Brenda, who also served as a U.S. Sales manager for Skadi Cyber Defense, started her presentation by passing around business cards and a signup sheet for those who wanted a copy of her presentation. Also she asked listeners to put down a number from 1-100 she would use in a drawing from her phone for a $25 gift card. She also described the “honor” of speaking in this “beautiful coastal community that I absolutely love.”
Her company is Skadi Cyber Defense, and she pointed out the indigo graphic image on her business cards of a Norwegian warrior princess, drawing her bow with a long bright-orange arrow fitted to it. She said Skadi is there to “help protect the world against cyber attack.” Her company was founded to protect small businesses, because there are many companies out there focused on the big guy and big money. Small businesses that want protection often hear, you aren’t big enough. She noted that while her presentation is focused on small businesses, there are many individuals here to whom this will apply. She recounted frequently hearing of someone being hacked, or losing life savings, or having their computer compromised. So it’s important to her to educate listeners to stay safe against this threat. She gave her contact information and invited listeners to contact her (brenda.johnson@skadicyber.com).
It is a scary thing, said Brenda, but she encourages business owners to have a plan, which is extremely important, she said: Last year in the U.S. there were more than 800,000 cyber crime-related complaints and losses of over $10 billion. The cartels now are implementing cyber crime “farms,” with people who just go and do ransomware since they’re finding that’s more lucrative than drug trades. She mentioned cyber criminals and their marketing organizations, data clubs and even consulting firms, wellness groups and retail sectors. She hears a lot of “I don’t need this, I’m a small business, they’re not going to hit me,” --- and because they have that attitude, cyber criminals know they’re going to have an easier time getting in and out of small businesses.
Sixty-five percent of small businesses get targeted – more than large companies -- and 87 percent of customer data can be compromised. She has made a small video on the topic. After adjusting the audio for her presentation, she showed realistic scenarios of a hacker in action, presenting warnings about when you shouldn’t share information. This can happen in real life, such as when scammers pose as real callers and prey upon the unwitting using everyday scenarios. She pointed out that employees may unwittingly leave a company vulnerable, and clued watchers in as to “what the IT guy doesn’t realize,” how they may have given the false callers full access to their computers, leaving the businesses open to scammers taking over their computers. Her video showed how everyday employees fall for such ruses. Hacking into personal lives is a form of power, and victims range from everyday personal lives to national security. Th Rotary club members fell silent as she talked.
There are a lot of dark people out there, she said, and they are believable, using “social engineering;” victims can include people who aren’t good with computers and naively seeking help from scammers eagerly offering to assist them. She mentioned “scareware,” offered by scammers who seem to compassionately offer help. She noted that her own husband, in his work, gets this about once a week: a way the bad guys attack.
She asked how many of those present watch “Land Man.” She noted that oil was a currency in the 80s and 90s, and today’s currency is data, which even the smallest business possesses and which can be gold to hackers. One way hackers get data is by hitting a company that may not know they’ve even been there, or they go to county site and trick the county into believing that you are the title owner and take over the title. This is happening to a lot of retired people now.
She passed around a list of data, and asked listeners if their businesses handle any of this data. Even wine clubs can be hacked. She cited an example from the news, of a business in Kansas that lost $23K to a hacker that looked at their bank account information. Adding fake employees to the payroll adds insult to injury. And she cited several “Trojan (horse)”-like) examples including phishing attacks around the country, as well as her own experiences. She noted that businesses that serve high-end clients are of particular interest to hackers, and cited losses reaching into the millions of dollars, even when clients feel safe. She mentioned “spear-phishing” attacks which target specific individuals and also mentioned hackers who make their targets feel assured and comfortable.
Ginger recounted her experiences, including once when she wound up feeling liable, and added that airlines know about such attempted attacks. She suggested that business owners spread the word of attacks or prevent weekend sales, to “let other industries know about it.” And Brenda mentioned businesses that bring suit to entities they feel have exposed their data. She mentioned mom-and-pop stores, which aren’t immune to hacking, and the importance of keeping POS systems up to date.
What are types of cyber attacks? It’s impossible to show them all in a diagram, but she showed some ways to guard computers, PS systems, computers, even mobile phones, from hackers. She mentioned viruses – no longer as big a threat as they used to be. Our technology and guards are growing – but so are the bad guys. She noted that AI attacks are increasing, as are “man-in-the-middle” attacks. Communications between machines are changing, especially in the case of manufacturing systems and in the cases of attackers from out of the country. Even a trusted Web site does not guarantee protection.
She brought up phishing and DOS or DDOS: “denial of service,” which can happen if someone is upset with your business and bombards your system.
She mentioned a Chinese hacking campaign, which stole U.S. users’ data and which the FBI is still working on. Kevin said we should keep our assets at home under the mattress, to which everyone laughed – but only halfheartedly. You have to use today’s systems to live, she said, but it’s important to be protected and to use common sense.
She elaborated on malware – the most common way to get an attack when it comes into your computer or phone. There used to be antivirus solutions or files, but now it’s hard to detect a virus; it could be a power-shelf attack going into your Microsoft window, etc., and so you have to make sure that whatever you’re using can handle malware. Some of this slows your system, but legitimate software – one in particular called a Zeus trojan -- is developed for financial information.
She recommended the movie “Beekeeper,” which depicts a poor woman losing her life savings, and discussed different kinds of phishing. Hackers need to only record two seconds of your voice to emulate it, or that of a celebrity doing a charity, or the voice of someone you trust. Hackers can copy voices using artificial intelligence. And she mentioned “spoofing,” which is someone making a Website look legitimate. One way they do it is by using a Russian alphabet instead of the U.S. alphabet. You have to look for the difference, but you can see it – usually, it’s the A, or the O, or the B – so before you click on it, look at them and if the A, the O or the B look funny, don’t click on them. She tells her husband, who gets hacked all the time, to bookmark the sites he often goes to. Go to the bookmark instead of a search, because what come up on the search can be a spoof.
How to stay safe? Some suggestions: When you get a new employee, ask questions and get background info. You never know who they are. There was a cybersecurity company that hired what they thought was a perfect candidate, but within a week of hiring the found inconsistencies. He turned out to be a North Korean spy. They found malware and fired him, but the damage was done, and they never found him.
She mentioned USB sticks – do not allow them because you never know what’s on them. Stay on top of your software updates, which can be like leaving a window cracked. Enforce the use of strong passwords, and change them often. And, for safety, don’t use the same password for everything.
She recommended using lastpass.com or a VPN or firewall when online. Inspect cardreaders closely. Stay informed about the latest in cybersecurity; make sure that you are aware.
She spoke of her company, Skadi, with its warrior princess logo; she feels that cybersecurity should be affordable and accessible to small businesses. Her company provides avenues to stay safe, because they feel that just having one thing for cybersecurity is like locking only one window in a house. They call the business Cybersecurity On Demand. A lot of big companies require you to open a big dashboard; her company gives simple solutions and 24/7 monitoring in a simple box. She lists services that they provide as “the whole package at one price” as opposed to the bad guys.
She spoke of her CEO, who was with the U.S. Marine Corps and the U.S. Navy, as an “extremely brilliant engineer” who developed missile guidance systems, is also a musician who was a chief information security officer for a bank. That CEO took what she developed for the bank and brought those ideas to Skadi, to be accessible to small businesses.
Services that they provide include a look at what’s out there. The difference between them and similar services is that they give the whole package, multi-layer protection, at one price, and don’t nickel-and-dime you. Included is vulnerability management; while any cyber solution takes vulnerabilities into account, they keep updated lists in their software, cross-reference all threat indicators nonstop and make sure they shore that up.
She asked one question for everyone to ponder: What would you do if you were hit with a ransomware attack? Has anyone here been hit with one? Hands went up. She invited stories and Erika Pardo recalled an experience of her husband, in which the cyber attacker wanted money. They called Mike Alifano, who negotiated them out of it, but it was scary, given all of the confidential files and information businesses and individual computer users have. They did not find out why they were targeted, nor more about it or what or who was behind it.
Brenda noted that the thieves often want money in order to not release your data. They hold the data hostage but can release it so that your customers can see you.
Irwin Cohen mentioned that some intermediary billing program for all medical offices across the United States had similar problems recently and wound up paying.
She mentioned penetration testing: they have “pen testers,” who are hired to determine if employees are susceptible to social engineering. They probe to find out if there are ways to get into the actual systems, something they do for small businesses. She sees it as like giving a car a 50,000-mile checkup, to see if anything is likely to break. They check any issues you have, looking for shadow IT, or IT that isn’t authorized.
Dark web monitoring: Noting that “darkness is the absence of light,” she said you have to use specialized browsers to get into the dark web; here’s where all the bad guys lurk and buy data that you may have and in which they find hidden layers. What they do is survey that and tell you how to clean it and get out of there. That is important.
Compliance, she said? Such as HIPPA, for medical. They help you stay compliant, identify if you aren’t and tell you what needs to be done to be compliant and avoid fines She stressed the importance of employee training so as to not put your business in peril. Skadi also helps conduct trainings, and holds meetings. Since the bad guys are getting better, she said, we have to stay on top of it.
She showed her books: “Being Less ‘Hackable’ for Seniors and Non-Techies” and “Cunning Cons - Your Guide to Dodging Modern Scams.” She asked if we had heard of the “Grandparent Scam” which preys on seniors; Erika told the story of her elderly mother who got a call from her “granddaughter;” she told the caller that she did not have a granddaughter, upon which the caller hung up. That led to stories of what happens when the computer comes up and flashes that “You’re Hacked.” And to more insidious ones: when real phone numbers are stolen and used to dupe the elderly, or callers who pretend that they’re elderly relatives held captive – until the frightened relatives hear that the “captive” is sitting right there, unharmed. Sometimes the bogus caller fires a gun for effect, to add to the fear.
Who are these guys? Brenda said that this happens around the world, with people trafficked and held until they meet their quotas under fear of very real punishment. North Africa is a big area for it, though this can happen anywhere. Large syndicates fund them, though the government is trying to put a stop to it. Even scarier: even a voice just saying “yes,” can be used by scammers.
Warren asked about updating home computers for protection; Brenda recommended Malware Bytes. Most of these folks don’t use viruses anymore, but try using “Zero Day Attack.”
Dianne asked, can you trust Apple? Benda recommended to always go to someone you can trust. Erika asked if you are in danger if you get a strange email and open it but don’t click on the message, Brenda said that if it is a sophisticated attack, yes, though most are not at that level, You should check the sender’s email first; hover the cursor over it, which shows you where it’s actually coming from. If you see “dot RU,” that means it’s coming from Russia, she said. Sometimes images carry files you want to avoid; right-click or hover over it. Don’t click on things that look too good to be true; if you even click it, it can download something that can hurt you. If your computer slows down, have it checked out. She uses NoMoRoBo and updates her voice mail, since hackers can take your voice mail and you can use that to monitor your own voice mail. It can also be blocked. You can get that at an app store, and for android too.
For apps for safety measures, banking or financial transactions, or ways to block the bad guys, she recommends Office 365 or Authenticator.
Kevin asked her, if this happens to us, should we give you a call? And she said yes. “You are my presentees,” she said, “my audience. I will absolutely help you. And my company offers a service, called Incident Response. That means, once you get hacked, we’ll help you recover.”
Brenda’s books can be found at amazon.com.
Irwin presented Brenda with her certificate stating that 15 children had been inoculated against polio in her name, which greatly pleased her. Nineteen people with polio still remain in the world. She had sent around a signup sheet from which she will draw a $25 gift certificate.
CLUB MEETING, January 23, 2025
Irwin announced quiz time for a cookie: Who was Max Cady? What movie did two actors portray him in? No one knew. When some asked what kind of cookie, Irwin answered, “A worthwhile cookie.” Which two Bobs played Max Cady? Answer: Robert DeNiro in 1991 and Robert Mitchum in 1962 – and that sparked debate over the two Roberts.
Pledge of Allegiance - Kevin gave a rousing hello to the club, which pretty well packed the community meeting room at the Half Moon Bay Library, and he asked Dave to lead the pledge.
Inspirational Thought - Ed Daniels gave a motivational quote from Bertrand Russell: “Love is wise, hatred is foolish. In this world, which is getting more and more closely interconnected, we have to learn to tolerate each other; we have to learn to put up with the fact that some people say things we don’t like. We can only live together in that way and if we are to live together and not die together, we must learn a kind of charity and a kind of tolerance which is absolutely vital to the continuation of human life on this planet.”
Pres. Irwin's Weekly Quiz - Irwin announced quiz time for a cookie: Who was Max Cady? What movie did two actors portray him in? No one knew. When some asked what kind of cookie, Irwin answered, “A worthwhile cookie.” Which two Bobs played Max Cady? Answer: Robert DeNiro in 1991 and Robert Mitchum in 1962 – and that sparked debate over the two Roberts
Announcements and News - Ginger Minoletti had some news: the Barterra Winery tasting room has been moved from Main Street, Half Moon Bay, to a warehouse near Princeton Harbor, which had been used as a storehouse for wine, and which will now be used for weekend tasting only. In light of that, they’re having a 50-percent-off sale of merchandise, not wine, focusing on the seasonal. Also for sale are a couple of nice pieces of furniture, offered at 50 percent discount. The address is 151 Harbor, around the corner from Jetty Wave, near where Eric Trojak has been doing wine tastings for five years; it will open Saturday, Feb. 1, with jazz on Feb. 2. She invited all to join in the festivities.
Kevin said he’d had a wonderful opportunity this week to take his wife Debbie on an overnight excursion to celebrate her birthday in San Francisco (to which he hadn’t always been wild to go) but this time they stayed at the Ritz, rode a cable car, walked in the park and had fabulous weather and a nice dinner in Pacific Heights. He marveled at how clean Market Street and the city were, and urged us all to take advantage of the fact that we live so close to such a beautiful city. Rotarians then shared favorite spots around the city; Kevin bemoaned the hills but then recounted a trip with friends there to see “Some Like It Hot,” which he highly recommended, praising its tap dancers. Ed Daniels noted that since he had recently retired, his work email address is no longer good; he has changed it in ClubRunner and it is now ead@coastside.net.
Irwin asked how many of us had completed the Youth Safety course, with which Liz can help. Susan Kealey noted that from 10 am. to 2 p.m. on Saturday we have a cleanup project at the Sanchez Adobe performing arts center with the Pacifica Lions Club and Pacifica Rotary Club. She’d love to see some of us turn up, since it is a kind of reciprocal project, as Pacifica Rotary has helped us.
Marble Game - The marble game was held; Dave was picked, but he got a green marble.
