True Patriot Love - What really happens when a company gets hacked？

00:00:00.000 Every day, businesses across Canada are under attack, not by thieves with crowbars, but by

00:00:05.780 sophisticated cyber criminal networks operating around the world. Groups with names like Shiny

00:00:11.380 Hunters and Q-Lin have turned hacking into a multi-billion dollar industry, stealing sensitive

00:00:17.600 data and holding it hostage for ransom. Global ransomware damages are now estimated in the tens

00:00:23.640 of billions of dollars annually, and Canadian organizations from hospitals to insurers to

00:00:29.140 small businesses continue to find themselves in the crosshairs. When a company's data is stolen,

00:00:34.980 should they pay the ransom and protect the customers and keep it operating? Or does paying

00:00:40.260 simply fund the next attack? Joining us today is Arani Adhikari from Armour Cyber to explain how

00:00:46.780 these criminal networks operate and what Canadians need to know. How have ransomware groups evolved

00:00:57.440 from small-time hackers into sophisticated organizations,

00:01:01.380 ones that can successfully target major corporations,

00:01:05.360 governments, and critical services and infrastructure

00:01:08.660 and tear it down so quickly.

00:01:11.500 I'm Mike Wixson. This is tplmedia.ca.

00:01:14.380 Go to tplmedia.ca local and find your local feed if you'd like.

00:01:18.380 And don't forget to subscribe and tell a friend about what we're doing.

00:01:22.020 Let's talk about ransomware and cybercrime.

00:01:25.820 Joining me today, Arani Adhikari from Armor Cyber.

00:01:29.660 Thanks so much for joining me, man.

00:01:30.860 I appreciate this.

00:01:31.560 Thank you for having me over here.

00:01:32.340 Okay, why don't we start at the begin, okay, where the average person gets the story.

00:01:38.460 Yep.

00:01:38.860 So I've just read in the newspaper that a major insurance company in Canada, for example, has been hit.

00:01:43.720 Their data has been targeted, and they have been hacked.

00:01:46.580 It's usually the insurance company telling us this to make us aware as consumers that this has happened.

00:01:51.660 but tell me what has led up to that moment what happened that made the insurance company

00:01:58.860 have to make this announcement take take us through that perfect so let's let's bring down

00:02:03.520 a couple of things let's start off with the hacking group itself right let's talk about

00:02:07.260 the evolution of ransomware and then we'll get to how this happens yeah uh you know 10 15 years back

00:02:13.460 right ransomware was not a term that was used a lot right because there were hacker groups that

00:02:19.120 we're hacking for a specific objective right now over time it has become a full flown economy

00:02:25.540 right so there are gangs out there that are operating uh with the with the scheme of extortion

00:02:30.880 right so a ransomware a very technical term but if you break it down it's extortion gang

00:02:35.440 right what does extortion gang do they are coming in they're hacking into a company they're holding

00:02:40.020 your servers your data ransom and they're asking for payments they're asking like hey if you don't

00:02:46.080 pay me xyz dollars we are going to release this data or we're not going to give it back

00:02:50.200 now this evolution that has happened it's not overnight right there are a lot of uh you know

00:02:57.480 cybercrime gangs that have been operating in various models in canada in globally and you

00:03:02.560 don't necessarily need to be in canada to operate this thing they can operate from anywhere in the

00:03:06.120 world today and target companies everywhere now the news article that you talked about a local

00:03:11.420 small insurance company that got hacked small medium businesses are the one of the one of the

00:03:16.740 most prolific victims of these gangs why because they do not have the basic security controls

00:03:23.100 required to prevent them from coming in the first place right right and we're going to talk about

00:03:26.700 those things but we talked about qlin as an example we were dealing with a qlin case as of

00:03:32.300 last week it's a small company 50 people around 50 people 50 employees right they have basic security

00:03:39.740 controls right so they invested in security but with the with an intent that just to check the

00:03:44.400 box right so they had basic antivirus basic things covered Q-Link specific again the way we as you

00:03:51.000 know we from the industry know these hacker groups is they use specific techniques and targets and

00:03:57.020 tools while they're coming in so when they came in right they came into a specific user the user

00:04:02.600 did not have a multi-factor authentication so that's essentially the password when you put in

00:04:06.460 password you get that sms token saying hey this is the one-time password for getting in the user

00:04:11.020 did not have that set up right so they basically did what something known as a phishing that's

00:04:15.740 another type of a technique where they are able to get your username password they use that got

00:04:20.780 in that one user account now unfortunately that user account had a lot of privilege when i say

00:04:25.260 privilege they had a lot of the ability to change and get access to data and files exactly and once

00:04:30.700 they were in that was game over right because they could then encrypt all the machines now we got the

00:04:35.580 call generally when the news article hits right hey we have been blocked we can't do business

00:04:41.180 can you help us get back in right that's when we get involved right and and take it from there now

00:04:46.540 a company to do actually a you know a news article that means they were already breached

00:04:51.100 they're proactively talking about it okay so i think a lot of canadians myself included uh

00:04:55.980 would envision these hackers as individuals in a basement someplace a single individual

00:05:01.340 uh with this ability this super cyber ability to get in and wreak havoc is that the case or are

00:05:08.140 these more sophisticated operations than that 10 15 years back that would be the case now imagine

00:05:14.380 a call center it's a full operation you have a hr you have management you have you have a scheduling

00:05:19.340 manager you have people actually doing the job you have marketing think of these sort of

00:05:24.140 organization as a full-fledged organization doing these things now these are full-fledged

00:05:29.980 corporations that are out there and their sole purpose is to cause problems absolutely they are

00:05:38.620 they not only have up right that's that's one of the objective but think about it it's it's a money

00:05:43.340 motive driven organization right so you have revenue coming in from all this extortion there's

00:05:47.580 a cost of getting all the tools and techniques to do these attacks right there is a people cost

00:05:52.700 labor cost of people who are involved in this operation so you have to manage them in a specific

00:05:57.340 big way right so ransomware again you know that evolution that we keep talking about it has evolved

00:06:02.000 into a full-fledged corporation with the motive of profit through ransom yeah okay so now these

00:06:08.700 these extortion machines who are they going after like what is an ideal target for uh you know

00:06:16.920 shiny hunters or clop or or clin you know so based on our experience of the cases that we

00:06:24.240 investigated right none of them have a specific target profile they go after anyone and everyone

00:06:29.840 that's number one but number two once they go after the entire machinery the people who actually

00:06:35.440 fall victim to this are majority of the businesses which are small and medium and the reason i say

00:06:40.800 small and medium and it hurts me to say that right because these are people who have built their

00:06:44.880 business these are individuals that are suffering individuals who are suffering we have dealt with

00:06:50.160 cases where business had to have shut down right because of ransomware attack right and uh again

00:06:56.240 it hurts me to kind of say that but smaller and the medium businesses are the ones who get targeted

00:06:59.840 a lot right because these gangs will go after everybody but someone will fall and the ones

00:07:05.440 will fall are the small mediums now why is their defenses are not that great right when you talk

00:07:12.080 about a big bank a large institution you know a large you know any large business they have enough

00:07:17.840 budget and they have no manpower to invest in cyber that's why i think i'm always a little

00:07:24.240 shocked that it's an insurance company or a credit card company or a large online retailer that's been

00:07:30.160 fallen victim because you think wait a minute i saw all the warnings on their site i clicked on

00:07:35.360 everything and i you know it seemed very safe and certainly uh that must be a level of sophistication

00:07:41.200 that is required that's not necessarily required for the smaller businesses exactly right think

00:07:46.480 about it you know cyber is a problem that's not always solved just by throwing money at it right

00:07:50.560 it needs to be done proper right when exactly what you said the large organizations when they fall

00:07:55.040 for it it's not because they're not invested in cyber they have not just invested in the right

00:07:58.960 direction they might have invested in very shiny tools no pun intended on shiny hunters but a lot

00:08:04.320 of shiny tools that they have bought but they're not using it properly so there's no roi right so

00:08:08.240 they have all of these perfectly the right software yeah but not set up not actually in the the manner

00:08:14.560 that's required to yeah no not from a people perspective so you know our business we call it

00:08:18.800 a people process technology right you can't have the tech but you don't have the people and the

00:08:22.960 process the right people in the right process that's just a shiny piece of tech just sitting

00:08:27.280 around doing nothing right so a lot of the big ones that we see and we investigated a lot of

00:08:31.040 the bigger guys is well the reason that happened was that one process that was not working or that

00:08:36.800 one piece of endpoint so say for example a very tactical example you have bought the best antivirus

00:08:42.560 out there and you have 100 machines that you need to be put on now you have put it on 80 of them

00:08:48.080 20 of them you have forgot to put it on because of whatever reason it is right that's that's the 1.00

00:08:53.240 chink in the armor where they're going to get in from that's the one that's the one crevice by 1.00

00:08:56.800 which they can manage to get in uh okay so now let's try to understand for the average person 0.66

00:09:02.600 uh i'm a business owner i've arrived to work or i've gotten a call from my

00:09:06.640 IT guy and they say to me uh-oh what's happened describe describe for me what the scenario is

00:09:15.440 like on the ground for the victim and I'll tell you from experience right so uh North York a

00:09:21.300 manufacturing company they're relatively large around 800 employees in total including obviously

00:09:26.520 the you know the factory workers and so on we get called on day two of the situation right so we get

00:09:32.340 called in when their existing provider was essentially extorting them as well saying that

00:09:36.640 hey if you don't sign this agreement we are not going to help you right right those things happen

00:09:40.900 uh interesting so their actual provider yeah instead of stepping up and saying okay we left

00:09:46.840 a crevice we left a crack they start they start the money machine right there too they know that

00:09:52.280 is the point to start the money right and again we don't believe in those practices and there are

00:09:55.760 few are there are few people who are like that there are a few in our cps are like that this is

00:09:59.980 this is wild to me yeah the provider yep begins to say okay look this is the point of extortion

00:10:06.580 these guys are desperate at the moment even though they're my client exactly and it's not me doing

00:10:10.680 the hacking any assistance i'm going to give them i'm going to start to charge through the nose

00:10:15.060 because it's an emergency for them exactly and you think think about the business owners so we

00:10:19.260 spoke to the business owner directly right yeah good gentleman has built the business over time

00:10:23.820 legacy business uh and they're stuck they have nowhere to go right because all the machines are

00:10:28.980 down their billing system is down their invoicing is down their material shipment is down the

00:10:32.780 manufacturing floor still continues but that's only going to go on for so long right so the

00:10:36.860 situation on ground zero and when we get into the sort of situation is there's a lot of panic

00:10:41.480 in the room oh sure because people are going in different directions they have different

00:10:45.780 thoughts of what's going to happen what should we do next right these are the things now again

00:10:50.840 as practitioners we you know operate in that land right so we know this is what's going to happen

00:10:55.460 right so the first first thing that we go in and do is calm them down in terms of there is a process

00:10:59.860 out of this there's a way out of this right this is what we have to do in the next 24 48 you know

00:11:05.460 72 hours to get ourselves out of this situation right okay so the first thing that we set up we

00:11:10.340 set up like a you know almost like a command center inside the office you know we have people

00:11:14.020 from forensics we have people from communications we have you know depending on the type of case we

00:11:18.580 will bring lawyers in the picture right uh when there is data involved and data theft involved

00:11:22.660 and then basically go from there right so again you know our practitioners have seen

00:11:27.580 and knows the methods of getting them back right now most of the time we deal with business owners

00:11:33.120 who are panicking a lot right so they are you know they're more interested like hey let's get

00:11:37.060 the business back online what we always say let's get the business back online in the correct way

00:11:42.620 because the way they got in was because the system was designed in a certain way that's how they got

00:11:47.660 eating yeah you're right you've got two steaming uh uh train engines coming down parallel tracks

00:11:55.200 yeah get my business back and make me safe simultaneously exactly because listen the way

00:12:01.440 it was built that's the way they came in now if we just go back the same route they're going to

00:12:05.080 come back in and we have seen those happen we call it containment but fast containment if you

00:12:09.200 contain the incident fast and not in the correct way they are going to come back in so what we

00:12:14.920 again as you said there are two trains that you know we run in parallel one is let's figure out

00:12:19.740 how they got in let's close those gaps and then rebuild the system in parallel and get them back

00:12:24.460 online right so this case took you know two weeks to get them back online completely right so the

00:12:29.960 employees were all at home they were given a communication through whatsapp because the email

00:12:33.840 system are down that hey this is what's going on don't you know again this is a private company

00:12:38.880 but in a lot of situations a public company reporters will reach out to them as well saying

00:12:42.840 hey what's going on why is this down why why are you guys not going in the office right now rumor

00:12:47.900 spread a lot and there is a lot of damage control that needs to be done so we set up communication

00:12:52.360 teams as well like hey if you get approached by the media or anybody else just react to us this

00:12:57.220 is the messaging that we need to give out right so there are various messaging that goes out but

00:13:01.020 so damage control technically damage control public facing absolutely damage control staff

00:13:07.120 and ownership remain calm at what point is a ransom paid you know at what point do you give

00:13:13.220 up and say okay we got to pay this yeah now paying a ransom has you know there's no industry standard

00:13:19.120 about whether you pay a ransom or not right what the general advice that's out there do not pay

00:13:24.280 the ransom because one as an individual if you're paying the ransom you know that they will know

00:13:30.680 that you are a target if they come back in they know that you pay you're a paying customer for

00:13:34.680 them right so don't pay the ransom second also as an industry if we have this encouragement of

00:13:40.620 not paying the ransom they will stop targeting as well right but that's not the reality that's

00:13:45.560 the ideal world that's not the reality right reality happens you know we have seen situations

00:13:49.400 again when uh their backup right because this is you know you're talking about a machine with

00:13:54.740 data on it a machine with a windows operating system on it and if the data is gone the only

00:13:59.840 way to get it back is through the backup right that's the only one way to that that will save

00:14:03.860 against all your friends if you have good backups and a lot of our clients again this particular

00:14:08.020 example they had very good backups so it took us some time to get them back but they were back

00:14:12.180 because of this now we have seen situations in the backups are not there right so business take

00:14:17.060 two decision points over there can we survive without it do we really need that data can we

00:14:21.220 survive without just rebuild it back start fresh can we do that right now a lot of companies can

00:14:27.860 depending on the business right for a manufacturing company yes your client records are gone but then

00:14:31.780 you know there's a relationship there's a travel knowledge about who the customers were what they

00:14:35.780 did there's a possibility of building that backup before a small business but if you're a larger

00:14:40.100 business right you do need that data right so that's where the second decision point comes in

00:14:44.900 is let's decide to pay right right and that's where insurance and all the all the other other

00:14:50.580 factors come in okay uh good you just gave me another question about insurance but uh so

00:14:56.180 essentially how do i know that i've been hacked yeah did they send me an email did they send me

00:15:01.140 a threat note who does that go to how are you notified that this has happened it's a very

00:15:07.140 you know there are two major ways one obviously the email right the email again the owners if

00:15:12.740 they have those emails they'll email someone that they know in the organization who has decision

00:15:17.140 powers and so on saying look this is what has happened and we'll get to the content of it very

00:15:20.980 soon but they often do it publicly right so all the computers if you know that were ransomware

00:15:26.020 they'll have their wallpaper changed with a nice noticing hey you have been hacked and they'll

00:15:30.580 actually claim who the hacker group was right now when we go in we see that it's almost like a

00:15:36.100 signature it's almost like they're signing off right okay so we know that what kind of group it

00:15:40.660 was and where it came from what their methods might be and you know what they have a history

00:15:44.980 of doing exactly right so that's that's almost like their calling card right they leave their

00:15:48.580 calling card over there and it's a very public method when employees see this obviously the

00:15:52.580 panic sets on right yeah when they go to their computer all the files are encrypted they can't

00:15:56.420 do anything right it's it's a it's a computer is not workable right so how do you know they get

00:16:01.780 hacked this is how they kind of do it now they claim over there's a very standard wording that

00:16:05.860 they will use like look it has been hacked if you don't pay they will claim the ransom amount

00:16:10.980 if you don't pay within certain amount of time they will either release that data or make it

00:16:14.900 public right what kind of ransoms are these guys asking for it depends like we have seen as much

00:16:19.540 as five million dollars seven million dollars we have seen cases where it has gone up to 20 million

00:16:23.300 but they know it's a negotiation so they start from there they're not going to pay that they

00:16:27.800 know that right so it generally starts at a very very high abnormally high number right and then

00:16:32.900 it goes down from there abnormally high extortion who knew that there was an actual market range

00:16:37.700 right yep and so what kind of money are like a clop or a culin or shiny hunters what kind of

00:16:44.000 money are they extorting on a yearly basis do you think no you don't have to be accurate no no it's

00:16:48.660 I think the best case, you know, high two-figure multi-millions, right?

00:16:53.840 High seven figures, right?

00:16:55.480 They're easily getting away with that because, look, this is one aspect.

00:16:59.060 Again, when you go back to this whole economy of cybercrime, right?

00:17:01.800 When you line them back to the organization, 0.59

00:17:04.360 you might see Shiny Hunters, Klopp, Kulin as like the front faces,

00:17:08.240 almost a front organization.

00:17:09.600 Behind the scenes, there might be a single organization

00:17:11.780 who is orchestrating all of that, right?

00:17:13.440 You never know that concept because whatever we know about this group

00:17:17.280 is what we have learned from the cases right what other our industry peers our other forensics

00:17:22.000 firms have learned from these cases and then we try to attribute this back right to these groups

00:17:27.440 what is extremely important is it's a massive industry right like this you know the client

00:17:31.840 that we talked about we have cases you know where they have actually paid the ransomware

00:17:35.680 it started off with you know five million dollar demand it has gone down as low as like a million

00:17:40.720 or you know low sub million right that's serious money oh yeah 100 serious money and all of these

00:17:46.480 you know there's a and when we engage in this conversation it's not you know there are various

00:17:51.120 parties involved in that right so we work with certain firms who are negotiating firms their

00:17:56.480 their bread and butter is negotiating engaging with a threat actor getting the proof of life

00:18:01.680 right to see hey there's a client group that's actual damage and these guys can actually

00:18:06.560 recover that data back so they'll give you a proof of life they'll give you a small key

00:18:09.920 and say hey recover this one part of the data and see if it works see that actually is okay it's

00:18:14.640 okay and then if that everything works well they make the payment so they start to negotiate that

00:18:19.520 payment price and uh start to make sure proof of life exactly and that process takes one to two

00:18:25.840 weeks it's a very interesting way to kind of see how the conversation happens now these firms that

00:18:30.480 we use again they're not they're not hundreds of these they're very specific forms that we use

00:18:35.120 uh which are out there in the industry and they have engaged with similar threat actors before

00:18:39.520 so it's almost like they know the negotiator who's going to come in right and once they engage they

00:18:43.520 know their tactics they know how they're going to you know get the dollar down right and that's what

00:18:47.120 they're paid for that's essentially what their money is there for uh okay so now we we found

00:18:53.920 ourselves in this position yeah why why are so many companies being hacked i mean you can say

00:19:00.640 well they don't have the right cyber security but be specific what is it that these guys are getting

00:19:05.760 away with that we can't seem to stop absolutely you know i'm sure you've heard about ai and how

00:19:11.520 yeah he's going to cause a doom and everything no i've heard about this ai yes it's everywhere

00:19:15.840 it's everywhere but you know what i like to tell my clients and tell any prospect that i meet is

00:19:20.800 forget the air for a moment let's go back to basics okay uh you know you know cyber security

00:19:25.840 is not a very hard problem to solve right when you look at the basics right uh let us talk about

00:19:30.640 few you know things that could have prevented this in future right so multi-factor authentication

00:19:36.320 the amount of time that i've seen clients getting saved just because they had mfa on right

00:19:41.280 i get so irritated by it yes yes so does everyone oh good i wanted to make sure i thought that maybe

00:19:46.880 i was on my own on this one yeah i get rid of it but it's a necessary evil in this you know

00:19:51.840 age right now yeah and there are other solutions like passwordless authentication there are other

00:19:56.800 innovation that's coming in the market that that wants to make security a bit of a less pain bit

00:20:01.520 of a bit more transparent because more friction you put in a user's life with all security guards

00:20:06.720 they're going to try to find a way around it or they're just not going to use it right so

00:20:11.440 mfa is a one solution but there are other solutions the backups that we're talking about

00:20:15.200 right if if a company has a good backup and there are various strategies around backup

00:20:20.480 oh my god i just caught up mfa multi-factor authentication yeah and there will be other

00:20:26.160 acronyms at the end of this episode we'll clear up for you okay guys listen we are we are industry

00:20:30.240 full of acronyms i say we we make this complex we make it seem complex with all these acronyms

00:20:34.640 it's not well i mean i think that it is complex enough that you can't ignore it that's the

00:20:41.200 obvious thing absolutely so you know mfa multi-factor authentication backup and the third

00:20:46.480 thing that i always say companies have is a very good antivirus right now there are various types

00:20:51.680 of antivirus there are various price points of antivirus you don't necessarily need to have

00:20:55.600 something extremely expensive today's market has evolved in a way right so these if you have these

00:21:00.000 three things majority of the cyber attacks are going to be stopped how are we not putting this

00:21:05.680 into place in multi-million dollar companies i mean we have antivirus in our own computers our

00:21:11.280 own personal computers how are we missing this at the corporate level you know we call it defense

00:21:15.600 in depth and reason i said these three there are a lot of other security controls that can be put in

00:21:20.160 but these are the non-negotiables and this is defending the user so because think about it on

00:21:24.800 a daily basis you're interacting with email you're interacting with a website you have a laptop or

00:21:29.200 a mobile phone or a tablet from which you're doing this interaction first step protect this part

00:21:34.400 protect these things that you're interacting with the open internet on things where you're getting

00:21:38.480 your email on let's protect this secondly let's protect the servers like so you know even if

00:21:43.120 there's a threat actor in the environment they can't naturally move we call it lateral movement

00:21:47.360 right they cannot move in between they might compromise you but that's okay but they have

00:21:51.120 not compromised the organization right we can get you back right and and the third with the backups

00:21:55.840 even if they get in right so again defense in depth our assumption they will find a way to get

00:22:01.840 in right it's it's a it's from from a strategy perspective we call it the assume breach model

00:22:07.840 right so we know they're going to get in so let's defend like they're already in the environment

00:22:13.760 where is all this taking place what part of the world is being uh allowing this to go on or is

00:22:18.880 it just coming from different parts of the world um it's coming from different parts of the world

00:22:24.000 obviously there are you know said countries right like iran russia north korea like when you think

00:22:29.760 about the uh axis of evil if i may call it that way right you see the majority of this group coming

00:22:35.200 out of eastern european countries right north korea is one of the most famous you know um country and

00:22:41.360 groups where there are a lot of hacking groups over there it's again it's a lot it's regimented

00:22:45.440 over there right so the sony hack back in the day if you have heard like i remember yeah that was the

00:22:49.760 one that we all started hearing about exactly and the number of times they got hacked as well right

00:22:54.000 so that was from a group called lazarus right that is i remember yeah lazarus is famously attributed

00:22:59.280 to north koreans right now having said that in canada ontario right and it's public actually

00:23:05.600 there was an arrest of a guy operating around somewhere from there right now they had affiliations

00:23:10.400 to the group so where they are located from a geopolitical perspective is irrespective right

00:23:14.800 right now like they can be anywhere but the headquarters if i'm calling that the the groups

00:23:19.660 that are calling the shots are in those parts of the world because they are sanctioned they need

00:23:23.960 ways to create revenue streams which are not legitimate right and this is one of the ways

00:23:28.520 to create that even if it's not legitimate it could certainly be legitimate business but they're

00:23:33.000 looking for ways to do it and uh so now inside that country there's suddenly a banking system

00:23:38.720 to handle the extortion money absolutely like if you try to do that in canada the banks would stop

00:23:42.700 you hopefully and say no you can't bank extortion money we don't allow that so this is happening in

00:23:48.500 countries obviously that would allow that absolutely now think about it the ones that

00:23:52.200 so the most of the ransom payments are using cryptocurrency right rip you know bitcoin anything

00:23:58.960 else right so once they are in right the next part that goes from there is how do you funnel that

00:24:04.220 digital money out into physical cash so there are money means out there right which can be anywhere

00:24:09.040 in the world there's a whole again there's a whole economy set up for that the sole job of

00:24:13.440 the money is to go convert the cash and make the cash payments through money laundering and number

00:24:17.600 of different payment methods now obviously in a north american context south asian context

00:24:22.640 there are a lot of banking regulations they are ahead in terms of banking regulations that stop a

00:24:27.200 lot of these yeah but when you go to a lot of the other countries there are not a lot of banking

00:24:31.040 regulations that will stop this right especially we talk about north korea and so on right that's

00:24:35.680 that's a whole black box for us anyways right so as the money leaves right it leaves a trail we

00:24:41.520 know which countries it passes through but right it's the jurisdiction is so high unless you know

00:24:46.400 unless a law enforcement agency is going after them right as small mom and pop shops they have

00:24:53.200 no way to trace this out got you is there a whole world of insurance now that's based on

00:24:59.200 the hack yes not now it hasn't been happening for a while now it has so what what they do is now you

00:25:05.280 You know, you have the heirs and omission,

00:25:07.920 the director's insurance, liability insurance.

00:25:09.800 They added cyber insurance, right?

00:25:12.080 So what used to happen when they first came up with these policies,

00:25:15.720 they're going to underwrite the policy

00:25:16.960 based on the company's health of cybersecurity, right?

00:25:20.360 Same thing, how we get a life insurance.

00:25:22.980 Now, what has evolved over time

00:25:25.140 is the amount of premiums that they're collecting

00:25:26.980 versus the amount they were paying out.

00:25:28.720 So what they said was, like, if you get ransomware,

00:25:31.200 given you're doing all of these things,

00:25:33.040 we are going to pay for it up to a certain dollar.

00:25:35.280 now what used to happen right there was a couple of stats couple of years back is the amount of

00:25:40.080 premium collected versus amount they were paying was extremely high so they're making actually a

00:25:44.860 loss right so the industry insurance industry what they started doing is they started raising

00:25:49.860 the bar right which is a very good practice right cyber insurance is a business you know aspect it's

00:25:55.040 not a technical software every business gets it right hopefully everybody's getting cyber insurance

00:25:59.620 as well but now insurance has made it extremely difficult for a company to get insured right so

00:26:05.020 they said you add a minimum to have this 10 to 12 controls if you have to get insured otherwise

00:26:10.080 either you'll be non-insurable or your insurance is going to be very high has that made a difference

00:26:13.680 to what kind of crime we've seen now that the insurance companies have sort of said okay you

00:26:17.740 will give you the insurance but you have to have these basics in place is that reduces i think i

00:26:22.740 think overall cyber insurance as an industry has evolved a lot and has done good for the for the

00:26:27.400 industry right they have raised that bar by saying that hey at a minimum these ebr which is that

00:26:32.000 advanced antivirus you need to have an incident response plan you need to have a tabletop which

00:26:36.800 say something happens you know what to do right those things at a minimum has to be done what

00:26:41.280 that what that has led to do and you know a lot of my clients actually come from there

00:26:45.600 is they will say that hey i'm trying to apply for cyber insurance they have given me this

00:26:49.200 10-12 requirements i have no idea interpret it can you help us get it done and you create the

00:26:53.440 strategy that backs up exactly see that seems like a very important part of the business even

00:26:57.920 more important than actually unraveling what happens for a client is helping them prevent

00:27:01.520 this yeah and go through the right steps in that way exactly so okay scare me for a minute let's

00:27:06.800 look into the future a little bit i'm sure you do this every day right now we've got a certain

00:27:11.040 amount of cyber hacking going on using a certain amount of tools yeah you introduce ai to the

00:27:16.080 discussion and suddenly the hairs what's left of it goes up on the back of my neck well actually

00:27:21.600 that's where the hair remains but uh having said that what do you envision being the the terror

00:27:28.720 points in the coming year or two yeah listen what ai has done honestly is it has increased the

00:27:35.600 velocity of these attacks right we are still going to see the similar attack patterns we are still

00:27:40.480 going to see the same techniques being used we're going to still the same bypass being used okay but

00:27:45.760 the rate at which it was going on that's going to quadruple if not more than that right because

00:27:52.480 today what ai has done with this entire thing is it has augmented human beings right i think

00:27:57.520 we are far away from the replacement theory of human beings it's always augmentation and how

00:28:01.840 what a human could do in one day they can do it in one hour right that's a great perspective

00:28:06.960 yeah same goes for the attackers right what they could achieve the kind of scans the kind of emails

00:28:11.520 you know the phishing email that you get on an email saying hey you know click on this link to

00:28:15.280 activate good idea unless it's from your it okay but check with them but uh you know when when you

00:28:22.480 go those emails think about the rate at which they could be delivered right has now will

00:28:27.520 exponentially increase right okay the rate and they will you know create an exploit so exploit

00:28:32.560 is basically a technical code when you have a vulnerability that's the technical code to exploit

00:28:36.880 that vulnerability to get in so your server is there server is exposed to the internet you are

00:28:41.440 are running a certain version of a software and that has a vulnerability to it because it's not

00:28:45.440 patched there's a certain code required to get in right that's what exploit is right the development

00:28:51.200 of exploit needs to take time now is going to be seconds right now right it can just randomize and

00:28:57.120 randomize and randomize instantaneously until exactly and anthropic actually released a people

00:29:01.440 last year which said how attackers are using claude right to generate these attacks it's a

00:29:06.480 fantastic white people before i can say share the link uh for the for the guests i'd like that yeah

00:29:12.080 so because that actually said how they're weaponizing all these experts how they're writing

00:29:17.120 clean emails right not with broken english that can actually bypass all the email security systems

00:29:22.160 right so i think the velocity is going to increase techniques are going to remain the same at the

00:29:26.000 same time if businesses go back to the basic instead of thinking on the hype and the noise

00:29:30.240 because there's a lot of noise on ai instead of focusing on the noise if they can just

00:29:34.160 going back to the basic and picks a few things i think they can survive this age

00:29:38.880 uh i really appreciate you chatting me uh through this because to be honest with you it is sort of

00:29:43.920 nebulous to people who have not had this but it sounds like it is exactly what we imagined you

00:29:49.200 arrive our system is down i can't do business my employees are all freaking out i've been the

00:29:56.720 failure in letting this happen for my clients and and my it team because i haven't given them the

00:30:02.480 the wherewithal to do this uh what do you do when you visit a company and address this for the first

00:30:09.980 time how do you guys do that yeah so on multiple fronts right so one thing like i said it's a lot

00:30:15.360 of face-to-face discussion in terms of look there is a way out and this is the plan that we're going

00:30:20.200 to face you know that we're going to execute to get you out of the situation second place

00:30:24.600 let's fix the basics let's fix where they came in from right that's a very technical conversation

00:30:29.720 and the guys you know on on the hour one they start doing that even before cyber attack how do

00:30:34.440 you what do you you go into the company you say i'm gonna try to help you avoid this kind of

00:30:39.720 extortion here's the strategy yeah how do you handle that strategy business by business or is

00:30:45.800 there a standard it is there is a standard there is something that's common across business like

00:30:50.360 no matter any business that you do you will you will have data you'll have email right so there

00:30:54.600 are standards with we are protecting it now what changes is how the business operates how the

00:30:58.920 the business makes money but what are the revenue generating function of the business right what we

00:31:03.480 say is you know for a business owner who has never seen a live cyber attack they don't know the pain

00:31:09.320 they have not gone through it they have read about it they have read about newspapers it sounds

00:31:12.760 terrible right it sounds terrible but they have not seen it in action so when you say that look

00:31:16.120 you need to spend xyz dollars and that's a cost you know cyber is again it's a line item on the

00:31:21.480 it and that's an expense right no matter how much the industry will say that cyber cyber security

00:31:26.280 can create revenue they don't there are expense at the end of it now what we say is let us transfer

00:31:31.240 this expense in terms of business risk right if you don't do this what is your actual impact and

00:31:36.760 how much exposure exposure right and that resonates a lot with business owners because

00:31:41.560 we don't want to just give you a recommendation and leave at it because they're not going to do

00:31:45.160 anything about it like i used to work with a lot of big consulting firms before we used to create

00:31:48.840 this nice fancy reports instead of sit in somebody's drawer for two years right nobody did anything

00:31:53.320 about it right nowadays you know the what i change the approach and the strategy is when i go and

00:31:57.560 talk to someone i say look this is the bare minimum you have to do this is how you can do it if you

00:32:02.440 don't do it this is your exposure right it's ultimately it's a risk appetite call right if

00:32:07.800 can you live with this risk right in your business some business actually can live that risk right

00:32:13.080 but most cannot 99.99 percent of the businesses will not live be able to live with the risk even

00:32:18.440 though the business might think differently and uh that's it we show them that value from that side

00:32:23.640 right we don't show a value from look there's the best software to defend you we say look if you

00:32:28.600 don't have this piece of software this is what might happen and this is the opportunity to cause

00:32:32.520 it like look at the example of the you know companies down with ransomware even if it's

00:32:36.280 five days and employees are not coming into the office for one or two weeks yeah that salary is

00:32:41.000 just gone right that's a huge expense on on a business absolutely and the you know prevention

00:32:49.000 element of it must be dramatically less must be dramatically less than paying that ransom of

00:32:54.840 between one and whatever millions of dollars exactly and there are plans for there are standards

00:32:59.320 there are compliances today uh canada has come up with certain regulations as well the industry

00:33:03.720 overall is trying to evolve and bring up regulations in specific sectors right so banking finances

00:33:09.080 have specific regulation when it comes to defense industry there are specific regulations that are

00:33:12.600 coming in now regulation you know without a teeth is just guidance right that's a good to have right

00:33:19.640 but we have seen a lot of regulators now change in terms of the amount of penalty you have to pay

00:33:24.120 if your data gets exposed so if you're a company if you're handling customer data and if you fail

00:33:28.440 to provide the necessary safeguard to do that tomorrow you need to pay a penalty i think that's

00:33:32.840 regulation with teeth because there's a real business impact over there people get it and

00:33:37.080 that drives them to think hey i must have cyber security if all you have to do is change code to

00:33:42.440 devastate an industry then yeah it sounds to me like you're right absolutely and that drives a

00:33:48.440 lot of discussion on cyber so you know in our books how how we get business one cyber insurance

00:33:54.040 people go to insurance people say that hey i can't i don't know what this means i need to have that

00:33:57.880 policy right help us get that policy second people having these sort of compliance requirement right

00:34:03.880 so they are operating in an industry a lot of startups today when they're doing the fintech

00:34:07.720 whole fintech startup right they can't go to a customer or sell to a bigger bank because the

00:34:11.800 bigger banker is going to say them hey you must comply to all of this before you can do business

00:34:16.200 with us what's your compliance what's your compliance how you're doing it and that's

00:34:19.400 driving a lot of this conversation so regulatory compliance although it's a pain in our business

00:34:24.680 at least is driving a lot of this conversation of hey i need to it's almost a deal a deal breaker

00:34:29.720 right if i don't have this i can't sell to a big five bank right so that's driving them to think

00:34:34.360 that's a business enabler right and i must have this cost right now if i have to do business um

00:34:42.200 let me ask you is there a different standard based on industry to industry are industries

00:34:47.880 finding their own specific uh requirements within sectors yes there is a common standard across

00:34:54.520 industries right for example if we talk about nist it's a body out of us uh it has something

00:34:59.160 called as a nist csf cyber security framework and that can be applied to any industry that you go

00:35:04.840 with okay but say for example when it comes to uh payment cards right people who are doing

00:35:10.840 transactions and processing there is some something called pci dss payment counseling

00:35:15.080 industry data security standard right so that's specific to that sector and that has very specific

00:35:21.160 requirements based on how much volume of cards you're processing right right so while the standards

00:35:26.440 have evolved there are a lot of guidance out there so in technical terms of guidance is a

00:35:30.040 good to have best practice best practice our compliance is you must be doing all of this

00:35:34.200 right so there's a lot of industry agnostic standards right but there are industry specifics

00:35:39.000 as well that has come up now the other one like which is coming up a lot in us right for the

00:35:43.320 defense industrial base or the companies who are suppliers of dod uh department of defense

00:35:48.360 that's essentially cmmc right so cmmc there's a lot of talk about cmmc overall it took a lot

00:35:53.400 of time to get that established but ultimately they tell you that hey if you are this level of

00:35:57.320 supplier if you are supplying certain type of data to the us department of defense even if you're a

00:36:02.440 vendor of a vendor you must have one all these requirements and they provide different levels

00:36:07.800 of it they provide a whole ecosystem of auditors who can come in and actually independently audit

00:36:12.680 and attest to it and they also have the readiness right so we go in as you know as assessors as

00:36:18.280 consultants saying that hey you must do all of this if you are to pass that audit right and so

00:36:22.920 you have the road map essentially and and uh you can lay them out uh for the client take them down

00:36:29.400 the road of safety as as best you can uh this is a fascinating industry and i i'm so delighted to

00:36:35.800 speak to you because there's a lot of uh like i say it's nebulous in our minds we know that it

00:36:40.200 happens we know that it could affect us personally when it happens to a company it could affect the

00:36:44.280 company that we're working for yeah but boy it really is as basic as extortion in the end isn't

00:36:50.520 exactly exactly it goes back to the basics of cyber crime you know there's a reason crime is

00:36:55.240 attached to cyber because it's a criminal gang at the end and whatever in the physical world whatever

00:37:00.120 type of techniques you use it's exactly the same way that they're aplicated online armor cyber

00:37:05.640 and i'm going to recommend people reach out if they have questions about this that i didn't ask

00:37:09.160 today uh they can put them in the comments but reach out to you directly i'll make sure that

00:37:13.240 your information is in the uh in the description but where can they find your website it's armor

00:37:19.160 cyber.io again we'll put the links and everything in the description uh you know call us anytime we

00:37:25.000 are again you know we we are based in canada but we have clients today uh in canada u.s uh latam

00:37:31.320 we do a lot of work in south america as well okay uh very interesting market very interesting

00:37:35.240 conversations just reach out for a conversation again our main aim is to educate people this is

00:37:40.840 a lot of education game essentially is uh let's do the basics like it doesn't need to be a big

00:37:46.200 spend you need to spend a lot of money just do the basics to protect yourself you just need a plan

00:37:51.320 all right we'll find out from irani adhikari i appreciate this uh armor cyber uh and as we have

00:37:58.280 more questions i have a feeling we'll tap in if you don't mind i won't hack in i'll just give you

00:38:03.560 uh an innocent i appreciate that thank you for having me thanks for having uh the time for us

00:38:07.560 today and thank you for taking the time with us uh and i'll encourage you to go to tplmedia.ca

00:38:13.000 tplmedia.ca local if you'd like to see what's going on in your neighborhood

00:38:18.840 and we'll catch you here next time thanks so much

00:38:25.880 looking for reliable and convenient personal safety products less lethal has you covered

00:38:30.280 as canada's only authorized burner distributor we provide a range of products for recreation

00:38:35.000 protection, and security. Explore our Burna launcher lineup, including the LE, SD, TCR,

00:38:40.520 and Mission 4, designed for different levels of performance and protection needs. We also offer

00:38:44.440 the Banshee Personal Safety Alarm, designed to protect children, women, and vulnerable

00:38:48.840 individuals. Because your safety is our top priority. Shop now at lesslethal.ca.

True Patriot Love - June 22, 2026

What really happens when a company gets hacked？

Episode Stats

Summary

Transcript