WEBVTT - Businessweek Extra- Fortalice CEO

0:00:02.520 --> 0:00:06.520
<v Speaker 1>This is Bloomberg Business Week from Bloomberg Radio. I'm Carol

0:00:06.559 --> 0:00:09.000
<v Speaker 1>Masser and I'm Tim Stunk. Welcome to the Bloomberg Business

0:00:09.039 --> 0:00:11.840
<v Speaker 1>Week Extra, our weekly podcast bringing you a highlight or

0:00:11.920 --> 0:00:14.560
<v Speaker 1>favorite or just really cool interview from the week. This one,

0:00:14.640 --> 0:00:17.079
<v Speaker 1>it is a cool one. It's a timely discussion considering

0:00:17.079 --> 0:00:19.520
<v Speaker 1>the Bloomberg exclusive on the group of hackers who breached

0:00:19.560 --> 0:00:22.560
<v Speaker 1>a massive trove of security camera data and coming on

0:00:22.600 --> 0:00:25.479
<v Speaker 1>the heels of two other major hacks. That's right, China's

0:00:25.480 --> 0:00:28.480
<v Speaker 1>global attack on Microsoft's popular email software. Tim, we got

0:00:28.520 --> 0:00:30.920
<v Speaker 1>that last week or just about a week ago, and

0:00:30.920 --> 0:00:34.360
<v Speaker 1>then of course the equally sprawling Russian attack discovered three

0:00:34.360 --> 0:00:36.160
<v Speaker 1>months ago. A lot of folks are saying, we're not

0:00:36.360 --> 0:00:38.720
<v Speaker 1>talking about all of this enough, and the stakes are

0:00:38.760 --> 0:00:41.440
<v Speaker 1>getting even higher when it comes to cybersecurity. And once

0:00:41.479 --> 0:00:43.800
<v Speaker 1>you listen to this interview, you they want to think

0:00:43.840 --> 0:00:47.080
<v Speaker 1>twice about your home security cameras and connected home devices.

0:00:47.120 --> 0:00:50.720
<v Speaker 1>It certainly helped me think more about that great voice

0:00:50.720 --> 0:00:53.400
<v Speaker 1>on this right, it's Theresa Peyton, former White House Chief

0:00:53.440 --> 0:00:55.960
<v Speaker 1>Information Officer. Tim. She was the first woman to hold

0:00:55.960 --> 0:00:58.960
<v Speaker 1>that position at the White House. She's also CEO at

0:00:58.960 --> 0:01:05.080
<v Speaker 1>the cybersecurity advisorn strategy firm fortis this particular attack, although

0:01:05.120 --> 0:01:10.319
<v Speaker 1>it's incredibly unfortunate because personal and confidential information was surveiled

0:01:10.319 --> 0:01:15.160
<v Speaker 1>as these um hackers alerted everybody um and turned you know,

0:01:15.200 --> 0:01:18.759
<v Speaker 1>most everything over. But what does that mean for other

0:01:18.840 --> 0:01:24.200
<v Speaker 1>hackers who potentially took advantage of this super admin access,

0:01:24.360 --> 0:01:29.240
<v Speaker 1>this password that was out in password dumps of past

0:01:29.319 --> 0:01:32.039
<v Speaker 1>data breaches. They're probably not the only ones who took

0:01:32.040 --> 0:01:34.840
<v Speaker 1>advantage of that type of access, And so what does

0:01:34.840 --> 0:01:38.400
<v Speaker 1>that mean? UM? So a couple of things, UM, this

0:01:38.880 --> 0:01:43.240
<v Speaker 1>is an avoidable situation. Having super admin accounts should be

0:01:43.280 --> 0:01:48.120
<v Speaker 1>incredibly rare, and this password should be changed very frequently.

0:01:48.480 --> 0:01:50.640
<v Speaker 1>That can be a great way to avoid something like

0:01:50.720 --> 0:01:54.320
<v Speaker 1>this from happening, or to at least minimize the damages

0:01:54.440 --> 0:01:57.920
<v Speaker 1>from the surveillance. The other thing that all companies can do,

0:01:57.960 --> 0:02:02.080
<v Speaker 1>not just for cameras, but or employee access and very

0:02:02.120 --> 0:02:07.600
<v Speaker 1>like critical information access is create a log in behavior

0:02:07.680 --> 0:02:12.640
<v Speaker 1>analysis where you look at behavioral patterns. What times of

0:02:12.760 --> 0:02:16.560
<v Speaker 1>day does this particular user or system log in, what's

0:02:16.600 --> 0:02:20.120
<v Speaker 1>the Internet services provider they usually log into you? From,

0:02:20.160 --> 0:02:24.239
<v Speaker 1>what operating system? What type of device is being used?

0:02:24.520 --> 0:02:26.800
<v Speaker 1>All of those can give you some baselines and some

0:02:26.919 --> 0:02:29.560
<v Speaker 1>clues because you and I are creations of habit and

0:02:29.600 --> 0:02:31.880
<v Speaker 1>when you see an anomaly, that could be a warning

0:02:32.360 --> 0:02:36.280
<v Speaker 1>that that is not the system or the person who's

0:02:36.320 --> 0:02:39.240
<v Speaker 1>the authorized user. It could be somebody else. You know.

0:02:39.240 --> 0:02:41.200
<v Speaker 1>It's interesting too because I find if I log in

0:02:41.280 --> 0:02:43.679
<v Speaker 1>on certain accounts and they're like, wait, we don't recognize

0:02:43.680 --> 0:02:46.239
<v Speaker 1>this device that you're on, I certainly get a red flag.

0:02:46.639 --> 0:02:48.480
<v Speaker 1>I feel like this should be the norm. Is it

0:02:48.560 --> 0:02:50.680
<v Speaker 1>not the norm? And you talk about the you know,

0:02:50.760 --> 0:02:54.640
<v Speaker 1>admin account, it just sounds like these are basic cybersecurity

0:02:55.000 --> 0:02:57.120
<v Speaker 1>steps to be taken, you know. But if you look

0:02:57.160 --> 0:02:59.079
<v Speaker 1>across the country, are we not doing it? If we

0:02:59.120 --> 0:03:04.120
<v Speaker 1>look across government, are these not being kind of normally done? Yea.

0:03:04.240 --> 0:03:09.160
<v Speaker 1>Oftentimes it's not being done, and the burden rests squarely

0:03:09.400 --> 0:03:14.000
<v Speaker 1>on the shoulders of businesses, government organizations, and users. I mean,

0:03:14.000 --> 0:03:16.840
<v Speaker 1>in this particular instance, you would think, if you're buying

0:03:16.880 --> 0:03:21.480
<v Speaker 1>a security camera, it should be secure out of the box,

0:03:21.560 --> 0:03:24.639
<v Speaker 1>and but the burden is actually on the business to say, well,

0:03:24.680 --> 0:03:26.040
<v Speaker 1>wait a minute, let's make sure it doesn't have a

0:03:26.120 --> 0:03:28.560
<v Speaker 1>default password. We'll wait a minute, let's let's make sure

0:03:28.639 --> 0:03:31.280
<v Speaker 1>we have logging behaviors, you know, all of those things.

0:03:31.800 --> 0:03:35.720
<v Speaker 1>Many businesses who don't do cybersecurity for a living expect

0:03:35.800 --> 0:03:38.440
<v Speaker 1>that to be in there, out of the box. And

0:03:38.600 --> 0:03:41.720
<v Speaker 1>I keep asking the question, well, why isn't it, Like,

0:03:41.840 --> 0:03:44.880
<v Speaker 1>why do we continue to put this burden on the

0:03:44.920 --> 0:03:48.520
<v Speaker 1>purchaser of the technology. So that's a big reason why

0:03:48.600 --> 0:03:52.080
<v Speaker 1>it's still missing from sort of daily operating routines of

0:03:52.080 --> 0:03:55.360
<v Speaker 1>many organizations. There when you look at in a world

0:03:55.360 --> 0:03:58.200
<v Speaker 1>that I think about even my home, these smart homes, right,

0:03:58.240 --> 0:04:01.000
<v Speaker 1>and we talk about smart cities and all these things

0:04:01.040 --> 0:04:03.960
<v Speaker 1>that are in many ways making our world more connected,

0:04:04.800 --> 0:04:07.600
<v Speaker 1>easier in some regards, But I wonder how much it's

0:04:07.600 --> 0:04:11.200
<v Speaker 1>making it more vulnerable to our world easily being shut down.

0:04:11.320 --> 0:04:14.640
<v Speaker 1>How do you see it? Yeah, I mean I I

0:04:14.680 --> 0:04:18.400
<v Speaker 1>do believe we have reached sort of this critical mass

0:04:18.520 --> 0:04:23.039
<v Speaker 1>where technology is truly ubiquitous. I mean to the point

0:04:23.040 --> 0:04:26.839
<v Speaker 1>where you don't even realize it's there. Between the smart

0:04:26.880 --> 0:04:31.720
<v Speaker 1>devices in your home, the cameras in your laptops, your tablets.

0:04:32.240 --> 0:04:34.320
<v Speaker 1>Maybe you have a camera on your door, maybe you

0:04:34.440 --> 0:04:37.960
<v Speaker 1>unlock your door using an app on your phone. All

0:04:38.000 --> 0:04:42.400
<v Speaker 1>of those different conveniences and advancements we have in our

0:04:42.440 --> 0:04:45.040
<v Speaker 1>lives that some of us have learned, you know, like

0:04:45.160 --> 0:04:48.120
<v Speaker 1>you can't live without them. For many people UM, they

0:04:48.160 --> 0:04:52.880
<v Speaker 1>are collecting patterns of life, and so that the challenge

0:04:52.920 --> 0:04:56.200
<v Speaker 1>that we have is is our inability to secure data

0:04:56.760 --> 0:05:01.400
<v Speaker 1>all UH this camera hacking, Allah wins, Microsoft, you know

0:05:01.520 --> 0:05:06.360
<v Speaker 1>name the last SUF team, organizations that have been victims

0:05:06.400 --> 0:05:10.039
<v Speaker 1>of a cybercrime. UM that data, as it gets collected,

0:05:10.560 --> 0:05:13.120
<v Speaker 1>could in fact, in the future be used to do

0:05:13.200 --> 0:05:16.320
<v Speaker 1>a digital walk in on your life or mine. Those

0:05:16.440 --> 0:05:19.640
<v Speaker 1>patterns are things that are used to identify you and

0:05:19.680 --> 0:05:23.440
<v Speaker 1>I UM to give us health insurance, to create credit scores.

0:05:23.600 --> 0:05:25.880
<v Speaker 1>And the question is is when do you and I

0:05:25.920 --> 0:05:28.960
<v Speaker 1>get to opt in or opt out at that data

0:05:29.000 --> 0:05:32.240
<v Speaker 1>collection and have it be aggregated under our name. Well,

0:05:32.240 --> 0:05:35.680
<v Speaker 1>we don't write. I mean like you think about anytime

0:05:35.680 --> 0:05:37.880
<v Speaker 1>you try to do something, if you don't opt in

0:05:38.000 --> 0:05:42.160
<v Speaker 1>or agree basically to those documents that nobody can read,

0:05:42.640 --> 0:05:45.720
<v Speaker 1>you know, you can't access something. You know, you're increasingly

0:05:45.720 --> 0:05:48.000
<v Speaker 1>your hands are tied. In terms of society. I have

0:05:48.040 --> 0:05:50.479
<v Speaker 1>a question for you, and this is something that that's

0:05:50.480 --> 0:05:53.239
<v Speaker 1>stuck with me many times. I did panels with UM

0:05:53.560 --> 0:05:57.720
<v Speaker 1>tech leaders tech CEOs who would be like, yeah, um,

0:05:57.720 --> 0:05:59.920
<v Speaker 1>my kid, I limit how much they're on social media. Yeah,

0:06:00.040 --> 0:06:01.640
<v Speaker 1>I don't let my kid really spend a lot of

0:06:01.640 --> 0:06:06.599
<v Speaker 1>time on a laptop or something. Do you limit kind

0:06:06.640 --> 0:06:09.839
<v Speaker 1>of security access in your in your life, whether it's

0:06:09.920 --> 0:06:12.840
<v Speaker 1>cameras or smart homes or anything like? How do you?

0:06:13.240 --> 0:06:16.599
<v Speaker 1>Because you're concerned, because you see the risk that's out there.

0:06:17.880 --> 0:06:22.200
<v Speaker 1>I do so. For example, UM, we do have security cameras.

0:06:22.200 --> 0:06:26.200
<v Speaker 1>They're outside the house. Uh, and and I managed them

0:06:26.240 --> 0:06:30.360
<v Speaker 1>and I specifically didn't want baby cams in the house,

0:06:30.640 --> 0:06:32.760
<v Speaker 1>um when my children were small, and I didn't want

0:06:32.800 --> 0:06:35.200
<v Speaker 1>cameras inside the house. As a matter of fact, we

0:06:35.240 --> 0:06:39.880
<v Speaker 1>actually have, um, a couple of smart home devices, you

0:06:39.920 --> 0:06:43.400
<v Speaker 1>know those assistants like Alexa and Google Home. And we're

0:06:43.520 --> 0:06:45.360
<v Speaker 1>very specific where they are. As a matter of fact,

0:06:45.400 --> 0:06:48.600
<v Speaker 1>they're located near our two rescue Great Pyrenees. And when

0:06:48.640 --> 0:06:51.640
<v Speaker 1>we leave the house, they the Pyrenees like to listen

0:06:51.640 --> 0:06:54.320
<v Speaker 1>to Ella Fitzgerald when we're not so who doesn't like

0:06:54.400 --> 0:06:57.159
<v Speaker 1>to listen to Ella? I mean right that they have

0:06:57.200 --> 0:07:00.080
<v Speaker 1>good case. But we'll actually just to make it a

0:07:00.160 --> 0:07:03.760
<v Speaker 1>point with my children, UM, when we're talking about family

0:07:03.760 --> 0:07:07.280
<v Speaker 1>matters or school or anything in particular that you wouldn't

0:07:07.279 --> 0:07:09.760
<v Speaker 1>want to broadcast out on the internet. We make it

0:07:09.840 --> 0:07:12.960
<v Speaker 1>a point as a family to unplug those devices. We

0:07:13.040 --> 0:07:15.520
<v Speaker 1>make it a point to make sure that those Internet

0:07:15.520 --> 0:07:18.880
<v Speaker 1>of things devices are not as part of the family conversation.

0:07:19.080 --> 0:07:21.600
<v Speaker 1>I mean, how many times have you said something to

0:07:21.680 --> 0:07:24.440
<v Speaker 1>somebody and Serie wakes up and says, I'm sorry, I

0:07:24.520 --> 0:07:29.240
<v Speaker 1>didn't understand you. Too many? Too often? Exactly exactly, So

0:07:29.440 --> 0:07:33.040
<v Speaker 1>there is a way to integrate this technology to make

0:07:33.080 --> 0:07:38.040
<v Speaker 1>it work on your behalf. Just always understand that everything

0:07:38.160 --> 0:07:41.040
<v Speaker 1>is hackable, and so you just have to be thinking

0:07:41.040 --> 0:07:44.720
<v Speaker 1>about when this is compromised, what did it have access to?

0:07:45.560 --> 0:07:48.360
<v Speaker 1>How could it be damaging to my family and friends

0:07:48.400 --> 0:07:50.840
<v Speaker 1>who may have come in contact with it, And you'll

0:07:50.840 --> 0:07:53.400
<v Speaker 1>operate a little differently and you'll be able to mitigate

0:07:53.880 --> 0:07:56.560
<v Speaker 1>the damages that happen. And it's the same thing for business.

0:07:56.760 --> 0:08:00.040
<v Speaker 1>Just thinking about that technology. It's great to have of

0:08:00.480 --> 0:08:02.880
<v Speaker 1>just assume it will be compromised. So what would the

0:08:02.920 --> 0:08:07.640
<v Speaker 1>downstream impacts be if it were. It's like something to

0:08:07.720 --> 0:08:09.600
<v Speaker 1>really really think about. Well, so then do you think

0:08:09.600 --> 0:08:13.000
<v Speaker 1>like the story that our William Turton did, um you

0:08:13.040 --> 0:08:16.760
<v Speaker 1>know about these group of hackers that say they breached

0:08:16.800 --> 0:08:21.600
<v Speaker 1>all these security camera uh, you know, security cameras uh

0:08:21.720 --> 0:08:24.840
<v Speaker 1>and their data collection to kind of show and remind

0:08:24.880 --> 0:08:26.680
<v Speaker 1>the world or show the world kind of in an

0:08:26.680 --> 0:08:30.680
<v Speaker 1>expose of like look at how easily you can be exposed?

0:08:30.880 --> 0:08:32.880
<v Speaker 1>Are they in many ways? Do you think doing us

0:08:32.880 --> 0:08:35.559
<v Speaker 1>a service? And will people kind of wake up because

0:08:35.600 --> 0:08:39.920
<v Speaker 1>of this? I wish I could say this would be

0:08:39.960 --> 0:08:44.280
<v Speaker 1>everybody's wake up call, but everybody is so stressed and dizzy,

0:08:44.320 --> 0:08:47.320
<v Speaker 1>and during this time of pandemic, we're all told to

0:08:47.320 --> 0:08:49.480
<v Speaker 1>be away from each other. You know, before the pandemic,

0:08:49.559 --> 0:08:52.199
<v Speaker 1>we were worried about screen time, and now we're worried

0:08:52.240 --> 0:08:55.679
<v Speaker 1>about being within six feet of other people. UM. The

0:08:55.679 --> 0:08:59.440
<v Speaker 1>other thing that I would say is I researchers who

0:08:59.559 --> 0:09:04.480
<v Speaker 1>do UM ethical hacking and produce the results. It does

0:09:04.559 --> 0:09:09.280
<v Speaker 1>provide the greater good a good service. My caution to

0:09:09.440 --> 0:09:12.480
<v Speaker 1>this group and other groups like them, as you could

0:09:12.520 --> 0:09:15.840
<v Speaker 1>really do it with the right rules of engagement and approach,

0:09:16.120 --> 0:09:20.480
<v Speaker 1>because you could have unintended consequences when you jump into

0:09:20.559 --> 0:09:23.800
<v Speaker 1>something like this where you could have actually taken very

0:09:23.880 --> 0:09:27.480
<v Speaker 1>important cameras by accident offline while you were doing what

0:09:27.520 --> 0:09:30.439
<v Speaker 1>you were doing, and what if those cameras were vital

0:09:30.520 --> 0:09:34.000
<v Speaker 1>and important to national security and safety. So I always

0:09:34.040 --> 0:09:37.959
<v Speaker 1>caution just because you can and you've got good intent,

0:09:38.600 --> 0:09:41.400
<v Speaker 1>doesn't mean you should like really understand the rules of

0:09:41.440 --> 0:09:45.240
<v Speaker 1>engagement before you engage in ethical white hack hacking. I

0:09:45.280 --> 0:09:47.880
<v Speaker 1>know it's a good interview when our head of technical

0:09:47.880 --> 0:09:50.720
<v Speaker 1>operations here at radios like sending me messages and like

0:09:50.960 --> 0:09:54.360
<v Speaker 1>commenting on things you're saying, Like, I just know people

0:09:54.440 --> 0:09:57.400
<v Speaker 1>in general are just listening. So what's your advice? Just

0:09:57.400 --> 0:10:00.640
<v Speaker 1>got about forty seconds, Um, Theresa, you know you understand

0:10:00.640 --> 0:10:03.200
<v Speaker 1>this world. You're talking to companies, you're talking to individuals.

0:10:03.559 --> 0:10:05.559
<v Speaker 1>What can we all do or at least what's one

0:10:05.640 --> 0:10:07.520
<v Speaker 1>step that we should be taking when it comes to

0:10:08.200 --> 0:10:12.760
<v Speaker 1>cybersecurity and concerns? Yeah, I think one step is have

0:10:13.040 --> 0:10:17.040
<v Speaker 1>a playbook. Assume you could be breached or your technology

0:10:17.040 --> 0:10:21.040
<v Speaker 1>could fail you, and practice a digital disaster. It's the

0:10:21.080 --> 0:10:23.120
<v Speaker 1>best thing that you can do to understand where your

0:10:23.160 --> 0:10:26.880
<v Speaker 1>gaps your holes are. And hopefully you'll never need the playbook,

0:10:27.160 --> 0:10:28.720
<v Speaker 1>but it can be a great way to just sort

0:10:28.720 --> 0:10:32.200
<v Speaker 1>of get everybody rallied around trying to prevent that event

0:10:32.280 --> 0:10:35.040
<v Speaker 1>from happening. That was Theresa Peyton, former White House Chief

0:10:35.080 --> 0:10:38.800
<v Speaker 1>Information Officer and CEO at Ford List you've been listening

0:10:38.840 --> 0:10:40.959
<v Speaker 1>to Bloomberg Business Week Extra, be sure to listen to

0:10:41.000 --> 0:10:44.040
<v Speaker 1>our Bloomberg Business Week Daily radio show, airing live Monday

0:10:44.040 --> 0:10:46.880
<v Speaker 1>through Friday at two pm Wall Street time on Bloomberg Radio.

0:10:47.120 --> 0:10:49.480
<v Speaker 1>Watch us too on our daily broadcast on YouTube just

0:10:49.520 --> 0:10:52.280
<v Speaker 1>search Bloomberg Global News and you can also see me

0:10:52.320 --> 0:10:55.480
<v Speaker 1>on Bloomberg Quick Take, available at Bloomberg dot com, slash qt,

0:10:55.640 --> 0:10:58.600
<v Speaker 1>and then streaming platforms like Roku, Apple TV, Samsung TV,

0:10:58.760 --> 0:11:01.040
<v Speaker 1>and more. I'm Tim stead Of and I'm Carol Manzer.

0:11:01.400 --> 0:11:08.839
<v Speaker 1>This is Bloombergh