Ivan Paynter National Security Specialist on Why We Need to Pay Attention to Security

Could your business survive the reputational damage of a security breach and the financial impact of the recovery? The number of companies in the country that have been compromised by malware is going to increase exponentially due to the global pandemic, so companies must prepare themselves. In this episode, Max Clark talks with National Cyber Security Specialist, Ivan Paynter, about why security is not, or should not ever be an afterthought. Paynter takes us on a deep dive into what integrated security actually looks like for companies.

Could your business survive the reputational damage of a security breach and the financial impact of the recovery? The number of companies in the country that have been compromised by malware is going to increase exponentially due to the global pandemic, so companies must prepare themselves. In this episode, Max Clark talks with National Cyber Security Specialist, Ivan Paynter, about why security is not, or should not ever be an afterthought. Paynter takes us on a deep dive into what integrated security actually looks like for companies.

Episode Transcript:

INTRO: [00:00] Welcome to the Tech Deep Dive Podcast, where we let our inner nerd come out and have fun getting into the weeds on all things tech. At Clarksys, we believe tech should make your life better, searching Google is a waste of time, and the right vendor is often one you haven’t heard of before. 

Max: [00:18] Hi, I’m Max Clark and I’m joined by Ivan Paynter, our National Cybersecurity Specialist. Hi Ivan!

Ivan: [00:25] Hey Max, how are you?

Max: [00:25] Good to talk to you.

Ivan: [00:26] Good to talk to you too, sir.

Max: [00:27] So Ivan, we talk a lot about security, and we talk about you know, the impacts of security. Let’s start with like, statistics about this. You know, you read these stats that say, “x percent of companies are going to have a cybersecurity incident” and you know, “x percent of those are going to –“ I mean, what is that stat in today’s world?

Ivan: [00:42] I couldn’t tell you how many companies are going to be compromised, because I honestly think that that number shifts depending upon what’s going on. And bringing that into focus right now, currently we have this pandemic that’s occurring. I think the amount of organizations that are going to be affected by this – not just by the pandemic but by the amount of malware and ransomware and all the other events that we have not yet seen that are coming, you’re going to see that number exponentially increase. So, at the end of the day, let’s say if that number is sixty to seventy-five percent of companies in the country have been compromised, I would believe that the remainder might have already been compromised and nobody is aware of it. That’s simply for the fact that they are not being monitored in the manner that they should be. It’s a matter of you don’t know what you don’t know.

Max: [01:38] You know, what’s the impact of compromise now for companies? What’s the effect of this, how does it affect them, what’s the by-product of it?

Ivan: [01:44] That brand reputation is so important, and I know that we can say that, and a lot of companies have come back from that. We can look at Sony, we can look at Home Depot and Target and the like, but still that thought remains there and sometimes companies don’t re-emerge from that type of scenario. So, first and foremost you want to say that the brand reputation is going to be damaged to a degree; people are going to think about spending their money with another brand. You know, Facebook gets compromised just about every other day and there are tonnes of people that are better using it and really don’t care one way or the other. I find that ridiculous, but at the end of the day there is also the financial aspect behind it as well that most people don’t see, the recovery of that data – that’s one, the recovery of the damages that have been done is another, and then they also have to pay for each of the individual’s data that has been compromised or divulged. They have to pay some type of protection for them for a year, for their credit – so there’s a lot of money that’s involved as well. So, brand reputation, you have finances that are going out and then to do business with a large entity that has already been compromised before… For example, if you were trying to do business with Walmart you have to have certain levels of security and have to go much deeper. What it does, it creates a great deal of in trepidation for the consumer, for the brand and then the other side for the brand, it’s going to cost them a lot of money – a lot of money.

Max: [03:23] So, I mean really what we’re talking about here is worst case you go out of business, best case you spend a ton of money and it’s painfully expensive for you?

Ivan: [03:31] Yeah, absolutely. Absolutely, and that’s why with security it’s so important to get ahead of it. People always think of security after the fact. Now, we really need to combine security in with everything else. So, when you look at SD-WAN, when you look at MPLS, when even the local devices that are going out – you and I had a conversation when I first met you Max, about remote desktops. You know, what a wonderful thing to have right now. If we – if everybody had that and that little device you know, that Chromebook and what a great solution; we could all work from home and there’d be no problems. Well, a lot of companies weren’t prepared for it because they didn’t see it coming. So, you know, we have to think forward with security, not just wait for it to occur.

Max: [04:19] What is dwell time?

Ivan: [04:23] It’s how long – how well can I hide from you, and how long can I be in that environment. So, truly it’s a game of hide and go seek. When… I was about to say when I’m in your environment – when a bad guy gets into your environment and you can’t see him and he is ploughing around going from that printer, that HP printer with that SSID that’s just sitting there saying “come in, because my default user and pass is still in here and that’s a great way to access the network”. Then the next thing you know, he’s bouncing around that environment because he didn’t have to go through a firewall – that is his dwell time. He is in your environment and you have not identified him. The bad guy – him or her – is moving laterally through your environment. It’s very difficult to see without the correct tools in place, because quite often we don’t look east-west, you know? Everybody wants to see what’s going through that firewall. Well, I got news for you: that USB stick that I’m dropping in the parking lot, or that somebody else is dropping in the parking lot that you pick up and put in that machine, that’s one way. How about a drone that your CEO just won and he took pictures and now he wants to download that and he brings it into the office and downloads those pictures off that drone that they’ve just won at some convention and guess what piece of code he’s going to download first when he plugs that in? Mine, and I’m now in his network and I’ve gotten past that firewall. We’ve got to think about how we’re getting in and what we do beyond that. I don’t even remember what the question was at this point, I’m just –

Max: [05:50] There’s a stat around dwell time, what is average dwell time today?

Ivan: [05:57] You know, dwell time started as approximately… almost nine months in when we really started paying attention to it. So, the bad guy was in the environment almost a full year. I think it’s been reduced down now to maybe about ninety days or so that somebody is in. There’s a lot of pieces that are used – the exfiltration of data outbound, that’s going to be an indication, or if you see communications back to a C&C server – command and control server – that is going to be an indication. So, there are some modifications that you can see outbound, but dwell time can very. Usually it was about six months and now I believe it’s probably down to about three or four right now. 

Max: [06:41] I mean when you tell me that somebody can be on a network for three or four months undetected, shouldn’t people be absolutely terrified of that thought process?

Ivan: [06:53] I would be! I mean, I think security people see things a bit differently, we have a tendency to be extremely paranoid. The other side of that is, we should be concerned about who’s in our environment that accountability. Let’s look at it in a different manner: the visibility that we used to have was purely internal, right, we looked at what’s behind our little crunchy shell. Ninety percent of the companies that I know are out there right now are using Office 365, and they’re using a great deal of apps that are in space now, right? So, with that our environment has moved out there, out to cloud beyond, and we have to make sure that’s secure as well. So, dwell time is extremely important to make sure you know who is doing what and who is not supposed to be doing what in your environment. It looks like Sally, it says it’s Sally, but that’s not Sally.

Max: [07:46] So, a while ago you showed me a slide and it was the different components of a holistic security approach for a company and I don’t think I’ve seen anything with more logos on it, ever. What are the components of a security posture for a business? You know, let’s start with the big bucks, right? They’ve got a firewall deployed, I mean, when you walk through that model, what are we really talking about for integrated security?

Ivan: [08:13] You know, like we talked about before: integrated security is truly a layered approach. Either you start on the outside and work your way in or you start on the inside and work your way out. So, if we start on the outside, yes – you have your firewall, and that’s great. Your firewall is that hard, crunchy shell that really doesn’t exist anymore, but it’s there. And then, moving forward if you really want to build, you should have some kind of monitoring device that’s sitting there, that’s looking at that traffic that’s coming into that firewall. What’s hitting that firewall? Understanding if there are devices that can be geofenced or that can be eliminated from hitting your firewall? And then, once you egress beyond that you want to see what made it through the firewall, so let’s put a sensor there as well. So, now I have sensors that are looking at what’s coming in or what’s hitting the firewall, so I’m now monitoring that traffic, right? I’ve now got some kind of traffic monitoring there. Beyond that, I need to understand what’s hitting my servers as well. There are a great deal of logs that are being generated from servers and routers and wireless devices – even users’ laptops. So, let’s collect that information as well. Where are we going to collect that? Well, let’s find that SIM that’s out there and put information there. Now, that’s great – now I have all these logs in one place but holy crap, what do I do with all that? Let’s correlate it together and let’s see if we can identify whatever we can from all this information. You want to talk about alarm paralysis, it’s there. So, you have your SIM and you have some kind of monitoring going on. Let’s go a little bit deeper with that monitoring going on, let’s take that SIM information and add something called IDS – and you know what that is, Max – IDS and IPS. So, you have your intrusion detection system, we have a device that has a signature that is based upon what it already knows, right? So, this is a standard of, “I’ve seen this command that’s hitting the wall, wait a minute, I’m also seeing signatures from my SIM that’s telling me this shouldn’t be happening, so now we’re getting correlation going on. I have that monitor that’s sitting on the inside and the outside of the firewall, I’ve got my SIM collecting all this information and I’m correlating it all together. Now, let’s look at the true problem and like I’ve said to you before, the problem truly is between the keyboard and the chair. So, we want to make sure we understand what the user is doing – one, and then two, making sure the user has training. That will be part of that overarching component as well, but I want to put something on that device, so I want to make sure that device is protected. Antivirus is great, absolutely. Next-gen is better, we talk about an EDR – I want to know if that device, not only is it getting malware, but is it extruding information that we should be aware of? If my laptop is sitting in Starbucks and it’s sending out a half a terabyte worth of data to… let’s go pick on Hong Kong today, right? Don’t you think I would want to know about that? It looks like malware but we’re losing a lot of data and this is company data, so that’s something else which you need to have. That gives you an EDR component. So, let’s tie that EDR component into that monitoring, into that IDS, into all the other apparatuses that you have, and let’s put that to a single pane of glass. Right, and let’s call that a SOC. Now you have somebody that’s monitoring everything that’s going on with your environment. Oh, I just said a really bad word – everything. Anytime anybody says we’re monitoring everything – run, because you’re not. The other thing that I’m a real stickler about because, I know if I was a hacker, how I would come in, and I’m going to come in by sitting in your parking lot and finding that printer or finding that one device. Or frankly, through Bluetooth. There’s a lot of software to find, radios that are out there. There are a lot of ways to get into an environment, so I want to know what that lateral traffic looks like in your environment too. And what that means is, it’s not going outside the internet, but it’s contained there within. That adds to your dwell time and everything else, and it just might be extruding a single byte of data going back to the command and control centre – somebody might not see that. So, if you take all those individual components together, that’s going to give you a very logical view of what’s going on within your environment. And lastly the last thing I’d layer on top of that is that IP fixer, that NetFlow data, and to understand really what is standard within your environment and what is obtuse. When we have all that together we have a really good idea of what’s occurring, but we have to also make sure that we know it’s not just signature based, we need to also look at that behavioural aspect as well. The last part about this is, no human is going to be able to ingest and understand all this data, so we have to bring in some type of understanding. If you want to call it machine learning, I’m all in with machine learning. If you want to call it AI… Okay, I’ll accept that as well. The reason why I’m a little iffy on AI is – I think you already know this Max – is because you had to teach it something already, it didn’t learn it by itself. If it learnt it by itself, that’s AI. I’ll let it go because I’m very passionate about that.

Max: [13:35] So, when I started in It a long time ago, the ratio was roughly sixty employees per IT person. Today, I’m seeing ratios of like a hundred and twenty to a hundred and fifty to one IT person. So, I mean – two questions: is security something that as a business leader I could expect my existing IT staff to be able to go out and buy boxes from vendors and buy subscription software and buy tools and integrate all this and use it, or am I looking at needing to go out and hire people to manage security for our company. Can I find these people? What does this actually look like, what are companies facing with this in the real world and what’s reasonable to expect and to achieve? 

Ivan: [14:23] You know, quite often I believe a lot of organizations believe we’re an SMB or we’re entry level or we’re a small guy; nobody wants our information, nobody wants our data. The IT guys can handle it and depending on the size of the organization they might be able to. But they also have to think about who they’re doing business with as well. Quite often, some of the industries right now will require you to have somebody monitoring and managing your environment. Can it be done in-house? Sure. I hope you’ve got a really good bank buff and you take care of your people, and good luck finding qualified security people. When I say qualified, let’s put some years behind then and let’s give them some certifications. When you get them, good luck keeping them, because you have to train them continuously and someone else is going to be knocking on their door. That being the case, you have to make sure you can keep them there. So, to hire a security person – there might be a few out there, but the ones that really understand all the different devices, the ones that can truly go through SIM and understand the deeper dive and what’s going on and the recesses of hunting for a bad guy in all that massive amount of the information that you’ve collected on your SIM or you’ve collected on your routers. Not having it be a thought at four-thirty in the afternoon after he’s patched a half-dozen machines in the last hour and he’s had to troubleshoot the CEO’s device and all these other things he’s done, and now you want him to look at some logs and see if there are any bad guys out there. I think really the focus has to be on some type of managed service or some environment where those alarms are going to somebody who is really just paying attention to that and is focused on that. In my view, organizations should be running their business. I’m not out there to create a widget. What I’m out there to do is to create an environment. To that widget creator, if you want to become a security entity, god bless and good luck. My advice would be absolutely. Let’s move towards managed service, and let’s understand that you’re not going to be able to hire the people you need, and they already have them. The folks that they have the experience that you want. You no longer have to worry about your security needs. On top of which, you’ve now hired a staff that you have 24/7/365 – they don’t get sick, they don’t go on vacation and they’re there any time you need them. If you have them correctly installed, they can handle an event at your location without waking you up at three o’clock in the morning on Christmas eve. Those are some of the things that we really need to think about. I always go for the massive drama but at the end of the day these things have happened. You know just as well as I do that if we don’t pay attention to it, the bad guys know when we’re on holiday, they know that COVID is here right now and that we’re suffering through it. They know that these checks are in the mail as we speak and the amount of malware and websites that are going to be out there right now to track that check or track anything else that’s there are phenomenal, and it’s no longer that email from Nigeria wanting to give you a half million dollars or so. These are very well-crafted events that are going on. 

MID-ROLL: [17:56] Hi, I’m Max Clark and you’re listening to the Tech Deep Dive Podcast. At Clarksys we believe tech should make your life better, searching Google is a waste of time, and the right vendor is often one you haven’t heard of before. With thousands of negotiated contracts, Clarksys has helped hundreds of companies source the right tech at the right price. You’re looking for a vendor and want to have peace of mind knowing you’ve made the right decision? Visit us at Clarksys.com to schedule an intro call.

Max: [18:19] So you mentioned earlier companies requiring their vendors to have security, and not to pick on them specifically but Target had a very public breach a few years ago, and that breach was tracked to their HVAC contractor – if I remember correctly. I imagine that HVAC contractors at that point didn’t think that they needed to have security for any reason, but can you talk about this and really how that affects the threat landscape for a company and what we’re talking about?

Ivan: [18:48] I think that HVAC contractor didn’t know what security was at the time, or even that he had to worry about it! Simply for the fact that if you want to do business with larger organizations – or even smaller organizations, of that manner, and especially if they’re publicly held or if they are in areas that have compliances like California or New York. Actually, there’s 43 states of the union that now have formal compliances. These things are a necessity to do business with them. You have to show your due diligence, that you have some type of security measurement in place. You have a SIM in place, you have – and you literally have to show this. Almost every organization that I know – that I deal with or any financial organization at a minimum has to have a penetration test. It has to have an assessment of their infrastructure and their organization. This is to show, to demonstrate to whomever they’re attempting to do business with that they are paying attention to their… they’re doing their due diligence to move forward. So, it’s almost a requirement that as you move forward, you know, if you want to grow your environment or you want to grow your business, the requirement is going to be some kind of managed service. 

Max: [20:00] But is that you know, security by checkbox. Do you have a SIM? Yes, I do – check. Do you have endpoint detection? Yes, check. Do you have this – I mean, is that actually giving us a better security posture or is that just filling out the boxes and checking the form? 

Ivan: [20:16] I’m going to play Devil’s advocate because I’d rather just shoot from the hip and be honest about it. Sometimes it is that way, quite often it’s not. Some of the CISOs especially understand that this is not necessarily a checkbox, we’re doing this to ensure that we can continue to do business, even during some type of incident. Whether that be malware or ransomware or whatever that is. The other side of that is, there are some organizations that feel that have to just check those boxes because it’s a requirement – I have absolutely seen that. I think at the end of the day, the larger percentage are those that truly get cybersecurity because they might have been compromised in the past or they have seen enough people in their vertical that have been compromised. Let’s look at just the local municipalities themselves, not to pick on the South but Texas was compromised at 28 different municipalities in one day. Yes, it was an MSP that got hit, but it was still 28 or 27 municipalities. Baltimore paid 1.5 million – they paid a half a million. Atlanta paid 1.5 million… It’s become evident that municipalities don’t have it, they don’t have security, so let’s just start hitting them, and that’s what’s occurring. If you see this and you can look in your industry, if you make widgets and your partner to the left or your partner to the right just got hit, guess who’s up next, right? They don’t really care who they are, they want to make money. When I say ‘they’, I mean the bad guys. It is a requirement and if you don’t pay attention to it, you’re going to get hit. Most likely, you probably already are compromised but you just don’t know it. 

Max: [21:58] So we see lots of news about companies being hacked and data being leaked and… Are we being desensitized to this? Oh, so and so just was breached and all my credit card data just got leaked out. Are we seeing something where this is turning into a like, ‘oh, this happens to everybody, whatever. We don’t need to worry about it.’ 

Ivan: [22:16] I think for the media, it’s publicized so often that they don’t even talk about it anymore, especially now, but to a degree it has become desensitized now. When you really start talking to the CISOs and they understand that their job is on the line – one, two, their brand reputation is on the line, they’re going to pay attention to it. So, it might have become desensitized to some of the general public or some people that just don’t think it’s that big of a deal, or they don’t have anything to offer. Oh, nobody wants my tiny widget, nobody wants the secret sauce from my barbecue. They just don’t want it. But at the end of the day, there’s more data there, so… Are you collecting credit cards, or what other information do you have? I think it’s a great question and I think the answer is both. The ones that get it and the ones that know it’s going to happen and that are due diligent enough to move forward are absolutely going to have a managed service. 

Max: [23:19] We haven’t talked about this yet, but we see phone systems and voicemails as a threat vector for companies and people track these systems all the time. What happens after you know, “okay whatever, you broke into my voicemail”, like what’s the worst that can happen? What is the worst that can happen if somebody breaks into your voicemail because you’re using a PIN that’s 1234 on it?

Ivan: [23:37] Well, if I can get into that one, what else can I get into, right? So, where else can I move within that environment. Can I utilize that particular voicemail to move forward up the chain? Maybe I get to the CEO, maybe I can run a scam. We’ve seen this a bit for some very large companies: “send me some gift cards or scratch ‘em offs and send pictures”, some of this is close to heart. We’ve seen this in a lot of different organizations. At the end of the day, yeah – that compromise can move forwards. When we look at email or anything of that nature, sometimes the crafty criminal or hacker or freaker – whatever you want to call them – will be able to hide their footprint by either deleting emails or reverting a document that they’ve read back to unread and truly covering their tracks. Then while in that environment, they’ll figure out who else they can relate to or while they impersonate that individual, how they can escalate up to maybe that person’s boss or another manager within that environment or move laterally there within. So, it’s a great tool to move forward, it’s a great starting place. Once the bad guy is in, they’re going to remain in and then move from one side of the playing field to another. What we need to do is to be able to identify that, figure out where they came in at, find the infection vector, close the infection vector and then get rid of the bad guy. 

Max: [25:08] I think it’s important to note also that you know, the goal of a lot of security compromises relate to financial gains. What is the financial ends to the mean and why was the compromise there? I had a customer who had their phone system breached, and it was that organized crime was using it for long distance minutes. You know, they ended up with a forty-thousand-dollar long distance bill after two days of usage. It was very financially painful for that company and they were liable for that call traffic, so…

Ivan: [25:37] Let me turn the tables and ask you a question. That’s something that I don’t see that often, so when it comes to UKAS or CCAS, are you seeing a lot of that in the environment, and will managed services also cover something of that nature?

Max: [25:53] I don’t think you see it as much with the big UKAS providers, because they are implementing their own security infrastructure to try and prevent this from happening. The smaller, independent UKAS vendors, absolutely, because you’ll start talking about a thread vector that’s a little more… it’s a larger footprint. If you have a provisioning system, that phone is talking to a provisioning system and giving its MAC address and downloading the configuration. Well, that configuration the phone downloads says, “what’s the username and password in order to send phone calls,” right? So, if you can find and exploit and send MAC addresses out of a provisioning system and figure out one that works – and this is a common exploit – now you have an authenticated account to make phone calls with. In lots of cases, there’s no limit to how many SIP calls you can make through an endpoint. So, depending on how that provider is configured – so now, this is a threat necessarily against that provider. The example I gave you, the customer was configuring their own phones, because they went out and purchased a SIP trunking service and they had credentials to send some traffic, and did not realize their phones had web servers built into them for management and usability. The web service had a default password and the phone was connected to the internet. What happened was somebody found the phone footprint, they were probably just scanning, looking for what could come back, and then it came back, you know – this is this type of phone. They went, and then tried a default username and password on the phone and that popped up and they said, “oh great!”. And then what did they do? They reconfigured the phone, ran traffic through it and they shoved forty-thousand-dollars’ worth of long-distance traffic through that phone over two days, it was Friday, Saturday, Sunday. By the time that was detected, you know, the customers’ belief was that their service provider should have prevented it and blocked this, and that turns into a completely different can of worms. What ended up happening out of that was that – the contract was very clear: what you send to us and we terminate, you’re going to pay us for. They had to write a very big check at the end of it. 

Ivan: [28:08] Wow, so they actually had to pay? 

Max: [28:12] It was a very expensive lesson!

Ivan: [28:13] That kind of brings us right to you know, maybe that should have been a managed service as well? It would have saved a great deal of money there. 

Max: [28:21] You know, there’s lots of hindsight things, right? What I’m looking for and what we talk about, what I’m always very curious about when I talk to you is, what information can we give to people so they’re not learning lessons from hindsight, or it’s a “this won’t happen to me” kind of things? Once you have an event – and I’ve got lots of stories of these, once you have an event, then you have hindsight and you’ll say, “maybe we shouldn’t have done it that way”, and that may or may not – that impact you were talking about, municipalities, and this really isn’t about the point here. I had a hospital customer who thought that their security policies, their MBCDR policies and procedures were appropriate and that they had everything handled. They had a ransomware attack and they ended up having to transfer their patients out of the hospital to other hospitals. So, when you’re talking about an event where you’re taking people and putting them on stretchers and wheeling them down the aisles and your corridors onto ambulances and then driving them to another hospital… I mean, that’s a really significantly serious event and not only was that massively disruptive to their purpose as a care facility, but the outcome of that and financial impact for the organization was devastating. 

Ivan: [29:40] Sure, and then you also have to take into consideration any of the HIPAA violations that might have occurred there too and the fines that might have been levied against that organization. 

Max: [29:52] It was a very painful learning lesson; is how I’d put it. So, I mean Ivan, we could probably talk for days and days and days about security. If somebody is only going to listen to a forty-second sound bite from you, what’s important that you’d want them to hear and think about?

Ivan: [30:12] Max, you and I have both been doing this for a really long time. The thing they have to get is that it is going to happen, so let’s be prepared for it. I’m watching this virus that’s touching people right now and I remember back in the days when we used to do viruses you know, in the network, and then we would watch it spread throughout different networks – we had to find the infection vector. I think we really need to be due diligent about what we do and how we do it. One of my themes is ‘be careful what you click on’, that’s actually don’t click on stuff – well, stuff is not the word, but it’s important that we all pay attention to security. The thing that I’d want to leave everyone with is that plain and simply this: security is not or should not ever be an afterthought at this point. It should be whatever you want to do in security as part of the initial play, not as an afterthought. So, we have to make sure that security is there from the beginning, no matter if we’re architecting a new environment, a cloud environment, a phone system. I know even telephone denial service is something that is now falling into my daily work. I’ve never dealt with that because it’s always been network security, but this is now more and more prevalent. We now all as individuals have to be very cognisant of what we do and how we do, and we have to pay attention to security from the beginning and not just as an add-on, and to rely upon the experts to do their job as people or as – or going throughout their gig, doing their job. 

Max: [31:54] I mean, you said telephone denial. I mean, denial of service attacks and ransomware really are denial of resources that a company own or pay for, right? So, any resource that you have or that you own or pay for, is there an attack that somebody could take and deny you access to that resource, and what would that actually mean to you in terms of your operations?

Ivan: [32:13] Well, not being able to utilize what you’ve already paid for has got to be a pain in the ass, right? So, you know. I’ve got my server here, I’ve got my internet connectivity, what do you mean I can’t get online? Tell the kid to stop playing, what is it? Well, it’s not that, right? Somebody has got a whole bunch of cameras across the street and the kid three blocks down has turned all those cameras into a botnet and now he’s DDoS’ing you or DDoS’ing your company. I think we’re in for even larger attacks than that if we saw the East Coast two or three years ago, when we had some major DNSs that were DDOS. So, we’ve got to pay attention to all of it, right? What are we putting online and how are we utilizing it, and let’s be intelligent about how we move forwards.

Max: [32:55] Ivan, thank you very much for your time, it’s always a pleasure talking.

Ivan: [32:58] Thanks Max, we’ll talk to you soon. 

OUTRO: [33:01] Thanks for joining the Tech Deep Dive podcast. At Clarksys we believe tech should make your life better, searching Google is a waste of time, and the right vendor is often one you haven’t heard of before. We can help you buy the right tech for your business. Visit us at Clarksys.com to schedule an intro call.