Big Data Breaches in Review

Unsecurity Podcast

Episode 112 of the UNSECURITY Podcast marks the final episode of 2020. With that, Brad and Evan take a look back at some of the big data breaches that surfaced this year. The hope is that by dissecting some of these large-scale security events, businesses can continue to push forward in their efforts to protect data and people. Happy New Year, everybody!

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Brad Nigh: Good morning. Thank you for tuning in to this episode of the Unsecurity podcast. This is episode 112. The date is december 29th, 2020 our last show of the year. Uh I’m your host Brad Nigh and joining me as usual is my good friend and coworker. Evan Francen. Good morning Evan.

[00:00:40] Evan Francen: Good morning Brad. How are you?

[00:00:42] Brad Nigh: Good, good been. Uh it’s been a long, long months. The kids have been off since basically thanksgiving or not off but home. And then no school at all thursday friday or yesterday. So there uh yeah, it’s been fun.

[00:01:11] Evan Francen: Mhm Yeah. Hopefully my audio. Hopefully my audio is okay. I have like 500 windows open so far. So there I was working from home.

[00:01:24] Brad Nigh: Yeah. As I say, at least it finally snowed last week so they could go out and play in the snow for a bit.

[00:01:33] Evan Francen: Yeah.

[00:01:34] Brad Nigh: Yeah. With no snow.

[00:01:38] Evan Francen: No, no, it’s just been weird, man. This whole year has been weird. Dia. We got back from Vegas on late saturday night. Uh Specialness in Vegas. My son got married, joe.

[00:01:53] Brad Nigh: Yeah, I saw some of the pictures are

[00:01:55] Evan Francen: very cool. Yeah, I think that officially makes him no longer my responsibility. Right? It’s hers. Yeah. Good. I want to get that squared away. Yeah. Yeah man. It’s just, yeah. Yeah. And it’s like uh it’s hard to believe it’s the 29th because it still seems like I’m working hard, you know what I mean? A real break this year.

[00:02:23] Brad Nigh: Yeah. Yeah, I know. It’s been, it’s been really weird. Like we were talking about, you know, going into March, we were just humming along as a business and really like we were having a phenomenal year. Uh and then everything shut down and then april May and we’re really, really slow from a sales perspective, as all of everyone. I was trying to figure out what to do, how to, how to survive to continue working. Right? The most companies weren’t prepared for this. Yeah. And that kind of translated to from an operational standpoint june may june july a little bit slower because we have that trailing effect. Yeah. And now started picking back up and we’re Yeah, Q four has been crazy. Good.

[00:03:24] Evan Francen: Mhm Yeah, I think it’s a good, you know, this is our last show of the year, you know, it’s like in December 29, so there’s only two more days left after today. So I figured we could recap, you know what the year did tell us what And maybe make some predictions for 2021. Yeah.

[00:03:48] Brad Nigh: Yeah. I think there’s some interesting things that are some changes that we’ve seen that are going to stay around and how it affects, you know, business is moving forward.

[00:04:01] Evan Francen: Yeah, Yeah. I think for people that uh I don’t know man, it’s as I reflect, this is always the time of the year when I reflect back on, you know, what happened, You know, even though we’re still swamped, uh you know, my heart goes out to the people who suffered this year. You know, suffered for a lot of different reasons. You know, whether it be you lost a loved one to, you know, covid um the mental health issues of this year. I think we’re really, really trying for a lot of people because so many things changed. You know, a lot of businesses didn’t survive this year. Um It was hard but through it all, if you’re still here and you’re still uh you know, got breath in your lungs, you know, be thankful you know that you made it through you, you made it through something really difficult and we’re still in it. But I think the worst is hopefully behind

[00:05:03] Brad Nigh: it was just like at the end of the tunnel, right? I think the next probably three months Q one of next year is gonna be pretty rough through the winter. But you know, stay safe where your mask.

[00:05:19] Evan Francen: Yeah. Try and try and try to not let fear dictate your life, right? I mean there’s always fear, right? There’s always things that you can look at and be scared of, right? But um if you’re doing the things you can do. I mean life is life right? People live, people die. People get into accidents, people get sick, it’s just navigating, but don’t be paralyzed by it, try to live your life, try to love people try to, you know, get on responsibly. I mean that’s kind of what we do, even when we’re not in a pandemic, right, We’re supposed to be responsible.

[00:05:59] Brad Nigh: Yeah, exactly. Yeah, Yeah, I would

[00:06:04] Evan Francen: agree. Hopefully we come out, it was my, you know, I remember This thing really hit hard and close the office in March 18. I’ll never forget the day. Uh there was a lot of fear, a lot of uncertainty and I just wanted us to come out personally and I speak a lot of stuff when you’re, you know, and you lead a business, a lot of your personal stuff is there? Right? So if I personally want to be a better person at the end of this, that then when we started, that was the goal and I think that was the goal for fr secure and security studio and I think we are better, we’re better or better company

[00:06:52] Brad Nigh: I think. And that comes from the top to, you know, where when we were a little slower, we didn’t just sit back and do nothing. We took advantage of that time to do training and, you know, improve processes and updates and things that we’ve been too busy to really focus on and that’s paying off now as things have picked back up, we’re able to use that. So I think that’s a big thing is, is how we use that slower time to be, is to make ourselves more productive moving forward.

[00:07:32] Evan Francen: Yeah, for sure, man. And I know, you know, the pandemic kind of dominated the news this year, but also, you know, the social justice issues and I’ve never seen anything like it in my life. And my heart goes out to people that suffer through that to whether, no matter which side of the aisle, on which side of the argument you’re on, you know, people suffer whenever there’s division, whenever there’s fighting, uh there’s a winner and there’s a loser and, and there’s casualties along the way. So, you know, my heart goes out to that as well in 2020 minute was just and it sounds like in three days the crap just disappears, right. You know, this is going to live with us for a while. Hopefully

[00:08:19] Brad Nigh: they start getting better. We get an upward trend here starting in three days. Oh

[00:08:25] Evan Francen: right, right. In the election, my God, this year was just a cluster.

[00:08:30] Brad Nigh: It was kind of like a perfect storm of bad things,

[00:08:36] Evan Francen: right, couple that with, you know, all the crap coming from in in half china Iran Russia Russia and this is getting depressing. We better switch gears.

[00:08:50] Brad Nigh: So it was funny, you know, we kind of had planned on doing this and going back and looking at the kind of the breach, Let’s not even all the attacks break because I haven’t seen any of the Net scaler that was in february. I think that came out, but just looking at the breaches and I was like holy cow, I forgot about most of these. It’s been so insane. Like You know, there was one where I totally forgot that in January there was a US resident jailed for filing fraudulent tax returns worth $12 million.

[00:09:28] Evan Francen: These data for, was it? Tell me again,

[00:09:30] Brad Nigh: there was a Person jailed for using data breach information or information through data breaches and filed fraudulent tax returns with worth $12 million dollars

[00:09:42] Evan Francen: that happened in january. Yeah

[00:09:46] Brad Nigh: it was like oh I had to go back and read it and I was like oh yeah

[00:09:52] Evan Francen: I remember that now, you know what else, what else happened in january? You know, because I was doing the same thing, you know, as we’re preparing for the show, just looking back and I’m gonna compile a list and you should send me your list and we’ll just kind of munch it altogether about the events that happened over the last 12 months. But I try to keep it related to information security, you know, I didn’t want to get off in the weeds on, you know, some of the political stuff. So that’s my list and I think your list is probably the same. But in january we also had Tiktok remember the tick tock debacle, That sort of started uh there were some security for some big time security flaws in tic tac. That’s what opened the door to the whole, you know that’s what raised everybody’s awareness. Not everybody but people who weren’t aware it’s what raised their awareness of china’s behind us. You know it’s a chinese company. Okay? And if you know how china works a chinese company is chinese by the government.

[00:10:55] Brad Nigh: It’s law that the government has to be able to access everything that you have.

[00:11:02] Evan Francen: Right? Uh Yeah so that was a big thing, you know in january and then do you remember the grinder? No, I don’t remember that one. Yeah. So there was the grinder that was in January two. That’s an L. G. B. T. Q. Plus, you know, social app. Uh but they were saying that that might pose a national security risk. Mm So we had grindr tinder. Okay. Cupid those all had, You know, kind of news broke about sharing app data. Do you remember in January two that Microsoft Exposed 250 Million Customer Records.

[00:11:42] Brad Nigh: I didn’t but I had that on my list was like how do we forget, I mean, yeah this year has been insane. Just

[00:11:51] Evan Francen: You know the 150 million. Yeah.

[00:11:57] Brad Nigh: Yeah. Well and then I think the other one I found was that was the first big school district. That was the, that School District in Texas lost $2.3 million dollars for during efficient scam like these things are by themselves any one of these is huge news and we’re at a point that like I I completely forgot about this.

[00:12:24] Evan Francen: Great It was almost a year to the day it was December 28, 2019. And uh binary edge discovered in the index the The Microsoft data that was exposed 200 ft you know they didn’t get announced until january. Yes that’s a big deal man and nobody even remembers it. Like what

[00:12:50] Brad Nigh: was the heaviest zuniga, the big gaming company like the Iowa’s mobile gaming company had 100 and come That 170 million users data personal data leaked. That’s a big deal. No it’s gone on like nothing happened.

[00:13:12] Evan Francen: Well that’s the thing man we’ve become so data breach. Um These are just desensitize inspired by all of it Like uh 250 million records sleep by Microsoft

[00:13:27] Brad Nigh: At least that one was I think it was the Microsoft one was anonymous data at least right? It just had like the support information right? I mean not to downplay the severity of it but at least they were doing the right thing with an optimization

[00:13:45] Evan Francen: right? Yeah. Yeah well in february we had MGm uh mgm you know had a data breach. 10.6 million guess. Uh huh. We also have that Israeli marketing firm 140 GB of data and exposed

[00:14:04] Brad Nigh: With uh convenience store wa wa had 30 million customer payment data discovered on the dark web. I mean that’s yeah it’s a little bit crazy to think like and that’s just really mainly stuff here in the U. S. That’s not even looking at some of the other bigger once. Didn’t you mention the Israeli firm? But you know it’s it’s nuts to think back and go how how do we forget this? Mhm.

[00:14:44] Evan Francen: I think it’s there’s you just get bombarded with so much information from so many different angles and we’ve oversold fear for so long in our industry that I think people just tune out. They feel helpless and what are you going to do? Yeah. Yeah. I mean I think we as we as an industry have really really and I don’t know we’ve done our best. It’s not like it’s not because of lack of effort but I think we’ve really failed in serving the people we’re meant to serve. We haven’t put the right constructs in place. We still don’t have a data breach, you know, a federal data breach law. We don’t have a federal data privacy law, we don’t have federal anything in terms of laws. It’s just we haven’t done well man.

[00:15:34] Brad Nigh: No it’s it’s that mish mash and nobody knows what’s supposed to be done and it’s a nightmare for legal and info sec to know and keep track of all that stuff to try and you know. Oh this happened. Okay. What does that mean? I have to go to look up. Yeah, okay. We had user data from x number of states and I gotta go figure out what we have to do for each of those states and yeah, yeah, A standard would be fantastic

[00:16:02] Evan Francen: when we still piss away so much time an effort rehashing the same crap over and over again. Well, how many times you’re still not, we’re still not. What’s

[00:16:15] Brad Nigh: happening? How many times this year have we gone? It’s the basics, just do the basics. I mean, we’ve probably done that weekly

[00:16:23] Evan Francen: right here we are. You know, and I was talking to Oscar, you know, last week and we’re talking about, you know, his, well, you know, he’s got a lot of incidents going on, The team’s really busy and I know you help out too. The uh, the basics would stop all of them if people have just followed the basics.

[00:16:45] Brad Nigh: Yeah, I think for the most part, yes, the one that the ones that I can’t fault the company is this solar winds breach. I mean, how do you possibly prepare for that Exactly? Um, but the ones we’re working on with that did take the correct steps right? You know, there’s being as proactive as you can or you know to try and make sure that they weren’t uh actually compromised with it. So, but yeah, the majority of the ones that come in are like, you know, hey, maybe not open up, held up to the internet, maybe not open up rdp to the internet, you know, puts a multi factor in place. I would say the that’s definitely the vast majority of of the problem is the basics. Mhm. Right.

[00:17:47] Evan Francen: And so here we are, we, I think according to some, it depends on what reports you read, but 36 billion Records exposed in the first three quarters of 2020, oh, 2935 publicly reported breaches.

[00:18:07] Brad Nigh: Yeah, I mean, just reading through some of these, it’s just

[00:18:14] Evan Francen: okay. Yeah, it was it was the worst, you know, my father, this is the worst here ever. You know, and it’s not, again, it’s not because of lack of effort. I think most security people in our industry are busting their tails trying to do everything we can to protect things, protect people, protect data, Yeah, we’re failing, we’re failing. You

[00:18:41] Brad Nigh: know, what’s funny is I’m looking back at this and everybody’s like solar winds, your your supply chain. Oh my gosh, and then I completely forgot, conduit got hit by May’s ransomware in june, they’re huge, Right? I mean that why didn’t why did we not pay attention to that more and start, you know, maybe that should have been bigger, a bigger deal.

[00:19:15] Evan Francen: Well, you know, what does it take before people take notice? You know, I mean, it’s obvious that these these numbers don’t get enough attention. They get a detention within our industry. But it’s not our industry, we have to craft the message well enough so that the masses will get involved so that they’ll because it really when you think about it how laws get created that get created by people that are elected and as long as they get get reelected, they’re not going to change much. So how do we make this a core part of the dialogue?

[00:20:00] Brad Nigh: Yeah. I think well it comes back to us as an industry not doing a good job communicating with look there quote normal people

[00:20:13] Evan Francen: and I even think with with each other. Right? I mean how often do you you just know that certain that we’re always sort of jostling for position. You know always trying to compete like we don’t share. We share enough. Right? But we don’t really share all of it. Like we should. I think

[00:20:34] Brad Nigh: well yeah I mean fire I was forced to share a lot of stuff.

[00:20:40] Evan Francen: Yeah. Well they did a good job because I think they realized the gravity of it all

[00:20:46] Brad Nigh: for sure. I will applaud them for their response to it. But no I agree. I think you know it’s weird too because the more we share and communicate with each other the better and the easier all of our jobs get. I mean there’s how many small to mid sized businesses in the U. S. But is there like 5000?

[00:21:12] Evan Francen: Something like that. I’ll small to mid size five million. 5

[00:21:17] Brad Nigh: million. Okay. Yeah there’s no way one company could possibly serve all those and do it do them justice. Why are we fighting over these things when there are so many companies out there that need help? We should be working together more.

[00:21:40] Evan Francen: Yeah. Right. And I don’t think it’s because the lack of spending right? Uh I’m looking at data 2020 IT spending 71% expect their cybersecurity budget will increase in the next three years despite overall I. T. Budget decreasing. So that that would tell you it’s a fairly good trend that because one of the complexity is the enemy of security. Right? So the more complex we make things the more difficult it is to secure self we’re adding more I. T. Stuff. We keep adding more cool applications blinky lights whatever that gap continues to widen right? You continue to make things more complex while your security still either stay stagnant or doesn’t grow at the same rate but you never catch up. Right? So at some point you have to curb you know you’re lost for cool things. Catch up with using them responsibly.

[00:22:41] Brad Nigh: Yeah maybe that’s the trend in 2021 as we stop seeing this push for the latest greatest and we start seeing some of those basics and fundamentals catching up to the growth of Technology over the last what 10 years? Mhm. Maybe somebody and I think people’s attention

[00:23:06] Evan Francen: well in, Yeah I think it’s either 20, or it’s eventually because just logically you can’t continue this way without crashing. No. And everyone like you good, go

[00:23:23] Brad Nigh: ahead. What do you say? No, I agree with you on, on, you know, eventually, I’m hoping that this is the start of it. It’s not going to be one year were fixed, right? This is gonna be a long term processed because it takes time to to get change in place and change people’s thinking and change how businesses operate. But hopefully this is the start of of those improvements. Oh

[00:23:53] Evan Francen: yeah, you can see the you can see the yeah, I guess the wall coming that if you continue to operate this way, you will hit the wall and it’s gonna hurt. And maybe that that’s what wakes you up. Sometimes people don’t wake up until they actually feel the pain and so maybe we just have to let ourselves hit the wall. I mean, and the wall isn’t, it isn’t what happened with fireeye and solar winds, that’s not the wall that Yeah, that’s interesting. I think to most non security people, but they didn’t hurt them. They’re not feeling any pain from that. It will be something, sadly, it’ll be healthy stuff that really hurts, It hurts at home. Yeah. God, you know, maybe people have to die. I don’t know. But eventually you have to get back to what the basics, what the fundamentals are, you need to stop adding more crap into, you know, your life into your because you don’t know how to use it, right? You don’t know how to use it responsibly. Uh huh Once you learn how to use it responsibly, then feel free to use it. But if you don’t know how to use it responsibly stop. Oh yeah, yeah. I mean it’s like logic, right? We do the same thing with our kids. You know, it’s not like my, you know, if my, when I, when I had six year olds, I don’t have six year olds anymore, but when I had six year olds, they would love to eat ice cream all day, have ice cream, can have ice cream cone of ice cream kind of dad, would I be to say Yeah, feel free, go ahead. Keep eating ice cream, keep eating ice cream. I know you got this big, you know, lost for sweet creamy ice cream. So go for it. There’s gonna be a day when that’s going to like

[00:25:47] Brad Nigh: backfire.

[00:25:49] Evan Francen: Yeah, right, because that’s irresponsible. The same thing happens with our data. You look at these breaches, man, I mean just read the list. You have, I assume you’re you have that Zd net article. Just go down the list and just read the mothman january. It was january. Uh this is sudden, just for the listeners, this is such a small percentage of the actual breaches and events that took place this year, but maybe some of this stuff will be like oh yeah crap. I remember that.

[00:26:27] Brad Nigh: Mhm. Yeah, I was looking at that zd net and then the cybersecurity hub has it has a pretty good list for the first three quarters. But yeah, january Travelex malware I. R. S. Tax refund. I mentioned the manner independent school district in texas while while 30 million records, Microsoft, Medical marijuana impacting 30,000 users. I was January. Uh let’s see what’s the other ones? Amiga Travel X. Yeah. All right. Uh February a state water. 440 million internal records In March government tax portal. uh 1.26 million citizens were exposed. The Giza defense information systems agency which handles it for the White House admitted to a data breach potentially compromising employee records. The UK financial conduct authority released sensitive information. Clearview ai Clean Clearview ai s entire client list stolen due to a software vulnerability. G unauthorized individuals able to access information. Um The Walla pc I car did it was found on the dark web in february Quaker steak state and are Quaker state and lube alerts customers to payment card in incident um That says february. The high point.

[00:27:57] Evan Francen: So March, March was t mobile Marriott another breach. I mean what the hell is wrong with Marriott right. They had that huge breach just a couple of years ago In here. Uh their email council were infiltrate, 5.2 million additional hotel guests were impacted. You got whisper UK home office which is like they’re sort of supposed to be responsible for GDP are ish stuff meaning they’re not responsible but it’s a government agency sim swapping, hacking rings all over the damn place, you know in March, Virgin Media, 900,000 users whisper another app, millions of private users or private profiles and datasets stolen M. C. A. With 425 gigabytes of sensitive documents belonging to financial companies publicly accessible. Uh nutra bullet which I’ve never heard of before, but that was part of the major car kind of debacle that was happening. Uh And then Marriott, why don’t we just have to breaches? Yeah.

[00:29:00] Brad Nigh: Well don’t don’t forget Carnival cruise lines had a cyber attack right now. Uh Yeah

[00:29:09] Evan Francen: and remember all the zoom crap that happened that’s all started in March, right? Because March was the time when most of us were starting to really work from home. Zoom. The number of users for zoom went from like you’re like through the rough and everybody was targeting zoom. You don’t use zoom. I can’t believe you’re using zoom. What the hell are you talking about? Right. Yeah.

[00:29:35] Brad Nigh: Yeah, I think well and that’s the thing with, yeah. Well thinking back like I think april was really when the zoom hysteria visit full swing.

[00:29:46] Evan Francen: I don’t know man, I have an article from March that the new york. Attorney general was looking into their privacy practices.

[00:29:52] Brad Nigh: Maybe it wasn’t So I think I can’t remember, it’s all kind of a

[00:29:56] Evan Francen: blur. It’s not Oh my

[00:29:59] Brad Nigh: gosh, we got so many people questioning that. I mean did we do like a a big portion of the show is specific to zoom? Yeah,

[00:30:08] Evan Francen: nope. And I knew a lot of places that you know, every other part of your information security program is crap. And you’re lecturing people on using zoom.

[00:30:21] Brad Nigh: Right. Oh and we still have cuts the customers that refuse to use zoom. It’s like

[00:30:29] Evan Francen: come on. And those same customers probably have no idea how many computers they have, where the computers are, where there is. I

[00:30:37] Brad Nigh: know their scores on some of them and yes, correct. This should be the least of their concerns.

[00:30:44] Evan Francen: It’s crazy. Well that’s one of the ways, you know, I think it’s the one of the tells of, you know, and I’ve said it before, one of the tells of a C. So who doesn’t or somebody leads security isn’t good at it For whatever reason you’re just not good at it. Or maybe you just don’t have the experience yet? Is their inability to put risk in the context? So if you can’t take yes zoom using zoom and everything used by the way has is a vulnerability. It’s a weakness. Right. Right. And so I add zoom into my portfolio of applications that I’m using sets of vulnerability is a weakness and there may be vulnerabilities within zoom that even make it worse. But if I’m going to devote my time and money, should I spend it on may be building an asset inventory should maybe do it. You know, maybe some egress filtering, maybe some network segmentation, whatever everybody’s

[00:31:40] Brad Nigh: remote. How about you put an essay on your VPN?

[00:31:44] Evan Francen: Hello. Right. Yeah. So and that was the big frustration with me on zoom is just The insanity of it all. And I think maybe 2020 is the year I was trying to think of what we call this year was the year of overreaction of the year of no reaction. I don’t know.

[00:32:06] Brad Nigh: I mean, well it was almost like there’s so much hype and hysteria over these things and then nothing happened. Nothing. There was no, well not to downplay what some of these companies have done, but in general, right. Zoom reacted I think very well they put in a ton of new security features. They fixed a lot of the issues same with like fireeye and and their stuff. But from and overall business perspective you keep seeing all these things and people keep going up in arms and then at the end of the day they go back and don’t change. I mean I would say this What 99 plus percent

[00:32:46] Evan Francen: and so what would it take for somebody to change? I think what it takes, you know, is better leadership. I think we have piss poor leadership. Well

[00:32:57] Brad Nigh: and I’ll say so this is something I’ve always said it is, you can tell or what companies have a good security program in place. Either it’s typically somebody who has seen a breach firsthand or lived through was a C. So it was a security person during a breach. They’re the ones that take that stuff seriously and are more proactive. You rarely see a good security program led by somebody who hasn’t had the experience of going through a breach.

[00:33:32] Evan Francen: Yeah. I don’t know man, I uh

[00:33:34] Brad Nigh: that’s just my observation. I don’t know if it’s accurate or not, but that seems to be Again, I’m not saying it’s 100% but the vast majority

[00:33:46] Evan Francen: well and if and if that is true, they knew we can debate whether it is but if that is true, well then again it’s crappy leadership because yeah you know I equate this a lot to like, you know the things are most responsible for, which would be my family. I don’t want my kids to repeat the same mistakes I’ve had before. I tried to instill in them enough wisdom enough logic enough reason so they can navigate these waters without going through the same, you know the same damn that I went through. Well it and

[00:34:21] Brad Nigh: declare if I should say I wasn’t speaking about like security people going through it, I’m talking about like the c uh Ceo the CFO the you know those other sea levels where they’re actually going to be giving the financial and resource support. Uh, you know, I bet met very few security professionals that don’t, you know, that are like whatever.

[00:34:49] Evan Francen: No, but I think a lot of c profession, well, I mean there’s a lot of things that contribute to our failure to see the wall, you know, that, that we’re going to be running into, you know, how many it’s okay. And I don’t know what depends on what, where you work I suppose. But to put your foot down and say, no, we have to slow down. We’re heading for a clash and it’s going to hurt, you know? Um, I think, and I guess it depends on organization and they’re lost for technology and I say, and I use that word lost because it’s true, man. You see it.

[00:35:28] Brad Nigh: Yeah. Well I think it’s hard too because right now, especially now, but it’s hard to go to the company and to leadership where maybe you haven’t been gained support anyway and to say, hey, we’ve got to slow down and do this because I keep hearing for your job, right? Hey, I don’t want to lose my job. So I’m just gonna kind of do the best I can and not because, you know, waves or cause issues, mm, I definitely met people like that.

[00:36:07] Evan Francen: So it’s frustrating. But we got through March. What about april you go through april april

[00:36:12] Brad Nigh: uh, U. S. S. B. A. For the emergency loans Nintendo email at Nintendo. Uh, there was that, Um, April seven Extra Marriott it’s probably going back, you know, individuals logging with two employees to access, gets them fell. Uh, there was a big uptick in healthcare attacks and then cognizant going through through that. So

[00:36:42] Evan Francen: yeah. Yeah. And backtracking, you know, the current, um, uh, solar winds, you know, breach somewhere, you know, in March april is, you know what we think might have been the time frame for the injection or the yeah, that’s

[00:37:01] Brad Nigh: Really interesting because I think what the first compromise version was 2019 44.1 or something for 1.5. Remember? So it was a 2019 version, but the back door didn’t start really until the March Released. So were they testing it on the old 1? Well, when did they actually get access?

[00:37:24] Evan Francen: Right? But somewhere in this time frame they were doing something for sure. Uh, May, we had Easyjet nine million customers including some financial records, blackballed. That was huge. That’s still, that’s still being felt by, you know, some of our customers, some of the people we know, so black body, If you don’t know a black body, they’re huge. You know, cloud service provider. They were hit by ransomware. Uh, and hijacked. Yeah, there’s resistance. It was, they had, it was really bad Mitsubishi and I wonder what’s going to happen to black pot. I don’t know what the long term effects of the company itself will be. But that affected, you know that had that almost that branch effect. Right? You hit the trunk and then you start, he goes out and hits all the branches that I mean

[00:38:18] Brad Nigh: Almost every school uses some sort of uses black body like that caused so many issues across the K through 12 alone. And the problem is there’s not, there’s no other options or there’s very few.

[00:38:35] Evan Francen: Right? And so K- 12 like they didn’t have their own challenges this year. Right? Let’s just stack that on top.

[00:38:41] Brad Nigh: Yeah, I remember it was uh

[00:38:44] Evan Francen: Mitsubishi we had the toll group Mitsubishi just had a bunch of missile design data stolen. I mean, yeah, toll group big logistics company that they were hit by the second ransomware attack within three months. What the hell are they doing? No idea man. And they’re a huge company told group isn’t like, you know, not like we don’t have budget. Uh huh Pakistani mobile users, you know, that obviously didn’t hit many people at home and people probably didn’t even realize it, but it was 44 million Pakistani. Well we use your data records leaked online, Illinois department of employee security. They got some good stuff. They like the whole bunch of stuff. Wishbone 40 million user records. Yeah, that was published by shiny hunters. Uh, do we brought into shiny hunter as much.

[00:39:41] Brad Nigh: I don’t remember seeing them but that was a big one because they had, they really 73 million records in the first two weeks of May

[00:39:51] Evan Francen: wow hey that’s a

[00:39:53] Brad Nigh: lot. Monsters.

[00:39:55] Evan Francen: Yeah. Yeah we had easyjet they uh £18 billion pound class action lawsuit was launched. Uh You stay at a big breach too. So that was may what’s june look like

[00:40:11] Brad Nigh: uh Amtrak customer P. I. University of California san Francisco paid ransom. Where to save Covid 19 Research Aws mitigated a massive 2.3 terabyte ddos attack. Uh Post bank in South Africa Nasa uh got breached by adopting Paymer Clears. The accessory company got was maid cart the bank of America and S. B. A. Talking about the issues with the P. P. P. Loans and uh in april a conduit was in was in May. And then yeah anonymous had a 269 gig data dump of police department fusion center and law enforcement files. That was the blueleaks, that’s all,

[00:41:03] Evan Francen: that’s halfway through the year july we had Couchsurfing, 17 million records belonging to couchsurfing were found an underground forum, University of New York. That was you know part of the whole black pod fallout and there were hundreds of thousands of you know others who are affected by that black but that happened back in april my casting file which is casting platform for actors. 260,000 you know pia. It’s their p I I uh I didn’t realize there’s that many people that actually would be actors. 260,000. Sigrid sorry. Yeah we all know we all want to be famous man. Right. They read myself patch that was a 17 year old exploit. If you remember that you could use that to hijack service uh MGM resorts. So I mentioned that 142 million guests online uh were made for sale. That breach actually happened back in February. Be sure to read uh 99,000 customers Blueleaks was you know I think one of the ones you were talking about 269 gigabytes of stolen files blowing the U. S. Police departments. Now the the uh crap uh man I can’t remember that name when I get just so much trouble for this. It started the Black Lives Matter movement this year. George Floyd. Why in the world can I remember that anyway? But George Floyd that happened right after Memorial Day. So you know this was a big deal. You know take that whole law enforcement thing E. P. They had that regular locker, ransomware incident. 10 terabytes of data or stolen mongo DB To 23,000 mongo DB databases were attempted to be ransomed. Many of them were

[00:43:09] Brad Nigh: what surprised me

[00:43:10] Evan Francen: was

[00:43:11] Brad Nigh: well and that was when uh the twitter accounts got hijacked was in july where they sit out asking for uh the Bitcoin. I’m surprised that one didn’t make that reading that article because that was that was a huge deal

[00:43:28] Evan Francen: right on the another thing that happened, I think it was in july was the, yeah, who remember the yahoo breach from way, way, way back when I believe that was the settlement was finally

[00:43:46] Brad Nigh: uh

[00:43:49] Evan Francen: announced the terms of the settlement.

[00:43:51] Brad Nigh: I think I got like a dollar 20 or something.

[00:43:54] Evan Francen: Yeah, it’s

[00:43:56] Brad Nigh: like, well what’s the point?

[00:43:58] Evan Francen: So for the people that don’t remember that that was the data breach was you know, occurred between 2013 and 2016 where Attackers basically had whatever you want, you know from yahoo. But that was a big, big deal back then and uh it took that long for everything to work its way to a um a final resolution, Which is just crap really. You have 100 the settlement fund. There’s $117,500,000. Yeah. And the only people who actually were compensated through all of that. I mean with any with the lawyers, I mean, seriously nobody, which is just, that’s another thing that’s so sad about our industry. So you have these big class action lawsuits and you think that companies are actually going to give a crap, they don’t give a crap. They pay it whatever. It doesn’t hurt them at the in the end and you as a victim get next nothing. Who makes the money is the lawyers? They make the money, yep and lots and lots and lots and lots of it.

[00:45:12] Brad Nigh: Yes.

[00:45:15] Evan Francen: Yeah. But what about august remember august,

[00:45:20] Brad Nigh: the there was a bunch of big ones in august, so Cisco had the uh, Former engineer causing damage costing about 2.4 million. So there’s an insider threat issue. Um, Mays was very busy in august, Headcanon LG and Xerox. Uh huh. They hit all three of those, just some small targets. Um, Intel had 20 Giga sensitive corporate data published the Ritz in London uh, phishing scam against the risk clients Free free pick 8.3 million users. University of Utah paid $457,000 ransom Experience. South Africa, $24 million 24 million customers. Um, Carnival disclosed the ransomware attack from earlier in the year, Um, garment paid 10 million to ransomware, hackers. Uh, the thing,

[00:46:18] Evan Francen: yeah, yeah, on carnival, it’s sad for carnival because carnival, you know, that’s their part of the cruise industry and that, that was decimated. So at the same time we have to deal with this kind of, it’s just whatever man, you can prevent a lot of this

[00:46:33] Brad Nigh: stuff.

[00:46:36] Evan Francen: I think experience back in, if I’m trying to go from memory experience, you mentioned the experience, South African branch Had the data breach affecting 24 million customers. The uh, if I recall correctly back in January experience and made some kind of news announcement or something that are somehow They were going to be spending $1 billion dollars on information security, I think it was experience maybe was Equifax, I can’t remember one of the big three. But the thing is with information security it there is no direct correlation between the amount of money you spend on it and the results you get from it. So right there is some correlation but it’s not a direct correlation, it’s not about the blinky lights and stuff. It’s a lot of times it’s just the fundamentals. Right.

[00:47:27] Brad Nigh: Right. Well that’s the thing is like you you said the company was like oh we spent $2 million dollars or whatever it is. Great. Show me your asset inventory. We don’t have that. Why the hell are you what are you spending your money on?

[00:47:45] Evan Francen: Yeah. Yeah it’s hard to protect the things you don’t know your house. Yeah so that was august september uh more school ransomware attacks. I mean school ransomware attacks. Really? Oh there was a huge uptick all year long on K 12 ransomware attacks. Uh The german hospital, this was the first time that we can recall and it’s not the first time period was the first time

[00:48:15] Brad Nigh: confirmed

[00:48:16] Evan Francen: maybe. Yeah and the first time they actually made the news, made the news but there’s been flaws in you know automatic driving systems you know uh you know have led to deaths and things like that. This will get worse but the patient did pass away in Germany because they were redirected the hospital that was closest to them uh was suffering around smart attack. Couldn’t take them. So they got redirected to another hot and they passed away because of that. Uh huh. Uh Belarus law enforcement, 1000 high ranking police officers. Now that may not seem like such a big deal here but in Belarus that’s a that’s a pretty big deal right? These where organized crime is a little I think a little more prevalent so knowing knowing who these high ranking police officers are, you know makes them a target right? And S. Eight. This is a cyber fraud startup that was relatively new. The ceo there was accused of defrauding investors out of $123 million. Who was that guy’s name? The guy? S. Eight Ceo. Let’s look it up real quick.

[00:49:26] Brad Nigh: I remember that one. That was surprising right? Yeah

[00:49:34] Evan Francen: so he was he was arrested. I don’t know what the latest is on him. That would be cool to do. Maybe just a story on him satellites. Iranian hackers were charged for compromising us satellites. Uh Cerberus, this was all back in september uh the cerberus banking trojan was released um And then uh banco estado Chilean bank was forced to close down branches due to ransom and then september seems sort of quiet but there was a whole ton of other stuff and you got to remember too that this is like a snowball the rolling down the hill. So a lot of the things that were happening back in March and april were still sort of trying to deal with the fallout in september. So it just adds on more crap

[00:50:20] Brad Nigh: and you had to insider threat. Uh you know so you had the tesla uh an internal employee notified them that they’ve been approached to pay their would be paid 500,000 to plant malware and then Shopify um had an insider threat. And then what was the other one? Um Sisa revealed hackers associated with the chinese ministry of Security been skating U. S. Government and private networks for over a year. Thank you. They indicted the US Department of Justice, indicted five Chinese hackers for attacks in more than 100 organizations. Okay. They don’t there’s a lot of stuff

[00:51:05] Evan Francen: but october

[00:51:07] Brad Nigh: october let’s see. We had like Barnes and noble uh stolen records were leaked uh as proof from a ransomware attack. The U. N. International Maritime Organization had a security breach. Boom mobile uh was the victim of major cart. So what made card started in? What was the first one we talked about like March, february March. And so now you’re here you are, you know 67 months later and people are still having issues with it. Why did they got patch? You know that there was the fixes were released? Right? Um google haider. Ddos attack of 2.54 terabytes per second against it. That’s nuts. Uh us Dickey’s barbecue appointed sale attack between July 2019 and August 2023 million customers have their card details posted online. I mean that there’s a brief that took over a year to for them to identify uh will be soft and cry tech had sense of information by the Gregor ransomware game. They were also the ones that did Barnes and noble and then amazon had insider trading and amazon finance manager and their family was charged growing $1.4 million insider trading scam

[00:52:37] Evan Francen: And that Google 2.54 terrorists for second ddos attack. You know, it was only a few months prior to that aws and the 2.3 so those are and terabytes per second is like a lot of bits per second, man. I mean that’s that’s some serious data. I mean the fact that you can mitigate that and redirect that traffic. That’s amazing

[00:52:59] Brad Nigh: internally. And I got uh you know, if you’re on your own. Uh huh Deep. Do you see like you’re looking at 10 Gigabit Back On. Yeah, is pretty solid. I can’t imagine that much traffic coming your way.

[00:53:20] Evan Francen: Yeah. Vem Ber Manchester United for your footballers. Uh They had some internal systems in fact impacted by a security incident. They announced they’re investigating that verifone 27.7 million texas, driver’s licenses, human error. Campari knocked offline ransomware attack, $100 million botnet. Uh This is where a Russian hacker was jailed For uh operating about net and trained $100 million dollars from victim bank accounts. These were individual people at home so people at home think that well you know I just don’t I’m not a target. You are mashable. Uh Their database hacker published the national database online. Capcom Home Depot again uh is in the news but this time it was it was a settlement and so if you remember that that was 2013. Home Depot you know had their breach. It was around the same time as the target breach. And the method of attack was relatively similar to this was a point of sale software malware. Uh $17.5 million settlement. So how many how many years that in seven years? Almost seven years and $17.5 million. Do you think it’s

[00:54:41] Brad Nigh: only what they’re. Yeah now that’s not an issue.

[00:54:45] Evan Francen: Well one home depot has improved their security quite a bit but it was absolutely insanely terrible back in 2013.

[00:54:54] Brad Nigh: Oh yeah

[00:54:56] Evan Francen: I don’t know how you couldn’t be found negligent for how it was then at the time of the they have Embraer an aerospace company uh data thefts that’s an airline manufacturer. Uh

[00:55:12] Brad Nigh: The other one that’s on there was that was when it was really set North korean hackers were targeting Astrazeneca posing as recruiters and sending fake job offers that included malware.

[00:55:26] Evan Francen: Yeah december. Uh That’s this month. Right so we should remember some of these actually I remember you have the Leonardo S. P. A. That’s the police thing. The flight center one? You know I was the V. C. Cell for flight center. Uh This was not under my purview if you know all flights that are operated and their travel companies so they were hit uh really hard by the pandemic. Um He had a global CFO and I was you know served as sort of the Americas see so so Yeah they had a breach credit card records, his passport numbers 7000 people.

[00:56:08] Brad Nigh: What’s crazy about that 1? Is it was I think it was definitely a just an innocent mistake. They didn’t realize it because it was part of their uh design jam. So they basically said let’s work on it and accidentally published way more than they should have.

[00:56:27] Evan Francen: Mhm yep. And then the fire I

[00:56:33] Brad Nigh: the biggest I think flight center definitely reacted properly on that one.

[00:56:40] Evan Francen: Yeah. Yeah it just it sucks to see companies who don’t, yeah you know companies that experience a data breach and and you have to understand to to put this into context no matter what I do I can’t prevent all bad things from happening. So some of these companies may have had really good security fundamentals in place based on my experience. That’s really rare. So I’m guessing most of them didn’t uh But just because in the news for experiencing a breach doesn’t mean they’re bad. Right? I do want to qualify that. Uh Well I mean my reaction is going to do, what are you gonna do to prevent this from happening again? Right.

[00:57:27] Brad Nigh: Well, I suspect like fire for sure. I would, I would expect them to have pretty solid security program in place and you know, they got hit by an unknown attack through a supply chain. That’s a tough thing to defined and account for. Right?

[00:57:49] Evan Francen: So that’s a lot of breaches and stuff. And then we could, we could seriously talk for hours and hours about all the breaches and things that happened this year because we could go in into each and every one of these. Well,

[00:57:59] Brad Nigh: and that’s how I’ve been including like all the zero days and all the other stuff. Like I said that Net scaler was in february. That was a monstrous issue. You know, was it was zero log on uh was this year, Right. You know,

[00:58:18] Evan Francen: and I know I lost, I personally lost An entire week, at least two The Riot News that we might hit 427 hospitals across the United States. Yeah. You know, trying to track all that crap down with, you know, brian Krebs calling And that was a cluster. And that was what was that november? Was that october now, I can’t remember the months anymore.

[00:58:47] Brad Nigh: It was, I think it was october Yeah,

[00:58:52] Evan Francen: so it was a cluster man. And I’ve I can only imagine that when you, when you think through all the things that happened this year and you look at all the bad, what are the what are the good things?

[00:59:10] Brad Nigh: Yeah, I think one of the good things is we are seeing business is becoming more agile and figuring out how to you have people work remotely and be successful because for a long time a lot of companies refused to allow remote work and we’re getting a lot of calls for, okay, we’ve got things settled down. How do we better secure this? So I think you’re starting to see people going and say all right, this is going to be more common. So we need to start focusing on how do we properly secure things. Well,

[00:59:50] Evan Francen: yeah, yeah. I think hopefully people are just as sort of overwhelmed as I think we are, you know, we’re in this industry, you and me and we I feel like we had a pretty good handle on the things that are within our circle of influence and things that we can protect. But really when you look at all this stuff you can seem really overwhelming. So I think one positive is uh they’re coping with it, you know trying to not go insane, right? I mean, I got some positive because it’s like some of a gun and and to not become jaded. Mhm. You know, because you can sense it on your voice and on my voice when we say we’ve said this a billion times that focus on the fundamentals, the basics of information security, they don’t cost you much if anything. Right? But when I say it that way, I sound sort of jaded and maybe I just need to fight that a little bit more.

[01:01:04] Brad Nigh: I don’t know. I think it’s just it’s the frustration of continuing to see the same things over and over again. Right? Like I get people make mistakes that happens. But when you see the same mistakes repeated, it does it gets frustrating,

[01:01:25] Evan Francen: right? And some of these breaches are just tell me the breaches that you see and that you investigate are just lap back of care disregard for. I mean, it’s it’s truly irresponsible use of things that aren’t yours and it’s not yours when you lose Data that belongs to 30,000 or 30 million users. That’s not your data, right? You are a steward of that data. Your responsibility to use that data responsibly. And you didn’t we have to somehow figure out what responsible and what’s irresponsible and punish those who are irresponsible, reward those who are responsible and start really stop, you know, stop fighting the same just business as usual kind of Bs because it’s not working and it’s gonna hurt. It’s gonna get worse, man, yep. Yeah. All right. So what’s your prediction uh prediction for 2021, 21 h or two each or

[01:02:31] Brad Nigh: what I think well maybe like a a positive and the negative, right? I think because you could go both ways. I think you’re going to see a lot more attacks a lot more bigger of these ransomware attacks and reaches, um Which is unfortunate because people are gonna be distracted with everything going on from COVID-19 US politics and everything in between. But I think the positive is going to be uh that we are going to start seeing companies doing starting to do better. Right? I think we’re gonna start seeing that turnaround where we’re going to some some people are going to be, you know, that it’s the start of that bell curve, the earlier doctors, I think you’re gonna be at that second level of foot, actually what it’s called, but where those people start really focusing on security.

[01:03:24] Evan Francen: Yeah. In innovators, early adopters. And then you have the, yep, the diffusion of innovation. Is that what you’re talking about?

[01:03:32] Brad Nigh: Yeah, I can’t remember what, I know what, I can’t remember what it was, it was called, but I think, you know, you’ve already seen the innovators as early adopters doing this stuff. Um and I think this is where you’ll start seeing that’s next group, start putting adopting these things. Yeah. Yeah, unfortunately that that’s still a small percentage, it’s that third group, the top of the bell curve that uh we’re gonna it’s gonna be a while for them,

[01:04:09] Evan Francen: Right? Yeah, I agree. Man, I’m going to see, I think now more than ever people who take information security seriously. Uh we’ll start to see differentiations in the marketplace, meaning uh more widespread attacks, those who took security seriously and implemented the responsible things, the basics, the fundamentals and or for and and if if you’re sitting there, you know, listening and going, what are the basics and fundamentals, two things, uh if you don’t know what they are, they’re not doing them, you know, that’s Mhm. It’s logical. Uh and I think we can do it, we can do maybe a future show on what the basics and fundamentals are, but it starts with, you know, defining what this is. So defining information security for yourself and then implementing some governance, some roles and responsibilities for information security, who to do what? No, what and then get to get to work doing asset management, asset inventory, hardware, software, data assets, right? Where are they? You need to know where they are, you know, that you have them before you can start implementing controls around them, write access controls, change control, configuration control, all these different types of roles. Right? So there’s your basics a little bit um people start saying that there’s a true differentiation in the marketplace for doing that. I think some companies are waking up to that or more companies are waking up to that to your point early adopters. The innovators that 16% at the beginning of the curve are starting to influence the rest, which is all positive stuff, more people will suffer. Um And I think we’re going to see uh they’re definitely be more ransomware attacks. I wouldn’t expect the number of breaches to be left next year. Uh that trend will unfortunately we will continue. Um I do think we will see more people, you know, like the german attack, more people will suffer paying with their life, which you know, absolutely pisses me off. Uh it’s reality. Yeah. On a positive note though, I think there are things I’m seeing in our industry that are positive trends. I’m seeing more collaboration than ever, even though we suck at it still, you know, as an industry, I’m seeing more collaboration. I’m seeing more information sharing. I would expect in the next 12-18 months that there will be a legitimate data privacy data protection law on the federal side, at least one that is getting really close to signature of not signed by the end of dear.

[01:07:12] Brad Nigh: Yeah, I’d be uh you know, that’s a well, that’s another topic that I think we could go into the depth is data privacy versus information security because data privacy is really more of a legal focus. Right? That’s where you have those, some of those laws in and then a lot of people get those just assume they’re the same. Get asked a lot. Hey, can you help us with data privacy? I’m not a lawyer.

[01:07:39] Evan Francen: Right. Well, and that some of the other positive Because I want to leave on a positive note to 2020 has been a I look back in the year. It’s been an amazing year in terms of growth, personal growth industry growth. I think our industry is growing up uh you know, I think we have a long way to go still, but it’s part of the journey man. So Overall the fact that we survived all the crap from 2020 and we’re still here, that’s a positive, you know,

[01:08:13] Brad Nigh: because the vaccine coming up at the end of the tunnel,

[01:08:16] Evan Francen: right? And I and hopefully more people will wake up each day and just and what can I do to contribute to fixing this broken industry? You know, if you work in this industry ask yourself that you know what what what am I called to do? What’s my job here in this bigger picture thing. Uh can I mentor somebody, you know the mentor program that was a huge success this year. We had 4500 students in our metro programs. Absolutely free training, right? You know, you came out with the V. C. So you know, version two or you and the team and that’s that’s a huge plus. You know, you talk about the operational efficiencies uh talk about during his team and how much they’ve matured over this year. You look at our operations as a business, it’s cool to see that every it seems like everybody in our organization who wakes up in the morning, ask themselves that whether it’s overt or covert or conscious or subconscious, we’re all like making positive contributions to our industry every single day. We need more of that everywhere and then we’ll be fine. I think, you know what I mean? That’s a big positive for me,

[01:09:39] Brad Nigh: yep. Yeah, I like it

[01:09:44] Evan Francen: because I know you get up that way. I mean I do, I’m like that’s what, that’s what makes it stressful to it, because I pile on all this stuff thinking I got to get all this stuff done, all this stuff done, nobody else knows. You know, I don’t have anybody, I don’t have a boss who’s like, hey, did you get that thing done? You know? But there’s so much pressure. Like I want to do this, I want to do that one of this because we want to make a positive impact and I know you feel the same way you want to make a positive impact. Yeah, yeah, yeah. So 20, we’re gonna make more positive impacts. More people were gonna love more people at the end of the day. That’s what security is about, right? It’s not about information security as much as about people, man.

[01:10:34] Brad Nigh: Yeah, hopefully more like you said, more people start waking up to that, you see it seemed positive change is coming.

[01:10:42] Evan Francen: Oh, and and what’s the worst case, isn’t it really cool to like get up every day trying to help people, trying to serve people, trying to love people and then, you know, the at the end of there’s a road at the, you know, at the end of this, we all die if somebody dies right, it’s just, you don’t live forever. But what a great way to go out knowing that you tried really hard to help people and leave positiveness, you know, help people along the way. Even even if you don’t fix the broken industry, it’s great dying trying.

[01:11:21] Brad Nigh: Yeah, I made a positive impact. Yeah, I agree.

[01:11:27] Evan Francen: So maybe people, it’s going to take all of us, right? I mean, the Attackers that we face every day are really strong. They’re highly skilled. They’re pretty well coordinated. They’re making tons and tons of money. They’re making tons and tons of money off feeling from people that work their asses off every day. So we need to step into that divide, do the best we can. You know, and when you read about all these preachers, don’t assume that all this is failure. You can’t stop at all.

[01:12:02] Brad Nigh: No. It’s about how you react and what changes you make moving forward.

[01:12:07] Evan Francen: Yeah. So it’s like 20, like, I don’t know the best positive impact ever that I made and that’s what I can control. And you’ll do the same for you and we’re writing a book this year, we’re going to write a book in the VC. So I leave next week to start that book and then you can, you know, together, we’ll fill in all the blanks. Just keep doing it. Yeah, I don’t know. That’s my advice. What do you think? Do you agree?

[01:12:34] Brad Nigh: I do. I think, I think maybe 2021 is like a 2020 was a transitional year. 2021 is where those lessons learned start getting implemented. So we’re going to start seeing those positive, hopefully seeing this positive, uh, change is coming

[01:12:53] Evan Francen: awesome. And I’m on board with that and I love fighting the battle with you. It’s been a fun battle so far and I’m, I’m excited for more of it, Stuart this is perfect punching punch in the face of shitty security. All

[01:13:15] Brad Nigh: right, well that is going to wrap it up for our last show of 2020. That’s crazy. Um, shoutouts Happy New Year. Yeah, empathy. Any shadows.

[01:13:31] Evan Francen: Uh, just all the fighters man, all, all the people I know that we’re all working their asses off and we get hard on each other. I think, shout out to the whole security industry, we are growing up, you know, and it gets frustrating but shout out to everybody who’s behind the keyboard. It never gets a shout out man who just bust their tail every day doing things for the right reasons and nobody knows it. You know, shout out to all those people.

[01:13:58] Brad Nigh: Yeah, I’ll give a shout out to kind of two groups. First started listeners for supporting us and listening for 100 and 12 episodes. Another the other one would be for all the people that went through the mentor program and are still reaching out saying, hey, I finally I passed thank you very much and just making it, it makes it worthwhile knowing that that sacrifice is making a positive change. So shout out to both groups. Uh Alright, well said that wraps it up. Do you want to reach out to this? You can reach me at @BradNigh right now on twitter and Evan is @EvanFrancen to reach uh security studio @StudioSecurity FRSecure @FRSecure. Uh that’s it. We’ll talk to you guys everyone next week.

[01:14:46] Evan Francen: Alright, Happy New Year.

[01:14:48] Brad Nigh: Happy New Year.