure thanks for making time Brad Holton founder of proton dealership it

39:03

um hopefully we can we can talk again soon all right thanks I appreciate it it's good talking with you all right thanks

39:10

Brad I always enjoy getting the opportunity to talk with Brad Holton he's a wealth of knowledge and he's got

39:15

a lot of great experience um hopefully this conversation was was good for you and enlightening and a good way to kick

39:20

off cyber security month uh before we hop off here don't forget to watch or listen to all episodes of connected on YouTube apple and Spotify podcasts and

39:27

make sure to hit subscribe so you're notified every other week when new episodes are released thanks so much and we'll see you in two weeks

39:36