How often should you change your passwords? (More often than you think…) Bruce Spector of BCR Cyber educates Nestor about passwords, security, cyber threats and how to stay safe online from the annual MACo events at the Ocean City Convention Center.
Bruce Spector of BCR Cyber edu…ds, security and cyber threats
Sat, Aug 17, 2024 3:20PM • 20:55
SUMMARY KEYWORDS
passwords, cyber, cyber security, bruce, bcr, maryland, threats, cybersecurity, device, credentials, vulnerable, call, today, point, microprocessor, protect, update, van hollen, computers, wallet
SPEAKERS
Bruce Spector, Nestor Aparicio
Nestor Aparicio 00:00
Welcome home. We are wmst, Towson, Baltimore, Baltimore, positive. We are in Ocean City, Maryland. We’re here on behalf of the Maryland lottery. Friends. I’ve given us the Gold Rush seven stumblers. I’ve been giving these away. They’re giving them away on the other side. Gonna some Raven scratch offs. By next week, on Friday, we’re going to be down at fadelies in Lexington market, the cheatstrozer in town. Luke’s going to be joining me. Mark Viviano is joining me at Coco’s on the fourth of September to kick off the oyster torch. Our 26th anniversary here at wnst. All been brought to you by friends at Liberty, pure solutions, as well as Jiffy Lube MultiCare. We’re at Mako. We’re in Ocean City at the fish pal Convention Center. Give me a chance to stretch out. We’re having senators, congressmen, elected, wannabe electeds. Friends of ours stop by, and I threw out an APB last week. I said, if anybody’s down at the beach that I’ve never met that a need to meet, let me know. And Dan wrote to me and said, My father in law does this cyber security thing, and I’ve had great conversations in the past that Dave Hartman, from Hartman associates, invited us to a party up at saltwater 75 to start our party down here. I’ve had Dutch Ruppersberger on. He’s probably the first guy to ever talk about cybersecurity, and now, in a world of hacks, in a world of malware, Ransom, all of that stuff, not to mention the Chinese and the Russians who were trying to get into us, as well as anybody else trying to screw up our lives. Here in America, we walk in Bruce Spector on, he’s the Chairman of the Board of B, C, R, cyber, and he is here to teach me a little bit more about cyber security as as well. Bruce Marylander, Baltimore on, like all of the rest of I know you want to talk Orioles and ravens with me. I do important that we talk side. I think
Bruce Spector 01:42
the most it is, it is, I don’t know if it’s more important, but it’s as important. And I do appreciate nestors cousin was Luis aprico, which is probably the best shortstop the Earl’s ever had. So
Nestor Aparicio 01:52
I’m thrilled. Better than Ripken, better than him, better fielder, better field of the Ripken, better than Belanger. You think
Bruce Spector 02:00
better complete ballplayer, in my opinion.
Nestor Aparicio 02:02
Hey, show
Bruce Spector 02:03
me a better hitter.
Nestor Aparicio 02:04
I am not here to dispel any, you know, any rumors or facts about the history of my cousin’s baseball. Well, I’m a little bit of a nut because I’ve been collecting Aparicio cards. So I’m into these really esoteric, weird things I can find on eBay. So I, do appreciate my heritage a little bit, my Venezuelan area. Okay, how does one get into cyber because you look a little too old to have been nursed to it. This is all a new thing for anybody our age. And I’ll throw us in the same sort of general. You’re probably a little bit of a half generation ahead of me. So, but it’s, this is an important thing in America. It
Bruce Spector 02:39
is, and it’s a good question. And if you think about cybersecurity, it’s really part of information assurance. And we’ve been doing information assurance for many, many years, particularly in the Maryland area. You’ve got the National Security Agency, you’ve got the government, you got NIST, you got nice and you have the US intelligence community, which are very busy protecting our information. So it’s all part of that. I’m gonna myself. I’m an electrical engineer, and I worked in signal intelligence for a number of years. What is signal intelligence? So it’s the gathering of signals and information that’s out in the ether, things like a broadcast code 100 years ago, right? Well, Morse code is a communication technique, but the intelligence would be gathering the signals that have the Mars code on them. Okay,
Nestor Aparicio 03:26
sure. So this all changed with satellites, right? I mean, it
Bruce Spector 03:30
changed with communication improvements. You know, if you think about it, the computers have been around since the late 40s, and the computers have various communication schemes and distribution networks, and that makes them vulnerable to people on the outside that are not part
Nestor Aparicio 03:47
of dude. I just tried to get my orbit to work, to get me online. It needed an update. When it updated, change the name of the device, crazy. And I mean, just trying to stay ahead of just be in this room. How many, how many Wi Fi packs there are, right?
Bruce Spector 04:01
And it’s only going to get it’s only going to get more and more challenging for our society. And if I
Nestor Aparicio 04:07
happen to have my credit card in here, I mean, I’m afraid of it. Bruce, can I be can as a 55 I’m not. I’m not nervous to it, but I don’t use my phone as an Apple Pay. My wife does that with like certain apps and stuff and paying I’m trying to use QR codes better and stuff like that, but I am always with all the hacks on Facebook and all that stuff. I try to participate less in things I don’t need to participate in so as to not be vulnerable.
Bruce Spector 04:36
So the best way to treat that is to understand it. The more you understand, the less afraid you’ll be of what cyber is, if you think about it, information technology and cybersecurity, which is a subset of information technology, is very, very beneficial to our society. Computers and information technology make us more productive. So that’s the only. In
Nestor Aparicio 05:00
ways, I mean, from using Google Maps to get places Fauci just it’s changed our lives, and
Bruce Spector 05:05
it’s probably the most the best thing that could be said about information technology is that it makes us more productive. But that’s the Ying. There’s a Yang. And the Yang is that you to get, if you have information technology, you’re going to introduce processors. Processors introduce a tremendous amount of benefit to productivity, but it also opens the dark side, which allows other people to get in vulnerability here, a vulnerability, and you need to, we need to be cognizant of that and make sure that we defend for it, and that’s what Cyber Security does. All
Nestor Aparicio 05:35
right, so at heart, c, b, r, cyber BCR, BC. I’m not dyslexic. I just acted on the radio BCR cyber. How long, how old is this company? So how? I mean, when did cyber security really sort of, so again, by probably when you’ve got mail, right? Well, no, no,
Bruce Spector 05:53
I think, I think cyber security became really prominent, probably with the advent of the internet, you know, in the late 70s, early 80s, because now you’ve got district distributed networks, and you got people on the outside trying to get in, and you there’s now all the devices we have are considered endpoints. And when you have an end point that obviously allows a bad guy to get in. So, you know, if your phone is on the edge of a network, but that’s an entry point, so we call that an end point. But that said, the cyber issues today are easily treatable. About 90 to 90 to 95% of the threats we have out there are known threats. There are people who have already done it. It’s just a matter of you not being aware of how to protect yourself. There’s databases out there that identify almost every threat known. We currently have somewhere around 10,000 known threats. Very few of these, very few threats are not known. They’re called Zero Day. So if you have the right patches and you have the right software, it’s very easy to protect yourself. It’s the people that don’t have those softwares and don’t have those protections that leave themselves vulnerable.
Nestor Aparicio 07:08
What? What would you say? Because I remember all the McAfee this and protect, you know? And there were scams galore in that space as well, just for a regular person, like in using your phone as a wallet, right? Like it’s just something I don’t do. I am freaky about sending passwords on email, ever using them in any of my ways. But then bank numbers and bank cards and credit cards, especially just the amount of fraud that’s happening out online that used to take a gun and a mask back in 100 years, it
Bruce Spector 07:41
becomes a cyber crime. You have a point. And I think the best thing you can do in that regard is understand your security profile. And what I mean by that is who would be targeting you. In other words, you’re if you’re an individual and you have a credit card, it’s probably unlikely that you’re going to be a target. There may be some general phishing scam that, if you’re not aware of that may make yourself more vulnerable, but they’re probably not going to be looking at that. But I
Nestor Aparicio 08:06
want to hear about data breaches and stuff, okay, so that you know that when I hear data breach, I’m like, Oh boy, here we go.
Bruce Spector 08:12
I think the when you talk about data breaches, I think the best analogy in my mind is that some people don’t or some people don’t see fire. Don’t see the light until their feet are on fire, and then when they’ve had the data breach, they realize there’s things they could have done to prevent that, things like an absolute minimum, making sure that your software is up to date. 99% of all software updates are patches about known threats that your manufacturer or the person that provide you that device is doing? So I would certainly make sure that
Nestor Aparicio 08:47
always update the software, oh,
Bruce Spector 08:49
as soon as possible, as soon as possible, because I often
Nestor Aparicio 08:52
wonder when the software is up like, Oh, they’re making new stuff. They’re making new widgets I don’t want to use. You’re telling me, No, they’re making it safer.
Bruce Spector 08:59
They are, that there’s a reason why they’re putting it out. You just
Nestor Aparicio 09:03
taught me that’s the reason you sure gift Bruce to being here, is that every because I just had a software update literally to this device while I was sitting here eating fried chicken, in the 10 minutes you went away trying to program the radio station. And I need in order to program the radio station from Ocean City, Maryland, I have a I have the ability to do that. 20 years ago was unbelievable. I’ve owned the station 26 years. If you would have told me in 1998 that I could be sitting here on a device operating, getting this piece on the air, live, tape, whatever you but it takes Wi Fi and it takes a software update to this device 10 minutes ago that restricted me well. And I thought, what are they update? It’s fine. It was working. Why are they updating? You’re telling me
Bruce Spector 09:44
security. 99% of the time there are some. Again, there’s constantly new threats coming out. One of the things that people don’t realize that they probably should think about, not regularly, but at least be cognizant of, there are. Are many, many things today that have a microprocessor in them that did not have them in the past. And the microprocessor, what is, what effectively automates your system. It might. What makes your system computerized
Nestor Aparicio 10:10
is that the vulnerability in it, that’s the that’s the access
Bruce Spector 10:14
to the vulnerability that allows access. It’s a ying and a yang. That microprocessor makes you more productive. It makes you It automates your system. It eliminates human error, but it also opens a window. It opens a window to bad guys getting in and taking control your system and things that have microprocessors today never had them. Your home thermostat never had a microprocessor. Today it does. Your car never had a microprocessor today it does, and it makes it hijackable. To some degree. It makes it vulnerable. It makes it I wouldn’t say hijackable is kind of a extreme way of saying it penetrated. It can. So we need to make sure, as society, we look at ways to protect that. One of the ways we do that is, at a minimum, is updating the operating systems to at least treat the threats that we know exist. And that’s one of the reasons why it’s so important to make sure you update what your operating systems and
Nestor Aparicio 11:04
your this is heavy stuff, but it’s simple to some degree, because we all have these devices. We’re all our age, have a little intimidation level at some point to something about it, you know, we never feel like we’ve mastered it, because it’s like Roddy Piper, once you’ve mastered it, they change the software, they change the you you know. And then you have to learn, rethink. And then there’s just passwords in general. I Bruce. I’m from Dundalk. I’m the village idiot here, by the way, Bruce specter here, BCR cyber, not CBR cyber. What? What do I I don’t want to be too forward about passwords on the air, but first of all,
Bruce Spector 11:38
I want to say the change. I have a number of friends in Dundalk, and they’re very, very bright guys, so I’m not gonna,
Nestor Aparicio 11:44
I want to. I want to meet him, no, but I guess I My point is to ask the dumb questions. But like the password thing, when you have passwords and there’s vulnerabilities and there’s been a breach of this or that, how often do you update passwords and and my thing with passwords is, you don’t want one for all of them, right? I have 25 different ones. Some are variations, and have to figure out, is that uppercase? Is that lowercase? Did I do that with a one in front? Did I do that with a pound with it? So,
Bruce Spector 12:11
so a password is their credential, and a credentials are necessary to get into your system. I want to tell you that the American cybersecurity Institute has done studies, and some were to be 90 to 95% unknown threats are because of not protecting your credentials. Wow.
Nestor Aparicio 12:26
And so you want me to change this more often? You at
Bruce Spector 12:30
a minimum, you should be doing it monthly. At a minimum, all of your passwords should be changed. I know it’s challenging, but they credentials are the reason you’re asking me to do something every month. I want to give you an example of a credential compromise that caused us all problems. Do you all remember the Colonial Pipeline incident about a year ago? I remember hearing about it, and we we basically had gas lines shut down because the the bad guys have put firmware or malware into colonial colonial pipelines network to shut it down for denial of service, the whole reason they were able to access is they were able to access someone’s live credentials. It wasn’t a phishing expedition. It wasn’t a Ghost Protocol. They just were able to access someone’s credentials and got in and introduced the bad stuff, the malware. In this case, it was ransomware. So it’s very, very important that you maintain good security on who has access, and you do not want people looking over your shoulder seeing your password or somehow seeing it broadcast and some protocol that’s watching what you’re doing. So it’s very, very important you change your passwords on a regular basis.
Nestor Aparicio 13:37
That’s heavy for me, because I’m just into so many, every Instagram, everything, every bank, every you know, all that stuff. It’s every every email account, every website. It’s what
Bruce Spector 13:47
the hacker one, one hacker approach is what is called Password fuzzing. And what they do is they bombard your network with a number of passwords. And eventually, if may, they may play games with your birth date, or they may play games with your kids names and things like that, but they bombard it to the point where, never use your birthday, never use anything that associates with yourself, ever, ever make it as random as possible. That’s why, when you see the choices to have passwords, you see the strong passwords or passwords that make no sense. That’s the ones that are best.
Nestor Aparicio 14:14
But there’s no one you can’t remember. What about the change? Do you trust that? Because I always get the, you know, make your password one RV uppercase, and they’re like, I can’t remember. I can barely remember the ones I’ve tried to institute. Did I make up for myself? So I’ve got 75 passwords across my maybe more across things that I’m I’m talking like airlines,
Bruce Spector 14:41
baps, just different things. So you can store your passwords in a secure wallet, or you can secure it in some area. What makes it a secure wallet? Bruce, well, you there’s applications that you can purchase that have secure. Apple wallet is secure. They’ve done a lot of they put a lot of money into making sure that it’s relatively secure and not pass. Interval. So recommend that I use Apple wallet. I do recommend it. Apple wallets. Very safe. Very safe.
Nestor Aparicio 15:06
What else would you recommend in that way that I would look at and say, you know, things that you use on your phone as an old fart like me, that I don’t know about that, like, this is a good this apple wallet. My wife uses it. I’m scared to death. Well,
Bruce Spector 15:20
I do up all and then I do things like I actually write them down in a notebook, and I have a notebook in my Okay, that’s so you don’t put it on, okay, all right. Now there’s that, there’s a vulnerability, that if someone has access to your desk, they’re going to see that. But it’s a very few people go into my home and actually see that. So I keep it at my home, in my in a desk drawer. But I do keep them. I do keep my password store. How many
Nestor Aparicio 15:40
passwords do you have to have in your life? 20, 3040, nobody’s got five anymore. No.
Bruce Spector 15:44
Nobody need more than one. There’s no question. Oh, my God, not just
Nestor Aparicio 15:48
more than one password, but you’re recommending a different password across every space.
Bruce Spector 15:52
I would not use the same password regularly. I would not recommend that, okay? Because if that way, if you’re if you’re compromised, you’ve compromised across the board.
Nestor Aparicio 16:00
Well, that’s what my concern is. That’s why I have so many different ones. The other the
Bruce Spector 16:04
other issue too, is multi factor authentication. That is a big, big edge these bad guys. If you have the option to have multi factor always, always choose that option that does help your security immensely. Well,
Nestor Aparicio 16:15
everything I do with Google, I wind up getting a six digit code or, I mean, even when you want to buy a ticket on Ticketmaster, they they send you a code to make sure you’re you highly recommend that. Highly recommend, and don’t be offended by that. No, it’s worth the extra step, believe me, from a security perspective, it’s
Bruce Spector 16:30
definitely worth
Nestor Aparicio 16:30
the time. Respecters, here he is. BCR side, I knew I would get some helpful hints out of you at top line for everybody out there. And what you do as a Maryland local company. Your son in law was proud of your work. But what do people what do the regular people need to know about your company? So
Bruce Spector 16:48
what we do is we are actively involved in workforce development there. In Maryland alone, there are 30,000 unfilled cyber positions. These are not jobs that need to be created. These are jobs that need to be filled, and we don’t have qualified people to do them, so we make a great effort to do that. We have what’s called a cyber range. We actually took a trip to Israel about six years ago. They did something very clever. They captured the threats that are out there, cyber threats. They created what they call an attack generator. They run those attacks on a network simulation, and they teach their people how to detect and mitigate that, we brought that system to Baltimore, and we trained unemployed and underemployed people that want to get into cyber and it on those systems. We’ve currently placed about 2000 people in those jobs over last six years. Is this a stem job? Yes, certainly stem job. It’s certainly part of step I
Nestor Aparicio 17:37
would, I would be under qualified. This is, this is a specific I mean, that’s why this Reopenings, right? It’s,
Bruce Spector 17:41
it’s, it’s a cyber security itself is a subset of IT, information technology, very much like a cardiologist needs to be a doctor. You really need to understand it before you do cyber security. So from that perspective, I think you would certainly qualify under stem
Nestor Aparicio 17:57
characteristics. Well, I mean, and I guess for young people, the if you have a child in that space or teenager to say, this is, this is not going away, you know, it’s like, it’s like medicine, like, 10 years from now, there will be jobs in this space, because you’re never going to solve this problem, right? You’re really not International. And
Bruce Spector 18:15
it’s only going to get worse. We have world peace, well, with hopefully we’ll get that. But But with the advent of artificial intelligence and newer techniques, it’s going to be very difficult to keep creating cybersecurity that’s safe, so it’s going to be very challenging and very rewarding for as a career over the next 3040, 50.
Nestor Aparicio 18:32
So that’s really your message, that if you had a grandchild right now, you’d say, but you know, this is a good career
Bruce Spector 18:38
if you have it’s, certainly, it’s more than just a living. It’s a it’s, it’s an avocation as well as a vocation. If you like computers, you like computer technology, and you find it interesting, which most of the younger generation does today. They love working with their on social media, and they like working with their phones and like working with their computers. This is a phenomenal career that you could go into. It’d be very, very rewarding, very, very challenging and also very lucrative. Well,
Nestor Aparicio 19:03
this has been rewarding. Thanks for your time. Did I get everything in, Bruce?
Bruce Spector 19:07
Did I get everything you did keep up the good workers or Ravens. For me, you got anything I just, you know, listen, nobody, nobody’s a bigger oral fan or Raven fans than I am. So goos, all right. There
Nestor Aparicio 19:17
he is. Perspective. It is a BCR, we get it, right? BCR, cyber, these are the things that Mako is amazing. People say, what’s down at Mako? It’s people who own businesses in the state, doing business with the state, keeping us safer, making the roads run better. I mean, just every single part of it stand here where we’re gonna have Senator Cardin join us. We’re also gonna have Senator Van Hollen, all the folks that stop
Bruce Spector 19:38
by. Incidentally, Senator Van Hollen and Senator Cardin just awarded the Maryland Association of Community Colleges the $2 million earmark specifically to put cyber ranges in the community colleges. They’re doing a wonderful job.
Nestor Aparicio 19:51
CCBC, we didn’t call it that, then we call it a community college
Bruce Spector 19:54
the range that I talked about. BCC. C, n, C, C, B, C, wall. Get one. We’ll get Dr Curtis on here. And that’s, and that’s, and that’s due to Senator Van Hollen and Senator Corden’s earmark so we thank them very much, and we’re greatly, greatly appreciative of that. You
Nestor Aparicio 20:11
know what? I’ll bring it up in a conversation with us to have them on. We got football baseball all weekend. Luke is doing his thing. The Maryland lottery has us on the road with the gold rush, seven doublers about to get the Raven scratch offs next week as well. We’re going to be down at fadelies on Friday for the cheatstros. We’re going to be on the fourth at Cocos. Mark Viviano will be joining us at Cocos on the fourth kickoff, the 26th year of our radio station. And we’re going to do 26 oysters in 26 days, 26 ways across the bay. How many A’s Can I rhyme? Yeah, it all ends with an A. Today is another day. We’re in Ocean City. Two more days at ocmd. Back for more. We are wnst am 1570 TAs in Baltimore. We never stop talking Baltimore positive. You.