Why it's process, then people, then technology
In this episode of Backup Central's Restore It All podcast, the host welcomes cyber expert Rick Mishka to discuss the three aspects of IT: process, people, and technology. They explore the misconception that a new piece of gear or software is always the solution to every problem, particularly in preventing data exfiltration. Rick also shares insights into his short-form podcast, Cyber Pros, where he covers cybersecurity topics in just nine minutes. Tune in to gain valuable perspectives on backup, DR, and data protection.
Speaker:
Sometimes those of us in technology think that the solution to every
Speaker:
problem is a new piece of gear or a great piece of software.
Speaker:
I've been guilty of this a lot lately when I've been thinking about
Speaker:
how to prevent data exfiltration.
Speaker:
If we could just get the right AI tool in there, we could spot it as
Speaker:
it's happening and shut it down.
Speaker:
This week's guest is a cyber expert who reminded me that I T has three sides.
Speaker:
He thinks the focus should be on process.
Speaker:
Then people then technology.
Speaker:
Hi, I'm w Curtis press an AKA Mr.
Speaker:
Backup.
Speaker:
I've been specializing in backup and Dr for over 30 years.
Speaker:
And I've written four O'Reilly books on the topic like me.
Speaker:
This podcast is dedicated to those of you who are tasked with
Speaker:
the difficult job of backup Dr.
Speaker:
And data protection.
Speaker:
This is backup, centrals, restore it all.
Speaker:
W. Curtis Preston: Hi, and welcome to Backup Central's Restore It All podcast.
Speaker:
I'm your host, W.
Speaker:
Curtis Preston, aka Mr.
Speaker:
Backup, and today I have with me a guy who gave me some really good advice.
Speaker:
It was really good advice up until it wasn't.
Speaker:
Prasanna Malaiyandi How's it going, Prasanna
Prasanna Malaiyandi:
I'm good, Curtis.
Prasanna Malaiyandi:
I'm curious what this good advice is that was good at the time
Prasanna Malaiyandi:
W. Curtis Preston: this silver bullet that you gave me called the FCC complaint
Prasanna Malaiyandi:
Yeah, I'm surprised not a lot of people know about this.
Prasanna Malaiyandi:
if you have an issue with your cell phone provider or your cable company, right?
Prasanna Malaiyandi:
Or internet provider.
Prasanna Malaiyandi:
you call them in, you complain to them, they give you the runaround,
Prasanna Malaiyandi:
and then you spend weeks and weeks, and nothing ever happens.
Prasanna Malaiyandi:
W. Curtis Preston: and you're not anywhere.
Prasanna Malaiyandi:
exactly.
Prasanna Malaiyandi:
And then you have this magic thing called the FCC, where you can actually file
Prasanna Malaiyandi:
a complaint, and say, hey, my billing is off, or my service isn't right, and
Prasanna Malaiyandi:
the provider literally has to respond to you within, I think it's 72 hours.
Prasanna Malaiyandi:
W. Curtis Preston: I had never heard of such a thing.
Prasanna Malaiyandi:
And, and being a person who...
Prasanna Malaiyandi:
Having, worked for the government at a point, I definitely understand
Prasanna Malaiyandi:
the inefficiency of government.
Prasanna Malaiyandi:
So the idea that something could be so efficient was definitely.
Prasanna Malaiyandi:
a surprise.
Prasanna Malaiyandi:
the last time I did this ironically enough, now, as this story comes full
Prasanna Malaiyandi:
circle, I was having problems with Cox as my internet, service provider.
Prasanna Malaiyandi:
I put in an FCC complaint.
Prasanna Malaiyandi:
And in the end, we did figure out the problem.
Prasanna Malaiyandi:
And then I changed to Verizon 5G internet.
Prasanna Malaiyandi:
And everything was fine until it wasn't.
Prasanna Malaiyandi:
And then I decided to use this magic bullet again.
Prasanna Malaiyandi:
I got the call within 72 hours.
Prasanna Malaiyandi:
During the time that they were working on it, it went from being an intermittent
Prasanna Malaiyandi:
problem to being all the time.
Prasanna Malaiyandi:
The official response from Verizon is I will obviously be, Paraphrasing
Prasanna Malaiyandi:
slightly., yeah, you're right.
Prasanna Malaiyandi:
We suck.
Prasanna Malaiyandi:
You should probably get a different ISP.
Prasanna Malaiyandi:
By the way, I'm not just complaining about like low speeds.
Prasanna Malaiyandi:
My internet would just drop.
Prasanna Malaiyandi:
Sometimes in the middle of recording one of these episodes, my internet would just
Prasanna Malaiyandi:
but basically they said the reason your internet is just dropping, it's congestion
Prasanna Malaiyandi:
and you should probably get another ISP.
Prasanna Malaiyandi:
That was their official response.
Prasanna Malaiyandi:
I was.
Prasanna Malaiyandi:
dumbfounded, right?
Prasanna Malaiyandi:
So again, story come full circle, Cox will be back, in six days, they
Prasanna Malaiyandi:
will be installing the fiber version, because I don't have a lot of choices.
Prasanna Malaiyandi:
Our guest today is the host of the cyber pros podcast, a short form
Prasanna Malaiyandi:
podcast, which by the way, it makes it very different from this podcast.
Prasanna Malaiyandi:
A short form podcast that has five questions and nine minutes.
Prasanna Malaiyandi:
He's our second former special forces member and we're excited
Prasanna Malaiyandi:
to have him on the podcast.
Prasanna Malaiyandi:
Welcome to the show, Rick Mischka.
Rick Mischka:
Hello, gents.
Rick Mischka:
W. Curtis Preston: So what do you cover in nine minutes on that podcast
Rick Mischka:
Yeah, you know, in 2020 I got bored and I wanted to build a
Rick Mischka:
cybersecurity network and I want to do it fast and So we had the idea
Rick Mischka:
of doing a short form kind of video podcast that that would be be quick.
Rick Mischka:
We actually thought six minutes could fit in in six questions could fit in nine
Rick Mischka:
minutes, but we were way wrong on that.
Rick Mischka:
So, so we pivoted down to five.
Rick Mischka:
And, and honestly, the first and last question are more, you know, who are you?
Rick Mischka:
What do you do?
Rick Mischka:
And then.
Rick Mischka:
You know, tell us a fun story or typically we ask, you know, what's your
Rick Mischka:
favorite piece of retro technology?
Rick Mischka:
The three middle questions are really the ones that we get kind
Rick Mischka:
of the, the meat of conversation.
Rick Mischka:
And it's, it's, you know, why do you love being a cybersecurity professional?
Rick Mischka:
Why do you think cybersecurity should, or is, or isn't a top concern?
Rick Mischka:
And then just what insights do you want to share?
Rick Mischka:
Whatever they share with us in those five questions, we then
Rick Mischka:
actually do something interesting.
Rick Mischka:
We, we.
Rick Mischka:
We record bonus content afterwards, and we focus that bonus content
Rick Mischka:
on one, education, two, a little bit of marketing, and then three,
Rick Mischka:
we focus on knowledge, right?
Rick Mischka:
Just, just what knowledge do they want to share even more of?
Rick Mischka:
And we typically do that in 30 seconds to three minutes.
Rick Mischka:
And so now...
Rick Mischka:
Our podcast guests get a full week of exposure.
Rick Mischka:
They get the full podcast release.
Rick Mischka:
They get a bunch of bonus contests released around it.
Rick Mischka:
We're able to bring in a lot of people through a number of different doors.
Rick Mischka:
And man, it's, it's just been a lot of fun.
Rick Mischka:
I've been able to connect a lot of people to, to really
Rick Mischka:
just kind of grow the network.
Rick Mischka:
You know, a couple of the podcast guests got together and wrote a book.
Rick Mischka:
A couple of the podcast guests got together and started a company.
Rick Mischka:
So.
Rick Mischka:
Awesome, right?
Rick Mischka:
So been fun.
Rick Mischka:
Yeah.
Rick Mischka:
W. Curtis Preston: I like it I'd like to hear the five questions
Rick Mischka:
So they're the same five questions for everybody
Rick Mischka:
typically, unless we get somebody who's a specialist
Rick Mischka:
in something, so it's who are you and what do you do, right?
Rick Mischka:
That's We'll call that one question.
Rick Mischka:
And then why do you love being a cybersecurity professional?
Rick Mischka:
That question will change if they're a professional in cloud, if data backup, you
Rick Mischka:
know, so if you were on, we would ask you that question a little bit differently.
Rick Mischka:
And then the third question we ask, you know, cybersecurity is a top concern.
Rick Mischka:
Do you believe that's true?
Rick Mischka:
And in, in the industry you're in, how does that, how does that interact?
Rick Mischka:
And then the fourth question is just.
Rick Mischka:
What insight do you want to share?
Rick Mischka:
Here's your, you know, if you've done your job, you have five minutes to talk
Rick Mischka:
and, and about anything you want to talk
Rick Mischka:
and then.
Rick Mischka:
If you're a first time guest, we always ask if, what's your favorite
Rick Mischka:
piece of retro technology is.
Rick Mischka:
Usually I get some, you know, usually I get all sorts of things.
Rick Mischka:
Usually it's, you know, Apple computers, Commodores, things like that.
Rick Mischka:
I had somebody come back and say the, the semi automatic pistol.
Rick Mischka:
And I was like, that's technology.
Rick Mischka:
So here we go.
Rick Mischka:
We're going down to completely different conversation.
Rick Mischka:
And I have to laugh.
Rick Mischka:
I actually useless trivia.
Rick Mischka:
I actually just bought one of my favorite pieces of retro
Rick Mischka:
technology in its new form.
Rick Mischka:
The Motorola Razr.
Rick Mischka:
So I have newest, the newest flip phone version, and it's so cool
Rick Mischka:
because you can actually set it to, show you as if you were using
Rick Mischka:
the original Motorola Razr, it's
Prasanna Malaiyandi:
that is awesome.
Rick Mischka:
Yeah,
Rick Mischka:
W. Curtis Preston: I
Rick Mischka:
had the original Motorola Razr
Rick Mischka:
as did I.
Rick Mischka:
And so it's fun.
Rick Mischka:
I get to be the butt of my own question.
Prasanna Malaiyandi:
What is probably one of the most interesting
Prasanna Malaiyandi:
insights from cybersecurity answers that you've received?
Rick Mischka:
Yeah.
Rick Mischka:
You know, actually I'll start with the one I get the most of.
Rick Mischka:
The most insights I get are the idea that cybersecurity has
Rick Mischka:
to focus on the people, right?
Rick Mischka:
Dozens of different ways that conversation plays out, but that's the most talked
Rick Mischka:
about is, is the people, cybersecurity, burnout, talent acquisition, security
Rick Mischka:
gap, whatever that looks like, and it's, it's quite interesting, but the
Rick Mischka:
most interesting one that I've ever had was actually the use of artificial
Rick Mischka:
intelligence and machine learning as it pertains to cybersecurity.
Rick Mischka:
And biometrics and the insights that they shared were fascinating because their
Rick Mischka:
company had just gotten acquired, was, was putting a bunch of venture capital dollars
Rick Mischka:
into this solution that were actually selling some of the, the solution to.
Rick Mischka:
Tesla, the way you walk up to your car will unlock the car for you
Rick Mischka:
because it knows your gate, along with facial rec and other biometrics.
Rick Mischka:
And it's fascinating.
Rick Mischka:
It was, it was mind blowing what can do.
Rick Mischka:
So
Prasanna Malaiyandi:
it's interesting you bring that up, Rick.
Prasanna Malaiyandi:
So recently my wife and I, we binge watched all the Mission Impossible movies.
Prasanna Malaiyandi:
And there's, I don't know if you remember, but there's a one Mission Impossible
Prasanna Malaiyandi:
where it's like, they have to imitate to be the guy and walk through a secure
Prasanna Malaiyandi:
area where it does a gait analysis.
Prasanna Malaiyandi:
And I was just thinking, I was like, wow, technology it's come.
Prasanna Malaiyandi:
It's like real now.
Prasanna Malaiyandi:
or the other day I was watching Minority Report.
Prasanna Malaiyandi:
It's like all this stuff they're doing.
Prasanna Malaiyandi:
It's that's now become like reality.
Rick Mischka:
You should add the Mission Impossible theme to the start of, of this
Rick Mischka:
podcast
Rick Mischka:
W. Curtis Preston: Yeah I just rewatched that one again to Prasanna and of course
Rick Mischka:
that technology was defeated by uploading a different gate analysis The first time
Rick Mischka:
I saw a computer used to do something that that literally I went wow actually
Rick Mischka:
okay The very first thing I remember seeing a computer do something that made
Rick Mischka:
me do wow was when I was in my teens you could go to a police station in Kissimmee
Rick Mischka:
Florida That's where I was from And you could give them an address and they
Rick Mischka:
could print out turn by turn directions of how to get to there And I remember
Rick Mischka:
going That's the most amazing I've ever seen but the second thing was I was a
Rick Mischka:
consultant at a communications company that was using simulation modeling in
Rick Mischka:
a computer to test their device like to harden their device by like in a
Rick Mischka:
computer hitting it with a softball in a computer dropping that device on the
Rick Mischka:
ground Do you know what that device was
Rick Mischka:
The Nokia phone from back in the day?
Rick Mischka:
W. Curtis Preston: It was the Motorola Razr my friend
Rick Mischka:
Fair, there's the full circle.
Rick Mischka:
W. Curtis Preston: Yeah Yeah I was working at Motorola in Schaumburg Illinois
Prasanna Malaiyandi:
Crazy.
Prasanna Malaiyandi:
W. Curtis Preston: yeah it was amazing to me what they do One of the things I'm
Prasanna Malaiyandi:
very concerned about is data exfiltration cause as a backup and recovery person
Prasanna Malaiyandi:
I can stop a lot of things I can stop a pure ransomware attack by just restoring
Prasanna Malaiyandi:
the data but what I can't stop if the data is exfiltrated there's nothing I
Prasanna Malaiyandi:
can do So the question is so I think that AI and ML are the next thing for
Prasanna Malaiyandi:
basically doing the equivalent of gate analysis on the outgoing traffic for a
Prasanna Malaiyandi:
typical company and then noticing when something is very different and calling
Prasanna Malaiyandi:
it out and stopping it automatically So far I'm not hearing A lot of
Prasanna Malaiyandi:
agreement on that when I talk to folks
Prasanna Malaiyandi:
are you talking mainly Curtis about
Prasanna Malaiyandi:
anomaly detection based on
Prasanna Malaiyandi:
W. Curtis Preston: Yes
Prasanna Malaiyandi:
looking for data exfiltration?
Prasanna Malaiyandi:
Okay.
Prasanna Malaiyandi:
W. Curtis Preston: Yes
Rick Mischka:
Yeah, I mean, I will say, I think people got a little out over their
Rick Mischka:
skis looking at, you know, unsupervised machine learning and trying to train
Rick Mischka:
it to baseline and then anomaly detect.
Rick Mischka:
And you end up with either a lot of false positives or you end up with...
Rick Mischka:
Just a lot of data that the machine learning model is still working on.
Rick Mischka:
And I think the world is seeing kind of, I don't want to call it a
Rick Mischka:
reversion, but an add in to a lot of that unsupervised machine learning
Rick Mischka:
with supervised machine learning.
Rick Mischka:
That's trained on data models of both benign and malicious data
Rick Mischka:
that allows those supervised models to say, okay, here's the 14 or 40
Rick Mischka:
or whatever number you want of.
Rick Mischka:
Threat vectors that we know, right?
Rick Mischka:
EXE files, documents, things like that.
Rick Mischka:
When you have as much data as we have now, you can train these supervised
Rick Mischka:
machine learning models to say, Oh, 98, 99 percent of the time we can catch
Rick Mischka:
something and we don't need anomaly.
Rick Mischka:
And so I think that was the miss for, for me, that's what I'm seeing is people
Rick Mischka:
jump right to unsupervised thinking that anomaly detection was the only way.
Rick Mischka:
And we went from signature known crap to let's figure out what the user is doing
Rick Mischka:
and hope their behavior doesn't change.
Rick Mischka:
And they missed the step.
Rick Mischka:
And I think, you know, good companies, EDR endpoint detection response
Rick Mischka:
vendors, a lot of the new managed detection response solutions that
Rick Mischka:
are bringing in XDR solutions.
Rick Mischka:
have realized that and they can make that model better by adding
Rick Mischka:
in a supervised model as well.
Rick Mischka:
I, I think that's the path we need to get to, to actually
Rick Mischka:
see it be extremely useful, but
Prasanna Malaiyandi:
I think one of the challenges also with anomaly detection
Prasanna Malaiyandi:
is, especially with these unsupervised models, you get so many sort of false
Prasanna Malaiyandi:
positives, where it's hey, the user just did something different, but it's normal.
Prasanna Malaiyandi:
And the model has never seen it before.
Prasanna Malaiyandi:
And of course, it's going to flag something.
Prasanna Malaiyandi:
And as a, as a security engineer trying to go through those logs and figure
Prasanna Malaiyandi:
out, okay, what's a real threat, what is a false positive, that kills so much
Prasanna Malaiyandi:
of your time that what I've heard is a lot of people are like, screw it, it's
Prasanna Malaiyandi:
not worth it, let me just turn it off.
Rick Mischka:
It's true.
Rick Mischka:
And, and, and, you know, I think the other thing that, that people forgot was
Rick Mischka:
They jumped towards the technology and they forgot that there's a whole lot of
Rick Mischka:
process and people that need to be in place for the, for the technology to work.
Rick Mischka:
you know, I know everybody knows the PBT framework.
Rick Mischka:
It's, it's used in almost every technology model ever.
Rick Mischka:
it was actually created in the sixties by a guy by the name of
Rick Mischka:
Harold Levitt as the diamond model.
Rick Mischka:
There was four points to it, but when we do.
Rick Mischka:
An analysis of somebody's cybersecurity posture doesn't matter what machine
Rick Mischka:
learning models doesn't matter what technology they have for us.
Rick Mischka:
The technology is only about 10 percent of the solution that we
Rick Mischka:
present that they should be looking at.
Rick Mischka:
And we talk about, okay.
Rick Mischka:
30 percent is, is, is the people.
Rick Mischka:
Can you provide those?
Rick Mischka:
Do you need people to be outsourced or managed from, you
Rick Mischka:
know, managed service provider?
Rick Mischka:
And then 60 percent of it is, here's your process.
Rick Mischka:
If you have a good process, the technology will work, but most people
Rick Mischka:
just, like you said, turn it on.
Rick Mischka:
All of a sudden they have triple the, the, the alerts and they
Rick Mischka:
don't know how to handle it.
Rick Mischka:
W. Curtis Preston: Yeah it's interesting I think that was a good point about that
Rick Mischka:
people think that technology is just going to solve the problem when in reality Even
Rick Mischka:
if the it was able to detect an anomaly there's still a human being That is going
Rick Mischka:
to have to read that information view that information and respond to that
Rick Mischka:
information because you're not at least I wouldn't think the average person is
Rick Mischka:
not going to automatically start shutting off outgoing communications based on an
Rick Mischka:
anomaly especially if there's so many false positives So there's got to be
Rick Mischka:
that person involved Rick I'd like to ask you about that 30 60 percent that's
Rick Mischka:
it's interesting that you put so much focus on the process like it felt I don't
Rick Mischka:
know if anything I if I was guessing I'd be like 50 50 between the people
Rick Mischka:
and the process thoughts about that
Rick Mischka:
you know, I think, I think we all agree that the technology
Rick Mischka:
is, is just a component, right?
Rick Mischka:
It's, it's supposed to make us better, faster, easier,
Rick Mischka:
whatever they want to look at.
Rick Mischka:
And some would argue that the people side of the house should be, you know, higher
Rick Mischka:
rated, higher percentage of what you do.
Rick Mischka:
In today's world where we automate a lot of things, you can remove a human
Rick Mischka:
for, you know, X number of automations that you do, but I'm going to take it
Rick Mischka:
even further as to why we place such an emphasis on the process side, and
Rick Mischka:
that's everything a company focuses on their business objectives, their
Rick Mischka:
continuity, their resilience, right?
Rick Mischka:
None of those are cyber security based, but all of those have to have
Rick Mischka:
a process in place for people to know.
Rick Mischka:
Hey, that's what my job is.
Rick Mischka:
That's what I'm supposed to be doing to progress this company,
Rick Mischka:
to make more revenue, to drive bottom bottom line goals.
Rick Mischka:
And so.
Rick Mischka:
If you can create great process, you create great culture and you don't
Rick Mischka:
need as many humans because the humans you have are able to just do more.
Prasanna Malaiyandi:
You're being more efficient with what you have rather
Prasanna Malaiyandi:
than trying to add a whole bunch of more people to make up for the lack of process
Rick Mischka:
said it so much better in 12 seconds.
Rick Mischka:
W. Curtis Preston: You should have them on your nine minute podcast Sure
Rick Mischka:
Perfect.
Rick Mischka:
W. Curtis Preston: Rick based on all the people that you've talked to what
Rick Mischka:
do you think are one of the things that we like to ask people is if you were if
Rick Mischka:
you had carte blanche at an environment What are the the top five things that you
Rick Mischka:
think people maybe aren't doing that they should be doing right So we can throw
Rick Mischka:
out the for me the three obvious ones right Good password management MFA And
Rick Mischka:
patch management right So assuming that we're doing those three things what else
Rick Mischka:
do you think companies should be doing
Rick Mischka:
For me, the first one I always tell companies is, is create
Rick Mischka:
an incident response plan that allows you to grow cybersecurity culture.
Rick Mischka:
But that cybersecurity isn't thing that's controlling your business.
Rick Mischka:
I think too many times they're like, well, I'm, I'm beholden to this regulation
Rick Mischka:
or I have this type of data that I have to secure and they, they stop doing
Rick Mischka:
good business to do good cybersecurity.
Rick Mischka:
And I think you you can flip that around.
Rick Mischka:
Quite a bit.
Rick Mischka:
And I think, you know, that that's one of the top ones for me.
Rick Mischka:
The second one, it really focuses on the human side, the people side.
Rick Mischka:
everyone makes the joke, we need cybersecurity
Rick Mischka:
professionals and we want to.
Rick Mischka:
You know, we want somebody who's new to the business, but we need them to have a
Rick Mischka:
CISSP and 14 years of experience, right?
Rick Mischka:
So, entry level position and, and I just, whenever I talk to, you know,
Rick Mischka:
small to mid sized businesses or mid market folks, I explain to them, go find
Rick Mischka:
somebody who's hungry to do the job.
Rick Mischka:
And train them how you want the job done or, or, or paid for their training to
Rick Mischka:
get the job to where they need to be.
Rick Mischka:
And you don't need somebody who has a CISSP.
Rick Mischka:
You don't even need somebody who has a degree.
Rick Mischka:
If you have somebody who's hungry, who's done the certification bootcamps, they're
Rick Mischka:
willing to step in and learn, likely stay with you longer for those reasons.
Rick Mischka:
And I think, you know, even the big enterprise companies are starting
Rick Mischka:
to finally have this moment.
Rick Mischka:
If I go get the college grad.
Rick Mischka:
And I trained him and get him a bunch of certifications in that first year.
Rick Mischka:
He or she is going to stay far longer.
Rick Mischka:
The third thing I would say is you need to understand your
Rick Mischka:
cybersecurity edges, right?
Rick Mischka:
Are you a fully cloud edge?
Rick Mischka:
And do you know what that means, right?
Rick Mischka:
You're using AWS or Azure, but you're also using software as a service applications.
Rick Mischka:
Do you understand the differences?
Rick Mischka:
Do you understand that there's an endpoint edge?
Rick Mischka:
Every user is on an endpoint, so how can you protect your users from
Rick Mischka:
themselves by finding a solution that matches your needs on those endpoints?
Rick Mischka:
And then your network.
Rick Mischka:
Some people don't have a network, and that's okay, right?
Rick Mischka:
They've gone straight, you know, VPN to the internet, call it good.
Rick Mischka:
But understand what those three are, understand how you, how you can cover
Rick Mischka:
those, and that will lead you down a really good cybersecurity journey.
Rick Mischka:
And lastly, Here's my brown nose moment for you guys.
Rick Mischka:
I recommend that everybody understands what actual data backup needs to mean to
Rick Mischka:
them
Rick Mischka:
So if they have an incident, they can recover and not rely on their insurance
Rick Mischka:
company to provide them with investigators and forensics and responders, and
Rick Mischka:
then not pay them anyways, so.
Rick Mischka:
Those are my four.
Rick Mischka:
Those are the four I tend to talk about the most.
Rick Mischka:
W. Curtis Preston: Go
Rick Mischka:
That my
Rick Mischka:
that's
Rick Mischka:
my world cup moment there what do you
Prasanna Malaiyandi:
Oh I like those four ideas or things that people should be
Prasanna Malaiyandi:
considering Rick for the first one when you're talking about the incident response
Prasanna Malaiyandi:
do you find that a lot of companies are woefully prepared they're ostrich with
Prasanna Malaiyandi:
head buried in the sand It's not going to happen to me I don't need to worry
Prasanna Malaiyandi:
about this sort of thing Or do you think that's started to change given all the
Prasanna Malaiyandi:
recent activity around ransomware and data exfiltration and other things like that
Rick Mischka:
I think it's changing.
Rick Mischka:
I don't think, I don't think we're anywhere near where it needs to be.
Rick Mischka:
I believe people are starting to have those moments where, well,
Rick Mischka:
do I have a continuity plan?
Rick Mischka:
Right?
Rick Mischka:
A lot of companies I talked to, they're like, well, we have, we
Rick Mischka:
have a disaster recovery plan.
Rick Mischka:
And I'm like, okay, that's great.
Rick Mischka:
Right?
Rick Mischka:
If, if a hurricane hits you, you know how to fix the problem.
Rick Mischka:
But An incident response plan can encompass your business continuity, your
Rick Mischka:
disaster recovery, and all of your, your security systems planning in one document.
Rick Mischka:
And if it's done correctly, I think what most people say
Rick Mischka:
is, well, we have the plan.
Rick Mischka:
Have you tested it?
Rick Mischka:
Have you played the tabletop?
Rick Mischka:
All right, let's nerd out.
Rick Mischka:
And, and even though you might have never played Dungeons and Dragons, let's go play
Rick Mischka:
the tabletop game with, you know, whatever you want to play, get your entire group
Rick Mischka:
in, and let's see what it looks like.
Rick Mischka:
Usually the point that it fails on is not on the catching of it,
Rick Mischka:
not on the data backing up, right?
Rick Mischka:
Not on, on recovery.
Rick Mischka:
It's, it's on, Communication.
Rick Mischka:
don't follow or have a good communication path, which leads to their cyber
Rick Mischka:
insurance company telling them, Oh, you didn't meet our requirements.
Rick Mischka:
We're not paying you for what you had to do to go recover.
Rick Mischka:
And they also forget about the legal aspect.
Rick Mischka:
You know, they're, they think, Oh, I need an attorney after the
Rick Mischka:
fact to help me understand what my Requirements are to my customers.
Rick Mischka:
If I've given up my customer data or my employees, if I've given
Rick Mischka:
up their data, they don't realize
Rick Mischka:
what was that
Prasanna Malaiyandi:
That's too late though right
Rick Mischka:
it's too late.
Rick Mischka:
And, and what they don't realize is you can actually protect.
Rick Mischka:
and get under that, that, that lawyer umbrella, that cone of
Rick Mischka:
silence, you know, as it were, you can get on that early as you're
Rick Mischka:
creating the incident response plan.
Rick Mischka:
You can have somebody that looks at that plan and says, okay, you now have a,
Rick Mischka:
you know, an attorney client privilege.
Rick Mischka:
You don't have to share some of this information with your insurance company.
Rick Mischka:
You don't have to share this with the general public and here's why.
Rick Mischka:
And so moving the legal and the communication stuff up earlier
Rick Mischka:
in the plan and really hammering it home, the rest of the plan is.
Rick Mischka:
process and technology, right?
Rick Mischka:
Let's be real.
Rick Mischka:
It's, Oh, we found the problem.
Rick Mischka:
We fixed the problem.
Rick Mischka:
So, you know, those are, I think that's the interesting part that people are
Rick Mischka:
starting to finally get this, Hey, wait, there are, there are attorneys,
Rick Mischka:
there are insurance companies out there who are just, you know, available,
Rick Mischka:
but not available at the end.
Rick Mischka:
Let's, let's see how we can move this forward.
Rick Mischka:
W. Curtis Preston: Yeah that would be my I've been pretty consistent with that as
Rick Mischka:
well that basically probably the biggest point of having these discussions up front
Rick Mischka:
with creating that incident response plan and doing those tabletop exercises and by
Rick Mischka:
the way for the record I never played D D But but I like the idea of a tabletop
Rick Mischka:
exercise but I'm just not I'm just not that big of a nerd but I love all the D
Rick Mischka:
nerds but they wouldn't let me play anyway sorry I'm a sad childhood That you're even
Rick Mischka:
excluded from nerdhood but I digress The thing that we talk about this a lot is
Rick Mischka:
this idea of creating those relationships up front Don't have an incident and
Rick Mischka:
then Oh we need to find a cyber security firm We need to find a lawyer We need to
Rick Mischka:
find whatever you need to create those relationships up front because it's like
Rick Mischka:
having a large company in the United States and not having a legal department
Rick Mischka:
I don't know how it is in other parts of the world but we live in such a litigious
Rick Mischka:
society You're going to be sued for something And so you have to have a lawyer
Rick Mischka:
right and of course you have to have a lawyer hopefully so that you have the
Rick Mischka:
right paperwork so that you don't get sued But then you have a lawyer in case you
Rick Mischka:
do get sued You need a cybersecurity team and you need cybersecurity professionals
Rick Mischka:
on your side so that when you get a cyber attack because it is a when not an
Rick Mischka:
if You have those people in your corner right Does that match what you're saying
Rick Mischka:
Spot on.
Rick Mischka:
Yeah.
Rick Mischka:
And it goes back to what we talked about, about that 60 percent process.
Rick Mischka:
If you have an incident response plan, there's your process.
Rick Mischka:
And all you do is go and say, yep, we know this works.
Rick Mischka:
Just follow the process.
Rick Mischka:
So,
Prasanna Malaiyandi:
I like that I also wanted to touch just given our area
Prasanna Malaiyandi:
that we always like to talk about I'm glad that you talked about backup Rick
Prasanna Malaiyandi:
because I feel that a lot of times people forget about it when it comes to sort
Prasanna Malaiyandi:
of incident responses Or even like you said try doing like the tabletop exercise
Prasanna Malaiyandi:
try out the thing right Even for backup It's like how often do people go verify
Prasanna Malaiyandi:
Do their backups work Are they able to recover their data or are they able to
Prasanna Malaiyandi:
test out their disaster recovery plans I think that becomes really important as
Prasanna Malaiyandi:
part of the process Piece and spelling out Yes periodically you do want to test
Prasanna Malaiyandi:
these things to make sure that things are still working because the last
Prasanna Malaiyandi:
thing you want is hey you got attacked Now you need to recover Oops I forgot
Prasanna Malaiyandi:
to do this or oops I forgot to do that And so now your environment's kind of
Prasanna Malaiyandi:
in shambles and you're all scrambling trying to get things back up and running
Rick Mischka:
or they just haven't hardened their backups because
Rick Mischka:
they haven't checked them in, in, you know, three months and
Rick Mischka:
now your backups are just as bad.
Rick Mischka:
what just
Rick Mischka:
X filled.
Rick Mischka:
So hopefully that doesn't happen, but it can.
Rick Mischka:
So
Rick Mischka:
W. Curtis Preston: Yeah The backups are increasingly both a target in terms of
Rick Mischka:
to take them out so that the cyber attack will be more successful and also to use
Rick Mischka:
them as a source for data exfiltration I'm trying to raise the awareness of that
Rick Mischka:
within the cybersecurity world And so if the cyber folks hear anything from me it
Rick Mischka:
should be that somewhere in the corner you talk about that hiring a college
Rick Mischka:
kid and then training them right That's there's also normally a college kid
Rick Mischka:
Maybe not even a college kid That's the person in the corner doing the backups
Rick Mischka:
because it was the only job he could get and he didn't necessarily he's not
Rick Mischka:
that person you were when you said when you were talking about find the person
Rick Mischka:
who has the desire to do this job that's hungry often with the backup the person
Rick Mischka:
was just hungry for a job they weren't hungry necessarily for the site for the
Rick Mischka:
Doing the backups No one is no one's in college going man I really hoped that
Rick Mischka:
somebody hires me as a backup admin
Rick Mischka:
Prasanna Malaiyandi: Except you Mr Backup Except
Rick Mischka:
W. Curtis Preston: no not even I know no this is yeah it's how I got my
Rick Mischka:
job I wanted to be in computers I did want to be in computers and I took
Rick Mischka:
the job as backup person Because that was the job I could get and it got
Rick Mischka:
me into the big bank and and then I just Accidentally never got out of it
Rick Mischka:
So that's how I ended up specializing
Rick Mischka:
in
Prasanna Malaiyandi:
as I say.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah the rest is history yeah I like
Prasanna Malaiyandi:
that I really like this idea, of figuring out where your edges are.
Prasanna Malaiyandi:
Because back in the day, right?
Prasanna Malaiyandi:
The edges were the edge of the building, right?
Prasanna Malaiyandi:
Nobody had computers outside the building.
Prasanna Malaiyandi:
All the computers were inside the building.
Prasanna Malaiyandi:
We had a data center.
Prasanna Malaiyandi:
It was the center of the data, right?
Prasanna Malaiyandi:
That was the way that things were, but now your edges are everywhere, right?
Prasanna Malaiyandi:
there, all this work from home that's going on, and the SaaS and the, the
Prasanna Malaiyandi:
cloud data centers, the PaaS services.
Prasanna Malaiyandi:
You're, you are, I wonder if you don't have a handle on that today,
Prasanna Malaiyandi:
how does one go about, figuring out where their IT department has scrawled
Prasanna Malaiyandi:
to, I can't imagine how you could start doing something like that.
Rick Mischka:
know, I've, I've seen an interesting trend
Rick Mischka:
of companies who have gone.
Rick Mischka:
The way of not having any location, my wife's company actually has done that.
Rick Mischka:
They have no buildings that they pay rent for.
Rick Mischka:
They provide a stipend for every one of their employees to go find a coworking
Rick Mischka:
space, which is, which really cool for them, but now you're on public wifi for
Rick Mischka:
the most part, and they don't have any.
Rick Mischka:
Firewalls, they have no network security.
Rick Mischka:
Everything they, they do is, is, in the cloud, right?
Rick Mischka:
Access is through a SaaS application and they made the intelligent
Rick Mischka:
decision that they didn't need all of this network security they needed
Rick Mischka:
to make sure that their employees were protected on the end points.
Rick Mischka:
Right?
Rick Mischka:
Typically a laptop provided to them or a mobile device.
Rick Mischka:
And then they took it one step further and said, all of our data is in the cloud.
Rick Mischka:
They're accessing everything that's somewhere in the cloud.
Rick Mischka:
We need a security broker.
Rick Mischka:
We need a workload protection solution.
Rick Mischka:
And that's how we're covering our edges.
Rick Mischka:
But there's still people hanging on to, well, I need all three edges.
Rick Mischka:
Do you?
Rick Mischka:
I don't, I don't know, but understand why you think you need that.
Rick Mischka:
The most important edge today is, is wherever your users are accessing
Rick Mischka:
the data, find a way to secure that.
Rick Mischka:
And you've secured a majority of, of.
Rick Mischka:
Now, that doesn't mean you can't still have your users click on something stupid.
Rick Mischka:
you can't train stupidity.
Rick Mischka:
So, it's gonna happen.
Rick Mischka:
But at least if you have protection where they're clicking on it,
Rick Mischka:
hopefully you'll catch it a lot sooner.
Rick Mischka:
or worst case...
Rick Mischka:
You fall back to your data backups who are far more protected from someone like you
Rick Mischka:
or the, or the kid that just wanted a job.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
or, and the other thing is hopefully you can also reduce the blast radius, right?
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
And you've got to do both.
Prasanna Malaiyandi:
You've got to train the users.
Prasanna Malaiyandi:
And then you've got to.
Prasanna Malaiyandi:
Prepare to respond when the users don't do what you trained them to do.
Prasanna Malaiyandi:
I mentioned this a lot on the podcast, but at that bank where I worked, we
Prasanna Malaiyandi:
constantly trained new employees that one of the things that we always told
Prasanna Malaiyandi:
them over and over again is no one in the IT department will ever call
Prasanna Malaiyandi:
you and ask you for your password.
Prasanna Malaiyandi:
And then the next day after their new employee training, we would call
Prasanna Malaiyandi:
them and ask them for their password.
Prasanna Malaiyandi:
And they would give it to us a sadly high percentage of the time.
Prasanna Malaiyandi:
And, people will, and sometimes you'll just access sometimes
Prasanna Malaiyandi:
you'll, it takes a moment Of just not paying attention, right?
Prasanna Malaiyandi:
A little bit too much muscle memory, clicking on something.
Prasanna Malaiyandi:
so even smart people that are trained and normally do the right thing
Prasanna Malaiyandi:
can also click on the wrong thing.
Prasanna Malaiyandi:
I know, I remember doing that once when I thought I was talking to
Prasanna Malaiyandi:
LifeLock because my employer at the time had subscribed us all to LifeLock.
Prasanna Malaiyandi:
it was a spear phishing attack because, it was like they knew
Prasanna Malaiyandi:
that I was using LifeLock.
Prasanna Malaiyandi:
And so they went right after me, or maybe it was just, I don't know if it was just
Prasanna Malaiyandi:
a random phishing attack, but, but I logged into what I thought was my LifeLock
Prasanna Malaiyandi:
account and, it very much was not, and I immediately did all the I needed to do.
Prasanna Malaiyandi:
yeah.
Prasanna Malaiyandi:
I also remember the other story, Curtis, you told, just going
Prasanna Malaiyandi:
back to muscle memory, right?
Prasanna Malaiyandi:
It's, I remember you had a story where, You got an MFA request and
Prasanna Malaiyandi:
you're like, but I don't remember making that MFA request, remember?
Prasanna Malaiyandi:
And were like, yeah, but you actually did do that, right?
Prasanna Malaiyandi:
And it's I think it can go both ways, right?
Prasanna Malaiyandi:
The muscle
Prasanna Malaiyandi:
W. Curtis Preston: yeah, absolutely.
Prasanna Malaiyandi:
I remember that where I got an MFA request and via muscle memory, I was like, yeah.
Prasanna Malaiyandi:
Boom.
Prasanna Malaiyandi:
Boom.
Prasanna Malaiyandi:
And then I was like, wait.
Prasanna Malaiyandi:
what did I just do?
Prasanna Malaiyandi:
What did I just approve?
Prasanna Malaiyandi:
And what it was because I had opened up, Chrome and it had 37 tabs and one
Prasanna Malaiyandi:
of those tabs was authentication via that, the system that was doing an MFA.
Prasanna Malaiyandi:
So I breathe the sigh of relief.
Prasanna Malaiyandi:
I appreciate those four things.
Prasanna Malaiyandi:
see Rick, we probably could have done this podcast in nine minutes,
Prasanna Malaiyandi:
and done just those four things.
Prasanna Malaiyandi:
we should all be like you.
Prasanna Malaiyandi:
I appreciate brevity where I find it.
Prasanna Malaiyandi:
but no one ever finds it on this podcast.
Prasanna Malaiyandi:
so thanks.
Prasanna Malaiyandi:
Thanks a lot, Rick, for coming on and talking about, one
Prasanna Malaiyandi:
of our favorite subjects.
Rick Mischka:
thank you guys for having me.
Rick Mischka:
This was so much fun.
Rick Mischka:
W. Curtis Preston: And, thanks Prasanna for reminding me of that sad
Rick Mischka:
moment in, in my personal history.
Prasanna Malaiyandi:
Anytime, Curtis.
Prasanna Malaiyandi:
I always try to bring you down.
Prasanna Malaiyandi:
And Rick, it was as well
Prasanna Malaiyandi:
W. Curtis Preston: All right.
Prasanna Malaiyandi:
Thanks again to our listeners.
Prasanna Malaiyandi:
we'd be nothing without you.
Prasanna Malaiyandi:
Be sure to subscribe on, wherever you listen to the podcast so
Prasanna Malaiyandi:
that you can restore it all.
