COVID-19 Related Rapid Deployment of Tech Raises New Security Risks–Futurum Tech Podcast
In this episode of the Futurum Tech Podcast, I’m joined by my colleague and fellow analyst, Olivier Blanchard, in a discussion about the COVID-19 related rapid deployment of tech that we are experiencing as a result of the coronavirus outbreak and the new security risks posed as a result. Our goal is to highlight some of those security risks, offer suggestions on how to mitigate those risks, and also explore some other goings on in the world of cybersecurity along the way, largely driven as well by the COVID-19 pandemic we are slogging through the world over.
Our Main Dive
At a time when many, or perhaps most, of us are stuck at home, Zoom, Slack, Google, Microsoft Teams and other and other online collaboration tools have become our collective lifelines. While that’s great — and it’s wonderful that kids can learn online using collaboration tools, we can work online using these tools, and we can host family gatherings and happy hours using these platforms, there’s an inherent security risk that you can be sure hackers are paying attention to, and exploiting whenever possible.
Think about it: If you’re a hacker, you can pretty much count on the fact that every target everywhere is using some form of collaboration tool. And targeting accessing those tools, by way of phishing campaigns or other malware, is an easy way to gain access to an entire enterprise network, data, business documents and information, employee information and records, and beyond. It only takes one person’s chat login to potentially compromise employee data through the collaboration software. Collaboration spaces are not inherently secure, yet users don’t realize that. People should realize that the links they receive by way of collaboration platforms should be regarded with the same high level of caution that links received by way of email or in social media platforms are regarded.
Cybercriminals can also access APIs with which many collaboration platforms are integrated, to gain access to companies and their data. That API, the conduit for connecting a collaboration platform to another app, is also a juicy target for hackers.
Also, routers are an attractive target for hackers. It’s safe to say that while many enterprise users working at home these days are logging in through corporate VPNs, there are a host of others who are not, making their connections less than secure. I mentioned that I have a VPN that’s really affordable and supports up to five devices. I have used ExpressVPN for the last several years and really like their service. You can try them out for 30 days for free. Here’s my referral link in case you’d like to check them out: ExpressVPN
Olivier also talked about the official website of the Homeland Security Department where you can get fairly up-to-date information about both cybersecurity and all things related to Coronavirus. You can check that out here: Official Website of the Department of Homeland Security.
More on this here: Covid-19 and tech: New collaboration tools mean new security risks
Our Fast Five
We dig into this week’s interesting and noteworthy news:
- Tech Tools are Assisting With Tracking the Mapping and Spreading of COVID-19. Following spring break partiers descending on the Florida beaches over the course of the past few weeks, data visualization provider Tectonix, in partnership with location data provider XMode Social analyzed secondary locations of anonymized mobile devices that were active at a single Ft. Lauderdale beach during spring break, then showed where those devices went across the U.S. The end result is an amazing bird’s eye look at the very real dangers of social gatherings during this point in time and how far flung those initial encounters eventually roam. Is this kind of technology Big Brother (oppressive through surveillance and control) Big Mother (altruistic surveillance and control) or Big Butler (technology that is 100 percent in the service of individual users)? Olivier explores these concepts, which are favorites of his, in our discussion. This data visualization is incredibly interesting, so take a minute and click through — you won’t be disappointed.
Want to see the true potential impact of ignoring social distancing? Through a partnership with @xmodesocial, we analyzed secondary locations of anonymized mobile devices that were active at a single Ft. Lauderdale beach during spring break. This is where they went across the US: pic.twitter.com/3A3ePn9Vin
— Tectonix GEO (@TectonixGEO) March 25, 2020
- Zoombombing attacks are disrupting classes, interviews, meetings, and even social gatherings. A virtual happy hour sounds like a fun idea, except when a troll shows up unexpectedly and, using a screensharing feature, airs a porno clip to the call’s participants. The same thing happened recently for an Arizona State University professor teaching his spring courses online using Zoom. All of a sudden, someone turned on a porno video (porn is clearly popular) and broadcast it to the entire class. The University of Southern California has reported similar instances, and chances are good these are neither the first nor the last we’ll see of these “Zoombombing incidents.” Zoombombing has happened to Chipotle, on a public Zoom chat it hosted with a popular musician, as well as to journalists Kara Swisher and Jessica Lessin who were hosting a Zoom event focused on the challenges that women tech founders faced. They had to quickly end the event because a troll started broadcasting a shock video and switching between different user accounts so they couldn’t be blocked.
- China-based threat group launches widespread malicious campaign. News out yesterday from DarkReading indicated that researchers from FireEye, who have been tracking malicious activity from a group called APT41, believed to be working on behalf of the Chinese government has ramped up activity recently. Targeted organizations appear to be across multiple countries, including the US, Canada, Australia, the UK, Japan, and India. Organizations targeted are across a wide variety of sectors including government, defense, banking, healthcare, pharmaceutical, and telecos.
It is believed that the COVID-19 pandemic is creating an attractive opportunity for threat actors, especially those based in China, to continue its quest for intelligence on a variety of topics, including trade, travel, communications, manufacturing, research, and international relations. When you consider that the entire world is pretty much upside down from a business as usual standpoint, and the opportunities this presents to hackers, it makes perfect sense that we’d see an upswing in activity right now.
- Department of Homeland Security warns terrorists may exploit COVID-19 pandemic. The Department of Homeland Security sent a memo to law enforcement officials around the country warning that violent extremists could seek to take advantage of the impact of the COVID-19 pandemic by carrying out attacks against the U.S. While the DHS said there was no definitive information indicating active plotting is underway, vigilance was encouraged. What kind of extremist activities are of most concern: attacks against overburdened healthcare systems, attacks against critical infrastructure, as well as faith-based and minority-based communities — including Asian Americans in response to the COVID-19 outbreak. As an adjunct to this topic, ABC News reported earlier in the week that an alert from an FBI field office in New York showed that racist extremist groups, including neo-Nazis, were encouraging followers who test positive for COVID-19 to spread the disease to police officers and to Jewish people.
- The Justice League to the rescue. Olivier swooped in at the end of three pretty somber bits of security-related news, with some superheroes to the rescue. An international group of nearly 400 volunteers in some 40 countries — some of the brightest minds on the planet — with expertise in cybersecurity formed earlier this week to fight hacking related to the coronavirus COVID-19. We’re calling it the Cybersecurity Justice League. While our name is obviously pretty catchy, the group actually calls itself the COVID-19 CTI League, for cyber threat intelligence, and includes cybersecurity pros from major companies like Amazon, Microsoft, Okta, and others. This is some much needed security expertise muscle at a time when we are probably more vulnerable than we’ve ever been as a result of all the disruption caused by this pandemic. I don’t know about you, but we are darn glad these superheroes are on the case.
Ecommerce: Blessing For Consumers, Curse for Amazon Workers. While the technology that powers ecommerce giant Amazon is, for most of us, a beautiful thing, Amazon workers might feel slightly less enthusiastic. Warehouse workers and other Amazon employees (and likely drivers as well), question whether Amazon is doing enough to keep them safe. While they are likely happy to have jobs as the jobless claims are at nearly 3.3 million, economic security and personal health and safety, and that of their families, is understandably on the minds of these front-line workers. It is great for consumers to be able to sit safely at home and shop online, but that privilege comes at great cost to a whole lot of people who are reportedly both scared and frustrated.
And not to pin all this on Amazon, we also discuss the fact that front line workers in grocery stores, Costco, Walmart, Target, along with millions of healthcare workers are equally as concerned about their safety as they make their way to work every day. Companies need to do everything they can to step up their efforts and keep these superheroes of a different kind healthy and well.
Crystal Ball: Future-um Predictions and Guesses
In the Crystal Ball section of our podcast we always circle back to the main dive and try to make some kind of prediction. We are sorry to say that this week’s Crystal Ball prediction as it relates to the rapid deployment of tech and security concerns that presents is not a rosy one. We are pretty confident that things are going to get a lot worse on the cybersecurity front before they get better.
Shelly Kramer: Hello and welcome to this week’s episode of the Futurum Tech Podcast. I’m your host, Shelly Kramer, and I’m joined today by fellow analyst and colleague Olivier Blanchard. Welcome, Olivier. Great to have you.
And today we are going to talk about the rapid deployment of tech and how that raises new security risks that businesses need to be aware of. Before we do that, however, I want to step back and say this podcast is intended for informational purposes and for educational purposes only. We may talk about publicly traded companies, we have opinions and lots of them. Please note that these opinions are not intended to be used for investment advice or guidance. And so long as you keep what we say in mind with regard to what we say, we’ll be in good shape. So again, back to our main dive, the rapid deployment of tech and how it raises new security risks.
Here we are in a time when most of us are stuck at home, working from home. And I will say our team are 100% virtual, and we are pros at working from home. But most people aren’t. Today what we see is people using apps and platforms like Zoom and Slack and Google and Microsoft Teams and all kinds of amazing collaboration tools, and they really become our lifelines. My kids are working online and they’re using Zoom. They’re also using Skype. I know people are hosting family gatherings and happy hours using these tools. And while all that is great, there’s also an inherent security risk in our behavior, in this massive migration that we’ve made to online collaboration platforms and tools, that you can be sure hackers are paying attention to.
I think that for us, we pay a lot of attention to security. We have a lot of clients in the security space and offering tools and services related to cyber security. But if you think about it, if you’re a hacker, you can pretty much count on the fact that every target everywhere is using, and target, you’re a target. I’m a target. My kids are a target. We’re all using collaboration tools. And there are easy ways to get access to those collaboration tools.
So with that said, Olivier, I know that you’re immersed in this space as well. Talk a little bit about what you’re seeing out there as it relates to online behavior of clients, or of people in your community or friends or whatever. What are you seeing?
Olivier Blanchard: One of the biggest issues right now, or the biggest challenges for IT professionals, especially in matters of cybersecurity, is just the sheer volume and demand of not just devices that are now connected to the web and being used for work and daily applications that they might not have been used for before, but also the amount of connected hours that these devices and servers have to spend actively online doing this stuff. It’s like when we look at the New York hospitals, especially the ICUs being overwhelmed, when they’re already being used to working optimally at a certain pace, and then suddenly you turn up the volume, not five or 10% or 15% which they might be able to handle, but you turn it up three, 400% overnight. That is extremely taxing on all of our technological resources, all of our servers, all of our IT personnel, all the antivirus software that we have.
And it also multiplies the access points and the opportunities for bad actors to jump in, and exploits all of these additional resources and man hours and tech hours being spent online. So I think right now the biggest issue is just this enormous jump, almost overnight in just a matter of weeks, to this completely different usage case for technology that our systems and our technology experts are not necessarily super well equipped to react to that quickly. They will at some point, but there’s an adjustment period that we’re still in the middle of, that creates a lot of vulnerabilities that weren’t there two months ago.
Shelly Kramer: Yeah. I think, really valid points. And what that made me think about that I hadn’t thought about as I was prepping for this podcast is that the health care sector is one of the biggest targets for bad actors. We already had a problem, and a lot of that problem was related to IOT connected devices that perhaps aren’t being patched and updated on a regular basis. And sometimes it’s just a matter of tasks for IT teams, and something gets put to the bottom of the task list.
But for instance, we’ve written before about mammography machines that are hacked. And once you can get into a hospital system by way of an access point and a mammography machine or some other diagnostic that’s an IoT connected machine, and then you can get into the whole hospital system as a whole, and then have access to all this personally identifiable information on patients. This was already happening, all the time. But to your point, when we speed up the velocity of our lives and burden on healthcare workers, not only on the frontline workers but on IT systems and everything else, what you have is a situation of massive distraction. You know what I’m saying? And when everybody’s distracted because you have this overload, if you’re a bad actor, what more of an engraved invitation do you need to know this is a fantastic time to swoop in and do dirty deeds?
Olivier Blanchard: It’s funny. One of the things that I do in times like this, whenever there’s any kind of crisis, whether it’s the coronavirus or anything. One of my go to resources is the Cybersecurity and Infrastructure Security Agency, or CISA. And they have a really good resource, really good website. I think it’s just cisa.gov, and then specifically /coronavirus if you want to see what’s going on there. And they typically have a bunch of recommendations and guidelines on what to look for, what to do, what to avoid. And some of the bullets that they’ve put out that are relatively straight forward, specifically for the coronavirus crisis, is to reinforce some of the behaviors that you were supposed to already work on before this. So avoiding clicking on links, especially in unsolicited emails, being wary of email attachments, including links in social media posts, by the way, that can always be used for phishing.
There’s been a huge increase in phishing in the last few weeks. And not just 10%, it’s massive. The need to use trusted sources such as legitimate government website, not fake government websites. So be on the lookout for those as well. Being really extra careful not to reveal any personal or financial information via email, or certain open channels.
Normally there’s no reason why a doctor’s office or someone would solicit personal information or financial information over the phone or an email. Verifying even charities of authenticity. So there’s going to be a lot of calls for donations. That’s a really easy way for bad actors to access your information in times like this.
So a lot of it is not really that novel. It’s not like the coronavirus has unleashed all of these new techniques by bad actors to try to get your information or access your networks. It’s just a lot of the same stuff that we were already aware of before, it’s just being multiplied now, and it’s trying to prey on people’s anxiety and sleep deprivation and stress to catch them off guard, just for that one second it takes to click a link or hit send. People are much more vulnerable right now, because they’re scared and confused and anxious, than they normally would be if they had a more normal, cautious setting.
Shelly Kramer: Well, absolutely. Some really good points there. One of the things I think that people don’t quite understand, you’ve touched on email and what not to do in email, or what to be wary of in social media spaces. But the point that I want to make sure that people understand is that collaboration spaces are not inherently secure. Just as Olivier warned that people should be cognizant of the links that they get by way of email or messages in social whatever, you also need to be cognizant of links that you get in collaboration spaces. All it takes is one person’s chat log in to then potentially compromise entire organizations through that collaboration software. And another thing, and by the way, I’m not saying don’t use collaboration software, we use it all the time, but we’re also uber-aware of cybersecurity dangers.
Know that there are APIs that connect with collaboration platform. So you might be using Slack and there’s all different kinds of integration, API integrations with Slack. Same with other platforms. So what we have to be aware of is that cyber criminals can access APIs that are connected to collaboration platforms, and that can be a way that they can get into systems.
Another thing that occurred to me this morning is that we ignore a vast number of the security warnings that we get. I write about this stuff all the time. I know people don’t pay attention. But the routers that you’re using at home are an incredibly attractive target for hackers. So when my husband gets online, my husband works for a Fortune 100 company and he can’t get online and access any corporate information without going through their corporate VPN.
Well, I have a VPN that I use to access the internet when I’m working at home, and I use that all day every day. But it’s never once occurred to me to reach out to the other members of our analyst team and the rest of our employees to say, Hey, are you all using a VPN too? Because every security endpoint, like a router, is hackable.
I think that we sometimes feel protected when we’re working in an office building and accessing the internet through connectivity there. But then once we’ve all migrated to our home offices and our kids are learning online and everything else, it sort of is like Christmas morning or something for bad actors because there’s just so many opportunities.
So the more you can do to be aware of what’s going on out there, I can’t recommend highly enough using a VPN. It’s incredibly affordable to have your own VPN, and you can have that VPN extend across multiple devices. I’ll actually put a link in the show notes to one that I happen to use.
But anyway, I do think that there are a lot of things going on in the world today that are getting our attention, but I think understanding how this instantaneous pivot that so many of us have been required to make, and all of this new technology that we’re using, really brings some security risks along the way. And the more you know, the more you can do to be careful. So I hope that, we hope that your takeaway from this conversation is, Ooh, there’s some things we should be thinking about there, and how we can be more careful.
Olivier Blanchard: There’s also something that people probably ought to think about as well. As we’re depending more on our home networks and basically our home internet access as opposed to public spaces, which is good, we have more control over that. So change your passwords, look at your advanced settings, ask for help from somebody who knows how to configure networks. And also, this is a good time since you’re at home with more time, and just in the time that it would normally take you to commute to work that you don’t have to do anymore. Reconfigure all of your home wireless setup. And also I would recommend two more things. One, disconnect your laptops and phones and other work devices from WIFI if you’re not using them. That’s also good. It’s a little bit of a pain to do it because we want things to be on and ready to go as soon as we turn them on. But it’s a good security practice.
And also, this might be a good time to look at all of your devices and clean up all of the apps that you might’ve downloaded in the past that may no longer have valid security certificates, that might be essentially just back doors to your device, into your network, consequently. So go ahead and do a cleanup of all your devices, of all the apps that you don’t use. Make sure that all the certificates are up to date. And also start thinking about how Bluetooth, even though nobody from North Korea is going to use your Bluetooth headphones to access your phone. That’s not an issue. But somebody locally, if you’re going to the store, hanging out in your backyard or on your porch, might actually be close enough to be using Bluetooth to access your devices. So read up on that a little bit and see if there’s some measures that you can take to secure your Bluetooth devices that way.
Shelly Kramer: Yeah, the technology is such a wonderful thing and I’m not going to say that it’s not, but there’s so many things to think about, and I think about conversations that I have with my mother in law about, here, just click on this Zoom link. It’s so easy, and it really can be overwhelming for sure. And for a lot of us, and not necessarily us, but for a lot of people who are accustomed to working for enterprise companies, who are shifting to working at home, we’ve always had somebody to take care of those things for us in the past. And that doesn’t mean we still don’t have that IT support, but it’s just that I think that sometimes we might not be thinking with all the other things that we have on our plate right now, how important it is to be thinking about things like our router connection and checking links in collaboration platforms and things like that. So hopefully, take away here is giving you some things to think about, if not some things to talk with your IT team about, and may the force be with you on that front for sure.
So with that, we’re going to move into the Fast Five section of our podcast today. And Olivier, you’re going to talk about some tech tools and how they’re being used to… I don’t know if it’s creepy or not. I actually like it, but tell us.
Olivier Blanchard: Yes. Okay. So I think you’re talking about this tweet I found from a company called Tectonics Geo.
Shelly Kramer: Yes.
Olivier Blanchard: And it’s pretty extraordinary. So we often talk about this triumvirate of Big Brother, Big Mother, and Big Butler when it comes to technology uses. And obviously, Big Brother is the surveillance state, it’s the stuff that dictatorships and countries like China use, or basically the mode that they are into when they use surveillance technology to keep everybody under control. Big Mother is the same thing, but with a benevolence bend to it as opposed to an exploitative and dictatorship leaning bent. And then Big Butler is purely in the service of the user, with an opt in from the user 100%. This particular application of technology is interesting because it could very easily be used for Big Brother type applications, which obviously you and I are not comfortable with. But as a Big Mother application it’s pretty great.
So what Tectonics Geo has been able to do is to map anonymized smartphone GPS data. So basically it’s able to track phones, smartphones, millions of smartphones, across different regions or a particular city or a part of the United States, wherever, and actually map this out. Create a map, like the ones you see of air traffic control, there’s a map, an active real time map usually that you can access that shows you where all of the flights are, where they’re going. This does the same thing with phones, but anonymized. So you can’t tell who’s on the other side of that phone, who’s carrying it.
And what they’ve done is they’ve taken this data and the demonstration that they had in this one tweet, which we’re going to link to in the show notes, shows a particular beach in Fort Lauderdale, and essentially the movement of smartphones from spring breakers, from that beach over time, going home after spring break. These are the kids who were supposed to socially distance and help slow the spread of the coronavirus. And you can visually, using this data from smartphone location, see how far they are potentially spreading the infection just by tracking the movement of their phone.
So I think it’s the sort of tool that, for diagnostic reasons and for planning reasons, for organizations like FEMA and the CDC and Homeland Security, can be really valuable because it predicts the flow patterns of where the infection is going next, based on large groups of people congregating in the middle of an epidemic, and then essentially spreading and going home. What it looks like to me when I look at the accelerated video of these movements, is you can see where coronavirus cases may be spiking in the next two to three weeks. Because we know what the incubation period range is with this. I think it’s a likely scenario that you can use this data to predict where medical resources are going to be needed and where field hospitals and the overflow of services and supplies that FEMA can provide will be needed next. So it’s a useful tool.
Shelly Kramer: Yeah, it is a useful tool, I saw that last night. And I think that a lot of these tech companies, what I really appreciate is that I think they’re trying to step up and show people who don’t quite understand how critical this social distancing is, and to get them to understand it. And I will say that, as someone with kids who just came off of spring break, it’s not just the kids who were on the beaches in Fort Lauderdale and other places. It’s a whole lot of grown up people who probably should know better. But anyway, we’ll hopefully, I think there’s a great use for that and how I think that can be helpful moving forward into the next couple of weeks.
So with that, we’re going to move on to, I’m going to tackle the next group of Fast Fives largely because they all relate to security in some way, which is what we wanted the focus of this show to be.
So one of the things that is happening right now is something called Zoom bombing attacks. And those Zoom bombing attacks are disrupting classes, interviews, meetings, and even social gatherings. While a virtual happy hour may sound like a fun idea, all is well and good until a troll shows up and starts using a screen sharing feature and airs a porno clip to all the calls participants. You can only imagine, like, Oh my gosh. So this happened in the last week or so to an Arizona State University professor who was teaching his spring courses. He was using Zoom, and all of a sudden someone started broadcasting a porn video. Porn’s really popular, and broadcasting it to a class of about 150 people, as you might imagine, he probably pooped his pants when that happened. The University of Southern California has reported the same kind of instances.
And we’ve also seen Zoom bombing. I think that you guys have probably seen brands doing things like hosting musicians or whatever. And Chipotle lay recently had a public zoom chat than it hosted with a popular musician. They were Zoom bombed, same thing, porn. And journalists Kara Swisher and Jessica Lessen, Kara’s a popular tech journalist and also a contributor to the New York Times and other publications, and Jessica Lessen is the founder of The Information. They were hosting a Zoom event focused on the challenges that women tech founders faced. And a troll got access to the event, and of course because you’re talking about it and you’re on Twitter, you’re sharing about it, Hey come join us, everything else. So anyway, this troll started broadcasting a shock video, that I’m sure was filled with tons of pornographic images. And what they were doing was switching between different user accounts so that they couldn’t block him or them.
Anyways, Zoom bombing is a real thing. It really sucks. And just make sure you know where the end meeting key is at all times. And just be aware, it could happen to any one of us.
So with that, I’m going to move on and talk about a China-based threat group that has launched what we feel like is a widespread malicious campaign. And I spend a lot of time reading publications like Dark Reading, who share information about what’s happening in the world of cyber security, and researchers from an organization called Fire I have been tracking malicious activity from a group called APT 41, and this group is believed to be working on behalf of the Chinese government. And they’ve been around for a while, and they’ve been quiet for a while, and all of a sudden we’ve seen a ramp up in activity.
The organizations that appear to be targeted are across a wide variety of sectors. We’ve got government defense, banking, healthcare, pharmaceutical, and telcos. Does that surprise anybody, especially given what’s happening right now? Absolutely not. It’s believed that this COVID-19 pandemic is, as we started the show talking about creating an attractive opportunity for evil doers. And what this group of researchers feel is that this Chinese-based group is looking for Intel on a variety of topics. It might be manufacturing, research, trade, all that sort of thing. When you consider that the entire world is pretty much turned upside down, if you’re looking to get inside companies and steal information, it would be a perfect time to do that. So that’s exciting news of the day. And I will warn you, I have one more bit of bad news here and then Olivier is going to wrap us up with some good news.
So the next Fast Five that I’m going to tackle is the Department of Homeland Security has warned that terrorists might exploit the COVID-19 pandemic. Again, no surprise. So what happened this week was that the DHS sent a memo to law enforcement officials around the country. They warned that they expect there’s a chance that violent extremists could seek to take advantage by carrying out attacks against the US. There’s no definitive information about activity that’s underway. But they did encourage law enforcement to be vigilant.
So what’s of most concern, and again, touching on something we’ve mentioned before, attacks against our healthcare systems, which are already overburdened, attacks against critical infrastructure, and then attacks targeting faith-based and minority based communities. So people are out there, chances are our intelligence systems feel like there’s a legitimate concern to be hypervigilant. And as an adjunct to that I’ll conclude this Fast Five with other good news that ABC News reported earlier in the week, that an FBI office in New York showed that racist extremist groups, including Neo-Nazis, were encouraging their followers who test positive for COVID-19 to spread the disease to police officers and to Jewish people. So we have some really awesome people out there right now, but Olivier, there’s hope in sight.
Olivier Blanchard: There is hope in sight. So just as the superhero world has the Justice League, so does the real world, which now has a COVID-19 CTI League, that is actually the name of it. CTI stands for Cyber Threat Intelligence. The COVID-19 CTI League, we need a shorter acronym for this, is a group that spans more than 40 countries, and is composed of roughly about 400 very high level professionals and senior positions in major companies like Microsoft and Amazon. They’re all techies and they are trying to solve the issue of all of this phishing and cyber threats expansion that’s happening right now due to the coronavirus crisis. This is a really interesting development. So on top of the authorities, the official offices of cyber defense that protect us from this sort of thing, there is also this private sector group of super awesome professionals who are focusing on this as well.
Phishing is definitely one of the things that they’re tackling, but they’re also trying to get ahead of some of the hacks that we were talking about. So threats to our critical infrastructure, and not so much like the power plants that typically the government can manage by itself. But also, like you mentioned healthcare facilities. Some of the issues with some of the hacking that we’re starting to see is that as we rely more and more on connected devices, and that includes anything from ventilators to pacemakers, but also robots and drones that are increasingly being used for delivery, for all sorts of tasks that humans normally would undertake.
But using robots in the middle of the pandemic is actually a smart idea. It frees up human resources to either stay home and shelter at home and not spread the contagion, or to focus on more critical tasks, or not necessarily expose themselves to the virus or to infection unnecessarily. All of those devices are much more vulnerable than they used to be. One of the things that COVID-19 CTI League is working on as well is trying to keep some of those vulnerabilities from becoming too much of a honeypot for cyber criminals and bad actors. So it’s cool to know that we have some of the smartest minds in technology around the world working on this problem on our behalf. So I thought that was a nice way to finish
Shelly Kramer: It is nice way to end a whole bunch of bad news.
Olivier Blanchard: Not all super heroes wear capes. Sometimes they just have keyboards.
Shelly Kramer: Sometimes they’re just really nerdy and smart, and that’s exactly what you want right now. Wearing those capes, I think wearing those keyboards, capes, whatever.
So this brings us to the Tech Bites section of our podcast, and Olivier, I’m going to let you handle this one too. I think that I talked enough.
Olivier Blanchard: This particular Tech Bites focuses exclusively on Amazon, but I just want to preface this by saying that I think every company that is being taxed right now and is trying to balance the need to ship products and help people stay home and not spread the contagion is having to do this equation. How much are we willing to risk for our own employees, for the greater good of serving society and continuing operations to go. And unfortunately, Amazon is in a weird spot there because so much of what we order, whether it’s food, diapers, toilet paper, whatever it is, comes through Amazon, and how much we rely on Amazon, that it’s difficult for Amazon, without completely automating its warehouses, to fulfill this need without putting its workers at some level of risk. We know that any time that you require people to come to work and share a space in the middle of a pandemic, there is a risk for those workers to become infected.
The problem though with this report from CNBC, is that Amazon workers who are willing to work and need to work to collect a paycheck are essentially saying that some of the warehouses that are managed by Amazon are running very, very low of essential safety supplies like hand sanitizer or disinfectant wipes, gloves, things of that nature. And essentially their contention is that Amazon is not doing enough to protect them, while they’re working in these fulfillment jobs, to protect them from infection.
It’s not the usual Tech Bites where we point out something grievously horrible that a company like Facebook or Google might’ve done in the last week with privacy or whatever. I don’t think that Amazon is completely failing on purpose to do this, but I just want to point out that this is happening, this is being reported, and companies that do have this uptake and do need to keep the doors open 24/7 in their warehouses to fulfill shipments, probably need to focus a little bit more on employee safety. I think it’s just the right thing to do for an employer, whoever you are, whether you’re a Costco, a UPS, an Amazon, whoever you are. Take care of your workers because they’re taking care of all of us.
Shelly Kramer: Yeah. And I think that we don’t even think about, as consumers, a lot in terms of the benefit that e-commerce brings to our lives. And Amazon, because they own this, there’s nobody bigger than Amazon, so it’s easy to point blame. But I will say that I hear the same concerns from Costco workers who get up and go to the local Costco and have to be exposed to people. And by the way, Costco is a really great place to work, but it doesn’t mean they’re not scared. I hear the same thing from my friends who are nurses who work at hospitals, who are showing up and being told, we don’t have masks for you.
There is a dearth of sanitary equipment, and you can’t buy hand sanitizer as a consumer anywhere. At least I haven’t been able to find any. And you can’t buy bleach, but it’s very difficult to find these things. So anyway, it is a big problem and you’re absolutely right. It’s just in times I think we know how much effort these people, whether it’s Amazon or Costco or Walmart or your local hospitals, what superhuman efforts they’re making. We have to also step back and respect how scary it is to be an employee that’s showing up and going to work every day around potential danger, when we’re sitting fairly safely in our homes. So I think just being mindful of that and reminding yourself on a regular basis is probably important for all of us.
So we’re at the end of our show, we usually talk about a Crystal Ball, and I don’t really have a great Crystal Ball question, Olivier, that relates to our main dive in terms of security risks because I’m not going to ask, do I think security risks are going to increase? I feel like the answer is yes. Do you have something that you think might make sense?
Olivier Blanchard: No, this might change the format usually, because you’re right, usually in Crystal Ball we ask a question and then-
Shelly Kramer: Prediction.
Olivier Blanchard: We predict, we give our opinion on when something’s going to happen or not happen. But what I would say is, in the spirit of the Crystal Ball segment, is that I think the worst of these cyber-attacks, the cybersecurity threats that we’re going to be facing during this coronavirus crisis, which isn’t going to be over by Easter by the way, whether or not we’ll go back to work by Easter, it’s not going to be over by then. I think that we haven’t seen the peak of the cyber-attacks and the cyber threats at all. I think it’s only just now beginning.
Shelly Kramer: We haven’t seen anything yet.
Olivier Blanchard: I think the worst is yet to come. So I would keep an eye on the news a little bit. And even though some of these cyber-attacks may not influence you personally right away, they will influence companies. They’ll influence, or affect rather, people who might be sick. They may affect hospitals and our ability to tackle this virus. So be on the lookout for not just phishing schemes and people trying to get into your bank account and trying to get your information, but also major attacks that are targeted at making it more difficult for countries in the West, not just the United States, but Europe as well to fight the coronavirus infection. So just be careful with that. And we all have our part to play. If you work for a company, you might be the vulnerability in their cybersecurity ecosystem. So try to do your part to not be that backdoor.
Shelly Kramer: Absolutely. And if you’re working from home and you’re not logging into a corporate VPN, please explore getting a VPN. It will go a long way toward keeping you, your family, your business safe.
So with that, we’re going to wrap up this week’s episode of the Futurum Tech Podcast. Thank you, Olivier, for joining me. It’s always a pleasure. If you liked the podcast, like it, subscribe, share it with all your friends. And we look forward to seeing you next week on the next edition of FTP, the Futurum Tech Podcast.And thank you to our audience for hanging out with us this week. We’ll see you next time.
Disclaimer: The Futurum Tech Podcast is for information and entertainment purposes only. Over the course of this podcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we do not ask that you treat us as such.
Shelly Kramer is a Principal Analyst and Founding Partner at Futurum Research. A serial entrepreneur with a technology centric focus, she has worked alongside some of the world’s largest brands to embrace disruption and spur innovation, understand and address the realities of the connected customer, and help navigate the process of digital transformation. She brings 20 years' experience as a brand strategist to her work at Futurum, and has deep experience helping global companies with marketing challenges, GTM strategies, messaging development, and driving strategy and digital transformation for B2B brands across multiple verticals. Shelly's coverage areas include Collaboration/CX/SaaS, platforms, ESG, and Cybersecurity, as well as topics and trends related to the Future of Work, the transformation of the workplace and how people and technology are driving that transformation. A transplanted New Yorker, she has learned to love life in the Midwest, and has firsthand experience that some of the most innovative minds and most successful companies in the world also happen to live in “flyover country.”