For The Future Indicative, Ep 3 Part 1

Transcript

ALEX EFFGEN

Welcome back to The Future Indicative. I’m Alex Effgen, and as we continue to explore Cybersecurity in Part 2, we need to learn about the cost of security, and greater cost without it.

TOM CLAPPER

“We’ll use dollars because dollars get people’s attention relatively quickly. The financial and intellectual property theft in the US alone is a multi-billion dollar problem…Billions and billions of dollars just in this country, from everyday people, from companies. We’ve seen schools get hacked. The LAUSD is the biggest school system in the country. They had all of their data bricked up. So this applies to everybody to the tune of billions of dollars.”

ALEX EFFGEN

That was Tom Clapper, Director of Information Assurance at Redhorse Corporation and an expert at cybersecurity. Like you and me, his phone keeps him up way past his bedtime, but for very different reasons:

TOM CLAPPER

“My job is to protect usually against nation states and/or insider threats. And the thing that keeps me up most at night is your cell phone is usually the easiest target, the biggest threat vector all your finances, all your stuff, everything in your life is in there. And in that phone, you’ll also download something like TikTok. When you put TikTok on your phone, you give the government of China access to your camera, to your microphone, to geolocation, and to all the files on your phone.

Knowing what I know and what I know to do, if I really wanted to track somebody and figure out where you’re going and what you’re doing, I would exploit an app on your phone…because when you give all of that access, it’s very easy that I can turn on your microphone and record a conversation that you think you’re having in private, and your phone’s in your pocket.…And so when you look at the apps on your phone, ask yourself, Did I just give this thing access to everything?”

ALEX EFFGEN

In my Origin episode, I noted that disruption can be an external force–regulation, emerging technologies, a shift in your market’s priorities, and of course cyberhacking. But it also can be an internal force. And Tom has had to deal with both.

TOM CLAPPER

“When people ask me what my number one threat is day to day, it’s insider risk. It’s somebody that’s touching the keyboard, either does something out of ignorance or does something out of malice. Somebody getting into our network will take quite a bit of effort. Somebody already in the network doing something bad doesn’t take a lot.”

ALEX EFFGEN

Uh oh. We’re back to Tom’s M&Ms. And those M&Ms might be in dirty hands.

TOM CLAPPER

“Not everybody is doing the same level of cyber hygiene that they should. And when you start figuring out why not, a lot of times it’s a PM, or personality saying, No, I want unfettered access. Or, That slows me down. Or whatever number of reasons.

My whole career has been around engineers. Engineers inherently want unfettered access to everything. They would like to get to the root kernel within their operating system. They would like no boundaries.

So there’s a balance between how I keep you secure, and how I also don’t impede what it is you’re trying to do.

And the truth is, if you do this correctly, you do it in a way that your everyday users don’t even know it’s there because it’s not impeding them. It’s not slowing down their progress. But at the same time is across the board keeping all your verticals equally safe.”

ALEX EFFGEN

Tom mentioned that “not everybody is doing the same level of cyber hygiene that they should.” Growing up in the ’90s, safe sex was a PSA that our schools and communities emphasized to combat the AIDS epidemic. There was one commercial that explained if you had sex with one person, then you’ve really had sex with everyone they’ve ever had sex with. Well, the same can be said of your digital habits. How hygienic are you keeping them?

Hollywood learned first hand the impact of neglecting cyber hygiene. And Tom had a front-row seat for the show.

TOM CLAPPER

“Eight years ago, Sony had a big hack. The North Koreans hacked into Sony Studios, and stole movies that were still in post-production, and released details. They released emails, private emails that actors and agents had with the studio.

It was interesting to watch—because I lived in LA at the time—how studios started thinking about cyber. Previously, when you put everything on film, people aren’t stealing your stuff. But now that everything’s shot digitally, they hadn’t caught up with cyber yet.

Disney is one of the leaders of this. Especially with the Marvel stuff, too, they hold their stuff very close. And a lot of the networks that they hold it on are disconnected from the internet. And so it is interesting, the technologies caught up that then lagged with security. And film was one of those that sort of made me laugh a little bit that when they went digital, they didn’t think about the hacks, the way they did when everything was in film canisters in a closet somewhere.”

ALEX EFFGEN

Tom helps the US government try to keep all of us hygienic. No small task in times of disruption. For context, Tom and I had this conversation three weeks into the US federal government shutdown, in October 2025.

TOM CLAPPER

“The government not doing their own due diligence is a big disruption because a lot of threats are discovered through government channels, and then given out from government channels. Log4j was a big thing that happened a couple of years ago. The government knew about that before it was publicly acknowledged.

That trickles down to us and that’s important to us. And so the government shutdown right now is a problem to cybersecurity that most people don’t think of inherently, that actually makes us more vulnerable from a cyber perspective.

When CrowdStrike had a big problem a couple of years ago that shut down airports. When that disruption happens in our lives people start looking for workarounds. When we start to find a workaround, you usually end up going down a less safe/more risky path to get to whatever it is you’re trying to do.

Those things will disrupt because they create a bad habit and then people start doing things that they know from a cyber hygiene perspective aren’t the best. And it doesn’t sound like a lot, but the number of times I’ve seen big problems arise. When you start investigating what’s the root cause, the root cause is some sort of disruption up chain that then led to whatever problem you’re dealing with today.”

ALEX EFFGEN

So when we’re not causing our own problems we need to find ways to promote best practices against bad actors.

TOM CLAPPER

“A lot of people are like, Oh, I have my cell phone. You also probably have a smart speaker at home and you probably have a connected Nest for your thermostat. And people don’t think of those as threats in their house, but they are because they can be exploited.”

Our adversaries are going to keep trying, and they’ll keep using new and emerging threat vectors. So my answer is to just always be vigilant on how you respond to these things.

I said this at a conference once and people were like, ‘Yeah, but I don’t have nation state actors to worry about.’ Well, adversaries aren’t necessarily nation states. The average hacker trying to steal the money out of your bank account is a threat actor. It is something you should be worried about.”

ALEX EFFGEN

We should be worried about it. But that doesn’t mean we collectively feel like we can do anything about it. Afterall, we’re not all IT experts.

TOM CLAPPER

“A lot of Boomers won’t put virus scan and malware scan on their phone, because they don’t know how to download it. They don’t know the right one to go to. Even the app store a lot of times isn’t super user friendly. So making cyber tools and making cyber 101 easier to use and more digestible to people who inherently don’t know anything about it for me is the greatest way to expand it.

Apple and Sony and all these big phone companies should also start putting this stuff on the phone. They know that the phone is the number one threat vector to all people. And yet there’s not a lot of great things on the phone to keep us secure. And then once it’s usable or accessible, make it more intuitive. And I think you’ll see a much greater access and then adoption of those products.”

ALEX EFFGEN

Huh. Make it easier to find and simpler to use. It’s almost like there’s an opportunity to SPECIALIZE cybersecurity for a chance at SCALE.

TOM CLAPPER

“One of the things that I think would make cyber much more accessible to everyday people is making it more user friendly to people that aren’t the most technological.

I’m married to a UI/UX director. The user experience, the user interface. And a lot of people don’t know what that is just by hearing it, but it’s how friendly things are to you, whether or not it’s a website, an app, software, whatever.”

ALEX EFFGEN

Sounds like I need to interview Tom’s wife if we want to explore user experience. But for now let’s take this topic home. Tom, why should we actually care about cybersecurity?

TOM CLAPPER

“Our adversaries are taking advantage of the tools out there. They’re using AI. They’re using machine learning. They’re using a lot of different technologies to scale up. To make themselves more savvy—introduce different threat vectors on how to get into our stuff.”

Our adversaries are never going to stop coming for the thing they want. Whether it’s something to blackmail you, steal your money, hold your stuff hostage, it doesn’t matter. That’s the thing we should learn is it’s not going away.”

ALEX EFFGEN

Bad guys are going to be bad. Got it. If you want to make the world a better place, take a look at yourself, and…yadda yadda yadda.

TOM CLAPPER

“For me, there first has to be a willingness to fund and invest technology that protects everyday people. Because cyber is still relatively in its infancy, the biggest cyber things are to protect big enterprise networks: to protect banks, to protect hospitals, to protect municipalities, things like that. But to protect my computer or my phone, there’s a billion little apps and somebody drowns in options and they don’t know what to find. So I think some education matters.

And then fundamentally we have to have a paradigm shift as users. We have to start understanding the threat. Once you start to realize you’re a constant target: Okay. How do I protect myself?

And right now I think those two things are missing in the average person. They don’t think of themselves as a target. And so I think there first has to be the willingness to fund and invest for personal users rather than big enterprise users, but then also the user base must start to adopt this shift in ideas.”

ALEX EFFGEN

Pretty sensible conclusions. Not bad for a Yankee fan.

Thank you for joining us on The Future Indicative, a podcast produced by me, Alex Effgen, and Indicate Marketing. Our mission is to show what great narratives accomplish for your industry. As mentioned before, the views expressed here are solely our own, but we share them for our collective wellbeing. Please reach out to us at IndicateMarketing.com if you find them helpful. Let’s explore how our humanity can help drive your business growth and market positioning. We appreciate your patronage, and continued support.