My digital produceser here, when you are talking about a hack the size of sony, it makes you think if corporations like that cant protect themselves how do we protect ourselves at individuals. Is anything safe, i remember this dooms day scenario being presented in movies. Real genius, 80 movies even diehard four, this was a scenario but now this fiction is reality. It isnt just sony, it is retail giants and we asked our community about this, and disappeared news has an important note, he says i think theres an important and over looked at becket of these breeches, a criminal failure to protect data properly. And it seems that he is saying the responsibility is on us, the consumer and private companies to play catch up. If all we are doing is playing catch up we will never get to where we need to be. Yeah. Within hours of reports that north korea was involved in the cyber attack on sony, the company canceled the release of the movie the interview. This of course raising questions about the power of a threat, and the precedents but also what a hack of this magnitude implies. For consumer confidence, and the safety and security of American Companies and banks is at stake in just the last year, ebay, jpmorgan chase, and many others have had between 50 million, and nearly 150 million records stolen. Prompting some to hire armies of ethical hackers to find and fix cracks. But while patching the cracks can they get ahead of the Brilliant Minds creating the breeches. S there any place, truly safe from hackerer joining us, considered one of the best in the business, when it comes to ethical hacking. He is the founder of a is h embedded Device Security company. An Information Security analyst, and c. E. Of psychotic software, which provides i. T. Security to companies worldwide. So glad you are with us, we know this is being considered one of the most destructive Cyber Attacks in america. Do you expect this something of this scale required inside help. You know, i am sad to say that methods that they probably used to getting recess, and to escalate, and get access to personal data are pretty standard when we look at a Cyber Security assetsment or anything like that. You can probably a hire a uhm in beof firms that are available for a reasonable price. So one thing we do have to consider is the speed at which this was accomplished, so an insider can help, especially if they are pointed to the right areas and the right data bases and the right servers to take the information from, and then theres on interesting piece, which we dont usually do, is the destructive pieces to this. So the folks that gains access to this network, at the end of the day, they wanted to destroy things, so theres thousands of workstations that are destroyed, and so thats something thats not normally exercises during a normal security assessment that we sue during this breech. The fbi says north korea is behind the attack, how would they figure that out, and does tracking the culprit when you have access to their networks in. Good question. At tribiases is one of the most difficult things in cases like this, typically they wont directly attack your systems. They will come through one, two, perhaps multiple sources. So even just being able to figure out who it was, definitively, i dont know the specifics of how they have done that. There are ways and means to do it, it wouldnt moan they have access to their networks but some indications of where the location was. Think of it like backtracking all the way back through the attack. I understand that a lot of the hacking that the government seems to think comes through north korea actually starts in china. That is certainly what the reports are saying. So it is very likely that north korea may not have the resources themselves to do this type of attack, but there are people are available to be able to actually hire them, and bring them in, and have them do the attack. So we are talking about the sony hack. The United States should first find out the exact reasons for the attacks and why sony was targeted, and lisa as a right people are now alleging because of the movie the interview. We are still waiting to find out, and check out my screen here, what makes i. T. Breeches successful. 100 of organizations surveyed had a significant attack in the last two years, 87 of organizations felt impacted by privileged misuse, attackers use privilege, and 67 of tax, and three main way gain access. Compromised a privilege users workstation, two, stoled a users credentials, and thats what this saying happened in the sony hack, and three through a pass a hash the attack. And lisa you found this website, the worlds biggest data breeches selected losses greaten than 30,000, this is 145 million on ebay. Adobe, 152, look at these names, chase, target, this is terrifying, business hacks. So we are talking about hacks we have had you on the show before. They can really threatened lives, good hackers and bad hackers, they are called this white hat and the black hat hackers how can they be used by the government and private companies to make sure Something Like this never happens again i think basically admit to ourselves that rewitness good at Cyber Security, and theres a lot of reasons but i think a lot stem from how executives approach this program. And honestly, a lot of them are not considered meres to the other executives they work with, so i dont know if an event like sony will raise the importance of Information Security within an organization. Hopefully raise the importance of someone like a chief Information Security officer but if you dont have buy in from the top, you wont be able to execute any. I am sure if we talk to the folks doing security i am sure they have identified this before. As far as hiring people that understand how to do this, it is important that folks to that, you have to understand how an attacker is going to gain access to your note work. You have to understand how they are going to escalate and gain privilege access to sensitive meises of information, if you dont know how that works how can you defend against it. Thats where i think a lot of, cans can benefit from hiring someone on the flip side of defense, a lot of people are wondering what the retaliation will be but you have to believe something in terms of releasing a cyber arsenal is being released. What do you anticipate the Cyber Response to be if any. When are you going to go after a foreign entity, only the u. S. Government has the authority to do that. And so they have options that are not available to anyone else, so when we say hey, we need the government to come in and help us here, i dont think any corporation in the world wants the u. S. Government to help them configure fire walls, what they need to do is do information sharing and Threat Intelligence sharing, and more importantly, the options that are only available to the u. S. Government like response, for example, responding in kind and and so it will be interesting to see what they do here, so i think everyone is watching closely as to what the response will be jonathon, last question, and we have to wrap it up, do you expect private companies to do their own gathering to prevent these sorts of attacks as best they can. Certainly. I think folks are already doing a lot of that billy brings up an interesting information, is this concept of active defense. And so with active defense, theres this idea you are being attacked is it okay to attack back. And generally have to have the appropriate legal things in place, and like bidly said unique. And they may know where the folks are, but are they able to go back and recalluate against those people and the general viewpoint is that it is interesting and fascinating to look at these things but no one can really do it, but there are smaller steps that can be taken you can almost apply a lot of this stuff to physical security. And so theres a lot of mechanisms that people can use, just to frustrate and annoy the attacker somewhere else. Yeah, an easier target. Thank you so much for being here, billy we will see you a little later in the show. As much as cuba is viewed as a time capsule, isolated from the free world, it is also a treasure chest, much of the Global Medical community is eager to unlock. Coming up next, how improved relations could lead to accessing treatments the island nation is perfecting for lung cancer and other diseases. Welcome back, the United States agreed to renew diplomatic ties after a 50 year embargo on the country. In one area, this is expected to impact healthcare. Cuba has unlocked a number of health invasions and lifting travel restrictions could mean add recess to the global community. Request cuba, and not reasonable ago, he led a trip to cuba with a help of government and Public Health leaders to learn ways to improve medical care. And with us from california, michelle berry, senior dean from global health, thank you for being here, so doctor, given what the world sees of cuba it is surprising to find out they are a Global Leader in some areas that has peeked the interest of the outside community. I think you need to remember that cube wayhas been isolated for a long time, and one of the Silver Linings is they have forced to be selfcontained, elf invitive and independent from everybody else. So they have a lot of money into a bio Tech Industry to make up for the drugs and medical devices that cant buy from citizen owns or bartley owns companies and of course, recently, the United States companies pharmaceutical companies medical Device Companies have bought up many around the world, so sources cuba used to have, suddenly disappears once there was u. S. Ownership to any degree. So they have made their own investment, so that now they have 52 research institutes, and 58 different facilities that manufacture medical devices, and drugs. They have begun to discover some things that may be helpful. What are some of those things . I heard they have a vaccine they have been very active in terms of vaccines for infectious disease, they have some of the first vaccines. November also developed a drug they call ever prop. It is a strange name, but it is a derivative of growth factor that is injected into the margins of diabetic itsers. And they have been managing at least in the cuban context, to provide release from that disease for about 80 of the patients. Thats significantly better than we have been able to do here. And it looks like it lasts pretty long. We talked to our community. Sad joke in cuba is you can get a doctor, but you cant get an aspirin. As spring. Who couldnt afford healthcare, and cried when it was free in cuba, cuba equals health tourism. The biggest benefit would be help in cuba, and stream and also training, and a lot of people are saying doctors are helping with ebola outbreaks. And a cuban american says well, the embargo doesnt apply to medical supplies but perhaps doctors. Oh countries continents to help with the ebola outbreak, how can we in the United States actually benefit from cuban doctors . What is unique about cuban doctors is they have a completely different approach. Only a small percentage actually specialize. They have this unique way of going into neighborhoods where the doctor nurse, team the doctors are assigned a couple of stir blocks about 1,000 people, and they have a responsibility for making house calls. Or home visiting. So it is very theres a sense of community engangment, which we dont have in the states. And what is amazing about this, is that spending less than 10 for person. They spend really very small amount per person, they have better infant mortality statistics. And they live just as long as we do. Michelle, how do we know if that really translates. Because you are talking about a population of about 12 million people, which is maybe a third larger than the city of new york, you are talking about a communist regime, you are talking about ultimate control, if you say kids will get vaccinated by god they will get vaccinated. They only pay their doctors about 50dollar as month, while it works for cuba, what gives you any sense that that could be scaled up to the size of a country like the u. S. I think the scale up and what the u. S. Should have die lock about, is relatively this concept of preventive healthcare in the u. S. We wind up treating diseases as they occur. I think what is different about the cuban seasonals is this judge reach to community, where they prevent the disease before it occurs. I think thats an interesting approach. I also think in the United States our Public Health schools are separated from our medical schools this is all integrated in the cuban system. This debate is on our facebook wall, check this out i dont see how dropping the embargo will do anything to our doctor patient ratio, however, sophia says cubas patient care is better than other countries they also have a longer life expectsy, and john says this topic sounds interesting, i am not sure how policy would be impacted but i am willing to learn. Doctor, final thoughts, obviously these wont be incredibly tangible, but this is more about access to learn, and maybe access to entire systems . As michelle was talking about in terms of the way they approach preventive healthcare . Well, i think theres a great deal to learn from cuba, and yes, there may be some advantages to looking at veg medicines and cooperating in their development and so on. But the real change is having healthcare workers in the neighborhoods responsible for health that is a major difference, and you should know there are a number of communities that are doing their best to look at cuba, and see what principles of the system may be applicable here in our very different system. All right, i want to thank both of our guests. Thank you so much for being with us, still ahead, google became a verien for finding information, now you may be ask someoning to venm or snap chat you some cash. Sending and receiving money is getting easier, and vastly more popular. How they are get in on the became, next. Welcome back. 5 billion was transferred by a mobile payment this year alone in the United States. And that number is expected to triple in the next few years. Here to talk about the broader impact is david wellver, the Founding Editor of money under 30, thats a personal finance blog for young professionals. A good guy hacker. So david, mobile Payment Systems arent new. But they are certainly gain in popularity how do these work . Well, basically, they store your financial information, so lets say your credit card number, or your debit card, in your phone. And then after the point of sale, if you are at a store, you can simply tap your phone, or swipe the bar code, and put it in a pin in the phone and that sends your information to the merchant, and the other way they are popular is to send money to friends lets say you go out to dinner and someone picks up the whole tab, be uh you owe 25 for your share, instead of going to an a. T. M. , you can say with your mobile phone, i want to pay my friend sally, 25 it transfers that money to her account. What is happening now that Companies Like apple and twitter and facebook and others are wanting too get in on the game. That interaction that takes place, you multiply that by tens of million as day, that adds up to billions of dollars in a year. The other thing i think that is attractive to retailers especially, is the ability to couple your Payment Information with lets say a coupon. And star bucks is a great example, they have a payment app that has been going on for several years and with someone who loads their phone, with a starbucks balance and pays for their coffee, they can get offs on their phone saying hey, you havent bought a coffee in a while, or here is half off, come back to the store. And that is huge. For retailers. So billy, i am thinking if sony gets hacked my little app will get hacked how safe are these . I think we have a long ways to two, so anyone that gets access to your phone, can initiate or receive a payment on your behalf. I dont think i have seen an app where it requires a pin or another step of any kind of security when you are about to send a payment. Another thing to consider is banks are pretty good at fraud detection, information, when we see a credit card breech occur, many times it is the bank that detected it not a technical investigator, and they detect that through fraud algorithms they have in place, and they can say look, it looks like this specific organization got compromised. I dont know how many from fraud sophistication that is sophisticated as that. We probably have a long way to go. Do you use them. I dont have any on my phone, i dont have any mobile banking apps. I use Online Banking uh be i dont have even app. I guess we should take a cue from the ultimate good guy. This is who needs wallets now, check out my screen, this is venmo, make and send payments would you do it. I dont know not in light of what billy is saying i wouldnt. Theres also google, tap and pay with your phone. Spend anywhere with a google wallet, theres apple peay, your wallet without the wallet an easier way to pay. I would never in a million years use my possibly to purchase anything. And joseph says my greater fear is scam. Not at all, i am not worried if something happens the companies we are trust having to make things right. Now, billy speaking of hacking you are my go to hacker here. Apple says they have a three step identify case process. They are saying that apple pay is safer i think they use a code, a cryptogram, so after all that you have heard, should we trust apple pay . And their three step verification, should i ditch my wallet. I think apple has done a pretty good job, as far as other hey, the organization thats going to process my payment has to make me whole. Thats not the case in every Payment System that we have so people have become accustom to that, credit carts i think the limit right now is 50 if theres a fraud to ocurbed and you will get that money back, or you went have to pay them, that doesnt apply to every Payment System. The company that is processing that may not have to refund that so you, we dont have the same protections as when it comes to credit card apps. Thanks again to the rest of the guests, until next time, we will see you online