Dana Mantilia on Why Humans are the Weakest Link in CyberSecurity

In this episode, Frank and Andy interview Dana Mantilia on Why Humans are the Weakest Link in CyberSecurity.Watch Original Livestreamhttps://www.linkedin.com/posts/frank-lavigne_data-driven-live-with-dana-mantilia-activity-6735628251328204800-QjwqShow NotesComing soon!TranscriptAI Generated00:00:05 BAILeYHello and welcome to data driven.00:00:08 BAILeYThe podcast where we explore the emerging fields of data science, machine learning and artificial intelligence.00:00:16 BAILeYIn this episode, Frank and Andy speak to Dana Mantilia about cybersecurity and why companies are not investing their time and attention where they should be.00:00:26 BAILeYThis episode was originally recorded on a live stream and this was the first time we had a guest join us on the life stream for a show.00:00:34 BAILeYSeason 4 just keeps the innovations coming.00:00:38 BAILeYWithout further ado, here are your hosts Frank Lavigna and Andy Leonard.00:00:44 FrankAlright, thanks for tuning into data driven. If you're watching this live, thank you for taking time out of your day. I realize this being the lead up to the Holidays. Things are kind of hectic. I know in Chateau Lavigna things are very hectic today.00:00:59 FrankWe00:01:00 FrankAndy and I are happy to announce a new guest that we have with us. I first saw her on LinkedIn when she would do these really cool training videos.00:01:10 FrankOn basically security topics.00:01:14 FrankAn with with Black Friday, literally a week from now Cyber Monday and the just the The Creativity alarmingly creative and flexibility of scammers that we've had in light of the kovid, pandemic etc etc.00:01:32 FrankI figured it would be worth having kind of a good discussion about just the basics of cyber security and why it's important my wife happens to be in the cyber security field, so I'd like to think that I'm better prepared, but I know if you think you're better prepared, that's probably a vulnerability.00:01:50 FrankSo welcome to the show, Dana.00:01:52 DanaWell, thank you for having me nice to be here.00:01:55 FrankSo this is you are actually the 1st guest. We're going to have on the show that we interviewed live on a live stream first on video.00:02:02 DanaVery honored, very.00:02:03 FrankHonored so awesome. We're trying to push the boundaries for season four, so tell us a little bit about you and your company for those that haven't seen your videos on LinkedIn.00:02:15 DanaOK sure yeah. My name is Dana Mantilia an I am the founder of identity Protection Planning an we tried to help educate people in very layman's terms on how they can protect themselves from identity thieves and cybercriminals. And so we have a variety of different kinds of training. Either you know, training data, webinars, some videos or we have an on line.00:02:35 DanaPlatform that's short little videos that everyone is required to watch.00:02:38 DanaAnd just to kind of start spreading the word, I mean cybersecurity is not going away and unfortunately the the frontline workers are the people that really are maybe not educated on it and they also are the ones that are clicking on things they shouldn't be clicking on so.00:02:54 FrankNo, so that's a good point. So one of your most recent videos, and this is the one that made me think we should have her on the show.00:03:00 FrankWas the one the gift card scam and how?00:03:04 FrankSomebody in your organization got snared up in this.00:03:08 DanaYeah, I mean it's.00:03:09 DanaIt's crazy, I mean that the way that I did that little video is how exactly how it happened. She came to my office door with her codon and I said, well, why do you have your code on and she said, oh I'm going to get that stuff you need and I said well, what stuff are you talking about? And she said this stuff, we were just messaging back and forth about. I said I was. I've been sitting here at my office just doing work I didn't.00:03:28 DanaMessage you about anything.00:03:30 DanaSo then she showed me and they they person initially sent an email that looked like it was kind of from my email very similar, which is always usually what they do. And then you know the urgency factor. I always tell people when there's a sense of urgency. We have to stop and say, is this really a big big emergency here to go buy gift cards? But people want to please their boss so they get these emails and they act upon them.00:03:50 DanaSo she then then the person said, can you give me your email? I mean your cell phone. I wanted to text you this. So then the conversation jumped over to her cell phone and now they're texting back and forth and she said, well, how am I going to pay for these?00:04:02 DanaAnd then he said, well, you know what? Just when you get to the store, read off the numbers in the back of the card and then when you get back I'll reimburse you. So they were. I mean, it was just back and forth and back, but anybody would have fallen for this anybody.00:04:13 FrankWow, the thing that struck me is the most insidious part.00:04:17 FrankIt's how they moved away from email pretty early in the process, because maybe I mean it was a good. I mean, there's a I don't know. As a data scientist, I I hate giving out statistics, but let's say it was a 5050 chance that that person had your cell.00:04:30 FrankPhone number.00:04:31 FrankMillimeter like an an. It's a good gambit for them because I guess they didn't have your number already saved in their phone, so they could have this whole conversation with you, right? Yeah, an I would assume that folks in your organization are well trained.00:04:46 DanaWell, we're at least talking about this stuff right times. That's that's a startling factor, is that?00:04:52 DanaYou know we're talking about all these things all the time and we we totally almost fell for it so.00:04:57 FrankWell, I never disclosed this publicly.00:05:00 FrankUntil I'll do it now is that one time Microsoft? I work for Microsoft, they they pay the mortgage, they pay for the electricity and it goes through the my little monitor display there.00:05:12 FrankBut they will routinely send out kind of phishing emails.00:05:16 FrankAnd it will be like urgent you have to, like, you know, do this because your expense report or something like this. And I shouldn't admit this publicly, but I did I was driving. I see this like emergency thing come through. I'm like the screen and I'm like.00:05:30 FrankSo I didn't think I clicked on it and it it got it. It it it got a there was there was there should have been an animated GIF of like somebody?00:05:38 FrankAt the company doing this, but it was like this. It was this like badge of shame of like hey you fell for this uh huh.00:05:45 FrankYou know, and I was like crap and I was like I learned. 2 lessons one.00:05:51 FrankPull over first.00:05:53 FrankIf I can't mouse over the link.00:05:56 FrankProbably shouldn't click on it, right?00:05:58 FrankAnd three is just.00:06:00 FrankThat sense of urgency.00:06:01 FrankUm was what really like, and maybe there's a psychological thing to this where it just tricks off like this. The primordial brain, or I know there's the three brain model and Andy and I go off on tangents a lot. Dan, I should warn you, but not us. Ultimately the idea is that once you're kind of anxious about something right, your higher brain functions are going, if not shut off kind of be pushed aside.00:06:24 FrankAnd all you have to do is click the link to get your answer or whatever I mean.00:06:28 FrankIt seems like these folks are well versed in this type of psychology.00:06:33 DanaYeah, and they also know too that you know every when you're on your mobile, everybody is rush rush rush rush rush for rushing on the mobile phone all the time and that is a little scary because sometimes even when you look on the mobile you can't even see who it's from. It'll it'll you know. Just say a name or something like even some of the Apple ones that come out. Don't say oh it's from Apple, but that's not the exact. Doesn't show you the phone number or whatever it is. It's just.00:06:55 DanaSummer has put up there. As you know The Who it's from kind of thing, so yeah.00:07:00 DanaThere's a lot of things we need to all.00:07:01 DanaStart doing or not doing.00:07:03 FrankRight, it's it's an interesting. It's just fascinating that with all this advances in cybersecurity, and I've seen a lot of the things that the technical we're not going to go into.00:07:14 FrankHumans are like the weak link.00:07:16 DanaYeah.00:07:18 FrankThat's crazy.00:07:20 DanaYeah, definitely, and that's the frontline to most of the stuff and you know the urgency factor just to go back to that real quick one. Scam that that that is targeted at seniors.00:07:29 DanaIs the grandparent scam, and So what they do is they will call up and pretend that there's someone's grandson or granddaughter and something crazy happened like there's held hostage in a Mexican jail or something and they need to have money right away wired to them so that they can, you know, get out of there. So then to make it even sound more valid, they put the prison...