Are We Facing Data Breach Fatigue?

Unsecurity Podcast

We are dismayed at the state of the information security industry. They take a realistic look at the increase in breaches and corresponding increase in data breach fatigue, the challenges local governments and schools are facing with infosec, and individual security. It’s not all doom and gloom, but we must face facts in order to fix the industry.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:19] Evan Francen: Welcome to the last un security podcast episode of 2019. And actually the last un security podcast episode of the decade. Uh we’ve got a great show planned for you today. The date is december 30th and this is episode number 60 joining me as almost always is my guy Brad Nigh. Hi brad.

[00:00:39] Brad Nigh: Morning Evan. How are you?

[00:00:42] Evan Francen: I’m good. We don’t have a guest today. So it’s just just me and you. But we’ve got a good recap for 2019 planned. Uh how was your weekend?

[00:00:51] Brad Nigh: Good – Other than the bad weather. Although it’s kind of finally uh you know the ice storm here in Minnesota so saturday morning when we stayed home but were, you know out basically like sliding down the driveway and the kids got to have some fun with it at least.

[00:01:09] Evan Francen: Minnesota pisses me off this time of year. Yeah.

[00:01:13] Brad Nigh: Can I make pisses me off. My daughters were mad that it wasn’t snow. Yeah.

[00:01:18] Evan Francen: Yeah. Can you imagine if it would have been snow? What I’ve gotten

[00:01:21] Brad Nigh: 12 plus inches easily. Yeah. Well,

[00:01:25] Evan Francen: all right, well, uh when I put together today’s show notes, I felt like I was a little harsh, Maybe even depressing. I put them together last night. So I was a little bit late. Uh It’s not like I was depressed and I wrote the notes. Uh but I took an objective look At the last 12 months at 2019. And it it got, it kind of got some depressing for me. Uh, 2000 2019 brought with it a record number of breaches, a record number of records disclosed or stolen ransomware seemed like it was everywhere. I don’t even know how many incident responses we responded to in our own little neck of the word Woods a lot. Uh Yeah. Right. Uh, you know, but we accountability is always a good thing. So brad. Do I seem depressed to you?

[00:02:16] Brad Nigh: No, no, Unfortunately, it’s a realistic, right there. You’re not putting that rosie shine on things. It’s, you know, the grim reality right now.

[00:02:30] Evan Francen: Well, from a business perspective, it was, you know, a great year. You know, if our secure best year ever security studio, best year ever, uh, more clients than ever. More revenue than ever. Um The sad thing is though, when you look at our industry, I don’t think it’s been worse. Yeah. And so this episode is, uh, you know, I figured we talk about This, we talk about the not so good things, you know, from 2019 and then We can do the good things. 2020

[00:03:02] Brad Nigh: start off the decade,

[00:03:03] Evan Francen: Right? Yeah. Because there’s tons of good things too, but it’s sort of hard to cover them all in. Just, just one show. All right. So here we go. Um, 2019 year in review. The first thing, you know, it sort of dawned on me and I think it’s it happens every year. Uh Maybe it comes with age, but you know, I look back and go, holy crap. Where did 2019 go? Do you do that?

[00:03:32] Brad Nigh: Yeah. What happened? I

[00:03:36] Evan Francen: Know. So I’m like, well, let’s just do some easy rudimentary math. And so, you know, I did that realized, estimated, you know, maybe 3380 hours I spent this year working.

[00:03:49] Brad Nigh: So I saw that and I did mine and I thought I worked a lot and I was about 2700 hours. I don’t know where they

[00:03:56] Evan Francen: crap. Really.

[00:03:58] Brad Nigh: You’ve got a lot

[00:03:59] Evan Francen: More. I work too much, but that’s sort of the moral of the story. So where did where did the time go for? 2019 For me? 38.58% of my time was spent working,

[00:04:10] Brad Nigh: Man was at 30.1

[00:04:12] Evan Francen: 415. Okay. So maybe a little more balance for you. 27.09% of my Year. hours was spent sleeping

[00:04:23] Brad Nigh: Was 2600. Okay, a little bit. I got average about seven hours a night.

[00:04:28] Evan Francen: Yeah. Well, you’re healthier I think than I am.

[00:04:32] Brad Nigh: I try. I probably not the healthiest because during the week it’s like five hours. And then on the weekends I just crash. Probably not the best balance

[00:04:41] Evan Francen: 23.90% or 2,094 hours. I just marked down as personal meaning family, friends, etc. Uh, quality time what you

[00:04:53] Brad Nigh: Came in at about 2000, which was 23%. It’s a little bit higher percentage but lower number, but I think my kids are younger so I go to bed a little earlier. So that was more other time. Yeah versus you know, with family or friends

[00:05:12] Evan Francen: And I think my other, you know, I said 10.42 so I only classified into four buckets, working sleeping personal, and other uh. I think my other number now that I think about is probably low, but I put 913 hours, which ended up being 10.4%.

[00:05:29] Brad Nigh: Mine was just 1486, which was the leftover. So about 17%. Okay. Okay. But I think if you combine the personal and other, that’s kind of the yeah.

[00:05:41] Evan Francen: Yeah. Well unfortunately my wife reads my, put my blog post so I’m sure she’ll comment.

[00:05:49] Brad Nigh: Oh yeah, mine listens to the podcast. So yeah, I’m,

[00:05:54] Evan Francen: So I’ve got, you know, I spent roughly 15% more time working than I did making memories of my family in 2019. Now one thing that I’ve noticed is as I get older memories with family becomes More important. So I’m sort of convicted like I think 2019 where my time went was maybe not best spent, you know, I think you could have spent more time with my family.

[00:06:18] Brad Nigh: Hopefully we’ve got structure and support in place here, so they don’t have to spend as much time working in 2020

[00:06:25] Evan Francen: well and I think for me it’s not you guys, I’m my own worst enemy. You know, if you leave me to my own devices, you know, I’ll do a bunch of unhealthy things, which you know, thank God for my wife because she is, uh, she’s the one who does keep me,

[00:06:41] Brad Nigh: yep, my my kids were, Yeah, they keep me in line to the other day. I woke up at, you know, 3:30 or something. It’s like so proud. I told you, I didn’t go to work till five and like, oh, you didn’t get to work till five way to go, super sarcastic golf club, giving you the golf club could have gone in at

[00:07:00] Evan Francen: four. Right? So anyway, this is uh, you know, I do like reflecting this time of year. You know, I noticed one obviously that my priority priorities can probably be adjusted, but also this time of year is, you know, I was reflecting on just what happened in the industry, you know, a lot of the things that happened personally, you know, great, I don’t know if the listeners really care about necessarily all that stuff, but you know, the industry when you look at the industry as a whole doesn’t seem like we’re making a lot of progress,

[00:07:33] Brad Nigh: a lot of spinning wheels, but we’ve got a I and blinky blinky lights and right selling stuff, right? Yeah.

[00:07:45] Evan Francen: So in my, in the show notes, I referred to were losing the war. Uh, we’re winning little battles here and there, but I’m not sure how significant they are in the greater scheme of things. Do you view this kind of the same way when you read that part of the show notes?

[00:08:02] Brad Nigh: Yeah, yeah. It’s tough. It’s like, you know, we’ve made a lot of good progress, but it’s, Yeah, how many three million companies in that small to mid size market? And we’re a fraction of a percentage. And it’s like, yeah, you do what you can and try to make a positive impact where you can, but you just look at it like Good Lord.

[00:08:30] Evan Francen: So this war, you know, that I referred to in the show notes, uh, I don’t know if people think of it that way. I do, sort of because bad people are taking advantage of good people immoral, people are taking advantage of decent people, immoral and corrupt, are informed and corrupt. People are taking advantage of the ignorant and noble. Uh, and it’s sad to see, I mean, that’s really what keeps me going every day. That’s why I get up. That’s why I’m excited to come to work is to try to make a difference in somebody’s life. And so business is growing. So we’re having more of an effect, I hope on more people. Yet the industry itself seems to be backsliding or maybe,

[00:09:15] Brad Nigh: I think it still goes back to the cash grab. A lot of it still is, people are just, there’s so much money out there, they’re just grabbing and throwing stuff out to say, okay, so here’s your new security product. Sure, easy button. We know it doesn’t

[00:09:30] Evan Francen: Work. So in the priorities in life adjustments, the first part of the 2019 in review, one of the adjustments that, you know, as I reflect on 2019, you know, I spent too much time working, someone tried to do a little, maybe less of that. But now my wife is start studying ascent. She bought her first ascent book and she’s going to be reading it on the trip down to Mexico next week, so maybe she’ll catch the bug and we’ll both be working our asses off. But Uh, what about you, priorities 2019 compared to what you’re kind of trying to do in 2 2020. Do you, did you, were you convicted of anything or do you feel like you need to make any adjustments?

[00:10:10] Brad Nigh: I mean, it’s, it’s tough because you do feel like, you know, there’s always, excuse me always more to do. It’s like I feel like I could work more and then you look at the numbers and like, well, no, I really shouldn’t be because I got, you know, a family that does for the most part want to see me. So, you know, it’s tough because like you said, there’s so much to do uh that yeah, it’s like I could, I’m lucky I could put way more hours and it’s not healthy, but it’s because you believe in what we’re working on, you know, going in and feel like you do something and making a positive impact every day. Um No, you

[00:10:57] Evan Francen: look, you seem to be more imbalanced when I just look at you as a friend and see kind of how you have things together and I love, I love how you’re there for your kids. Uh you know, just yeah, so you may not have to make nearly as much adjustment. My kids are mostly grown up in the house. So

[00:11:15] Brad Nigh: well, yeah, they get to the teenage years and they’re like, it’s nice that you’re around, but they don’t necessarily right care if you’re working as long as you’re kind of there if they need to. Yeah.

[00:11:26] Evan Francen: So a good exercise for anybody who’s uh you know, for people listening do your own numbers, you know, put them in those four buckets, just estimate the number of hours you spent working, the number of hours you spent sleeping, The number of hours you spent on personal time meaning and to me that’s like the quality. Yeah. And then the number of hours you spent on other the things that I kind of put in other was working out, which

[00:11:52] Brad Nigh: I don’t do your alone time as it were.

[00:11:56] Evan Francen: Yeah. So maybe the hobbies, maybe that’s why my other is so low because I don’t work out. But you know, travel, you know, we’re driving back and forth office all the time. That’s just kind of wasted time. But anyway, do your own numbers and You know, share if you want, if you want to, if you’re a competitive type 3380 hours working is what I did. You don’t want to win that one. Try to keep it below that. But I know that there are people in our industry who were more than

[00:12:23] Brad Nigh: that, which is not healthy. It leads to the burnout and we just don’t we don’t want that, right?

[00:12:30] Evan Francen: Yeah. I mean remember that security information, security is a part of life. It’s not life. You’re missing should be things

[00:12:38] Brad Nigh: working to live. Not living to work,

[00:12:41] Evan Francen: right? Yeah. Wise. All right. So the battle, the war that I feel like we’re losing. I have three from three fronts On which I feel like we’re losing the battle one is breaches are more common than ever, but we seem to care less than ever. I think we’ve got a breach fatigue problem, which we’ll talk about front number to our local governments and schools are losing their battles and I’m not sure how people feel about that front. Number three, our homes are part of the battleground. They’ve been part of the battleground for a while whether or not they have been actively sort of stomped on by troops, good or bad uh is you know for debate, but you know, they’re part of this too. So let’s talk about these things. Let’s talk First on front number one, I came across two news articles that I thought were interesting to sort of support. You know what, I feel like uh We’re losing the breaches being more common than ever. One was, you know, from Cnet I thought was a great article uh where they broke down the 2019 data breach data breaches. Some of the biggest ones of the year.

[00:13:54] Brad Nigh: I will say I love their sub tag on the head or whatever that’s called. Right?

[00:14:01] Evan Francen: Yeah. So here’s the yeah, so here’s the uh the title, it’s 2,019 data breach. Hall of shame. These were the biggest data breaches of the year. And then the type subtitle that brad’s are living too is we never want to hear the words Unsecured database ever again. So true. But we will, I know,

[00:14:21] Brad Nigh: so until they change the default settings. Right?

[00:14:27] Evan Francen: So some of the interesting things, you know, I think in this article is the total number of breaches this year was up 33% over last year. Uh actually there’s another article to that I want to call attention to its um lifehacker. It’s the worst data breaches of 2019 is the title of that one. Um But some of the, some of the stats, so total number of breaches was up 33% over last year. Medical services retailers and public entities were most affected. There were a total of 5,183 data breaches for a total of 7.9 billion billion exposed records, risk based security and other information security company stated that 2019 is was the worst year on record for breaches. It doesn’t sound positive, does it? No, no, so it’s like, okay, so then you look through that article and it’s amazing, you know, because some of these breaches seemed like they were so long ago and some of these, I didn’t even realize happened. Yeah, I work in this industry, man

[00:15:41] Brad Nigh: and it’s so tough to because right like that. Well you look at the Equifax that came back and now

[00:15:49] Evan Francen: that’s small

[00:15:49] Brad Nigh: potatoes well and and all that. Oh everybody’s gonna get money, nope, I did you get zero?

[00:15:57] Evan Francen: Did you not

[00:15:58] Brad Nigh: claimed but I haven’t gotten a check or anything? I got

[00:16:01] Evan Francen: money, I can’t remember what I got or did I, it

[00:16:02] Brad Nigh: was like, I don’t think you don’t think people have, but it was like the majority of it went shockingly to the lawyers, not to the people actually affected

[00:16:11] Evan Francen: class action lawsuits, lawyers anyway. Tick me off, we should say of Justin webb back on ask about how that works.

[00:16:18] Brad Nigh: I mean and it’s not to say they don’t do a lot of work but at the end of the day is it was a penance of what there was no reason for Equifax to

[00:16:29] Evan Francen: stop. It doesn’t seem just does it the lawyers were they may have may not have been victims along with the rest of us but to get, you know, millions of

[00:16:41] Brad Nigh: tens of millions, hundreds of millions. Yeah. Anyway. Uh yeah,

[00:16:45] Evan Francen: so we should go back to school.

[00:16:47] Brad Nigh: Thank you. Yeah. So Marriott in january

[00:16:53] Evan Francen: 383 million records, February 617 million records, 16 websites. That was part of the multiple dumps that uh I think try hunt found or uh yeah, on the dark web March, hundreds of millions of facebook and instagram accounts. Do you remember that

[00:17:13] Brad Nigh: one? Couldn’t when there’s too many facebook ones? I know april which one is that?

[00:17:19] Evan Francen: April was 540 Facebook 540 million Facebook May 835 million. First financial

[00:17:27] Brad Nigh: Records. Don’t skip over in April the 540. And then they also found millions of Instagram in plain text and then 12.5 million medical records of pregnant women.

[00:17:40] Evan Francen: 20 million patients in June uh from a medical bill collector American Medical Collection Association July Capital 100 million credit card applications, August movie pass 160 million unencrypted unauthenticated records. That’s one that I didn’t I didn’t even

[00:18:00] Brad Nigh: hear that in here. Um you know what I did? I do remember seeing that but I’ve never used it. So I was like

[00:18:09] Evan Francen: 218 million words with friends accounts in September four billion social media profile records and nobody knows who’s to blame for that one. in October november. We had facebook again. Uh so these are small companies with no budget for information security. These are large companies with tons of records that should maybe no better or you know, so there’s just so many questions about this one is first off, let’s talk about breach fatigue. Yeah. Do people care?

[00:18:43] Brad Nigh: I mean I think part of it is you get to the point where it’s like, what am I going to do? There’s nothing I can do to stop this. So yeah, you’re kind of like, well my information is already all out there. What what difference does it make if it’s leaked once or five times true.

[00:19:03] Evan Francen: When you have to wonder, you know some of this information that’s been stolen that hasn’t been used yet. So your your social security number is been stolen. I’m sure mine as

[00:19:15] Brad Nigh: fraudulent texas filed under my name When uh in 2016.

[00:19:20] Evan Francen: Okay, so but it’s still out there and you still have a social security number. Probably the same one. So I mean conspiracy theory maybe. But somebody is sitting on billions are millions and millions of Social Security numbers. For what reason? And what would happen if somehow you could figure out systematically to use all those Social Security numbers to file or apply for loans, all sorts of financial institutions all across the United States. And they were all fraudulent

[00:19:58] Brad Nigh: on the big one now is is uh fraudulent healthcare.

[00:20:02] Evan Francen: Right? But but even this one, I mean, because the fact is it’s out there already and it would that how would that affect the financial services industry in the United States? If you

[00:20:14] Brad Nigh: could. Yeah, I know

[00:20:15] Evan Francen: it’s you know what I mean? It’s kind of like, I don’t feel good about that.

[00:20:19] Brad Nigh: No. Well, because somebody’s gonna

[00:20:22] Evan Francen: the fact that somebody has my information and I know they have my information yet. I’m just in this waiting game to wait until somebody decides to use

[00:20:31] Brad Nigh: it. I mean, freeze your credit. Do some of those things because

[00:20:36] Evan Francen: we also know in cyber insurance, what’s the number one thing that that insurance companies fear the most

[00:20:42] Brad Nigh: Everybody getting hit at once.

[00:20:44] Evan Francen: Exactly the same thing happens in financial services. If one person has a fraud or a couple people have fraudulent stuff even maybe a million. But imagine, Yeah. You know, a

[00:20:57] Brad Nigh: 100 million. Yeah. Even 10 million. So, it’s good to be big numbers.

[00:21:02] Evan Francen: Right? So, we have this breach fatigue, Right? Which is sort of like all right. So what? I don’t care. I’m helpless.

[00:21:09] Brad Nigh: Yeah. I think that’s a big pete. It’s I’m helpless to do anything. Yeah.

[00:21:13] Evan Francen: And it’s just another day. Right? I mean, you read about it every single day so that there’s so much danger. I think in breach fatigue because then I think the next thing that happens is after breach fatigue does breach acceptance come next where I just accept it. This is reality.

[00:21:31] Brad Nigh: Yeah. And I think that you’re starting to see that to some extent with people, right? And and that

[00:21:38] Evan Francen: unfortunately that gets even dangerous or the toward I’m gonna.

[00:21:42] Brad Nigh: Yeah. Yeah. And I don’t think it’s going to slow down until these companies are held accountable to a point where it actually hurts. Right?

[00:21:52] Evan Francen: Well, there’s that and then there’s, you know, because we know that the way security works, that there’s no matter what I do, I cannot prevent all bad things from happening. Right? So some of these breaches you read about, it’s easy to play monday morning quarterback and say, well, you know, how could you have ever done that? Well, there are human beings behind all of this stuff and human beings make mistakes. So is it one holding companies accountable or how about the ability for me to control my own information? I mean this gets deep, Right? Because we can talk about this because I think it’s all racket to be honest. I never like take my Social Security number for instance. I never had any control. Alright. I never asked for one. I It was given one the government maintains it or whatever they do. And then every all the financial institutions, educational institutions, I’ll use my number

[00:22:45] Brad Nigh: with you. And they and they use it as both an identifier and an authenticator. Right? And so

[00:22:52] Evan Francen: the whole system, the whole system is broken. And then it doesn’t become when when a problem arises, then it becomes my problem. Even though I don’t never asked for this problem. What are you talking about? Why could this be, how could this be my problem? So I think the whole system sort of has to change. But I think it’s going to take a big big bad big bad thing to happen. Not not the breach of the loss of the information itself, but the actual use of the information.

[00:23:20] Brad Nigh: Financial pain is what’s going to drive change, man. Yeah. And that’s

[00:23:26] Evan Francen: one of the dangerous behind this breach fatigue is, you know, because everybody’s got this mentality of while it’s never gonna happen to me. Right? I get it. It’s never probably happened to you. Most people haven’t lost their identities. But what happens when it does.

[00:23:41] Brad Nigh: We’ll thing. I mean I thought I had done everything right. You know, and then I don’t even remember which breached my stuff got out on it was I don’t remember any way shockingly one of the big ones but I had my credit frozen. I have all that. And I still I filed my taxes like third week of february and somebody beat me by three days and filed fraudulent like you can do everything right and still be a victim of it.

[00:24:13] Evan Francen: Yeah. And there’s a fix for it. But it’s not easy right? You have to give me control over my number over my identity as opposed to just giving me an identity and then giving me no control over it. You have to give me control. So allow me because what happens is if my sensitive information is lost or stolen any sensitive information is lost or stolen, the only thing that you can do to sort of re mediate that is to make that information not valuable anymore. Right? So if you stole my social security number and then I just changed my social security number or created something different. You know, I was able to manage my own identity then you’re so then your social security, the number the data you stole from me is useless.

[00:24:56] Brad Nigh: Yeah. And yeah. How are they going to do that? Well you can

[00:25:01] Evan Francen: do it but it’s going to be

[00:25:03] Brad Nigh: redesigned. Yeah. Well and uh huh we know that’s the only way to fix it. I keep trying to

[00:25:10] Evan Francen: keep putting band aids on these

[00:25:12] Brad Nigh: bullet holes. Yeah. And I mean like that’s going to be we know we know the government is not quick.

[00:25:21] Evan Francen: Well the government is not paying the price. You’re paying the price. I’m paying the price. What

[00:25:25] Brad Nigh: will happen again? It’s going to happen when something massive happens and

[00:25:31] Evan Francen: and as long as going to have to, as long as we don’t care, you know, as a population, as long as we don’t care, right, breach fatigue has led to breach acceptance. I don’t care. Why is anybody gonna change

[00:25:43] Brad Nigh: it? No, it’s going to happen when when someone massive financial thing happens and it threatens the economy and now and then yeah, they’re gonna have to come in and it’s gonna take years to do it. They should be proactive. But yeah, I’m with you. It’s uh

[00:26:01] Evan Francen: uh so depressing, I

[00:26:03] Brad Nigh: told you it’s frustrating. It’s frustrating because a lot of times you look at this stuff right, you can’t control. But a lot of these breaches are easily preventable with fundamentals and and that’s what pisses me off is it’s like, okay, we’ve got you know, billions of records on unsecured, publicly accessible databases

[00:26:28] Evan Francen: unencrypted and

[00:26:29] Brad Nigh: encrypted password. I mean yeah,

[00:26:36] Evan Francen: So 2019. I agree completely, man. And and that stuff Torch me too. But you know the whole system being sort of rusticated. So we had a record number of breaches, a record number of exposed records that leads to kind of my next question, you know, are we getting better at finding and reporting breaches or are breaches happening more often. Therefore maybe we’re getting worse. I mean, do you think the industry is better.

[00:27:07] Brad Nigh: I think it’s a combination of, we’re getting better at actually hearing about these things.

[00:27:19] Evan Francen: I don’t know. You know, it’s a tough question, isn’t it? I think, uh, I do think we’re getting better at finding and reporting breaches. We have a lot more researchers out there, you know, a lot of the stuff that we found has been either on the dark web or it’s been, you know, container left a database left open somewhere,

[00:27:36] Brad Nigh: you know? Yeah, I think it’s it’s the, we’re hearing more about them, but there’s probably more because more people are moving to the cloud because it’s secure. Right? So it’s probably the uh, yeah, I mean, I’m trying to, I don’t, I don’t know

[00:27:53] Evan Francen: when we focus so much of our time and effort to, on the, on the sexy things. Right? And I get, uh, you know, research is very important, but it’s not all important, Right? I mean, the fundamentals are important, you know, but they’re also not all important. So, it’s kind of, all of us sort of working together, sort of figuring out one of the most impactful things that we can do is an industry to make this better because it’s not getting better. No. Whether we’re getting better at finding and reporting breaches or we’re getting worse at security and, and like it’s probably a combination of the two, I would say overall we’re not making progress,

[00:28:37] Brad Nigh: no. Yeah. Not not at the, not at a rate that is going to be successful.

[00:28:46] Evan Francen: So we’re closing out the decade in 2010 when breaches occurred there was a lot more outrage. There was a lot you know fear maybe but just call the action holding people accountable and now it’s like yeah into the breach. So what what do I do? Like they take the target breach when that happened in 2013? Um I was on like news stations everywhere. What can we do? What can we do to protect ourselves? How can we you know now it’s like another breach. Yeah some of these I never heard of before and he said

[00:29:27] Brad Nigh: yeah I keep in mind like I was saying about it like it was the anthem breach might have been the one Uh it was 37.5 million records in 2015. That’s not that I wouldn’t even be on the list. No this year. It’s it yeah. They’re getting bigger I think. Getting

[00:29:47] Evan Francen: bigger and getting and worse. Yeah. Yeah it’s a sad state of affairs. And the only way again the only way to undo you know the damage done by sensitive information being lost or stolen is to make the sense of information not sensitive.

[00:30:05] Brad Nigh: And that’s probably you don’t want to hazard a guess of how long did it take?

[00:30:12] Evan Francen: All right And that’s just Social Security numbers right. You’ve also got health records. How do you make my health record no longer valuable. You know I suppose maybe tight something. I mean this can get really deep and what about I. P. Has been lost or stolen. You can’t get that back. That’s gone. Right. I mean that’s actually yeah, that’s intellectual property. Alright. Excuse me. So anyway, front number one, that’s uh that’s what I feel like we’re losing that battle or that war or the war on that front, you know? And if you know how wars are fought, they fought on multiple fronts. In most cases, uh that one doesn’t look good front number to our local governments and schools are losing their battles. We’ve read over and over and over again about how ransomware has been nailing our local governments and schools municipalities. I came across a great really a good article. I thought it was well written. I love the way he laid it out. It’s from Michael Maze at CPO magazine And the title is Top 10 ransomware stories of 2019. Some interesting stuff here and again, these these things happen so often in our industry that I think we tend to forget because you know, one of the things and there is, Well he did, he says, as the year ends, it’s time to Declare 2019. The year of ransomware escalation Baltimore. We all heard about Baltimore. Right. I don’t know how much they spent 17.6 million or something was but it was it

[00:31:43] Brad Nigh: was a lot. And

[00:31:44] Evan Francen: you read it I don’t know how much, you know about the city of Baltimore. But if you read about the city of Baltimore, that’s a city and shambles, man.

[00:31:51] Brad Nigh: Well, I think what happens, you’ve seen it all over the place is they’re just not given the financing to do, there’s no money.

[00:32:00] Evan Francen: But if you look at what the C you know, this article is awesome because if you look at what the C. I O. Went to the council for for budget security wasn’t highlighted there. So even the C I O the person who’s responsible for this, you know, or not for this, but for protecting this. And these are basics, man. I mean the fundamentals around ransomware the same fundamentals we were talking about, you know, at the advent of computers Right in the 90s, I remember advising people and changing backup tapes. Taking those backup tapes offsite. Right? So it was a physical air gap so that when something happened to the server or you know, a fire or something, I can still restore. Yeah, kind of that’s the same thing.

[00:32:42] Brad Nigh: Yeah. No,

[00:32:44] Evan Francen: I know. Back up your damn data.

[00:32:47] Brad Nigh: Yeah. I mean, the

[00:32:49] Evan Francen: solution is right in front of it. It works and you drive your car every day without

[00:32:53] Brad Nigh: oil. Well, I mean, yeah, some people do. But, you know, most people it’s kind of it is I am with you though. It it’s yeah, it’s they come it it just keeps coming back to the fundamentals and people put, you know, blinky lights in place and spend money on we kind of, you know make fun of it a little bit. But you know the ai machine learning and next gin and assume well I spent all this money on this software or this boy whatever appliance I’m good. But then I don’t know what they have. It’s not configured properly. It’s not looking in the right places. You know, it doesn’t matter how much you spend on it. If you’re not doing the fundamentals. It’s just a matter of time

[00:33:41] Evan Francen: Well and it’s simple and it’s negligence, you’re not backing up your data and protecting those backups. You get hit by ransomware. I mean not backing up your data is negligent. I don’t understand how you can phrase it any different. How could you possibly claim you didn’t know? Well, I didn’t know I was supposed to back up my name. What I didn’t know I was supposed to change the oil in my car. Okay.

[00:34:09] Brad Nigh: Yeah.

[00:34:10] Evan Francen: Mommy and daddy didn’t teach you very well.

[00:34:12] Brad Nigh: Right. And you know asset management. What do you have that needs to be backed up? What’s the classification of it? What do you what’s it’s Yeah, it is. It is and it really does. It’s not hard stuff. That’s the thing, right? Is it sometimes difficult to do. Yes. But it’s not hard to understand. Yeah.

[00:34:36] Evan Francen: So Baltimore was just one of 82 cities and municipalities that were publicly that publicly reported Being hit by ransomware in 2019, cities

[00:34:50] Brad Nigh: publicly

[00:34:52] Evan Francen: reported. Right? I’m sure there were some others that’s astonishing. They have 82 cities and municipalities who didn’t know you were supposed to back up your data or you knew and you purposely made a choice not to write.

[00:35:08] Brad Nigh: And what blows my mind is we did do that push earlier this year. Yeah. We’re going to get back on that again. But even 20 even volunteering time. Right. Just just no, it’s not a priority. Yeah, we know it’s not great, but well, it’s, I’ll volunteer to help. Right?

[00:35:30] Evan Francen: Well, one of the cool things about, you know, what did happen, I guess, you know, a silver lining. Unfortunately, it always takes a bad thing to happen. Uh, but a silver lining here is what was the 246 mayors signed a pact that they would refuse to pay ransoms. That’s good. Well, yeah, but what does it take to undo a packed just pay the ransom anyway. I mean, if your political life is on 226 mayors. So 226 mayors, there’s the attendee list on that article that I mentioned, the top 10 ransomware stories of 2019. Uh, and you remember Riviera Beach and Lake City in florida. Those were two that we talked about earlier this year that end up paying the ransom. They were not attendees at the conference. So lisa didn’t break their pact and still paid the ransom. So it’s just crazy because now you know, ransomware is evolved and we knew what we knew it. Either I already had or that it was going to soon. We’re now you don’t pay the ransom and you recover from backup. Well then I’ve got still exfiltrate your deal and that’s the big

[00:36:42] Brad Nigh: lose your data. That’s the big one. We always get in. Any of the incident responses from the lawyers was data exhilarated and I would say 95% of the time. Our answer is I don’t know there’s no logs, there’s no nothing was configured properly. I can’t go back. You’re not, I don’t know right? And so of course lawyers want it written is there’s no evidence of data exfiltration which technically is true. But just,

[00:37:16] Evan Francen: well the counter to that, you know this chess game, we play the counter to that is Going back to the breach piece that we just talked about on front number one make the data no longer valuable. So the attacker does steel personally identifiable information about me. Is there a way to make that data no longer valuable an attacker? So I still don’t have to pay the ransom because the fact of the matter is this is criminal enterprise. Yeah. You know I I live don’t fund now live in my city and I would be livid if I found out that my city paid a ransom. Like uh, say who what?

[00:37:58] Brad Nigh: Why I avoid politics? But I think that might be one of the few times in scenarios that would get me like involved in. Yeah, doing something.

[00:38:09] Evan Francen: Especially if I found out you weren’t doing the fundamentals right? If you did despite your best efforts right, you followed the fundamentals, you seem to do everything right and you made a mistake and they’re, you know, therefore led to this. I could accept that because I’m a human being to I make mistakes. Yeah. I’ve never not clicked on a link before. I mean,

[00:38:29] Brad Nigh: well, and we’ve seen, you know, incidents where they had a pretty good, uh, you know, score the s to score, right? And it happens, you can’t stop everything. But it makes like figuring out what happened so much easier. It makes recovering from it so much faster versus you know, when they have scores in the four hundreds with nothing, you know, their firewall isn’t logging traffic only logs are local on the server and it’s, you know, a couple weeks. Yeah, you can’t stop it.

[00:39:07] Evan Francen: But yeah, that’s me again. I’m busy. I’m busy at the meeting invites anyway. Right? So 82 cities, municipalities publicly being publicly hit the whole Baltimore story I think is comical if it wasn’t so sad, Uh, lost $8 million dollars in lost revenue in terms of, you know, damage, real estate. I’m sorry, utility payments, dismissed court cases, you know, all kinds of things like that.

[00:39:38] Brad Nigh: What was the one that was in Atlanta? I mean that was even bigger than Baltimore’s in terms of, yeah, but

[00:39:44] Evan Francen: That was 2,018 that we’re not going to talk about that right now. I can’t even keep it. They see that’s the thing. That was so last year brother.

[00:39:52] Brad Nigh: It’s just insane like they do. They just all run together right

[00:39:59] Evan Francen: in the city of Baltimore had four C. A. S in five years. Okay. There was an information security manager who made a recommendation for cyber insurance but they failed to approve that. Um, the sea. So that in 2000 july 2018 new city see so frank johnson not mentioning names but frank johnson presented the technology plan that provided little urgency for cybersecurity

[00:40:27] Brad Nigh: and you know, here’s the thing from experience. Working with cities and counties, they are incredibly frustrated. The 44 and five years is not uncommon. What happens is somebody gets in there gets it for a year to get the title and the experience and leaves for significantly more money because the cities and counties just cannot compete and there’s such a shortage. So yeah, and when you have that much turnover, there’s no continuity, there’s no right everybody comes in and wants to do things their way. So it’s constantly changing. There’s no, I’m not surprised

[00:41:08] Evan Francen: the and so we shouldn’t forget the texas. 20 to 22 cities were attacked through t. S. M consulting that happened uh in august uh oh those guys got hit uh lots of rain from our schools. We were talking about counties, cities, municipalities in schools are all losing their battles. So counties, there’s tons of reasons, tons of things. Cities. Mhm. You know, politics gets involved. We haven’t made a good case, I don’t think for they don’t have, you know, if you don’t have budget, what are some of the free things? Right, Because some of the things that you do don’t require a ton of budget backing up your data doesn’t require a ton of budget. No, in most

[00:41:52] Brad Nigh: cases when you well, and when you even if you have to buy even go to tape or back up to disk and replicated somewhere, It’s not a huge, you can do it fairly inexpensively now.

[00:42:08] Evan Francen: So schools schools uh 72 United States school districts were hit by ransomware again publicly impacting 867 individual schools. Uh Most recently, nine new school districts representing 98 individual schools were attacked by ransomware last month in november, including Wood County. Schools in west Virginia. Uh Port in a Chase Grove Independent school district in texas one in indiana. New Jersey massachusetts California Illinois. New Hampshire maine

[00:42:46] Brad Nigh: and this is the one where you don’t hear about these a lot because there’s no disclosure requirements unless the state has one, but if you look at, you know, ferpa being Kind of the Federal one. Yeah, there’s no disclosure requirement.

[00:43:04] Evan Francen: So schools need our help. So not just, you know, municipalities and local governments, but schools also need their help. Schools are a different animal. You know, I know that we’ll have uh we’ll be able to talk a lot more with Ryan cloudier in future podcast where we can get some more insight into what kind of goes on with schools. I was at work make a couple weeks ago, which was a uh can sort coop for schools up in northern Minnesota. Uh One thing’s for sure. They all want to do the right thing.

[00:43:37] Brad Nigh: Yeah, they just, so I spoke at the S. P. O. In october and that’s you know, school business. So it’s not a T. People and I agree they want to do the right thing. They they have no idea.

[00:43:50] Evan Francen: Right? Yeah.

[00:43:52] Brad Nigh: So that’s the biggest challenge. There’s educating them.

[00:43:57] Evan Francen: Yeah. And let’s not forget the state of emergency in Louisiana. Uh I think they declared a state of emergency according to the article twice in 2019. Once isn’t good enough.

[00:44:10] Brad Nigh: Hopefully, hopefully their budget for 2020 is uh taking that into consideration

[00:44:17] Evan Francen: right. Georgia had 30 magistrate courts in 23 municipal courts. Mhm 43 Healthcare Organizations across the country. I’ll hit by ransomware. So yes, again, it seems like we’re losing on this front

[00:44:37] Brad Nigh: and this is one where we don’t need to be sure right is the ransom where like you said, this is probably one of the and I don’t want to make light of it, but it’s one of the easiest attacks too recover from

[00:44:52] Evan Francen: well, except for now the switch to ex filtration. Well

[00:44:56] Brad Nigh: yeah, but in terms of a business functionality, being able to resume business operations, it’s you recover from backup. Right.

[00:45:07] Evan Francen: Done. Well, I’m assuming you know that front number one stays the way it is and you have to disclose a breach of that data exfiltration. Nobody’s going to care anyway.

[00:45:16] Brad Nigh: So I know,

[00:45:19] Evan Francen: so just back up and don’t worry about it. Yeah. So anyway that’s a that’s a sad state of affairs. But I think we can do we can on all these things. All these things are solvable right there. It’s not easy. But who said it was gonna be easy. Right. Right. I mean I didn’t join, I didn’t work how many hours I worked this last year because it was easy. Right?

[00:45:42] Brad Nigh: So, well I think it goes back to it’s not complex. It’s not these really obscure. It’s not the astrophysics or rocket science but it’s not it’s hard work but it’s not complex or difficult.

[00:45:57] Evan Francen: Well difficult. Well maybe different complex. Yeah. I think sometimes people they over complicate and confuse simple with easy to different things. Simple. It’s a very

[00:46:08] Brad Nigh: simple concept to understand. It’s hard to it may

[00:46:11] Evan Francen: be simple to walk from here to brainard, right? Just walk straight straight line. But that’s hard as hell man, especially for somebody who’s, you know, overweight

[00:46:23] Brad Nigh: maybe doesn’t exercise.

[00:46:24] Evan Francen: Yeah, no, Walk down the stairs today. Made it down there. All right. So from number to our local governments and schools are losing their battles and we need to uh, obviously do something about that. That was 2,018 front number three our homes are part of the battleground and we see ignorant about it. We seem there’s not a lot of study here. There’s, you know, there’s not a lot of, it’s not sensational, right? It’s not going to grab huge news. Sometimes you see the things, the privacy things that happened. You know, like it’s when mom heard something on the baby monitor or

[00:47:03] Brad Nigh: something. Yeah, the couple that had whatever taken over and the person was basically terrorizing their young child. That’s what you hear. But I was like, well, that’s not gonna happen to me,

[00:47:18] Evan Francen: right? But it is, it is happening. And a lot of times it’s, it’s not, it’s not being reported? Uh, I think lots of times people don’t even know what’s happening. And if you did know, what’s happening, who do you report it to? Where am I going to do? What you reported to the local police? What are they going to do? Right. Well, it’s going to make it into the news? Well, I ever hear about it. Will you ever hear about it?

[00:47:40] Brad Nigh: Well, and then you see the stories about like the smart TVs that are taking screen captures,

[00:47:47] Evan Francen: you dump TVs

[00:47:48] Brad Nigh: anymore. No, mine is absolutely not connected to the internet. It’s crazy and there’s some, you know, I think here ignorance and not willful ignorance but just this isn’t what people do, right? And you know, I do the parent uh presentation for like, you know, safe and secure online for the I am cyber safe or whatever it is. I see squares and every one of them, the parents are like, oh, like they want to know there’s not, there’s just not anything out there. Yeah. And it, yeah, it’s like there’s only, it’s tough to get in front of them too because everyone is like, I’ve got other things that are a priority or, but then you could do it and they’re like, oh yeah, okay, that was worth it. But it’s,

[00:48:43] Evan Francen: yeah, it’s tough. Well, one of the things that dawned on me when I was talking to the school districts, um, a couple of weeks ago was they were very concerned about safety, safety was,

[00:48:54] Brad Nigh: but it’s physical.

[00:48:55] Evan Francen: Well, well and so that, that’s what they were just very concerned about safety. So it was, the question to the crowd is, can you separate information, security, privacy and safety. And the answer is you can’t anymore. They’re integrated altogether. So even take physical security, you know, and Ryan brought up a good yeah point when I was talking to him last week, um, you know rain somewhere takes out the building, lock control system, you know how the all the doors are unlocked so there’s there’s a safety issue or right?

[00:49:35] Brad Nigh: Or you can somebody takes over it and locks them

[00:49:38] Evan Francen: and lock everybody in with a gun inside or something. Right? I mean there’s all kinds of things so these things can’t be separated anymore. And likewise, you can’t separate security at home from security at work anymore. No, all of us work bring work home, whether you’re actually working at home or just bringing work home, you bring work home well

[00:50:04] Brad Nigh: and on the flip side if you if your bank account gets trained is that that’s going to impact your ability to work. You’re not going to be focused on work if you’re like what am I going to do?

[00:50:15] Evan Francen: Right. What all of us tell work now. Right. And then that’s another big one. Yeah. I mean the security of my home network has an impact on security here at work. The security of my kids if I let my kids use my laptop you know to do homework or something. That’s a security risk. There’s there’s things that matter in all of that

[00:50:43] Brad Nigh: um that’s when my kids have their own laptop. Right

[00:50:47] Evan Francen: one. And the same thing applies like if if you get ransom where your house decided to pay the ransom again you’re paying the crooks the crooks are reinvesting that money to attack me or they say they take your computer over and make it part of a boat now, you know and it does me, yep, you know, so all these things are all connected and you can’t separate them.

[00:51:09] Brad Nigh: No, no and uh huh and I think the over arching theme is is just a lack of resources and a lack of knowledge and it’s not that people necessarily are intentionally doing these things, you know, they just don’t know better and there’s nothing out there to help them with it.

[00:51:36] Evan Francen: Yeah. Well the things that are out there, they don’t know about, you know there are some things but they don’t for whatever reason they don’t know about them. Uh so how do we, this will be a big challenge for us in the coming years is how do we elevate the knowledge of people at home? Ryan calls them humans, I call them normal people um because they’re struggling, they need our help, they’re sitting ducks right now. Uh and and and the problem just keeps getting worse right, we just wrapped up christmas and I haven’t seen the sales numbers on smart devices and smart home crap, you know, but people are plugging more stuff in at home making their life more and more complex, making more and more difficult to secure stuff and God knows how many of those things are set up with defaults um never patched the majority. I know so it’s like my God people stop, you know, go back to your for now. Go back to the simple stuff, right? The dumb things until you learn how to use the smart things and there’s nothing wrong with not knowing how to use the smart things right now.

[00:52:46] Brad Nigh: Take your time. Do you really need your dishwasher or your refrigerator or your washer and dryer on the internet? What is the value you’re getting out of that? Right.

[00:52:57] Evan Francen: Yeah. It may seem really cool. Fight that urge until you learn how to secure it, right? Because there are, you know what’s more secure is Alexa more secure than google home. I don’t know, but I don’t have either one in my house. And if I were to buy either one and I wanted that convenient, I would do the research to find out which is more secure and then I would install it securely. I would segment that I was isolated on my network. I mean there’s all kinds of things that I would do, but I’m a security guy. Right? So how do we make more people more aware of security things and want to be motivated to do the right thing? Well,

[00:53:36] Brad Nigh: I think you got to make it easy. Right? That’s the biggest thing. If if you sit down and it’s they’re already they don’t understand this. Right? So if you make it daunting or big complex. They’re they’re checking out right away. So we gotta figure out a way to simplify and make it Yeah, relatable for the normal

[00:54:00] Evan Francen: people, Right? No. Yeah, I agree with that completely. So, um and the sad thing is knowing that I can’t separate security privacy and safety at home, uh your Children become prey. Mhm. You know, if you’re ignorant of what your Children are doing on smart devices, I got another meeting, I guess if your Children are ignorant of smart device or if you’re ignorant of smart devices and what your Children are doing, the apps that they’re using, the people that they’re communicating with. It’s dangerous. Yeah. You know, sex trafficking is Oh yeah, that’s a big that’s a big deal. And it’s at an all time high. And so as you know, predators, you know, sexual predators, you watch that movie or that show? Uh catch

[00:54:50] Brad Nigh: catfish. No. Yeah, I know, but I know what it is. It’s a good show.

[00:54:56] Evan Francen: All right. So, the question that I had for a front number three our homes is, did the problem get worse this year in 2019, in your opinion. Okay. And you said that without hesitation. Yeah, I agree with that.

[00:55:10] Brad Nigh: If nothing else. Just from a volume standpoint. Right, Right. If 75% of people are leaving defaults, and now you’ve got double the amount of devices out there. Right. It’s just Yeah,

[00:55:24] Evan Francen: man, I agree. So, the second question then is will that will this problem get worse before it gets better? Yeah, I agree with that too. So that’s a that’s a sad state of affairs. So in your opinion brad since you and I are friends and we’re sitting here on the front number one, it appears as though we’re losing. They’re reaches are more common than ever. We seem to care less than ever. That’s 2,019 on front, number two, we’re also losing our local governments and schools are losing their battles. And on front number three, our homes are part of the battleground and we seem seem ignorant whether it’s willful or not. We’re ignorant. It wasn’t too depressing, was it?

[00:56:15] Brad Nigh: No,

[00:56:15] Evan Francen: it’s reality.

[00:56:17] Brad Nigh: Yeah. It’s just a little bit scary, very frustrating. But you know, at the end of the day, I think the positive out of this is there’s a lot of really like you said, simple things people can do to make a huge impact, Right? So, you know, we can this, let’s work on that. Let’s

[00:56:38] Evan Francen: get on it. Yeah. And so you’re right. I mean, we do have a lot of work to do and the answers may be simple, but they’re not easy, right? There’s there are no easy answers. No easy buttons. So if people want easy that you’re just gonna get more of this. If you

[00:56:57] Brad Nigh: want easy, go buy a farm with no internet and just live completely off the grid or

[00:57:03] Evan Francen: Do what I’m gonna do in 1000, hold on. I’m going to tell you how many days till this guy retires because it’s yeah there’s a day 1354 days. So in that time I will be easy. I’ll be in the caribbean living easy. Uh Trying to Yeah about the rest of the days. Uh So but I think the the answer is found in learning and applying information security fundamentals. We’ve talked about that. We preach that all over and over and over again. I know it’s not sexy. It’s not entertaining. You know when you when you listen to a podcast like this and we’re talking about fundamentals and things like that. People may be like where’s the cool stuff?

[00:57:47] Brad Nigh: You know? Yeah I can tell you people have spent hundreds of thousands of dollars on blinky lights and got completely owned. Doesn’t not it doesn’t do anything.

[00:57:59] Evan Francen: All right. So we spent we spent 2019 working uh hard both of us have And our first secure, you know the 80 some odd employees there buster behind every day to try to make this better. Same thing with that security studio. We try so hard to reach people with simple practical information security solutions right? We realize that not everybody is going to be an information security expert. So how can we be their expert in a way that we can still pay the bills for us? We have families to raise and mouths to feed. Uh So things like our R. V. C. So you know program where you may not need a full time see, so full time security expert, but tap into something. Right? Well, it happened to something that’s unbiased

[00:58:48] Brad Nigh: and the best the most successful companies that we’ve seen have somebody responsible for security and still do the VC. So because they realize I’m just one person here I need Yeah. A sanity check. A a safety net. Right.

[00:59:06] Evan Francen: Another thing we did this last year to try to help here as we created the S. Two orig assessment, which used to be called Fisa Score, but we renamed it to put it on the new platform, which is a free information security risk assessment for all organizations. Right? It masters the fundamentals. It’s not super deep in any one area of information security because that’s not where the fundamentals lie. Right? But its fundamentals not easy. If you go through the 687 questions that are in that assessment, as well as uploading your Ness’s files and all that other stuff. That’s not necessarily easy. But man, it pays huge dividends, you know, where you’re asking in time. Right? So that’s one of the tools we built and made it available for free. One of the cool things we’ve seen is 20 some odd counties in the state of Minnesota have adopted or you’re using these to score, right? Yeah. It’s free. I don’t know why, you know, the S two vendor, which is a vendor risk management tool that is not free. So I’m not going to spend any time on that. But the other one is the s to me which I think is kind of cool. I think there’s a lot of places that this can go. But this is another free information security risk assessment for all people. I took it, my wife took it, you took it, your wife took it, it teaches you the fundamentals of information security at home. It’s not super sexy. It takes about 15 minutes to do it. Um the more people that end up doing it, the more time we’re going to spend developing it. So if there’s not a ton of people were using that tool right now we’re gonna let it kind of sit for a little while.

[01:00:43] Brad Nigh: Yeah, well you need some, yeah, you need some usage to understand where to go. You know, and and the nice thing with that is to me is we’ve gotten feedback from people that have done it and they’re like It took, you know, they took them 2025 minutes because they didn’t understand and they spend a lot of time reading the threat and the recommendations and going through all that and that’s nice. It does have it but they’re like there’s so many things that I never would have thought of. Yeah

[01:01:10] Evan Francen: that’s that’s the ignorant, we’re trying to

[01:01:12] Brad Nigh: help. And it was it’s kind of funny tomato to here because this is what we do and it’s just second nature. And so yeah,

[01:01:21] Evan Francen: so that’s a free tool. And if you want to know where these links are, you can go to the show notes. It’s E V A N F R A N C E N dot com. Go to the episode 60 show notes. There’s links about almost to the end of the page for the S tuareg in the s to me, free assessments. Try it out and give us feedback. What do you like? What did you not like? So that we can improve it and make it better for more people. Uh, and there’s no catch. That’s why I don’t mind

[01:01:52] Brad Nigh: sharing. I think that’s what people are. You know, they’re hesitant or whatever because lot of people put it out there and don’t want to hear feedback. No, tell us no, help us get better at this begging for it.

[01:02:06] Evan Francen: Uh, so we made some of those tools for free. We also made the ransom or readiness assessment free. That’s on that far secures website. Uh, so if you want that, let us know. Uh, but anyway, we’re trying to fight these battles. Were trying to fight, we’re trying to arm people to win these battles on all fronts. So front one again, losing too many breaches, bad things happening. People not understanding the fundamentals front to local governments and schools are losing in front three at home, yep. He read anything else to add,

[01:02:40] Brad Nigh: It won’t be this negative next week.

[01:02:42] Evan Francen: That’s true. It won’t be when I hate leaving people with like, hey, here’s all the crap and I have no solution.

[01:02:49] Brad Nigh: Well, yeah, but I think

[01:02:51] Evan Francen: we’re going to dig in on this racket that I was talking to you about earlier on the the whole Social Security number thing. Identity theft thing is such a gotta be a better way. We’re going to spend a whole show on that sometime. All right, well, that’s a wrap for another show. Another decade in the books. Crazy. I didn’t think I’d live this long. Uh but heck, that’s it. Thank you. And happy New Year to our listeners be safe out there. Please don’t do what I used to do when I used to drink. I’m not going into that either. Yeah. Right. Be sure to tune in next week. We’ll cover some positive things. There were many, many positive things that happened in 2019. And really good things I think to look forward to. I have some predictions. I always have some. Yeah, I’ll probably do too.

[01:03:40] Brad Nigh: And I like the idea of starting off the year on a positive note. Right?

[01:03:46] Evan Francen: When God forbid I would sit here and tell you that 2019 was a successful year in our industry. When you look at some of this data, it’s like, I’m not gonna ignore it. Uh Honey, we love recording these shows for you. We hope you enjoy send us your questions and feedback at If you are the social type socialist with us on twitter, I’m @EvanFrancen. And this other guy is @BradNigh.

[01:04:22] Brad Nigh: And I will say one of my things my goals in 2020 is to actually use Twitter a little bit more rather than just as in like an aggregator

[01:04:31] Evan Francen: gets addicting man trolled. It’s the worst time ever. Alright well happy New Year. That’s it.