EPISODE 23
What the last 30 years of cyber risks tells us about what’s ahead

EP 23: What the last 30 years of cyber risks tells us about what’s ahead

Our bi-weekly Inflection Point bulletin will help you keep up with the fast-paced evolution of cyber risk management.

Sign Up Now!

About this episode

April 2, 2019

Kip Boyle, CEO of Cyber Risk Opportunities, talks with Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, about what the next 30 years of cyber risks will look like.

Tags:

Episode Transcript

Kip Boyle: Welcome to the Cyber Risk Management Podcast. Our mission is to help executives become better cyber risk managers. We are your hosts. I'm Kip Boyle, CEO of Cyber Risk Opportunities.

Jake Bernstein: And I'm Jake Bernstein, cyber security counsel at the law firm of Newman Du Wors.

Kip Boyle: And this is the show where we help you become a better cyber risk manager.

Jake Bernstein: The show is sponsored by Cyber Risk Opportunities and Newman Du Wors LLP. If you have questions about your cyber security related legal responsibilities...

Kip Boyle: And if you want to manage your cyber risks, just as thoughtfully as you manage risks in other areas of your business, such as sales, accounts receivable, and order fulfillment, then you should become a member of our cyber risk managed program, which you can do for a fraction of the cost of hiring a single cybersecurity expert. You can find out more by visiting us at cyberriskopportunities.com and newmanlaw.com.

Jake Bernstein: So Kip, what are we going to talk about today?

Kip Boyle: Okay, Jake. Today, we're going to talk about the past because as we all know that you need to understand history in order to understand the future.

Jake Bernstein: Yeah, I totally agree. And I think all too often, we as humans tend to forget the history. So what past are we talking about?

Kip Boyle: Well, we're only going to go back about 30 years and for some of our listeners, I think they're going to be like, "Oh yeah, 30 years. I remember that." And then for other listeners, they're going to be like, "I don't think I was born then."

Jake Bernstein: Well, I was born, but I was a kid. So why don't you tell me what happened 30 years ago that's interesting for cybersecurity.

Kip Boyle: Yeah. So we're talking about 1986. So in 1986, there's this cybersecurity inflection point that stands out to me and is worthy of reflecting on in our show today because... Well, we'll get into that. But let me just tell you what the inflection point is. There is a book, in fact, that documents this. And it's the theft of military technologies, secret technologies. And it was an online theft in 1986, believe it or not. And it was a crime committed by a group that became known as the Hanover Hackers, and Hanover being a city in Germany that they were associated with. The book it's documented in is called The Cuckoo's Egg. You can still find it on Amazon. It's still in print. The author is named Cliff Stoll, S-T-O-L-L. Cliff is an astronomer actually. He was an out of work astronomer when he stumbled into this online theft and the book is all about what happened.

Jake Bernstein: Wait a second. Was there an internet in 1986?

Kip Boyle: Yeah. Yeah. Actually there was. So before the internet as we know it today, the internet actually used to be called DARPANET. DARPA as an acronym for Defense Advanced Research Projects. I probably butchered the hell out of that acronym just now. But anyway... But yeah. There actually was, starting 1969 I believe, was the first attempt to connect computers over long distance. And by 1986, those connections were alive and well. It was a mashup of dial-up modems, expensive leased lines. But yeah, we had a nascent global internet in 1986.

Jake Bernstein: That's interesting. And I have to admit that The Cuckoo's Egg is actually the next book on my reading list, but I haven't read it yet. So what's so special about this book?

Kip Boyle: All right. Well, there's a lot of cool things about this book. So first of all, it's a great read. I don't know if Cliff Stoll had anybody helping him, but in addition to being an out of work astronomer, he's also a very good author. And so, one of the things I love about this book is anybody can pick it up and read it and understand it. He does a very, very good job of breaking down the technology that inevitably is discussed in the book into concepts that can be understood by anybody. And that's particularly needed today because a lot of the technology was pretty old.

Jake Bernstein: That is actually amazing because... I mean, I had a computer in probably the late, late eighties, maybe '89. And I recall it was maybe a Tandy from radio shack and I don't think it had... I think it only had like a quarter or three or sorry, a five and a quarter inch disk drive. I mean, basically we're talking about stone tools.

Kip Boyle: Yeah, yeah. Definitely. So that was one thing about the book, and I commend everybody to go and get this book. It's a paperback book. It's going to cost you nothing to get it. And you're going to be... Not only are you going to be entertained, but you're going to get a lot of the details that we're going to talk about in our episode today. And so that's one reason why this book is so special. It's imminently readable and it's worth your time. But the other reason why this is such a special inflection point is because many of the techniques that were used by the Hanover Hackers in the theft of these secret military technologies are in use by cyber hackers today. And many of the things that Cliff Stoll did to discover this and to track them down and ultimately achieve, not only a stop of the Hanover Hackers, but actually convictions, legal convictions, we're still using the same techniques today.

Jake Bernstein: Yeah. Interesting. And in fact, this book is not just available on a paperback. It's been translated to modern technology, so you can buy it on Kindle too.

Kip Boyle: Ah, okay, good, so-

Jake Bernstein: And just so everyone is clear, we have absolutely no interest in the book sales at all. We just think it's a cool book.

Kip Boyle: Right. I mean, if you go by this book, we'll earn nothing. But hopefully Mr. Stoll is still earning something off this book. It's that good. But let me give you some examples. I told you that many of the things that the book talks about are actually still in use today. Obviously, the technology has changed a tremendous amount, but the core concepts, believe it or not, have not changed. So first of all, as we already said, there was a global computer network in use.

Jake Bernstein: Right. DARPANET.

Kip Boyle: Yeah. In 1986. And what was happening, a foreign government was conducting espionage against the United States through a global computer network in 1986. And that's still going on today.

Jake Bernstein: Not only it's still going on today. Then that was probably... I don't know. We may never know if that was a one-off in 1986, but let's just say that it's happening every millisecond of every day.

Kip Boyle: It is. Yeah. And back then it was Soviet spies or their proxies in Germany, right? But today-

Jake Bernstein: That would've been East Germany for those not old enough to remember the difference

Kip Boyle: That's right. In 1986, Germany was still partitioned into two countries as a result of the fallout of World War II. And yeah, so we had East Germany and East Berlin under the influence of the Soviet Union, and West Berlin and West Germany under the influence of the Western allies: the United States, Great Britain and France. So yeah, and Hanover, I believe at the time was located in East Germany. Of course today, what we have... We've got every nation on the face of the planet has spun up an espionage capability based on the internet and the high speed and the reach of it.

Jake Bernstein: Well, and it's more accessible than ever. I mean, you don't need to be a rich wealthy first world nation to engage in cyber espionage. And North Korea has proven that better than anyone.

Kip Boyle: Right. And in fact, technology is so comparatively easy today that you don't even need to be technologically proficient. I mean, if you can go down to a store, online or otherwise, buy a computer and plug it into a high speed internet connection, you're good to go. So back in 1986, it took a lot of special skills, but clearly it doesn't anymore.

Jake Bernstein: A lot of special equipment too, was probably very expensive, and all of that has changed, I would say completely.

Kip Boyle: Yeah. And if you read the book, you'll see how Cliff had to type, you know, commands at a command line. There's no graphical user interfaces available.

Jake Bernstein: But hey, let's be honest. Everyone who really knows how to use a computer still uses the command line, right? That's the joke at least.

Kip Boyle: That's the joke at least. Right. Yeah. I can't even remember the last time I typed a command. Anyway. So here's something else that you'll read about in the book that still is going on, which is the attackers, the Hanover Hackers, actually used multiple hops through several different computers before they actually attacked. And why did they do that? Because they knew that it would be very difficult to discover who they were if they went through other computers before they actually attacked. Right? So this anonymity was definitely going on back then and is still going on now.

Jake Bernstein: Yeah. That's a super useful technique. VPNs are a little different, but if you look around, you can hop through different VPN networks if you want to really conceal your origin. In fact, the entire Tor network, the Tor browser, isn't that its entire function, is to basically automatically route you through tens, if not dozens upon dozens of locations?

Kip Boyle: Yeah. You can actually control that. And so, there's obviously advantages to anonymity in the world today. We wan there to be the opportunity to be anonymous in certain cases. But obviously, it's not a good feature of the internet when it's being used by malicious people. But that's still going on today. Another example of... And by the way, Cliff Stoll spent a great chunk of the book trying to figure out how to de anonymize the attackers so that he can figure out where they're coming from. And that's part of the thrill of reading that book is watching him try all kinds of different techniques in order to figure this out. But another thing that these cyber attackers were doing in 1986 is they were landing on computers...
You typically with guest accounts or open logins, many of the computers back in 1986 did not require you to identify yourself in order to get onto the computer. The internet was built, not with confidentiality in mind. It was built to share information. And so what would happen is the Hanover Hackers would land on a computer and then they would perform some kind of an exploit in order to turn their privileges from regular to administrator or as Cliff talks about it, root or super user, there's different names for a highly privileged account. But the point is that they had to escalate their privileges over and over and over again. And that's exactly what happens today.

Jake Bernstein: So... Okay. You said earlier that Mr. Stoll was an astronomer and he was out of work. How did he get involved in this?

Kip Boyle: Yeah, so really, really interesting. Documented in the book. So he was working on some basic astronomy. His government funding ran out, and he didn't know when he was going to get more funding to work on good old-fashioned astronomy. And so he needed to eat, so he went looking around the university. I believe he was working at Berkeley at the time. So he went around the university, looking for something to do to earn some money while he waited for his next grant, his next science grant to show up. And lo and behold, they had a computer center and there was work to be done. Now it was not glamorous work by any stretch of the imagination. And in fact, this leads us into something else that was going on in 1986 that still goes on today, which is the way that Cliff Stoll figured out that something fishy was going on is one of his tasks was to reconcile the accounting of computer time so that when the different departments in the university were charged for the time that they spent using the computers systems, charges were accurate.

Jake Bernstein: Wait, wait, wait. People used to get charged by the minute for using a computer?

Kip Boyle: Yeah, that's right. Just like people used to get charged by the minute to make long distance phone calls.

Jake Bernstein: Both of those things seemed very strange to, even to me as a child of the eighties. But my kids would have absolutely no understanding of that concept at all.

Kip Boyle: Yeah. But technology used to be really expensive, and it had to be paid for somehow. And so there were all these chargeback schemes, as they were called, and people wanted to make sure that they got a bill that was accurate. Right? And so, this is not glamorous work by any stretch of the imagination.

Jake Bernstein: No. It sounds horrible.

Kip Boyle: No, it was. It was very tedious. But as an astronomer, he was kind of used to tedium, so it wasn't so bad for him. But he talks about how he discovered... He was reconciling two chargeback systems and he found a 75 cent accounting error, and he just started scratching and scratching and scratching into that. 75 cents, even in 1986, wasn't that much money.

Jake Bernstein: Yeah. That's definitely one of those things like where it gets into your head, it burrows in there, and it just bothers you and you spend way more time thinking about it than it is worth. But...

Kip Boyle: Yep.

Jake Bernstein: Where did it lead him?

Kip Boyle: Yeah. So if I remember correctly in the book, his supervisor is like, "75 cents is not material. Don't worry about it." But you're right. Cliff could not let it go. And so he just went crazy trying to figure out what was up with that 75 cent error. But, what this points out is the importance of event logging, conducting regular event reviews, and promptly investigating suspicious system events. And we still need to do that today.

Jake Bernstein: Yeah, absolutely. I mean, in fact, I would say in that sense nothing has changed. I mean, in order to investigate a cyber attack, you follow the trail of clues just like any other police investigator has for a hundred years.

Kip Boyle: Right. Now, the difference today, of course, is that the amount of logging that we're having to deal with is just overwhelming. I mean, human beings are not good at doing log reviews. Period. No matter how long those logs are. I mean, you go over just a handful or a dozen of lines of detail and people's eyes just glaze over, so. But today we've got logging that is pulling in terabytes of data by the day, by the hour, depending on how aggressive you're getting on this. And really machine learning and artificial intelligence are going to be very, very important going forward in looking for those needles in all of these haystacks. Right? So the scale of this is definitely different than it was back in the time of The Cuckoo's Egg but still a deal.

Here's another example. Today we talk about active defense. And active defense, some people think of it as a hacking back. You know, like you attack my computer, I'm going to attack you back to make them go away. Well, so active defense is actually a better term than hack back. And I don't think they're synonymous. But active defense is sort of a gray zone between passive defenses, like a firewall and offensive actions, like hacking back. But inside of active defense, we have an idea of a honey pot. And a honey pot is a like a cash of fake documents, or maybe even a fake computer that looks real to an attacker. And the idea of a honey pot is you want to put out something that attackers will find pretty quickly, that looks very, very interesting to them. And what it does is it slows them down.

And it gives you an opportunity to know that they're in your network and then to do something about it. Whether it's, hey, I'm going to study the attacker and try to understand what their intent is. Or hey, I'm just going to let them get away with this fake data because then they're going to maybe not come back and get my real stuff. But Cliff Stoll, he created a honey pot of fake documents. And what he did is while these hackers were pouring over the fake documents, trying to decide are these files describing a military technology that we want. While they were doing that, Cliff Stoll initiated tracking, and he actually pioneered something that had really never been done before, which is...

AT&T was the dominant carrier at the time. This was again, before we had multiple competing telephone companies. Sorry, people not old enough to remember that. But so he got AT&T, the Federal Bureau of Investigation, and the West German government to take this seriously and to actually trace the phone lines that were being used and the leased lines in the telecom all the way back to Germany, all the way back to Hanover across international lines. And it was the use of this honey pot that created the opportunity for him to do this. And it took months, by the way, as you'll read in the book. And they're still doing this today.

Jake Bernstein: So, I mean that's a good point. I think it's important to realize that any arrest and conviction of a cyber attacker these days is the result of heroic efforts. That's why they make a good story. That's why people go to conferences, and these stories can serve as keynote addresses to the audience because they are so fascinating and so heroic. But that's maybe a little distressing that given the technology change, that we aren't any better at tracking these guys down. So, what does The Cuckoo's Egg tell us about the future of cyber risk? It, it seems a little frightening, maybe?

Kip Boyle: Yeah. Well, I think it tells us a few things. One thing that it tells us is cyber risks are getting worse not better.

Jake Bernstein: I agree with that. Why do we say that though?

Kip Boyle: Well, so I don't believe that humanity has really effectively dealt with a fundamental shift in reality that occurred with the rise of the internet. And we can see it in 1986 in its very, very limited deployment. Right? Very, very limited number of nodes on the internet back then. And we're just starting to see this fundamental shift in reality and now it's really on us. And I think until we deal with this shift. I mean, it's just going to keep getting worse. And here's the shift: crime and military action is now independent of geography, both in terms of reach and in terms of speed.

Jake Bernstein: And I would add to that so is communication in general and even more importantly economic action and commerce. It's all.

Kip Boyle: Well, and that's the beauty of it, right? That's what-

Jake Bernstein: That is the beauty of it, but you know-

Kip Boyle: That's what makes the internet great.

Jake Bernstein: It is. And I have some thoughts on this, which is, one, you talked about a shift of reality. Well, in the next 30 years, we are going to be wearing augmented reality headsets that modify what we see with our eyes based upon a computer. And if that is hackable, then that might be... that idea becomes a lot less philosophical when what you actually see could change and be faked based upon on the internet.

Kip Boyle: Right.

Jake Bernstein: So, that's a point right there. You talk about crime and military action across the internet at light speed. What if I'm able to, when you're driving your car or maybe when your car is driving itself, just up and decide to tell your car that there is a wall in front of it and it needs to turn left into an actual wall. I mean, there's all kinds of ways that you literally affect reality.

Kip Boyle: Yeah. Right. Because these cars, these autonomous vehicles, are going to have sensors, and it's that sensor that if you can fool it, if you can actually convince it that it's receiving data other than what it should be receiving, what the reality of the situation is, then you can trigger all kinds of interesting effects with the vehicle just like you described. And that's really no different from today, right?

Jake Bernstein: No.

Kip Boyle: When I attack a computer, I'm faking that computer out. I'm giving it all kinds of crazy input, and I'm making it do things that the people who stood that computer up never intended for it to do.

Jake Bernstein: And let's be honest. It's not just cars. I mean, we already have augmentations that give us the ability to see in light spectra that normal human eyes can't see in. But it's all electronic, right? It isn't even a stretch to assume that someone could be given ultrasonic sight to compensate for blindness and that that system could be hacked. So clearly this is a... It's not just the cyber risks. They're not getting worse just because there's more of them. They're getting worse because they will be able to affect a much larger percentage of life.

Kip Boyle: Right. So as we take all of the wonderful things that the internet has given to us and build on those wonderful things as a foundation, right? We start building on top of that. This fundamental shift of reality continues to affect all of those things. Anything you build on top of the internet is going to inherit the independent of geography nature of the internet. There's other fundamental differences, but I think that one's really important because what it means is that if I'm sitting here in my house with my VR headset on and I don't have protection, then that means that potentially somebody in another part of the world can mess with my headset, which would never be possible before the rise of the internet.

Jake Bernstein: Yeah. And, you know, from a... I have experienced the difference that the internet makes in the court system and in the practice of law really for the last 10, 11 years. And let me tell you that the traditional jurisprudence and law about personal jurisdiction and where you can be sued and the reach of our court system is completely tied in knots when you introduce the internet. And whether it's a civil lawsuit against a potential scammer, or if it's a criminal lawsuit and you're trying to arrest someone, we have Interpol, we have certain international bodies, but let's be honest. The legal systems that we've set up cannot handle a global internet where I can be sitting in a non extradition hostile country to the U.S. and do things to the U.S.

Kip Boyle: Right.

Jake Bernstein: With impunity. Impunity.

Kip Boyle: And that's part of this geographical shift, right? Is that not only does it let me reach, with light speed places on the globe that I could never have done before, but it also frees me from the geographic realities of international borders and everything that's built on international borders, like law enforcement and governance.

Jake Bernstein: Yeah, no, that's a big part of it. Okay. So, I mean, I'm convinced. You're convinced. The internet changes things. It's a revolution in conflict, you might say. What does that mean for the future?

Kip Boyle: Well, so, you know, very few of us alive... are alive now that remember the emergence of nuclear weapons and what a fundamental shift of reality that was. So 1945, right? We explode the first atomic bombs, and we've struggled ever since to figure out how to govern these things so that we don't destroy each other. And particularly in the beginning, every, I mean... Nobody really knew what to do. And I think we're repeating a similar path where we had to figure out how to harness nuclear weapons. I would submit, we still don't really have them under complete control, but we've figured out how to deal with them to a certain degree. We're going to need to figure out how to deal with this revolution in conflict. And I think we're just at the very beginnings of doing that. And I think it's going to take at least the next 30 years to sort this out. It's taken 30 years to get to this point, and I'm sorry to say, but I just don't see any quick easy answers on the horizon. So I'm going to forecast another 30 years before we get to a good place.

Jake Bernstein: I think so. And, I think that we don't... we haven't had the end of World War II experience with cyber war yet. It's all been very small scale. It's been very... There's been painful attacks, particularly in the Ukraine, but in terms of a worldwide, oh my God, let's not do that again, that has not happened yet.

Kip Boyle: No.

Jake Bernstein: So you're right. It's early stages. Unlike nuclear weapons, cyber war and cyber weapons are much more scalable, you might say. You can have-

Kip Boyle: Well yeah.

Jake Bernstein: Pinpoint attacks. You can have large scale damage. Whereas a nuke is a weapon of mass destruction. Period.

Kip Boyle: Right. Well, and digital weapons can lead to mass casualty.

Jake Bernstein: Oh, they can.

Kip Boyle: We saw that with NotPetya. But one thing about cyber weapons that's very different from nuclear weapons is it's very hard for a nuclear weapon to fall into the hands of a small band of gorilla fighters, and that they would be able to use that credibly to take over. They need suitcase size nukes and that sort of business. But even still, I mean, it takes a lot of special talent and special handling in order to do anything with a nuclear device compared to what happens when a cyber weapon gets dropped into the hands of ordinary criminals.

Jake Bernstein: Yeah. No, it's very true. And the fear of the suitcase bomb is a... It is, you know, couldn't be more obvious in popular culture. I can't even count the number of novels, movies, video games, et cetera, where the central plot is this idea. Right?

Kip Boyle: Yep.

Jake Bernstein: But yet in cyber, it's almost like it's already such reality that it's not even worth writing movies about. There aren't many. In terms of pop culture, most of the time it's wrong when it comes to cyber weapons, which I think is an interesting fact to point out in this podcast. Because what it means is that not even our fiction writers know what it means yet.

Kip Boyle: No. I mean, cyber's very abstract, very difficult to comprehend. The consequences of cyber battles are not often tangible. I mean, today, the big consequences are really data breaches, but people are pretty well insulated from the consequences of data breaches to this point. So it's irritating, annoying, and so forth, but it hasn't actually caused anybody any great cost. Right? So, I'm not sure that we've had death or mass property destruction yet as a direct consequence of cyber attacks.

Jake Bernstein: At least not in the U.S. I think that there are stories at least that a Russian cyber weapon was able to shut down heating in Ukraine in the middle of winter, which almost certainly caused death but none that we have been apprised of.

Kip Boyle: Yeah. But I think the links there... You're probably right. But I think even the links there are kind of weak.

Jake Bernstein: They are.

Kip Boyle: People would say, "Well, you know, the person died because the heat was off." And then-

Jake Bernstein: Which is true.

Kip Boyle: Which is true, but you've got to unpack that a little bit more.

Jake Bernstein: Why did it go off?

Kip Boyle: And the evidence isn't as conclusive. Right? We can look at the evidence and say we're pretty sure this is what happened. But unlike a bomb, there's no crater, right? There's no smoking hole in the ground that says, this is what happened, and we're going to collect the bomb fragments, and we're going to analyze them. And then we're going to compare this.

Jake Bernstein: At least not yet. I mean, with the NotPetya attack, there kind of was. We knew... I mean, there was smoking holes blown into balance sheets around various corporations and-

Kip Boyle: Yeah. It was a $10 billion collective damage. And yet what happened? Nothing. Nothing. There was no repercussion for having released that. There was no sanctions, you know what I mean? Really nothing happened as a result of it. And I think people, ordinary people, when they see no repercussions from one government to the next as a result of a cyber attack, it makes them... It just reinforces the idea that this stuff's ethereal and doesn't matter.

Jake Bernstein: Yeah. And even if there was a reaction, it was not publicized, which means that if it didn't have at least 10 minutes of media tech media time, it didn't happen. inaudible.

Kip Boyle: Right. So looking into the future, I just, I see more ambiguity, more gray, but also more consequences, more real world consequences from cyber attacks. The loss, not only the loss of data and the loss of money, but the loss of life, the loss of infrastructure, right? In other words, we can't... The power's going to go out and it's going to stay out for days and then water pressure's going to drop. And then people are going to have to be carrying water in buckets. And I mean, I think something like that's probably going to need to happen in order for people to really feel it viscerally. Like this has got to change. And even at that point, we won't have an easy answer. I mean, we're going to have new technologies. We mentioned artificial intelligence, machine learning and all that. But what we desperately need is a new way to govern ourselves.

Jake Bernstein: It's true. And, you know, it's interesting. You think about when that happens from a natural disaster. There's been a lot of hurricanes recently that have caused incredible damage. The fires in California, you know? What happens? The world knows. Everyone sees it. There are emergencies declared, the law, legal mechanisms go into action to release funds, donation drives occur, people are emotionally affected. Imagine if the power goes out for no other reason then someone decided they didn't like us and they wanted to fire off a cyber weapon at us. That would change people's perceptions.

Kip Boyle: Yeah. I think it would. And I think that's where we're going to have to be in order to do something. But the one thing that I do want to highlight in our episode before we do a wrap is there are some people who are trying to tackle this, which I applaud anybody who has a great idea, who'd like to try to figure out how do we find a better way to govern ourselves. Brad Smith, who's Microsoft's president and chief legal officer, is actively pursuing on the international stage something that he's calling it digital Geneva Convention. And I think we absolutely need things like this.

Jake Bernstein: I agree. I think that in this world we must have... The only thing that... We are a world of laws. And even though not every nation is a nation of laws, that's how we govern ourselves. And some kind of digital Geneva Convention is... We need to update international law to not only protect people, but also to prosecute offenders, to punish nations that violate these norms.

Kip Boyle: Right.

Jake Bernstein: Look at the response that President Trump unleashed on the Syrian military when it was strongly, strongly concluded without even necessarily being hard proof that chemical weapons were used. That's a violation of international norms, international law. And I think that the response to that prompted was quite real. Dozens of cruise missiles were fired from American warships directly into Syria. I'm not saying that that's what's going to happen, but it's going to have to be something similar so that there are consequences for using these types of weapons.

Kip Boyle: Yeah. For using cyber weapons to cause mass damage. Yeah, absolutely. Well, so that wraps up this episode of the Cyber Risk Management Podcast. Today, we talked about what the next 30 years of cyber risk may have in store for us. We'll see you next time.

Jake Bernstein: See you next time.

Kip Boyle: Thanks everybody for joining us today on the Cyber Risk Management Podcast.

Jake Bernstein: Remember that cyber risk management is a team sport and needs to incorporate management, your legal department, HR, and IT for full effectiveness.

Kip Boyle: And management's goals should be to create an environment where practicing good cyber hygiene is supported and encouraged by every employee. So if you want to manage your cyber risks and ensure that your company enjoys the benefits of good cyber hygiene, then please contact us and consider becoming a member of our cyber risk managed program.

Jake Bernstein: You can find out more by visiting us at cyberriskopportunities.com and newmanlaw.com. Thanks for tuning in. See you next time.

Headshot of Kip BoyleYOUR HOST:

Kip Boyle
Cyber Risk Opportunities

Kip Boyle is a 20-year information security expert and is the founder and CEO of Cyber Risk Opportunities. He is a former Chief Information Security Officer for both technology and financial services companies and was a cyber-security consultant at Stanford Research Institute (SRI).

YOUR CO-HOST:

Jake Bernstein

  Newman DuWors LLP

Jake Bernstein, an attorney and Certified Information Systems Security Professional (CISSP) who practices extensively in cybersecurity and privacy as both a counselor and litigator.