Join Chris Pierson, Founder and CEO of BlackCloak, and hosts Sean Martin and Marco Ciappelli, as they discuss the pressing issues of personal privacy and digital security for high-profile individuals. Topics such as combating deep fakes, phishing, and business email compromise provide listeners with practical strategies to protect their digital lives against evolving cyber threats.
In this Brand Story episode of On Location, hosts Sean Martin and Marco Ciappelli sit down with Chris Pierson, Founder and CEO of BlackCloak, a digital executive protection company. Throughout their conversation, they explore the intersection of personal privacy, digital security, and the unique challenges faced by high-profile individuals in protecting their digital lives. Chris Pierson discusses the importance of proactive measures in digital security, emphasizing the need for executives and public figures to safeguard their personal information just as rigorously as their corporate data.
The dialogue covers various critical topics, including the rising threats of deep fakes and the implications for personal and professional security. Pierson explains how these convincing digital forgeries can be used maliciously and provides strategies to identify and combat them. Additionally, the conversation delves into common cyber threats like phishing and business email compromise, with Pierson detailing practical strategies for mitigating these risks.
Pierson also highlights the evolving landscape of privacy threats and the role of education in empowering individuals to take control of their digital presence. He shares insights on balancing security with usability, pointing out the vulnerabilities that can be overlooked by even the most tech-savvy individuals. Reflecting on his experience building BlackCloak, Pierson discusses key lessons learned while developing solutions tailored to the needs of high-net-worth and high-profile clients.
The episode underscores the criticality of a tailored approach to digital security, addressing both technical defenses and user behaviors. Listeners are encouraged to think about their own digital habits and consider how they can better protect their personal information in an increasingly interconnected world.
Learn more about BlackCloak:https://itspm.ag/itspbcweb
Note: This story contains promotional content. Learn more.
Guest: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]
On Linkedin | https://www.linkedin.com/in/drchristopherpierson/
On Twitter | https://twitter.com/drchrispierson
Resources
Learn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloak
View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
From Deep Fakes to Phishing: Protecting High-Profile Digital Lives and Safeguarding Personal Privacy | A Brand Story Conversation From Black Hat USA 2024 | A BlackCloak Story with Chris Pierson | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] All right. Look at that. Get your, uh, get your wires straight there, man.
Marco Ciappelli: I'm all wired. I'm like the magazine. I'm all wired. All right. Yes. I'm wired. I'm, I'm wired now.
Sean Martin: Look at that.
Marco Ciappelli: So
Sean Martin: here we are. Here we are. I know.
Marco Ciappelli: You forced me on a,
Sean Martin: I forced you to join me
Marco Ciappelli: on a conversation. It must be special.
Sean Martin: All myself.
And this is one that. That, uh, you can partake in. It's a really good conversation always with my good friend Chris.
Marco Ciappelli: I know. I was playing with him and, uh, meet me on the second floor. Meet me downstairs.
Sean Martin: Go to the black house. I know. Not that black house. Wait, wait, wait. I'll come there.
Marco Ciappelli: No. Um, I was trying to trick him.
I heard that's a new thing. Trick people.
Chris Pierson: Socially engineering. I like it.
Marco Ciappelli: Yeah, Chris, always great to see you.
Chris Pierson: It's good to see you both.
Marco Ciappelli: I was remembering the other day [00:01:00] how long back we go. I think RSA conference, I don't even know what.
Chris Pierson: I think we were on cassette recorders, right? Yeah, we had tape. I had a pencil.
Marco Ciappelli: I had a pencil to rewind it. Now the new generation is like, what are they talking about?
A
pencil and a tape? Oh my gosh.
Sean Martin: It was VHS and I got fined for not rewinding it.
Chris Pierson: You get a be kind rewind. Do you remember that?
Sean Martin: Exactly. I'll see if you remember to return it in the first place.
Chris Pierson: When you get hit by those fees that were just compounding, it's like you buy five movies for the price
of that one.
Sean Martin: That's right, I hate to see my Blockbuster account.
Marco Ciappelli: Yeah, I still try to return Netflix when after I watch it, it's like, and now what do I do with this? Oh yeah, it's mine. No, uh, I'm excited to chat with you because you always give us all this very happy news about how we all live happily in this society and we don't have to worry about anything.
Chris Pierson: Nah, everything's bliss. [00:02:00] It's just, you know, it's peachy peachy game. That's right. Yeah
Marco Ciappelli: Well, let's start with we are in las vegas at black hat. We are Long day. This is our last conversation for the day and
Sean Martin: last recording for the day, but, uh, best for last, maybe. I like it. I like it.
Marco Ciappelli: Chilling and relaxing, sitting on a chair.
We're missing a, you know, a drink, but that's okay.
Sean Martin: We need an ice and an umbrella. We definitely go find one of those apples. We'll definitely find one. I think they might serve a couple of those here.
Marco Ciappelli: If you wait long enough, I think so. Um, I think if people have been listening to, uh, ITSP magazine, I hope they did.
Uh, they must have heard, uh, Chris Pearson with, uh, Black Cloak. So for those like three, four people in the world that don't know who you are, who is Chris?
Chris Pierson: Yeah. No. So, uh, so I'm the CEO founder of Black Cloak. We get a great, I mean, great company, great team, and, uh, really love the mission of what we're doing.
[00:03:00] Um, our, our overall mission is. You know, we protect digital lives, you know, a little bit of a dot, dot, dot for corporate executives, their families, the C suite board, as well as just really, really highly exposed persons. Uh, you know, those people are consistently targeted in their personal lives. You know, the, the 50 person C suite team of a fortune 50 company of a fortune 100 company, uh, right.
They're protected on the inside four walls of the company by the CISO, by the CSO. But, you know, they, their husband, wife, kids, significant other, and their personal lives, they have the same risks. Um, they're massively targeted by both cyber criminals and intelligence organizations. And as a result, they're, they're a really juicy target, and a problem there could go ahead and cause a problem back at the company.
Could cause material cyber risk back at a company. If you take those individuals offline or extort them or ransom them, And so Black Cloak is all about [00:04:00] digital executive protection. That's what we do, and that's what we partner with, CSOs.
Sean Martin: And clearly, well I mean not clearly, I think the, the, the executives and their family, the executives want their families to be safe, right?
Regardless, of course they don't want, they don't want it to bleed back into the business as well. But how have executives responded to the, the work you're doing? I mean, there's, I don't know, probably a few different style or scenarios where we know we need something. Chris comes in, we're all good, or we know we need something because something happened.
Chris comes in and helps clean it up. Um, or Chris has been helping us, but now we, we see there are new, new situations arising. Chris is going to help us understand that new world of, I don't know. You said Chris like he's the only one. I was about to say that Chris [00:05:00] guy is darn busy. Chris guy is darn busy.
You know what I mean. The broader Chris, aka Black Cloak. Things change all the time. Oh, but that's what's really cool about it.
Chris Pierson: You know, proactively, yeah, Black Cloak will be there. We'll go ahead and mitigate those risks, take care of those things on the front end. We'll be there in the incident response.
You know, sometimes it's hellish situations where the company has been hacked, and they actually have the information on the executives and are directly targeting them. Sometimes they're incident response teams too. We've dealt with a few of those. And so we'll protect them in their personal lives. Full blown incident response on the personal side.
And then there are others where it's a, hey, you know, all is well and good and everything's moving along nicely, but then X, Y, and Z incident happens. And it could be, uh, the corporate iteration has a riff of, you know, 500 people and all of a sudden there becomes a massive attention on the people that are at the top.
Or, you know, you increase drug prices 400%, and all of a sudden, once again, massive, [00:06:00] massive, uh, concentration of risks targeted on them. Um, and in changing economies, global world issues, um, Olympics has caused some issues for people that are there. Obviously elections, you know, we never talk politics, but when you have elections and election cycles, those are some of the folks that we protect too.
And so there's a lot of different influences there. I mean, these are all compounding effects that, that happen over time. And even things that you can't control, like a, like a bridge, an AT& T bridge. Well, that is an impact because I don't know what the stats are. 40 percent of America has AT& T mobile phones, whatever it might be.
You know, those are items and incidents that can cause massive spikes of risk that need to be mitigated because they could impact. And so, you know, we'd love to be there at any part of the journey. Obviously, proactively is always the best. Nice, calm, cool situation, able to show improved value and worth.
The concierge gets built in there and you get the relationship. But I mean, if things are, if things are going bad and people need to come in with fire extinguishers and just get you out and save the day and stuff like [00:07:00] that, we will partner with the CSO, the CSO to go ahead and get that done. And, um, and those can be exciting too, because it's, uh, you know, instantaneous identification of reward and value.
Um, and, and our team is so mission driven. So mission driven it's, you know, but, but anytime that we can help, uh, it's really what we're driven to.
Marco Ciappelli: Yeah. I always liked the concept from the beginning that you share with us. And I particularly like the concierge concept because you're, you're, you're dealing with their personal life.
You're not in the office. I say, don't do that now. You can't touch that computer. No, you can't open that software. It's a completely different story. But when you started this, I think the landscape. I'm not going to say it was easy, otherwise you wouldn't do this business, but now it seems a few years in the game, you have so much more complex, I don't know.
I mean, like every time we talk about it, [00:08:00] there is something new
and
I know you want to talk about something.
Chris Pierson: Yeah,
Marco Ciappelli: kind of like on the edge.
Chris Pierson: Yeah. Yeah. I mean what's what's interesting is I mean, look, you know There's there's always gonna be a cyber arms race out there in terms of cyber criminals that are looking for financial gain I mean, you know in 2000 there was no real great way to go ahead and receive payment People were doing Western Union and drops and stuff like that and you know now with cryptocurrency all the rest the ability to have that money transferred as Enabled a whole different rise of different types of cybercrime Are different modes of cybercrime and we're seeing the same thing.
I mean, 20, you know, six years ago, it's been six years. I mean, uh, uh, six years ago, you know, deep fakes, uh, as a topic. I mean, when you, you know, you got those funny clips of, you know, Tom Cruise being superimposed over, you know, I don't know, Brad Pitt's face. And, you know, Ocean's 11 or something. It's like, okay, you can kind of like see this.
Something's there and a little trickery, but it was a, you know, 32nd clip or something, some funny thing. But. You know, it was a team of [00:09:00] engineers, you know, run on 300 super computers behind the scenes that worked for six months, just to prove that the technology was there and that you could do light and the shading and all the rest of it's like super amazing stuff.
We've all watched it here. We're all snickering. We all can remember different ones, but it's like, you know, right now, you had three seconds, five seconds of video input. You know, a few good high res face shots, which by the way, all the executives have and the board members have, 'cause they're all right on the website for the companies.
Download the Deepfake toolkit number one right here on the website.
Sean Martin: On CNBC or something.
Chris Pierson: Yeah, that'd be on tv.
Sean Martin: Doing the, doing their pro the quarterly profit. Uh oh.
Chris Pierson: Yeah. You have the have all, and you have the, that video file, you have that audio file, you know the things there. And what's amazing is that with the technology now, a little bit of that, I mean you don't even need a real computer, you can do this with just a keyboard and a monitor so to speak, um, you're able to upload those items, create that full, right, one minute, three minute [00:10:00] video audio file and what we have now seen.
Um, and there've been multiple stories that are out there, but we're now seeing the deep fakes reach, right? Absolutely. Reach those three kinds of key executives, the CEO, the general counsel, and the CFO are kind of the folks that at the company, people listen to, Hey, the CFO needs X, Y, and Z money to go out, or else it's your, your rear end, we got to get this deal done.
You weren't just bringing you in right now, Marco, because you're the guy and we're depending on you and let's go ahead and get that done. And with the right audio file, with the right video file, we're able to make that go in a way that actually makes the person believe that they're talking to that real person.
And so we see the, we're seeing the direct targeting of those individuals, of those key individuals. And once again, it's like, you know, Mark or Sean, you say on the, um, uh, audio file, you know, everyone that's publicly traded company that has an, you [00:11:00] know, public earnings report and all the rest. These are high quality audio files.
You've got great audio feeds there. Then they're showing up later on, on CNBC and market watch and all the rest. And it's like, you get, you know, more great voice and, and, and digital, uh, video, um, it creates a perfect swarm by which you can go ahead and find who are the newbie, who are the new, new, new people at the company, who's someone here who saw the comptroller deputy comptroller or whatever, and you're able to morph into a, Hey, we want to, you know, I need something when I get on that real time, Real time, uh, uh, you know, a zoom call with you, but, but we have to be really careful, right?
We can't chase the technology, right? There's a little bit of, oh, well, we should be watermarking every single deepfake that happens. Well, that's not going to happen because cyber criminals are going to pay by those rules. So there's an issue there. Well, we're just going to go ahead and protect all the, for example, teams or zoom calls.
Well, that's great, but cyber criminals aren't going to go on and play by the rules there. You go ahead and you have a solution that integrates with X, Y, and Z. [00:12:00] I'm just going to call you on your desk phone. I'm going to call you on your cell phone. I'm going to FaceTime with you. I'm going to go ahead and use some embedded app and reach out to you some other way in some other mechanism.
You can't control the medium of how these attacks are going to happen. And that's what we're seeing. What's cool is, yes, there will be attacks that happen on the official corporate, you know, issued mode of communication. But smart attackers are going to say, we don't have to play by your rules, right? You built the mode over here and you put the alligators in it.
That's wonderful. Like it looks super scary. We're probably going to get our legs bitten off and die, but we're going to go this way because every single time you tell us we must go that way and we built a control and we bought a control that way. I'm not going that way. I'm going to go around you. And I'm going to wait for you to go out to the coffee shop.
Yeah. Well, but yeah, but I mean, it's, it's, it's funny as right now we're seeing people chase the. Well, let's lock down this mechanism, this mechanism, this mechanism. But there are 20 other mechanisms that are [00:13:00] wide open and that ability to verify that the individuals who they say they are is, is kind of fleeting.
Um, but, um, you know, look, we're seeing the attacks happen. We're seeing them happen in the personal lives, especially the extortion and ransom ones there are, are, are getting more complicated and they're opportunistic. Um, but the financial transfer one is huge. I mean, those are instantaneous money. Um, And if the person doesn't know enough and time passes by, the, uh, the, the recovery assets team, the RAT team, uh, for the FBI Security Service on RAT, right, it's harder for them to go ahead and put that full wire stop on the transfer of items.
Um, it's, it's popping. Um, it is popping. It's becoming a really, really interesting attack surface. And the CSO are the ones that are going to be asked. They might not be the ones that it's like, well, you should protect from all of this. They're the ones that should be thinking about it. They're the ones that should be talking about it.
They're the ones that should be. You know, offering advice and guidance and making sure that they know what is possible and what isn't possible within the, within the realm of the universe right now. But, um, [00:14:00] we're seeing it a lot more. Um, we're seeing a lot more. Um, and you can't just, you know, we talk about executives, executives and their families and their families.
If the husband of the CEO, you know, she's well trained, she's well, this, she knows the different tactics and listens and appointments. The husband's in a different sector, maybe not even working or whatever, stuff like that. They don't know. It's still a lens in, it's still an open door into the home. And you take that husband offline.
You are absolutely taking the wife, the CEO offline. It's going to impact the company. It's going to impact the family. It's going to impact that executive.
Marco Ciappelli: No, you get the kids or, you know, you're like, you brought the example of the castle. Like, well, I'm going to target, um, the people that work inside the company.
I mean, you go back to technique that we've been using forever, which since society exists, there's been social [00:15:00] engineering in a way or another. And it's just that now it's getting very complicated, very complex. And uh, there was another, uh, one that you say is pretty hot now, which is the SIM swap. Tell me about that.
If you're phone, it's like your life nowadays.
Chris Pierson: It's, it's one of those perplexing items. Um, you know, look, uh, can you, can you describe it quickly for folks? Yeah. So, so, you know, every single phone, uh, you know, you, you, you know, Motorola phone and Apple phone, HTC phone, whatever, right. You have that actual phone and device and it differs by carrier, your AT& T, Verizon, T Mobile, Sprint, et cetera.
Um, and you're right. Some have physical SIM cards, which actually allows for the numerical identification uniquely of that phone and the service, uh, uh, the, um, the cellular service. Um, some have the eSIM card, which is, you know, kind of hard, hardwired on the actual device. And many have both, [00:16:00] uh, which is kind of cool because you can actually have dual mechanisms.
You can have like a separate private number on, on the device and kind of have that, uh, that context switching. But, um, you know, there are two things that cyber criminals love to do. Number one is change your phone from one carrier to another carrier. That's called porting your phone. I no longer want to be on carrier A, I'm going to port it to carrier B.
When they port a phone to another carrier, they can then go ahead and kind of take over the communications that are coming through that phone. Think about dual factor authentication via SMS. It's going to be the biggest exposure. Or potentially, you know, You know, getting access into other items that are on that device or text messages and stuff like that.
Whether it's embarrassment, reputation risk, all the rest. Sim swapping allows you to actually add on and change where those communications go. So, I might get it on my phone, but now I'm also, the bad guy is able to get it on their phone. So I can get that dual factor authentication through SMS on that phone.
Um, and it just [00:17:00] creates a really problem area. The And in that case, you don't know. In many, in many cases, you don't know now, you know, phone, the carriers are getting a little bit better of, Hey, we noticed a change in your account. Hey, we noticed this, but there's still going to be an end plus one time of like, is that today you notice I'm a busy executive.
I don't hurry. I'm not paying attention to this. It's like, so tomorrow I recognize that the next day I recognize it, you know, that there are problems and issues there. Um, uh, but, um, and it's one of those things where there's almost always, almost always some type of lag. And. You know, the phone carriers, I mean, probably two, three years ago, three years ago, they really started with, okay, well, you can lock down the phone from being ported.
So, okay, check that box. You can lock down the SIM card from being swapped. Yep. Okay. We can put in a magic pin. But it doesn't apply when you actually have insiders within an organization that is, you know, lured by cybercriminals of, hey, 5, 000 for access into break. Cause if you're gonna net 000, you're gonna net, you know, if you target key [00:18:00] people.
It could be the way into the organization. Um, could be the way absolutely into the organization. And so, they're actually paying money and recruiting for it's kind of like, you know, digital mules, so to speak, within the carrier landscape. It's scary because you depend upon your phone and knowing that its communications are safe.
More so that you're like, isn't even your communications like app communication, email communication, but just the fact of The electronic communication of your phone to the cell tower, to the carrier, is yours and yours alone. And it's not cloned, and it's not right against some other network that you don't have control over.
And it's kind of just fundamental as a communication overall. I mean, most people don't have home phones anymore. The phone, the cell phone is your lifeblood. Um, it's absolutely your lifeblood. But we're seeing, uh, we're seeing a really big uptick in this. Really big uptick. And this is one that, uh, This is one that unfortunately, right, it's got to be solved by the community, by the, by the carriers and others working in collaboration with them.
But it's really a bigger, bigger problem.
Marco Ciappelli: [00:19:00] So question. I mean, you've worked with celebrities, C level, CEO, I mean, people that are target because the getting to that, it's a lot of money. So it's kind of like a, the intelligence, that could be an investment for someone to do it. So someone that is listening, probably the majority of people listening right now may be like, I'm not that person, but technology could affect that as well.
Chris Pierson: It absolutely, absolutely could affect them. And here's the interesting thing is that, look, there are 4. 8 million high net worth, ultra high net worth people in the U. S. There's 5 million and above as far as defined. Um, let's just say that somebody has 200, 000 in the, right. Um, for a cyber criminal not living in the U.
S. That is a gold mine. It's retirement. You know, that is a gold mine. I don't know what the, what the, what the rate would be in, you [00:20:00] know, but it's like 5, 000 of money stolen here. 5, 000 of USD, right, is worth, you know, same equivalent of what we would maybe picture as 200, 000 or 500, 000 or, you know, whatever it is in terms of that person's ability to change their livelihood.
But then secondarily, you know, the 5, times 100, 000 is a really, really big number. And so it doesn't have to be just a target of, oh my gosh, this has to be targeted at, you know, kind of like the Elon Musks of the world. People that are on the Forbes billionaire list. It's not exclusive to that. Any latch in could give someone a edge, both in terms of, you know, financial, but also back into the company because for many people, they're right there.
They're using some type of, some type of dual factor. And some companies are on SMS for some different, right. At least they have dual factor, but small business and stuff like that. Some of them are not, right. They're not on authenticators. They're not in UB keys, they're on others.[00:21:00]
Sean Martin: What if the executive probably has more than 200 grand, but I dunno, a few, couple million, few million, 10, 20, 30, whatever. Yeah, some millions number of money, but the company has much, much more. Mm-Hmm, . So are you seeing. Some of these attacks where they're not just after the individual's money, but they're thinking that the individual leveraged the company to help resolve it.
Chris Pierson: We see, we see both. We see both. The interesting thing is that in the personal, you know, if you're attacking someone who is, you know, the You know, CFO for Acme Widget Corporation, and they've been in the news. They had a good, you know, M& A or something pop up and all the rest are expanding offices, hiring a hundred people, you know, that's paid attention to, they know what they have money in.
So those executives are going to make money and they'll target them. And remember, there are no policies and no procedures in their personal life. There's no controls really in their personal [00:22:00] life. It's a pretty, pretty thin veil to peers. Um, and you get through on the corporate side, right? That's where the payoff comes is you go ahead and you compromise that area.
And just like we saw, I think it was a CEO in, in, in, uh, Singapore or Japan, right? $25 million of, uh, from a deep fake in. Um, same thing in terms of the risk of a sim card swap and, and being able to kind of control messaging there. Um, there there's a lot to, there's a lot to lose. And anytime, or anytime you're talking about a scam and not a hack, so hack is gonna be right.
Actual zero day, actually malware actually hacking the company. Yeah, cybersecurity insurance will apply. Um, some cybersecurity insurance has what's called crime policy. Crime policy is gonna protect you when you get scammed or defrauded and you willingly hand over money that you thought was, right, supposed to go to that different bank account or to that different person or you're duped by a deep fake.
Sometimes, right, crime policies are part of cyber crime policies. [00:23:00] Definitely, audience, check yours. Sometimes they're part of it, a lot of times they're not, and you need both. But if there's an internal, if you want to go ahead and fight the good fight, in terms of make sure that if something bad happens, if someone messes up, if this, that, the other, right?
That you actually have that crime, uh, or cybercrime policy. It protects you for when you are scammed and defrauded, as opposed to held up at gunpoint. Two very, very different areas. Two different areas of law. Two different areas of insurance. But, yeah, they're both, uh, they're both, uh, uh, likely to happen.
Sean Martin: Talk, talk to me about response. Yeah. You mentioned that early on in some of the conversations I had leading up to Black Hat were around metrics and success. Are we doing any better? Is defense winning? Are we doing, are, and are we making progress here? And I'm just thinking about an individual. Now CISO might be more savvy than most in terms of security.
But, when it starts to get into [00:24:00] fraud and scams and things like that, less about a firewall control, the process to respond is very, very different. I presume you have a lot of experience in seeing what's going on and the steps to take, who to contact when, and who. And if you don't have that, I can just see this mess of things that you might miss a deadline where your policy is no longer, it may have been, but it's no longer, or you notify the wrong person and that trips a trigger that doesn't work.
Prevents other stuff from happening properly. So I don't know. It's talking to me about how important knowing that process and having experience with it.
Chris Pierson: Yeah. I mean, and that's, and that's key and quintessential to, you know, everything that black cloak does is, you know, time, time really is money. Um, the meantime to response meantime to me to remediate there, there's a clock that is ticking in terms of the number of steps that happen of wire transfers from bank aid to be to C to D before it's totally untouchable.
Um, there's meantime to response in terms of when somebody's floated money that they thought was really supposed to go someplace. [00:25:00] Um, there, there's a lot that needs to happen there in a pretty quick fashion. A lot of times it's not quote unquote cyber in terms of a malware response, a remediated computer issue response.
A lot of times it's a, hey, get on with the bank. Let's go do this. Let's go ahead and get those accounts locked down. Let's go ahead and get those information over to IC3, over to Secret Service or FBI so the RAT team can go ahead and try to freeze those assets wherever they are or at least get those orders in the system.
You might not be able to recover at all. But you most certainly will recover none if you just sit by. It's really going to be enact things as quickly as possible. Um, in terms of, uh, in terms of kind of chasing things down, um, there. Um, so really speed and time do matter. It's almost like, it's almost like emergency medicine.
I mean, that golden hour, you want the person, if they need surgery, you want them in the operating room in 60 minutes. Um, you know, that was the, You know, back when I was a EMT and a firefighter, that was, that was like hammered into you. It's like, you got to be, if you have to be on the table, you got to be [00:26:00] there in 60 minutes.
Don't drive like a bat out of hell, but you got to be there in 60 minutes. And it's the same thing in terms of cyber, knowing what, knowing the banks, knowing the different things that happen there, um, and it gets more complicated, the longer the chain gets and the more foreign banks are included in that chain, but um, but really speed time to response and, and, uh, is super important in keeping the people, uh, And so it's also, it's always interesting keeping the, you know, your clients calm during that period of time and getting focused on doing it is, you know, absolutely critical and key.
We just had a, um, you know, we just had a, uh, a new client, uh, you know, another, another new, you know, the boss about 300, 000 in a, in a business email compromise, still one of the fastest growing cyber crimes out there. Um, simple, right? Insert into the email chain. Um, they see the, see the chain of things.
They register a similarly situated type of squatted domain. It looks the same visually. You can't see unless you do the magnifying glass and, uh, lo and behold, right, not them. They insert themselves in. They say, Hey, you [00:27:00] know, quick change to the, uh, quick change to the, in this case, it was, uh, uh, uh, aging AP, uh, AR, uh, type of thing.
And, uh, Hey, our bank account is no longer this. We changed it and here it is now. And, and the money's out. But I mean, seven days later, it's, I mean. Um, unfortunately, it's, uh, it's, uh, tough times, um, very tough times.
Marco Ciappelli: Well, I, I think, uh, again, it's always fascinating to have this conversation, but, and we'll have more.
But, and I think that people that are potential target to this, they offer, the, the service that, that you offer them and you provide, It's not just response. You brought the example because Sean asked you about it.
Chris Pierson: Yeah.
Marco Ciappelli: It's not like, oh, something happened, I'm going to call the lawyer. Which, again, we need to call the experts.
But you also, you prepare them. When you're on board, you're on board at your Black Cloak, you do a setup of preventive operation, preparing, [00:28:00] monitoring.
Chris Pierson: Yeah.
Marco Ciappelli: And then if something happened or is about to happen, you're there. To either hold on, you know, call the guy before you do anything, right? Or, okay, something happened, but we know exactly what to do.
Chris Pierson: And a lot of this is, a lot of this is, you know, we all, you know, we're technologists, so you go with technology controls and all the rest. A lot of this is actually what we call hardening the human. Yeah. People are smart. No, that's what I was saying. People are smart, right? Treat them, treat them with respect, bring them up on the ascent encyclopedic version of what you want them to know.
I'm going, you know, we're here at Black Hat. We don't need to go into binaries. Uh, right? Keep them, keep them updated on. These are the different tactics. This is how you spot it. This is how you slow down the time clock. So you can identify it. Don't make the rash choices. Phone a friend. Phone, phone Black Cloak is what we always want.
trusty app there. But I mean, what we want to do is slow [00:29:00] down that time and really help people be able to spot and identify those things that are coming in at them. Cause it's all going to change. Like the means and mechanisms are going to change all the current stuff. Does New York, all of these things are the old shell games.
They're just made new again. Um, it's the same tactics that have worked for many, many years. They're just, you know, updating them and all the rest. So, but you gotta, gotta pay attention to the human.
Marco Ciappelli: I think the lesson here, if you get a Spanish prisoner letter or a Nigerian prince, just think twice or call Black Hawk.
Chris Pierson: There you go. I like it. I like it a lot. All right.
Marco Ciappelli: Cool. Well, we're going to wrap this here, uh, as the first day of a very long, uh, line of conversation, mostly done by Sean. We're very, very interested in, uh, what's going on. Topic. I think I listened to all of them. So I'm tired too, more tired than you. And there's one last, they're all very,
Sean Martin: all very different and unique in their own way.
And I think we all have the same [00:30:00] goal, which is your vision, which is to protect society from all the digital craziness we have.
Marco Ciappelli: And I think that's what we try to do too. We share the knowledge and maybe we may help people to think a little bit more and we want them to stay tuned. Of course, if they are interested in the service that Black Cloak provides, there is a link below.
Of course, the website, there'll be notes on this conversation to go there, but it's blackclub. io. That's right. I remember that.
Sean Martin: I've
Marco Ciappelli: done this before. And, uh, there's this
Sean Martin: guy, Chris, and this guy, very busy guy,
Marco Ciappelli: answer 10 phone calls all at the same time and he types, and the only people we hire, he'll answer your call too.
Speedy Gonzales.
Chris Pierson: We had a bunch of Chris's, a bunch of Christine's,
Marco Ciappelli: a bunch of Christie's. And, uh, for the rest of the, you listening to our coverage of black cloak, black cloak,
Sean Martin: as I'm, as I'm sitting here looking at Chris in his black cloak shirt, I was envisioning the [00:31:00] black hat story.
Marco Ciappelli: That's why I got confused, but for all of you following our coverage, because you're not here, um, stay tuned.
There'll be many more stories. Coming to you all as a video or as audio And uh, we may actually go back in the old school writing a piece too. We had this idea. We may do that for this Particular blackout 2024. Stay tuned. Thank you. Chris.
Sean Martin: Thank you.
Chris Pierson: Bo. Thanks. John marco. Appreciate it