Dana Mantilia on Why Humans are the Weakest Link in CyberSecurity

In this episode, Frank and Andy interview Dana Mantilia on Why Humans are the Weakest Link in CyberSecurity.

Watch Original Livestream

https://www.linkedin.com/posts/frank-lavigne_data-driven-live-with-dana-mantilia-activity-6735628251328204800-Qjwq

Show Notes

Coming soon!

Transcript

AI Generated

00:00:05 BAILeY

Hello and welcome to data driven.

00:00:08 BAILeY

The podcast where we explore the emerging fields of data science, machine learning and artificial intelligence.

00:00:16 BAILeY

In this episode, Frank and Andy speak to Dana Mantilia about cybersecurity and why companies are not investing their time and attention where they should be.

00:00:26 BAILeY

This episode was originally recorded on a live stream and this was the first time we had a guest join us on the life stream for a show.

00:00:34 BAILeY

Season 4 just keeps the innovations coming.

00:00:38 BAILeY

Without further ado, here are your hosts Frank Lavigna and Andy Leonard.

00:00:44 Frank

Alright, thanks for tuning into data driven. If you're watching this live, thank you for taking time out of your day. I realize this being the lead up to the Holidays. Things are kind of hectic. I know in Chateau Lavigna things are very hectic today.

00:00:59 Frank

We

00:01:00 Frank

Andy and I are happy to announce a new guest that we have with us. I first saw her on LinkedIn when she would do these really cool training videos.

00:01:10 Frank

On basically security topics.

00:01:14 Frank

An with with Black Friday, literally a week from now Cyber Monday and the just the The Creativity alarmingly creative and flexibility of scammers that we've had in light of the kovid, pandemic etc etc.

00:01:32 Frank

I figured it would be worth having kind of a good discussion about just the basics of cyber security and why it's important my wife happens to be in the cyber security field, so I'd like to think that I'm better prepared, but I know if you think you're better prepared, that's probably a vulnerability.

00:01:50 Frank

So welcome to the show, Dana.

00:01:52 Dana

Well, thank you for having me nice to be here.

00:01:55 Frank

So this is you are actually the 1st guest. We're going to have on the show that we interviewed live on a live stream first on video.

00:02:02 Dana

Very honored, very.

00:02:03 Frank

Honored so awesome. We're trying to push the boundaries for season four, so tell us a little bit about you and your company for those that haven't seen your videos on LinkedIn.

00:02:15 Dana

OK sure yeah. My name is Dana Mantilia an I am the founder of identity Protection Planning an we tried to help educate people in very layman's terms on how they can protect themselves from identity thieves and cybercriminals. And so we have a variety of different kinds of training. Either you know, training data, webinars, some videos or we have an on line.

00:02:35 Dana

Platform that's short little videos that everyone is required to watch.

00:02:38 Dana

And just to kind of start spreading the word, I mean cybersecurity is not going away and unfortunately the the frontline workers are the people that really are maybe not educated on it and they also are the ones that are clicking on things they shouldn't be clicking on so.

00:02:54 Frank

No, so that's a good point. So one of your most recent videos, and this is the one that made me think we should have her on the show.

00:03:00 Frank

Was the one the gift card scam and how?

00:03:04 Frank

Somebody in your organization got snared up in this.

00:03:08 Dana

Yeah, I mean it's.

00:03:09 Dana

It's crazy, I mean that the way that I did that little video is how exactly how it happened. She came to my office door with her codon and I said, well, why do you have your code on and she said, oh I'm going to get that stuff you need and I said well, what stuff are you talking about? And she said this stuff, we were just messaging back and forth about. I said I was. I've been sitting here at my office just doing work I didn't.

00:03:28 Dana

Message you about anything.

00:03:30 Dana

So then she showed me and they they person initially sent an email that looked like it was kind of from my email very similar, which is always usually what they do. And then you know the urgency factor. I always tell people when there's a sense of urgency. We have to stop and say, is this really a big big emergency here to go buy gift cards? But people want to please their boss so they get these emails and they act upon them.

00:03:50 Dana

So she then then the person said, can you give me your email? I mean your cell phone. I wanted to text you this. So then the conversation jumped over to her cell phone and now they're texting back and forth and she said, well, how am I going to pay for these?

00:04:02 Dana

And then he said, well, you know what? Just when you get to the store, read off the numbers in the back of the card and then when you get back I'll reimburse you. So they were. I mean, it was just back and forth and back, but anybody would have fallen for this anybody.

00:04:13 Frank

Wow, the thing that struck me is the most insidious part.

00:04:17 Frank

It's how they moved away from email pretty early in the process, because maybe I mean it was a good. I mean, there's a I don't know. As a data scientist, I I hate giving out statistics, but let's say it was a 5050 chance that that person had your cell.

00:04:30 Frank

Phone number.

00:04:31 Frank

Millimeter like an an. It's a good gambit for them because I guess they didn't have your number already saved in their phone, so they could have this whole conversation with you, right? Yeah, an I would assume that folks in your organization are well trained.

00:04:46 Dana

Well, we're at least talking about this stuff right times. That's that's a startling factor, is that?

00:04:52 Dana

You know we're talking about all these things all the time and we we totally almost fell for it so.

00:04:57 Frank

Well, I never disclosed this publicly.

00:05:00 Frank

Until I'll do it now is that one time Microsoft? I work for Microsoft, they they pay the mortgage, they pay for the electricity and it goes through the my little monitor display there.

00:05:12 Frank

But they will routinely send out kind of phishing emails.

00:05:16 Frank

And it will be like urgent you have to, like, you know, do this because your expense report or something like this. And I shouldn't admit this publicly, but I did I was driving. I see this like emergency thing come through. I'm like the screen and I'm like.

00:05:30 Frank

So I didn't think I clicked on it and it it got it. It it it got a there was there was there should have been an animated GIF of like somebody?

00:05:38 Frank

At the company doing this, but it was like this. It was this like badge of shame of like hey you fell for this uh huh.

00:05:45 Frank

You know, and I was like crap and I was like I learned. 2 lessons one.

00:05:51 Frank

Pull over first.

00:05:53 Frank

If I can't mouse over the link.

00:05:56 Frank

Probably shouldn't click on it, right?

00:05:58 Frank

And three is just.

00:06:00 Frank

That sense of urgency.

00:06:01 Frank

Um was what really like, and maybe there's a psychological thing to this where it just tricks off like this. The primordial brain, or I know there's the three brain model and Andy and I go off on tangents a lot. Dan, I should warn you, but not us. Ultimately the idea is that once you're kind of anxious about something right, your higher brain functions are going, if not shut off kind of be pushed aside.

00:06:24 Frank

And all you have to do is click the link to get your answer or whatever I mean.

00:06:28 Frank

It seems like these folks are well versed in this type of psychology.

00:06:33 Dana

Yeah, and they also know too that you know every when you're on your mobile, everybody is rush rush rush rush rush for rushing on the mobile phone all the time and that is a little scary because sometimes even when you look on the mobile you can't even see who it's from. It'll it'll you know. Just say a name or something like even some of the Apple ones that come out. Don't say oh it's from Apple, but that's not the exact. Doesn't show you the phone number or whatever it is. It's just.

00:06:55 Dana

Summer has put up there. As you know The Who it's from kind of thing, so yeah.

00:07:00 Dana

There's a lot of things we need to all.

00:07:01 Dana

Start doing or not doing.

00:07:03 Frank

Right, it's it's an interesting. It's just fascinating that with all this advances in cybersecurity, and I've seen a lot of the things that the technical we're not going to go into.

00:07:14 Frank

Humans are like the weak link.

00:07:16 Dana

Yeah.

00:07:18 Frank

That's crazy.

00:07:20 Dana

Yeah, definitely, and that's the frontline to most of the stuff and you know the urgency factor just to go back to that real quick one. Scam that that that is targeted at seniors.

00:07:29 Dana

Is the grandparent scam, and So what they do is they will call up and pretend that there's someone's grandson or granddaughter and something crazy happened like there's held hostage in a Mexican jail or something and they need to have money right away wired to them so that they can, you know, get out of there. So then to make it even sound more valid, they put the prison...