Are password managers no longer an option?
In this episode, we look at the latest Ransomware Trends Report from Veeam, which gives us a view into the sobering world of ransomware attacks and the critical lessons they teach us about cyber defense. Join W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi, as they break down the key insights from the report. We explore the ruthless tactics of ransomware operators, the eye-opening stats on recovery time, and the evolving strategies of cyber insurers. From the importance of robust password management and multi-factor authentication to the strategies for safeguarding your backup server, we lay out a battle plan to protect your digital fortress. Tune in to discover why ransomware isn't just a threat—it's a wake-up call for businesses everywhere to bolster their defenses and emerge stronger against the rising tide of cyber threats. Your data's future might just depend on it.
Mentioned in this episode:
Interview ad
Speaker:
it looks like password managers may no longer be an option.
Speaker:
I hate to say, I told you so, but.
Speaker:
But that's got to the point of this episode.
Speaker:
We look first at the latest ransomware report from Veeam and there's some great
Speaker:
lessons and some scary lessons there.
Speaker:
And then also we talk about what cyber insurance companies are up to and
Speaker:
what that means for password managers.
Speaker:
I know you're going to enjoy this episode.
W. Curtis Preston:
hi, and welcome to Backup Central's Restore all podcast
W. Curtis Preston:
Army host w Curtis Preston, a k a, Mr.
W. Curtis Preston:
Backup.
W. Curtis Preston:
And I have with me and my heatstroke counselor Prasanna
W. Curtis Preston:
Malaiyandi how's it going?
W. Curtis Preston:
Prasanna Malaiyandi?
Prasanna Malaiyandi:
I'm doing well Curtis, and I'm glad we're able to
Prasanna Malaiyandi:
record this video instead of you being stuck in a hospital or worse.
Prasanna Malaiyandi:
So there is that
W. Curtis Preston:
Yeah.
W. Curtis Preston:
You know, it's funny.
W. Curtis Preston:
Um, that was not a smart move on my part, the event to which I'm referring, uh, so
W. Curtis Preston:
this was, what was this, two days ago?
Prasanna Malaiyandi:
Sunday.
W. Curtis Preston:
Yeah, yeah.
W. Curtis Preston:
Two days ago.
W. Curtis Preston:
Today I decided to go for a walk.
W. Curtis Preston:
You know, I'm, I'm, I'm by myself right now.
W. Curtis Preston:
The, the.
W. Curtis Preston:
The last batch of the kids have moved out.
W. Curtis Preston:
My wife's down in San Diego with her mom at the moment, and so I was like,
W. Curtis Preston:
I'm gonna go for a walk on the beach.
W. Curtis Preston:
I'm gonna bring a a towel to like lay down on, but I'm not gonna
W. Curtis Preston:
bring any water and I'm not gonna like plan how far I'm gonna walk.
Prasanna Malaiyandi:
I'm not gonna bring a hat.
W. Curtis Preston:
I'm not gonna bring a hat.
W. Curtis Preston:
With my bald spot back there, not gonna bring a hat and I'm just gonna
W. Curtis Preston:
walk one direction and I'm gonna keep walking until I feel like turning
W. Curtis Preston:
around and then I'll walk back.
W. Curtis Preston:
Uh, it didn't go well and I was, I was, uh, I, you know, depending
W. Curtis Preston:
on which, which website you looked at, I was somewhere between.
W. Curtis Preston:
Heat exhaustion and heat stroke.
W. Curtis Preston:
'cause I did have like, spotted, spotted, that's not worth spotted modeled.
W. Curtis Preston:
That was a mixture of modeled and spotted skin.
W. Curtis Preston:
Um, uh, and uh, I wasn't sweating that much.
W. Curtis Preston:
I was kind of dry.
W. Curtis Preston:
That's the sign, that's the true sign of, of heatstroke is
W. Curtis Preston:
if you're no longer sweating.
Prasanna Malaiyandi:
Oh really?
W. Curtis Preston:
yeah, yeah.
W. Curtis Preston:
If you're not, if your, if your skin is dry, um,
Prasanna Malaiyandi:
That means you have no moisture,
W. Curtis Preston:
You have no moisture left.
W. Curtis Preston:
Your body has done everything it could to save you and it's given up.
W. Curtis Preston:
Um, or it has no, it has no moisture left to use.
W. Curtis Preston:
Um,
W. Curtis Preston:
I don't think I was
Prasanna Malaiyandi:
you should
W. Curtis Preston:
I was, go ahead.
Prasanna Malaiyandi:
go ahead.
W. Curtis Preston:
Well, I was just saying I don't think I was quite
W. Curtis Preston:
there, but I was, I was definitely approaching that when I approached
W. Curtis Preston:
the lifeguard tower and I said, I'm gonna borrow some of your shade.
W. Curtis Preston:
And he's like, what?
W. Curtis Preston:
And I'm like, I'm gonna lay down right over here.
W. Curtis Preston:
He's like, are you okay?
W. Curtis Preston:
And I'm like, I don't think so.
W. Curtis Preston:
Um, and I'm like, I was like, I think I over exerted myself.
W. Curtis Preston:
And then I laid down underneath the sun, well, underneath the shade.
W. Curtis Preston:
And uh, that's when I called you.
W. Curtis Preston:
'cause I was a little, I was a little freaked out.
W. Curtis Preston:
I was like,
Prasanna Malaiyandi:
you were fine though.
Prasanna Malaiyandi:
Like you weren't super delirious, which is
W. Curtis Preston:
yeah.
W. Curtis Preston:
So I wasn't, I think your exact words were, I was no weirder than normal.
Prasanna Malaiyandi:
Yeah, exactly.
Prasanna Malaiyandi:
But it also says, right, if that walk sort of you got to the point
Prasanna Malaiyandi:
of dry skin, you're probably not drinking enough fluids during the day.
Prasanna Malaiyandi:
Curtis,
W. Curtis Preston:
Um, you know, is beer a fluid?
W. Curtis Preston:
Beer is,
W. Curtis Preston:
no, it wasn't.
W. Curtis Preston:
It wasn't, it wasn't that.
W. Curtis Preston:
It wasn't that.
W. Curtis Preston:
I just, I just, the thing is when I go for walks with my wife, right?
W. Curtis Preston:
She's the one who's like, make sure you bring your hat.
W. Curtis Preston:
Let's make sure we get some water.
W. Curtis Preston:
And, and she wasn't here.
W. Curtis Preston:
And so I just went out like a, like a
Prasanna Malaiyandi:
but, but how long have you and your wife been married?
W. Curtis Preston:
30 coming up on 35 years.
Prasanna Malaiyandi:
Okay.
Prasanna Malaiyandi:
And you don't have her voice in your head at this point.
Prasanna Malaiyandi:
35 years later being
W. Curtis Preston:
I do, I do, trust me.
W. Curtis Preston:
But you know, when it came, you know, when it came in, And this
W. Curtis Preston:
time was when I got, once I got too hot, that's when the voice came in.
W. Curtis Preston:
It was like, why didn't you bring water?
W. Curtis Preston:
Why didn't you bring that, why didn't you bring that?
W. Curtis Preston:
Uh, yeah.
W. Curtis Preston:
So, well, thanks for being there.
W. Curtis Preston:
Prasanna.
W. Curtis Preston:
When I FaceTimed you, did you notice, did you notice that it was,
W. Curtis Preston:
you were like, why is he FaceTiming
W. Curtis Preston:
me?
W. Curtis Preston:
'cause I don't normally FaceTime you.
Prasanna Malaiyandi:
yeah.
Prasanna Malaiyandi:
No, that's why I
W. Curtis Preston:
I was
W. Curtis Preston:
lying flat on the beach and I was like, Uh,
Prasanna Malaiyandi:
am I guess where I'm at?
Prasanna Malaiyandi:
Yeah.
W. Curtis Preston:
Guess?
W. Curtis Preston:
That's right.
W. Curtis Preston:
Guess where I'm at?
W. Curtis Preston:
Yeah.
Prasanna Malaiyandi:
I, I, and so here's the other thing I think our listeners
Prasanna Malaiyandi:
would appreciate or find funny is, so you brought not one towel, but two towels,
Prasanna Malaiyandi:
and yet you ended up just sitting on the sand without laying out any towels.
W. Curtis Preston:
That again, shows you the level of exhaustion
W. Curtis Preston:
that I had because I, I had those towel, I had like a big towel.
W. Curtis Preston:
I.
W. Curtis Preston:
And then like a regular towel and I just plopped them down on the sand
W. Curtis Preston:
and then I plopped down on the sand and then I climbed into my brand new
W. Curtis Preston:
Tesla with sand all over my body.
W. Curtis Preston:
Needing to,
Prasanna Malaiyandi:
Did you at least have water in the car or no?
W. Curtis Preston:
no, I had to drive.
W. Curtis Preston:
And where I was at, I had to drive away to get to water.
W. Curtis Preston:
'cause I was at a state park and there weren't any like vending
W. Curtis Preston:
machines in the state park.
W. Curtis Preston:
And I had to drive, uh, like I had to drive away.
W. Curtis Preston:
I did stop at the first rest area that had, that had water, and I
W. Curtis Preston:
got a water and a, and a Gatorade.
W. Curtis Preston:
Um, and then I was functional.
W. Curtis Preston:
I did use the, uh, the Tesla's feature of turning on the air
W. Curtis Preston:
conditioning before I got to the car.
W. Curtis Preston:
I was like, I want this to be nice and cool when I get there.
W. Curtis Preston:
But anyway.
W. Curtis Preston:
So, thanks for being there for
W. Curtis Preston:
me,
Prasanna Malaiyandi:
glad you survived, and I'm glad we're able to continue
Prasanna Malaiyandi:
bringing awesome content to our listeners.
W. Curtis Preston:
You're glad that me and the podcast aren't dead.
W. Curtis Preston:
Um, yeah.
W. Curtis Preston:
So, um, so we're gonna, we're gonna talk this, I, I called the, you know, when
W. Curtis Preston:
I, when I, when you, when you, when I said this to you, you were like, what?
W. Curtis Preston:
But this is, I think this is an I told you so episode.
W. Curtis Preston:
Because we, you know, we were looking in, um, just looking in cybersecurity
W. Curtis Preston:
news, backup, security news, and you found a couple of articles.
W. Curtis Preston:
I found a couple of articles and they kind of all point to the same thing.
W. Curtis Preston:
And that is that we were right.
W. Curtis Preston:
We've been trying to tell people to do some stuff, to take care of some things.
W. Curtis Preston:
You know, once again, um, you know, we have, we have the fo
W. Curtis Preston:
we have a, a couple things here.
W. Curtis Preston:
One is this, uh, 2023 Global Report of Ransomware, ransomware Trends.
W. Curtis Preston:
That's a tongue twister.
W. Curtis Preston:
Ransomware
Prasanna Malaiyandi:
Hmm.
W. Curtis Preston:
trends, um, which comes from the Data Protection
W. Curtis Preston:
Trends report from 2023 from Veeam.
W. Curtis Preston:
Um, our friends over there at Veeam.
W. Curtis Preston:
Then also, um, you know, an interesting story from, uh, where
W. Curtis Preston:
was that regarding the strengthening passwords from bleeping computer?
W. Curtis Preston:
Um, about the value, about an interesting, I'm, I'm gonna say
W. Curtis Preston:
unexpected value of password managers.
W. Curtis Preston:
Um, yeah.
W. Curtis Preston:
Uh, which one do you think we should start with?
W. Curtis Preston:
You wanna start with the ransomware trends?
Prasanna Malaiyandi:
Let's talk about the ransomware trends.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
Um, and you can get this report yourself.
W. Curtis Preston:
Uh, just Google the data Protection Trends report from Veeam.
W. Curtis Preston:
Uh, and they have a, they have a lot of, um, it's a lot of
W. Curtis Preston:
really interesting things here.
W. Curtis Preston:
Um, the, I, I think the biggest number that pops out here, I mean,
W. Curtis Preston:
these are always interesting.
W. Curtis Preston:
I think I know when.
W. Curtis Preston:
When, uh, when I used to work at Druva, we would do a similar report.
W. Curtis Preston:
Uh, and I know that a couple years ago the number we used was, it was around 50% of
W. Curtis Preston:
people that, um, suffered a cybersecurity attack in the previous year, and their
W. Curtis Preston:
number is significantly higher than that.
W. Curtis Preston:
By the way, I'll, I'll remind, uh, reminded me to do our disclaimer.
W. Curtis Preston:
Um, you and I work for different companies.
W. Curtis Preston:
Uh, and um, although technically at this exact moment you work for company
W. Curtis Preston:
and I'm waiting to work for a company, um, but, um, and, uh, but we're not
W. Curtis Preston:
representing the companies you work for.
W. Curtis Preston:
We we're, we're independent as an in independent podcast and, uh, you
W. Curtis Preston:
know, the opinions that you here, our ours, And, uh, things like password
W. Curtis Preston:
managers are good, they may or may, may or may not represent our employers.
W. Curtis Preston:
And, uh, please rate us.
W. Curtis Preston:
Also, go to your favorite, uh, pod catcher and, uh, push the rate button.
W. Curtis Preston:
Give us some stars, give us some comments.
W. Curtis Preston:
We'd love the comments.
W. Curtis Preston:
And, uh, also if you'd like to join the conversation, reach out to
W. Curtis Preston:
me, uh, at WC Preston on Twitter.
W. Curtis Preston:
I am w Curtis Preston.
W. Curtis Preston:
On
W. Curtis Preston:
threads.
W. Curtis Preston:
Um, I wish them the best.
W. Curtis Preston:
And, uh, I am w curtisPreston@gmailandlinkedin.com
W. Curtis Preston:
slash in slash mr.
W. Curtis Preston:
Backup.
W. Curtis Preston:
If you can't find me via one of those, I don't know what to
W. Curtis Preston:
tell you, uh, then reach out.
W. Curtis Preston:
Uh, then you have to reach out to Prasanna.
W. Curtis Preston:
So let's go back to this, this report.
W. Curtis Preston:
So they're saying that that in this survey, that 85% of organizations
W. Curtis Preston:
suffered at least one cyber attack in the preceding 12 months.
W. Curtis Preston:
An increase they were saying from 76% in the prior year.
W. Curtis Preston:
And you know, and we saw, and I think I saw a number of companies that the year
W. Curtis Preston:
before that the number was closer to 50%.
W. Curtis Preston:
So they're saying like, 85%.
W. Curtis Preston:
I mean, that's, that's darn near a hundred.
W. Curtis Preston:
Uh, what do you think about that?
Prasanna Malaiyandi:
Yeah, no, it's, I'm, so here's the thing,
Prasanna Malaiyandi:
I'm not surprised because normally you don't hear about things.
Prasanna Malaiyandi:
I think it also is, Organizations are always constantly being attacked, right?
Prasanna Malaiyandi:
And I think it's just the severity of the attack is what could also matter.
Prasanna Malaiyandi:
So I think that's where, although this one is specifically ransomware threat, right?
Prasanna Malaiyandi:
I.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
So, so what I would, I, I'm, I'm having to extrapolate because I remember what we,
W. Curtis Preston:
the number that we used was that it was 50% of the companies had been successfully
W. Curtis Preston:
targeted by a ransomware attack.
W. Curtis Preston:
I, I'm assuming they must mean that here they don't say the successful.
W. Curtis Preston:
Um, part, but they're saying they suffered at least one ransomware attack.
W. Curtis Preston:
They must mean successful because if it's, if it's not successful, you
W. Curtis Preston:
know, it's not, it's not ransomware.
W. Curtis Preston:
I mean, you know, there, there has to be a ransom demand.
W. Curtis Preston:
Right.
Prasanna Malaiyandi:
well, and I also wonder if it's specifically like
Prasanna Malaiyandi:
they mentioned, sorry, just reading through the words, right, they're
Prasanna Malaiyandi:
mentioning just an attack, right.
Prasanna Malaiyandi:
And I don't know if that's like a cybersecurity incident versus
Prasanna Malaiyandi:
necessarily ransomware itself.
W. Curtis Preston:
Well, they actually used the word ransomware.
Prasanna Malaiyandi:
Okay.
W. Curtis Preston:
It, it said, suffered at least one ransomware attack in 2022.
Prasanna Malaiyandi:
Okay, well yeah, that's the end.
Prasanna Malaiyandi:
You're right.
Prasanna Malaiyandi:
That it could be a matter of yes.
Prasanna Malaiyandi:
They probably, it may have been thwarted, right, and they were not successful.
Prasanna Malaiyandi:
But my guess is a good chunk of that is probably successful attacks, right?
W. Curtis Preston:
Mm-hmm.
W. Curtis Preston:
Yeah, I, um, that, I mean that, but, but that's, that's huge.
W. Curtis Preston:
I mean, that's basically almost everybody, right?
W. Curtis Preston:
85%.
W. Curtis Preston:
Uh, that's basically like, like I said, it's basically almost everybody.
W. Curtis Preston:
Which is why I think, you know, there's a second statistic, which,
W. Curtis Preston:
um, which is also interesting that 60% of organizations felt they need
W. Curtis Preston:
a significant or complete overhaul between their backup and cyber teams.
W. Curtis Preston:
Um,
Prasanna Malaiyandi:
Oh yeah, we've talked about that so many
Prasanna Malaiyandi:
times on the podcast when we've had guests on the podcast, right?
Prasanna Malaiyandi:
Where they're like, yeah, these teams just need to talk more to each other
Prasanna Malaiyandi:
because they are kind of dependent on each other and sort of are what
Prasanna Malaiyandi:
the organization business relies on when things go up in smoke, right?
W. Curtis Preston:
Right, right.
W. Curtis Preston:
Um, this was interesting here.
W. Curtis Preston:
Um, most common element of an incident response playbook is a good backup.
W. Curtis Preston:
Well, duh, right.
W. Curtis Preston:
Um, they put, uh, backup copies, you know, clean backup copies, and also
W. Curtis Preston:
backup verification, which is something that, um, you know, Veeam is probably
W. Curtis Preston:
emphasizing because they were one of the first companies to offer that
W. Curtis Preston:
as a, as a part of their product.
Prasanna Malaiyandi:
I'm reading an article in Info Security magazine
Prasanna Malaiyandi:
published back in May by Kevin, I cannot spell your last name, I'm sorry.
Prasanna Malaiyandi:
It starts with a p, um, that he published called Backup Repositories,
Prasanna Malaiyandi:
targeted 93% of Ransomware Attacks.
Prasanna Malaiyandi:
And that was actually the stat I was gonna bring up, which is, yeah,
Prasanna Malaiyandi:
they are targeting, and we've talked about this, right, Curtis, that.
Prasanna Malaiyandi:
Threat actors realize that backups contain the ability for
Prasanna Malaiyandi:
organizations to recover their data.
Prasanna Malaiyandi:
And so it's a good point to not only destroy those backups, so a
Prasanna Malaiyandi:
company is more likely to pay the ransomware, but it's also an amazing
Prasanna Malaiyandi:
place to exfiltrate data from, right?
Prasanna Malaiyandi:
All, everything in the organization is stored centrally.
Prasanna Malaiyandi:
You don't need to go attack individual systems with different security levels
Prasanna Malaiyandi:
and different security mechanisms, right?
Prasanna Malaiyandi:
If you can attack the backup system and get in, then you now have access
Prasanna Malaiyandi:
to all the data that's in there.
Prasanna Malaiyandi:
So one of the things that they also talk about is sort of everyone thinks that, oh,
Prasanna Malaiyandi:
I'll pay the ransom and that's what the people want, and I'll get my data back.
Prasanna Malaiyandi:
And I know we've had Tony from Spectra come on, and there's a huge business
Prasanna Malaiyandi:
around cyber insurance, right?
Prasanna Malaiyandi:
Where it's like, Hey, we will protect you or help.
Prasanna Malaiyandi:
You pay off the ransom, right?
Prasanna Malaiyandi:
Uh, you give us premiums, we'll help you just like any other car
Prasanna Malaiyandi:
insurance, house insurance, et cetera.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
Um, and so 77% of ransoms were actually paid by insurance, but that it is
Prasanna Malaiyandi:
becoming harder and more expensive.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
And I know Curtis, I just shared an article with you as well about sort of
Prasanna Malaiyandi:
how there's potential and bleeding over in the bleeping computer article, right.
Prasanna Malaiyandi:
About how.
Prasanna Malaiyandi:
You can try to lower your cyber insurance premiums by having stronger passwords.
W. Curtis Preston:
Yeah, you're, you're bleeding into our second part, dude.
Prasanna Malaiyandi:
I know, but this was like a perfect opportunity, right, because
Prasanna Malaiyandi:
we're talking about cyber insurance.
W. Curtis Preston:
Yeah, yeah, yeah, yeah.
W. Curtis Preston:
The, um, yeah, I, you know, they showed, a bunch of people saw increased premiums.
W. Curtis Preston:
They saw increased deductibles, and they saw benefits being reduced.
W. Curtis Preston:
Uh, I think the bigger news here was that, um, was that even though
W. Curtis Preston:
people paid the ransom, they didn't necessarily recover their data.
W. Curtis Preston:
Right.
W. Curtis Preston:
Um, they, uh, said one fourth of them.
W. Curtis Preston:
Of of those that, that couldn't pay, that that paid the ransoms,
W. Curtis Preston:
still didn't get their data back.
W. Curtis Preston:
Um, yeah.
W. Curtis Preston:
You know, they got this phrase in there.
W. Curtis Preston:
Okay.
W. Curtis Preston:
This is a big one.
W. Curtis Preston:
Uh, And this, this is, this is the biggest I told you so of what I was talking about.
W. Curtis Preston:
Cyber villains were able to affect the backup repositories
W. Curtis Preston:
in 75% of the attacks, right?
W. Curtis Preston:
So yeah.
W. Curtis Preston:
So bad actors targeted the backup repositories at 93% of
W. Curtis Preston:
the attacks, nearly identical.
W. Curtis Preston:
94% of the repositories that were targeted in 2021.
W. Curtis Preston:
Um, They said that some, most, or all of the repositories were affected.
W. Curtis Preston:
Um, the, I mean, this is the most, this is the thing I've been, you know,
W. Curtis Preston:
trying to warn people about, right.
W. Curtis Preston:
Um, that you need to put different, uh, layers of protection
W. Curtis Preston:
on your backup repository.
W. Curtis Preston:
And, and this'll, this'll sound, you know, however it sounds, I, I
W. Curtis Preston:
think this is even more so true.
W. Curtis Preston:
I.
W. Curtis Preston:
If you are running a Windows based, uh, backup product, right?
W. Curtis Preston:
Um, yeah, that's my Linux bigotry showing through.
W. Curtis Preston:
But it's, it is just a matter of statistics, right?
W. Curtis Preston:
Uh, and by the way, they are now going after VMware.
W. Curtis Preston:
They're going after Linux.
W. Curtis Preston:
It's not pure, but Windows is still the, the number one target for, for ransomware.
W. Curtis Preston:
And, uh, I think that the, the best solution this for the Veeam
W. Curtis Preston:
customers, um, you know, and this will be a straight up plug.
W. Curtis Preston:
But I, I do believe this strongly, this new product called Blocky for
W. Curtis Preston:
Veeam, um, to me it's a silver bullet.
W. Curtis Preston:
You know, we don't often see a silver bullet in the, the backup world.
W. Curtis Preston:
Um, and, uh, but basically what it is, is the file system driver, uh, That
W. Curtis Preston:
won't allow anything but Veeam itself to read and write from the backups.
W. Curtis Preston:
And so, um, this would significantly hard, I think it would make the, the,
W. Curtis Preston:
the Windows Veeam repository as hard, if not harder, than the Linux-based
W. Curtis Preston:
hardened repository that they offer.
W. Curtis Preston:
And I think that the advantage that this has is, I think a lot of, would you agree?
W. Curtis Preston:
Well, I'm, I dunno if we have data to back this up, but I, but I, it's
W. Curtis Preston:
one of those things of like, I don't know this for a fact, but I'm pretty
W. Curtis Preston:
sure that the majority of Veeam customers are very Windows centric.
W. Curtis Preston:
Would you think that that's,
W. Curtis Preston:
if not
Prasanna Malaiyandi:
probab,
W. Curtis Preston:
only away?
Prasanna Malaiyandi:
yeah, I would probably agree with that.
Prasanna Malaiyandi:
it's just an additional hurdle you're putting for the threat actors.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
And so if it becomes more difficult, they're just gonna skip it and
Prasanna Malaiyandi:
move on to something else, right?
Prasanna Malaiyandi:
So it's additional protection.
W. Curtis Preston:
Yeah, the, the thing I think, um, the, the big thing I, the
W. Curtis Preston:
reason why I was asking about the Windows based, um, the, uh, the Windows based
W. Curtis Preston:
question is that if you are a Windows centric shop and you don't really have
W. Curtis Preston:
any Linux systems at, you know, creating a Linux hardened repository as your
W. Curtis Preston:
only, uh, Linux system, I don't think is a good idea that, uh, Um, because
W. Curtis Preston:
it will get, it will not be properly administered from a security perspective.
W. Curtis Preston:
What were you
Prasanna Malaiyandi:
I was, I I was just thinking in my head, it's like asking,
Prasanna Malaiyandi:
uh, uh, a receptionist to do heart surgery on a patient at a hospital.
W. Curtis Preston:
Yeah, uh,
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
It's it going back to the skillset, right?
Prasanna Malaiyandi:
Someone who's an expert at administering windows, when you're like, Hey,
Prasanna Malaiyandi:
I need to deploy a Linux system, or pick whatever other oss right?
Prasanna Malaiyandi:
There is some level of proficiency required in order
Prasanna Malaiyandi:
to secure it in the proper ways.
Prasanna Malaiyandi:
Yes, you could read best practices, but it's not the same
Prasanna Malaiyandi:
as doing it day in, day out.
W. Curtis Preston:
Well, yeah.
W. Curtis Preston:
And, and Veeam does a good job of giving you instructions to, to
W. Curtis Preston:
create the Linux repository, but that's not the end of the story.
W. Curtis Preston:
Right?
W. Curtis Preston:
You need, there's patch management.
W. Curtis Preston:
Patch management.
W. Curtis Preston:
Patch management.
W. Curtis Preston:
Right.
W. Curtis Preston:
So this is why I think if, if you're a Windows only shop if you don't have very
W. Curtis Preston:
many Linux servers, then I think it's a bad idea to add one for security reasons.
W. Curtis Preston:
I think it's actually.
W. Curtis Preston:
A good reason not to add one.
W. Curtis Preston:
And so that's why this gives you that immutability aspect
W. Curtis Preston:
on your Windows server.
W. Curtis Preston:
Um, and, um, and yeah, they, we, you know, they, they are, they are a partner.
W. Curtis Preston:
If you go over there and go to blockyforveeam.com/mrbackup for Mr.
W. Curtis Preston:
Backup, um, they do have a discount.
W. Curtis Preston:
I think you get like, um, half off the first server or something.
W. Curtis Preston:
I don't remember exactly what the discount is.
W. Curtis Preston:
Um, and yes, we would help support the show.
W. Curtis Preston:
Um, but anyway, yeah, I, I think that's a really good idea to do.
W. Curtis Preston:
And, but this idea of it just kills me that, that the cyber villains are
W. Curtis Preston:
able to affect the backups, right?
Prasanna Malaiyandi:
and they've gotten smart, right?
Prasanna Malaiyandi:
They realize that's where a bunch of data sits.
Prasanna Malaiyandi:
That's how people recover.
Prasanna Malaiyandi:
So why not take it out first?
W. Curtis Preston:
Yeah, exactly.
W. Curtis Preston:
You wanna talk about the next, uh, This
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
So the next one is, Yeah, the time to recover.
Prasanna Malaiyandi:
I think most people think, oh, by the way, I know how long it takes me to recover.
Prasanna Malaiyandi:
Say when an application fails.
Prasanna Malaiyandi:
But to recover from these attacks, you're not just recovering like it actually
Prasanna Malaiyandi:
says it takes at least three weeks to recover from each attack after the triage.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
And that's the hard part.
Prasanna Malaiyandi:
It's you need to figure out what happened when it happened,
Prasanna Malaiyandi:
what servers were impacted.
Prasanna Malaiyandi:
You might need to set up an isolated environment.
Prasanna Malaiyandi:
Right then you need to potentially bring in new servers or re uh, re-image them.
Prasanna Malaiyandi:
Start doing your restores, make sure everything's back up and running.
Prasanna Malaiyandi:
You have to worry about the order in which you do it, because remember,
Prasanna Malaiyandi:
they're not just affecting a single application where you're like,
Prasanna Malaiyandi:
oh, my Oracle application failed.
Prasanna Malaiyandi:
Let me figure out how to bring it back up.
Prasanna Malaiyandi:
This is across your entire environment.
Prasanna Malaiyandi:
So even things that you would've assumed, like.
Prasanna Malaiyandi:
Active directory being available or other things like that, just
Prasanna Malaiyandi:
even get started, don't exist.
Prasanna Malaiyandi:
And so you're basically bootstrapping your company from scratch.
Prasanna Malaiyandi:
And so I would say three weeks, it might be a conservative estimate
Prasanna Malaiyandi:
for some companies, depending on if they've done this exercise before.
W. Curtis Preston:
Yeah, they, they make a point of saying that this is
W. Curtis Preston:
three weeks to recover after triage.
W. Curtis Preston:
Right?
W. Curtis Preston:
And, and triage is gonna be that phase that, uh, again, remember Tony said that
W. Curtis Preston:
he told, he said that it took them two to three weeks to, to triage, just to figure
W. Curtis Preston:
out, um, you know, which servers have been affected, which backup policies are good.
W. Curtis Preston:
Uh, you know, et cetera.
W. Curtis Preston:
And then, and then it takes three weeks to recover.
W. Curtis Preston:
So, uh, to me, that, that whole thing that pushes you to the front end of the
W. Curtis Preston:
problem, right, of, of doing what you can to avoid the attack in the first place.
W. Curtis Preston:
Because if you do get the attack, you know, even if you have a decent backup
W. Curtis Preston:
system, it's going to take you quite a long time to, um, you know, to recover.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
And I, I don't know if they would talk about this, I don't think that they
Prasanna Malaiyandi:
talk about this in the, uh, report.
Prasanna Malaiyandi:
But one of the things also that I know some of the other cybersecurity experts
Prasanna Malaiyandi:
we've had, guests we've had on the podcast that they mention is, once you've
Prasanna Malaiyandi:
been hit right, people are gonna try hitting you again and again and again.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
So, It's then, this is not even just about like while you're in the process,
Prasanna Malaiyandi:
I know they talk later about risks of reinfection and other things like that,
Prasanna Malaiyandi:
but this is just once you're a known target and people are out there who know
Prasanna Malaiyandi:
about it, they're gonna try to exploit you again and again and again, right?
Prasanna Malaiyandi:
Which isn't even covered in this.
Prasanna Malaiyandi:
Like, so each time you get this attack, right, it's three weeks plus triage time.
Prasanna Malaiyandi:
Just imagine constantly, it's like, Hey, open season, come attack me.
Prasanna Malaiyandi:
Right?
W. Curtis Preston:
Yeah.
W. Curtis Preston:
Um.
W. Curtis Preston:
The, uh, I like, I like the, you know, the, the numbers they had about using,
W. Curtis Preston:
you know, that 80, they're saying 82% used, uh, some sort of immutable cloud
W. Curtis Preston:
offering either a service or using, uh, cloud storage in a hyperscaler, uh,
W. Curtis Preston:
which I think, um, and they also put that 14%, uh, that tape still mattered.
Prasanna Malaiyandi:
Does that warm your heart, Curtis?
W. Curtis Preston:
it warms my, warms my little tape heart.
W. Curtis Preston:
Um, You know, I mean, tape, tape has a lot of things going against it, but, um,
W. Curtis Preston:
immutability isn't one of them, right?
W. Curtis Preston:
The, the, the, the, the ability to take that tape out and set it on a
W. Curtis Preston:
shelf and make it making it immune to any kind of cyber attack, um, until we
W. Curtis Preston:
get to robot managed tape libraries.
W. Curtis Preston:
And by that I mean like, like ai, like actual robots, right?
W. Curtis Preston:
Not, you know, not, not a tape robot.
W. Curtis Preston:
This would be a tape robot.
W. Curtis Preston:
but you know what I'm trying to say.
W. Curtis Preston:
Right?
W. Curtis Preston:
Like,
Prasanna Malaiyandi:
and then at some point someone's gonna be,
W. Curtis Preston:
tapes around.
Prasanna Malaiyandi:
yeah.
Prasanna Malaiyandi:
And then at some point someone is probably gonna be a prompt, a
Prasanna Malaiyandi:
malicious, prompt engineer who injects bad data into the model such that now
Prasanna Malaiyandi:
even that's not safe, just saying.
W. Curtis Preston:
can only, we can only, we can only, um, um,
Prasanna Malaiyandi:
Do so
W. Curtis Preston:
only do so much.
W. Curtis Preston:
Um.
W. Curtis Preston:
This, this, this last one or this stat?
W. Curtis Preston:
I, I I was confused.
W. Curtis Preston:
Um,
Prasanna Malaiyandi:
The 56% run.
W. Curtis Preston:
No, this was 71% would recover to a cloud.
W. Curtis Preston:
81% would use the data center.
W. Curtis Preston:
I'm very confused by that headline.
W. Curtis Preston:
Um, the, it, it must be one of these where obviously it's more
W. Curtis Preston:
than more than a hundred percent.
Prasanna Malaiyandi:
Well, you're asking two separate questions
Prasanna Malaiyandi:
rather than an this or that.
W. Curtis Preston:
Oh, is that what it is?
W. Curtis Preston:
Okay.
Prasanna Malaiyandi:
so.
W. Curtis Preston:
Um, so 19% only plan to recover to a cloud.
W. Curtis Preston:
29% only plan to recover to on-prem servers.
W. Curtis Preston:
And 52% have plans that include both cloud and on-prem recovery.
W. Curtis Preston:
I think they added those two numbers together or something
W. Curtis Preston:
to, uh, to come up with that.
W. Curtis Preston:
Um,
Prasanna Malaiyandi:
I think that makes sense, right?
Prasanna Malaiyandi:
I think you need to have options because you don't know what this blast radius is.
Prasanna Malaiyandi:
For some of, like for the attack, and it might be better, right?
Prasanna Malaiyandi:
Rather than trying to move an entire workload to the cloud to recover, right?
Prasanna Malaiyandi:
Maybe you do have the gear to just spin it up locally and
Prasanna Malaiyandi:
that just makes life easier.
Prasanna Malaiyandi:
Versus maybe it's a full data center outage caused by ransomware attack where
Prasanna Malaiyandi:
no, you have no other choice because you can't get the equipment in time, right?
Prasanna Malaiyandi:
So spin it up wherever you can.
W. Curtis Preston:
yeah.
W. Curtis Preston:
That's why I'm such a fan of the cloud for DR.
W. Curtis Preston:
And Cyber Recoveries, right?
W. Curtis Preston:
Is that, you know, when you, when you do a, a, a disaster recovery or you do a, a
W. Curtis Preston:
cyber recovery, What you need is a whole bunch of hardware right now, and you don't
W. Curtis Preston:
want to pay it until you need it, right?
W. Curtis Preston:
Um, and, and I, the only way I know to do that is the cloud, right?
W. Curtis Preston:
Why are you, why are you nodding, nodding your head back and forth?
Prasanna Malaiyandi:
So while I agree with that, I think when you
Prasanna Malaiyandi:
get to a certain scale, remember the cloud isn't something magical.
Prasanna Malaiyandi:
It is still someone
W. Curtis Preston:
magic Prasanna.
Prasanna Malaiyandi:
I know, I know.
Prasanna Malaiyandi:
But I'm just caveating it.
Prasanna Malaiyandi:
That says, even though the cloud allows you to spin up those resources
Prasanna Malaiyandi:
quickly, you, depending on how large environment is, it may not actually
Prasanna Malaiyandi:
be feasible to spin it up in a cloud.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
They just may not have the free capacity.
W. Curtis Preston:
I think that the number of companies that cannot
W. Curtis Preston:
do that are relatively small.
Prasanna Malaiyandi:
I agree, but I'm just saying
W. Curtis Preston:
are correct.
W. Curtis Preston:
I.
W. Curtis Preston:
Um, if any of those companies are listening to this podcast,
W. Curtis Preston:
we would love to hear from you.
W. Curtis Preston:
I would love to hear how you are doing Dr.
W. Curtis Preston:
Uh, without the cloud.
W. Curtis Preston:
And, and it's probably the answer is, you know, it's a warm site or a hot site or
W. Curtis Preston:
a significantly long r t o, um, and um, They have more money than than Amazon.
W. Curtis Preston:
We used to say more money than God.
W. Curtis Preston:
Now I just say more money than Amazon, um, or Apple.
W. Curtis Preston:
More money than Apple.
W. Curtis Preston:
Um, so let's move on to the, to this, this the password manager thing.
W. Curtis Preston:
This I think was the coolest headline ever.
W. Curtis Preston:
And, you know, and, and honestly they, the headline actually downplays it somewhat.
W. Curtis Preston:
Strengthening password security may lower cyber insurance premiums.
W. Curtis Preston:
I would put it like this, want lower cyber insurance premiums,
W. Curtis Preston:
get a damn password manager.
W. Curtis Preston:
That's the, that's the way I would put it.
W. Curtis Preston:
They put in here, um, I.
W. Curtis Preston:
So this was the, this was the, the, the biggest thing here.
W. Curtis Preston:
Spec ops research shows that an analysis of 800 million breach passwords,
W. Curtis Preston:
that's a lot of breach passwords.
W. Curtis Preston:
83% of compromised passwords satisfied the password length and
W. Curtis Preston:
complexity requirements of regulatory password standard standards.
Prasanna Malaiyandi:
Still not good
W. Curtis Preston:
So yeah, not good enough, right?
W. Curtis Preston:
Um, And that that's both length and, um,
W. Curtis Preston:
complexity.
W. Curtis Preston:
Right,
Prasanna Malaiyandi:
Yep.
W. Curtis Preston:
right.
W. Curtis Preston:
All that stuff.
W. Curtis Preston:
Right.
W. Curtis Preston:
So, um, the, uh, but what they're saying is that if, if you can prove
W. Curtis Preston:
that you have a password manager and m f a, you get a significant reduction
W. Curtis Preston:
in your cyber insurance coverage.
Prasanna Malaiyandi:
Yeah, and I think this goes back to right,
Prasanna Malaiyandi:
cyber insurers aren't idiots, right?
Prasanna Malaiyandi:
They're there to make money.
Prasanna Malaiyandi:
They're not gonna insure someone, right?
Prasanna Malaiyandi:
Unless they meet a certain bar where they know, yes, things are good.
Prasanna Malaiyandi:
You're doing all the right precautions, right?
Prasanna Malaiyandi:
That it's not highly likely that some idiotic situation is
Prasanna Malaiyandi:
gonna cause you to be preached,
W. Curtis Preston:
Right.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
I, I think, I think that when we go back to the beginning of the,
W. Curtis Preston:
Of the cyber insurance world.
W. Curtis Preston:
The, the insurers were definitely caught flatfooted with, um, with
W. Curtis Preston:
the explosion of ransomware.
W. Curtis Preston:
And they are now triaging that.
W. Curtis Preston:
And they're basically saying, Hey, when, when you renew, uh, one of
W. Curtis Preston:
the first things they're saying is we're excluding ransomware.
W. Curtis Preston:
Um, and, but now what they're saying, uh, this is, this is what
W. Curtis Preston:
I'm hearing, an all too common.
W. Curtis Preston:
Statement.
W. Curtis Preston:
And this is just another article that's backing that up.
W. Curtis Preston:
And that is that if you don't, if you can't prove to your insurance company that
W. Curtis Preston:
you don't have good password management and M f A, uh, basically that's not
W. Curtis Preston:
the only things, but those are the, I'd say that's the one and the two.
W. Curtis Preston:
Uh, the other one being patch management.
W. Curtis Preston:
If you don't, uh, if you can't prove that you have, that, you might not be
W. Curtis Preston:
able to get cyber insurance, period.
W. Curtis Preston:
Uh, and then number two, that if you can prove it and you can prove that
W. Curtis Preston:
not only do you have, let's say, a good password management policy, you
W. Curtis Preston:
have an automated password management system, and you have a way to ensure
W. Curtis Preston:
that people don't use old passwords and people don't repeat passwords.
W. Curtis Preston:
'cause by the way, a password manager won't necessarily do that.
W. Curtis Preston:
Right?
W. Curtis Preston:
It, it will, it will.
W. Curtis Preston:
I know this for a fact 'cause I've put Right, I, you know, because
W. Curtis Preston:
every once in a while I'll be like, I don't have time for this right now.
W. Curtis Preston:
I'm gonna, I'm just gonna do a quick password.
W. Curtis Preston:
Um, and um, uh, and I store that on my password manager.
W. Curtis Preston:
And my password manager will tell me later, Hey, you shouldn't have done
W. Curtis Preston:
that, but it's not gonna enforce that.
W. Curtis Preston:
Now, that may be the case in a corporate password manager.
W. Curtis Preston:
They may be able, they may be able to, may able to put policies in place that don't
W. Curtis Preston:
allow you to repeat passwords, because that's one of the things that I saw,
W. Curtis Preston:
ah, in one of the articles we looked at.
Prasanna Malaiyandi:
Yeah.
W. Curtis Preston:
Was that the hackers are increasingly becoming more interested
W. Curtis Preston:
in, they, they don't need to hack your passwords when they know that one of the
W. Curtis Preston:
passwords has already been compromised.
W. Curtis Preston:
And so the, the really common thing to do is to reuse that
W. Curtis Preston:
password in a bunch of places.
W. Curtis Preston:
And, um, They don't have to hack your password, they just have to steal it
W. Curtis Preston:
from some other place and then try that password, uh, and then poof they're in.
W. Curtis Preston:
Especially if you don't have what Prasanna
Prasanna Malaiyandi:
M F A.
W. Curtis Preston:
M f a Exactly.
W. Curtis Preston:
M f a is your friend, man.
W. Curtis Preston:
I dunno why I started sound like the dude from the Big, big Lebowski there.
Prasanna Malaiyandi:
Yes.
W. Curtis Preston:
Um, yeah.
W. Curtis Preston:
I mean, again, I will, I will put, I will.
W. Curtis Preston:
I will stand here and say, stand here.
W. Curtis Preston:
Sit here.
W. Curtis Preston:
I will sit here and say I was a late comer to M f A.
W. Curtis Preston:
Right?
W. Curtis Preston:
I, but I eventually said, I'm gonna do this for anything that matters, right?
W. Curtis Preston:
Um, I'm gonna have a unique password and I'm gonna use m f A.
W. Curtis Preston:
And then I, and now I get upset when something that matters
W. Curtis Preston:
doesn't have real M f a.
Prasanna Malaiyandi:
Yeah.
W. Curtis Preston:
what was I logging into?
Prasanna Malaiyandi:
Where real is defined as non email non S M S M F A.
W. Curtis Preston:
exactly, exactly.
W. Curtis Preston:
Uh, I was logging into a financial thing.
W. Curtis Preston:
I won't say what, what it was for obvious reasons, but I was logging into
W. Curtis Preston:
a financial organization and the only M f A they offer is SS m s, and I was
W. Curtis Preston:
like, That just makes me angry, right.
W. Curtis Preston:
So, yeah, so I've gone, I've gone from being, um, you know, uh, a latecomer
W. Curtis Preston:
to being a staunch proponent, so password managers and M F a password
W. Curtis Preston:
managers and M f A and um, pass or, uh, patch management, right?
W. Curtis Preston:
Um, for all the things including your backup server.
W. Curtis Preston:
Including your backup server?
W. Curtis Preston:
I don't know.
W. Curtis Preston:
I don't know how, how many times.
W. Curtis Preston:
I gotta say, put your backup server.
W. Curtis Preston:
I, I think it should be at the front of the line.
W. Curtis Preston:
Um, because it's your last line of defense.
W. Curtis Preston:
Right.
Prasanna Malaiyandi:
But it's never there.
W. Curtis Preston:
But it's just never there.
W. Curtis Preston:
Just, just make sure it's in the line and make sure that the
W. Curtis Preston:
line doesn't take three months.
W. Curtis Preston:
Right.
W. Curtis Preston:
The line's, the line to line, you know, uh, a, a big critical, like
W. Curtis Preston:
all patches are not created equal.
W. Curtis Preston:
Right.
Prasanna Malaiyandi:
yeah,
W. Curtis Preston:
You have an
W. Curtis Preston:
example of a patch that like matters more?
Prasanna Malaiyandi:
uh, Like, uh, like uh, remote code execution
W. Curtis Preston:
Yeah.
W. Curtis Preston:
Like
Prasanna Malaiyandi:
for a system that's on the internet, facing is
Prasanna Malaiyandi:
probably a lot more important than say something for a small that is sort of
Prasanna Malaiyandi:
a potential exploit that can only be uncovered if you have physical access
Prasanna Malaiyandi:
to a system with the memory dump.
W. Curtis Preston:
Right.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
I, I, um, I, I would, yeah, I, you know, it's like here, you know,
W. Curtis Preston:
here are the top 10 things, right?
W. Curtis Preston:
One of the, one of the top 10 things I think would be review those
W. Curtis Preston:
systems that are directly accessibly.
W. Curtis Preston:
Via the internet and ask yourself, do they need to be right?
W. Curtis Preston:
Uh, number one.
W. Curtis Preston:
And then number two is, um, block outgoing internet access except on required
W. Curtis Preston:
ports, uh, one of which will be port 80.
W. Curtis Preston:
And then go and block, um, the, um, the, the known like data sharing sites.
W. Curtis Preston:
Um, you know, like the, the obvious one is like, like Dropbox and things
W. Curtis Preston:
like that, but there are other more nefarious sites that literally just
W. Curtis Preston:
share all sorts of malware and whatnot.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
That stuff, yeah.
W. Curtis Preston:
Block all those sites on port 80.
W. Curtis Preston:
Uh, and then, and then anything else, uh, should be like outgoing from your
W. Curtis Preston:
server to the wild, wild internet.
W. Curtis Preston:
Should be blocked until you'd ha have a reason otherwise.
W. Curtis Preston:
Right.
W. Curtis Preston:
Backup ports might be an example of something that you open
W. Curtis Preston:
up, but only like explicitly.
W. Curtis Preston:
Right.
W. Curtis Preston:
Uh, to certain places, not to every place.
W. Curtis Preston:
'cause that also could be used for data exfiltration.
W. Curtis Preston:
Data exfiltration.
W. Curtis Preston:
Anyway.
W. Curtis Preston:
Yeah, we told you so.
W. Curtis Preston:
Right?
W. Curtis Preston:
All these reports are just confirming the stuff that we've been saying,
W. Curtis Preston:
and so we hope that you're listening.
W. Curtis Preston:
Uh, if this is your first time listening to the show, we've got
W. Curtis Preston:
other episodes, don't we, Prasanna
Prasanna Malaiyandi:
Oh yeah, just a quite a, just a couple.
Prasanna Malaiyandi:
Not many.
W. Curtis Preston:
just a couple, uh, just a few hundred out there.
W. Curtis Preston:
Uh, be sure to, um, check out the, you know, the back catalog.
W. Curtis Preston:
Uh, just listen to us, uh, you know, on Apple Podcasts or whatever, you know,
W. Curtis Preston:
whatever podcast, uh, podcaster you happen to listen to or go to Backup Central and
W. Curtis Preston:
you can watch video versions and you can
Prasanna Malaiyandi:
You could see us,
W. Curtis Preston:
Yeah.
W. Curtis Preston:
Um, and, um,
Prasanna Malaiyandi:
you could see my beard grow in
W. Curtis Preston:
You can see, you can see the beard grow
W. Curtis Preston:
in real time if you go back.
W. Curtis Preston:
So it's what, three years now, right?
W. Curtis Preston:
It's been over three years.
Prasanna Malaiyandi:
over three years.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
Did we have video that whole time though?
W. Curtis Preston:
I'm not sure if we have it for that whole time.
Prasanna Malaiyandi:
oh.
Prasanna Malaiyandi:
I don't know how long.
Prasanna Malaiyandi:
Back goes.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
You could go back to when Prasanna had a normal sized beard and hair.
W. Curtis Preston:
Um, yeah.
W. Curtis Preston:
They don't, they can't quite see the length of your ponytail though,
Prasanna Malaiyandi:
Yeah, they
W. Curtis Preston:
it's, yeah,
W. Curtis Preston:
It's it's way down there.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
Um, and you wear a black shirt and that can, that concealing it today, but,
W. Curtis Preston:
um, you're gonna have to, you're gonna have to start switching
W. Curtis Preston:
to a gray shirt, but I'm
Prasanna Malaiyandi:
Thanks Curtis.
W. Curtis Preston:
You're welcome.
Prasanna Malaiyandi:
there.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
Hey, you know what?
W. Curtis Preston:
I owned, I owned up to it a long time ago.
W. Curtis Preston:
Yeah.
W. Curtis Preston:
I remember it was a few years ago when my daughter looked at my license and
W. Curtis Preston:
she's like, what did we say Brown?
W. Curtis Preston:
Because the license has Brown on there and she's like, really?
W. Curtis Preston:
Really?
W. Curtis Preston:
I'm like, ouch.
W. Curtis Preston:
Anyway, well, uh, thanks for listening folks, and be sure to subscribe
Listen On
