In this podcast, Motley Fool analyst Tim Beyers and engineering manager Tim White discuss the rise of cyberthreats, and what it means for companies like Microsoft, CrowdStrike, and Zscaler. They also discuss how these breaches work, and what you can do to protect yourself and your family.
Members of any Motley Fool service can watch "This Week in Tech" at 10:00 a.m. ET on Fridays, or any time at the Fool Live replay hub: To become a Motley Fool member, head to www.fool.com/signup
To catch full episodes of all The Motley Fool's free podcasts, check out our podcast center. To get started investing, check out our quick-start guide to investing in stocks. A full transcript follows the video.
This video was recorded on May 05, 2024.
Tim White: Nothing is more difficult as a techie than trying to convince a VP of software who wants to get a bonus that you should spend a whole lot more money replacing routers that work perfectly fine, but literally can't be patched anymore, and probably have been taken over and are being used as a bot now to attack yourself. You really have a difficult time doing that, and those sorts of infrastructure upgrades, I think in this year in particular, are extra difficult because every CEO has been absolutely wild on spending everything they can on AI instead of on infrastructure upgrade.
Mary Long: I'm Mary Long, and that's Tim White, a techie at the Motley Fool. He and Tim Beyers are co-hosts of This Week in Tech, a show on Motley Fool Live, our members-only live stream channel. About a week ago, my colleague, Ricky Mulvey asked Tim and Tim if they wanted to do a show about the ripple effects of AI, the consequences we aren't thinking about. They came back with one word, cyberwar. On today's show, the Tims walk through the implications that Artificial Intelligence has on cyber threats, and what that means for you as a citizen and Internet user and an investor. As a heads-up, today's show runs a little bit longer than our normal weekend shows, so as a result, we won't have a show tomorrow. Enjoy today's conversation, and we'll see you Monday, Fools.
Tim Beyers: The cyber wars are heating up, and I'm going to tee you up with a statistic that you pulled down, that I think is appropriately terrifying if we're talking about cyberwar. According to the 2023 annual data breach report, the number of data compromises in 2023, this is 3,205, that's how many there were, increased by 78 percentage points compared to 2022, that was 1,801. This sets a new record for the number of data compromises tracked in a year. That's up 72 percentage points from the previous all-time high, that was in 2021 and that was only 1,860. I've heard you say this multiple times here, Tim, so headline number 1 here is the cyberwar is no longer a cold war, it is a hot war.
Tim White: That's right for a number of different reasons, including AI throwing fuel on the fire here. What was just a whole bunch of disinformation campaigns that were spreading across social media across the whole world, some relatively isolated ransomware attacks, have become an increasingly vicious series of ransomware attacks, including really ugly ones like the Colonial Pipeline in 2021, the AT&T breach, which they still don't have a cause for, and a bunch of others including MGM being down for a week due to these, and the big story of this year, UnitedHealthcare now reporting almost $1 billion in damages from the ransomware attack that had their payment processor down for almost a week.
Tim Beyers: Let's park on that UnitedHealthcare story for a second here. Just to underscore the gravity of what we're seeing at the moment, before we came on air, you were talking about how the executives from UnitedHealthcare are sitting in front of Congress and giving testimony, and I find it fascinating what they said about this, that a little bit of arm-waving, everything's fine. I want you to give the reaction to listeners, what you said about this.
Tim White: His statement was, all of our systems are now protected by two-factor authentication. Two-factor authentication, meaning that code you get when you try to log into your bank's website that says, hey, you need to enter this code to prove it's really you. Just the fact that they didn't even have that, which is basically table stakes level of security now, really I think underscores how ill-prepared most companies are for the hot cyberwar that is coming, especially from state-sponsored actors. So what does that mean? That means that governments are paying hacking groups, like Russian groups Cozy Bear, and a few others including AlphaV, to perform hacking and ransomware to get millions of dollars to feed back into Russian government activities, as well as other governments. This is now a big business. You've got a combination of old fashioned espionage/let's ransom other governments to get money because we're under sanctions, and Nakatomi Plaza style Die Hard criminals who are just trying to break into whatever vaults they can and make it look like terrorism and get as much money as they possibly can. I think it's really important to contrast the fact that the people who are fighting this in the US on the government side, the US Air Force just had to implement adding warrant ranks to their cyber security groups in order to be able to pay these people something even remotely close to what they would get working for a big corporation. It's really hard when the folks who are in other countries are sitting there, rolling in millions of dollars and as much drink and anything else that they could possibly get, and our US agents are barely able to get paid what they would make as a starting person in a company.
Tim Beyers: It's fascinating that you contrast it to counterparties but both have huge implications on where we're at, and we're going to get to state-sponsored cyber hacking in a moment here, but if we could stay on this for just a minute, just to characterize what we're dealing with. You have on the one hand, I'll use a character that's very well known, state-sponsored Vladimir Putin, in Russia. But then we also have the anonymous hacker, the Hans Gruber, that is just like this is just a really sophisticated theft, and Hans is really interested in your crypto accounts and would love to steal your Bitcoin, as well as empty your bank account.
Tim White: I think the big question is, why are we suddenly seeing, like in this year alone, massive data breaches, and then last year, 75% more than the world record of data breaches. Why is this accelerating? I think a big piece of it is AI. AI has two pieces in this story. One is that it's used by cyber security companies to try to detect threats, weed them out, find when there have been breaches. On the other hand, it's being used by these hacking organizations to train their hackers faster than ever, as well as to create really good copy that you could send to someone in a phishing style attack, so you would suddenly get an email from someone that looks really legit. It's full of all the words that has something to do with your company, and you click on a link and boom, you're hacked. In addition, Microsoft's new vocal AI trainer, which can simulate anyone's human voice, now needs only two seconds of audio to replicate your voice.
Tim Beyers: That's disturbing and that's terrifying. When we've talked about security in the past, so we'll park on this for a second, humans are the problem. In most cases with cyber security, humans, you and I and others, we are the problem in the sense that we can be easily fooled by whether it's an email phishing attack, whether it's a phone call, it says, hey, I'm here with your mom, and they're trying to get in, and they've been told that you need to give some other piece of personalized information. This data collection to build a profile by which security systems get breached is increasingly sophisticated and your point is a good one, that to the degree that an AI, instead of actually stealing the data from say, you or me, the AI actually constructs the data to plug into a system to do the theft, like a simulation of my voice or yours, is a little bit staggering here.
Tim White: You really just need to convince someone to give you the information that they shouldn't be giving you. That's why the industry is moving toward something that you might have heard called passkeys, which is really using just biometrics on your local machines, so you have to hit your fingerprint reader every time as opposed to even getting that two-factor authentication message, because that's even one layer more of proving it, and it eliminates passwords from the equation so you can't accidentally give someone your password. The best you could do is accidentally use your thumbprint, and the passkey system is basically built to make that impossible.
Tim Beyers: We talked a little bit about state-sponsored actors here. Let's move to that. What makes the cyberwar hot right now, is that you do have states that are essentially funding plundering activities. You pointed this out here, Tim. There was something that Jensen Wong, the CEO of Nvidia, said not that long ago, couple of months ago, said that there will need to be sovereign AIs for nations around the world in order to protect themselves, they're going to need essentially, I'm making this up, but essentially you're going to need a United States cyber force, Tim, that's what we're hearing from Jensen Wong. Do you buy that argument?
Tim White: I do. I think the US government buys it too because the US Army has now announced a move to agile software development after literally an entire lifetime of only doing what we call waterfall software development. Where you very slowly plan everything out and deliver it. They no longer can keep up with the rapidity that AI can generate new threats against them. Thus, must move to a completely different model. Like I said, the air force now working really hard to retain cybersecurity professionals working for the US government.
Tim Beyers: When we look at this, it does increase the amount of danger that we face as not just a country, but just as individuals walking around people, how much danger there is. I think one of the undertones here, Tim is, we may not understand how much Joe and Jane average are involved in the cyberwar. The collateral damage is the people who are, I'll just make something up here, suffering identity theft, for example. That seems like collateral damage of the cyberwar.
Tim White: It does. Again, we were talking about that as what I think is the cold cyberwar, right? Is disinformation campaigns, identity thefts. That's what builds up all this profile on this data that then can be fed into AIs to generate actual hot cyber attacks. For example, Cozy Bear, which is one of the Russian state-sponsored tech and groups, had all these tools they have been developing for years based on identifying tiny breaches in like old routers that people haven't upgraded. That people includes small companies and so forth, right? Not just people at home and various other ways that they have identified over time to get into places, but they hadn't really used them. Then when the war and Ukraine started, they basically unleashed everything and tried very hard to take down the Ukraine government entirely, and were not nearly as successful as people had expected them to be, because Ukraine was very prepared for this. But at the same time, that really turned the war hot. Now you've got Chinese hacking groups like Storm-558 that have cracked into Microsoft Exchange mailboxes, including US government officials.
Tim Beyers: Yeah. When we talk about what makes the cyberwar hot, do you think it's fair for me to differentiate between, you talked about the cold war being identity theft and things of that nature. Damaging, heartbreaking, but not a hot war. The hot war here, from a cyberwar perspective is using those types of tools, but to take down things like physical infrastructure, attacking a power plant, attacking a banking system. Is that really what we're talking about with a hot war?
Tim White: It is, but even the hardest ransomware like the pipeline one that I talked about before, where no oil's going through here. If you stop the colonial pipeline, you are basically completely shutting down parts of the energy sector in the United States. Same thing with power grids, very vulnerable to cyber-attack that has been known for a while, and so a lot of preparation has been made, but probably not enough. Like I said, the UnitedHealthcare system, which is responsible for keeping a lot of people in this country alive, was very vulnerable, it turns out, and so vulnerable that now they're probably going to be a whole lot of lawsuits about how payment processing being down for as long as it was directly affected people's lives.
Tim Beyers: Yeah. I would absolutely believe that. We are going to make some specific stock picks here at the end, Tim. I want to focus for a second on where one of the broad opportunities might be, which is in infrastructure. As we've been talking about this, you mentioned that you touched on it, where there may be some old equipment that is vulnerable. We're talking about again, power plants, other institutions that are running old systems, old equipment, out of date, haven't been patched, and those are ripe targets in a cyberwar. You've been a techie for well over 30 years here. There is a principal in tech, Tim where if something works, if an existing system works, and it just works, and it works really well, there is a real resistance to upgrade that. How much of that contributes to the vulnerabilities we're seeing?
Tim White: Quite a bit. Nothing is more difficult as a techie than trying to convince a VP of software who wants to get a bonus that you should spend a whole lot more money for replacing routers that work perfectly fine.
Tim Beyers: Right?
Tim White: But literally can't be patched anymore and probably have been taken over and are being used as a button to attack yourself. You really have a difficult time doing that and those infrastructure upgrades, I think in this year in particular are extra difficult because every CEO has been absolutely wild on spending everything they can on AI instead of on infrastructure upgrades. You've got another impact from AI. Here is all the money sloshing over into buying a bunch of Nvidia GPUs to run models on, instead of upgrading all that network equipment that might be vulnerable.
Tim Beyers: As a way to think about that is, maybe an analogy here is we are spending all kinds of money on making better missiles, and not nearly enough on missile defense.
Tim White: Or not even nearly enough on keeping the bridges up so that you could drive your missile trucks over them.[laughs] It's really classic infrastructure problem. Infrastructure that works is really hard to justify spending on.
Tim Beyers: Yeah. So state-sponsored attackers are a real big problem here. There's a lot of collateral damage. Aging infrastructure is a big issue here as well. Let's talk about just the text. Draw some context around the quality of these attacks, and what kind of attacks we're seeing. We mentioned ransomware is a type of attack, a distributed denial of service attack is another very common one. It's been around for generations spoofing attacks, phishing attacks. Let's define some of these so we know what we're talking about.
Tim White: Yeah, so ransomware is essentially someone breaks into your network. They somehow get access to your network. Let's use a very specific example. In the case of the MGM hack from last year, someone called the help-desk at MGM. They got the number of the help desk and they had some names of real people. Again, this is all where that fishing and stuff comes through early in the game. They called and said, hi, I'm so VP, I got a new phone this weekend and I need to reset my two-factor authentication. Can you go into the Okta system and reset the two-factor authentication for my phone to use this new phone. They're like, sure. Of course, sir, we can do that, and they had some security questions, but not nearly enough. Right?
Tim White: They did that and the two-factor went away from the real person's device and onto now this hacker's device. That person had access at a pretty high level to Okta, so they were able to not only get into their account but then get into a lot of other people's accounts and then reset all those other accounts so they couldn't be logged into. At this point, you have a whole bunch of people who can't log in to do their job, and then they start changing the passwords of everything else. Now, no one can get in to do their job and they start shutting things down like the badge system so no one can badge in to get into the building and so forth. Then they say, hey, by the way, company, we have now taken control of you, and if you would like control of your company back, please pay us X million dollars and we'll talk about it. Then they start encrypting everything. Even if you get to passwords reset and get in there, now everything is encrypted and you can't get to your data. Ransomware is really about locking down your infrastructure and then ransoming it back from you.
Tim Beyers: If we're talking about other types of attacks, let's say a distributed denial of service attack. This is the old-school blunt force attack that really came about from the earliest days of the Internet. We take over a number of idle machines that happened to be connected to the Internet, and then we point them at a series of IP addresses and say, go throw as much traffic as this series of IP addresses as humanly possible because we want to take down X website.
Tim White: You have a whole bunch of computers that are connected to the Internet that haven't been upgraded. They're still running Windows XP, for example, the classic example. Maybe it's your grandma's computer, maybe it's a library computer in a small town. It could be a lot of different examples. Microsoft didn't start providing their own antivirus until 2008, so there's a whole lot of computers running in that '98-2008 time-frame that are vulnerable to this kind of attack by default. They get taken over. Someone goes in and installs a piece of software on them that lets them use that computer for whatever they want, and so they basically just web browse to a website with hundreds of thousands of these zombified computers and hit a website all at once to prevent that website from doing its normal thing of trying to serve traffic. Sometimes this can be a ransomware thing where they say, hey, we're going to keep doing this, impounding your website until you pay us. Or sometimes it's just like a punishment, like they're mad at some company or whatever and they'll just do this and that's more the Hans Gruber thing, for the most part.
Tim Beyers: I want to park on this for a second because it does bring up something that Microsoft has said, and I think you and I have been fairly clear that Microsoft is one of those companies that is definitely playing in the security space. But also because they might have the most to lose because there's so much old Microsoft equipment out there. I want you to comment a little bit on what Microsoft has said about their commitment to security. What do you think about Microsoft saying security above all else here?
Tim White: First of all, Satya Nadella didn't say this until mid-April of this year. The CEO of Microsoft was like, whatever we're going to spend all of our money on AI. It's the same exact issue, where we're going to spend all of our money in AI, we don't care about security. Oh, a whole bunch of government accounts got hacked. Oh, no, every email in the world is now on the dark web. I'm sure that's nothing to do with us. Oh, wait, it is everything to do with us. I think it's a little bit frustrating that it took him that long to say that they are going to be putting security above all else. I also have heard many CEOs and leaders say that and they don't believe it for a second.
Tim Beyers: Talk to me about what would be the right step forward? If you wanted to put actions behind those words from Nadella, what would be the first thing that you would want to see Microsoft do?
Tim White: I wouldn't want to see a really strong focus on core infrastructure security. This is something where they are one of the big three public cloud providers, Microsoft Azure. If you are trusting Microsoft Azure with your company stuff and they can't even protect their own stuff, that's a bad look for Microsoft, as well as being dangerous for a lot of customers because Microsoft Outlook is an extremely dominant platform.
Tim Beyers: I'm going to give you an alternative here, which is, I would like to see Microsoft take some of its balance sheet capital and go around the world, everywhere where there is a Windows XP machine, and say, don't even worry about it, we will fund your upgrade to the latest Microsoft equipment and we will take your XP software machine for free and we'll recycle it just because we don't want to be liable for you getting hacked. I'm thinking about healthcare systems in emerging economies, Tim, hospital life-saving machines in hospitals that are running on Windows XP, that is terrifying.
Tim White: It's extremely common because a lot of the devices that they are connected to are old devices that were donated. They were hand-me-downs from other places and they weren't upgraded because they moved onto something completely new. I think that would be interesting. I think you might end up with a little bit of the Indian government paying a dollar for every cobra head problem. Where suddenly people are digging where there's XP devices out of the trash to come and be like, please take this. But I think it would be excellent to see that initiative even if it was a little difficult to administer.
Tim Beyers: No question, there would be a little bit of fraud that's cooked into that. Unrelated topic and then we're going to move on to maybe some stocks that we think my profit here. But let's talk about Apple, which took a little bit of the opposite approach by warning. I'm curious if you think it's either premature too late, but essentially saying, hey, you know what? There are mercenaries out there that are coming for your Apple device lookout. They took a little bit of the opposite approach here, Tim.
Tim White: I think the good news, bad news for Apple is that they were a very early victim of this cold cyberwar where celebrities' phones were being hacked, photos being stolen, that thing. Apple, I think quite a while ago, got the message that they need to be a leader in the security space. That was after, of course, unfortunate incidences, but they woke up and I think have stayed pretty aggressive on cybersecurity. They issued warnings to people in dozens of countries that there are people coming for your phone, we have blocked it, but please be careful, be extra secure, that sort of thing. We can detect that they are coming for you in particular.
Tim Beyers: It is fascinating. I wonder if we're going to see on future versions of iOS that you will get. If you have an iPhone, you probably get an annoying number of alerts and pop-ups that show up on your phone, will one of those pop-ups, Tim be, your phone has been targeted, and we can detect that there were three failed attempts on your phone within the last 24 hours, upgrade your software now or buy the extra protection layer delivered to you by iCloud on Apple today.
Tim White: Apple has thus far resisted playing the pay-for-security card, although I wouldn't be surprised if it happened eventually. But what they do already do is my Safari tells me, hey, the passwords you have stored in Safari, these 20 have been found on the dark web. Please get them upgraded immediately. They are already pushing warnings like that, so I think it's definitely possible to see those warnings, but it's probably a little late.
Tim Beyers: I think you're probably right here. I'm thinking specifically about the AT&T data breach here when we talk about companies that may be poised to be important in the era of the digital cyberwar, the hot cyberwar. The reason I say this is because the AT&T data breach, I think is particularly infuriating for a number of reasons, but I'll give you the top one from my list here, Tim, is that AT&T still does not know the source of the attack still to this day.
Tim White: Correct. The information they're guessing is around five years old, but they still have no idea where it came from. They did finally, after months and months, this year acknowledged that, yes, it's a real Beta at it, real breach and they reported that to the SEC.
Tim Beyers: It is very frustrating. There's elements of this that I think are common, but also a real cautionary tale. One of the things we know from cybersecurity research is that cybersecurity attacks, when they are successful, what ends up happening is an attacker gets into a network and tends to lurk and sit there and try to steal very, very slowly until they are discovered. Then once they are discovered, they move fast because they're gonna get stopped.
Tim White: In the case of the UnitedHealthcare attack, that's exactly what happened. They believe that the attackers were in the network for at least several days before the ransomware began. Certainly enough in modern era is to take a whole lot of information before they start playing the ransom work.
Tim Beyers: Exactly right. Given that this is the context of what we're seeing now, let's talk about some companies that might be useful, important, and maybe even interesting investments for those investors who are thinking about what do I do? How do I make my portfolio reflect this state of things in the cyberwar era? I know we've each got some names here. I'm going to start us off with one, there are the usual names. We've both talked about CrowdStrike and Zscaler's. Let's just get those out of the way. Those are partner companies. One exists at the edge. They tend to guard your device. Now they also do more than Gardner device, but that's CrowdStrike. They have an agent on your phone, on your computer. They are monitoring for the influx of information that's coming to your device and then taking actions based on that. In some cases, pre-emptive actions. Then you have the Zero Trust provider, that is Zscaler. These two share data between each other. Tim, these, these do seem like they're going to become increasingly important in the cyberwar era.
Tim White: Agreed. Because more and more of companies infrastructures in the public cloud. In the case of Zscaler, you can't just rely on a firewall between you and the world to protect you because your stuff is out on the public internet and of some public cloud. You need to create a way for people to access that securely. And essentially assume that every single point of the way you need to validate again who they are. That's what the Zero Trust is about. So that you don't just say, oh, they got in the firewall, they're good now, it's like, know every single step of the way between them and whatever they're trying to access, you're going to validate that they are who they are.
Tim Beyers: The analogy I've used for these two is CrowdStrike is like the bouncer outside the bar, and then Zscaler is the bartender who is checking ID's inside, but they partner up quite nicely. Let's talk about some others here that we think might be interesting here, I asked you and I'll tee you up for this. I wonder if there is the to use an old 90s film reference, the Pulp Fiction. My favorite Harvey Keitel character Winston Wolf from Pulp Fiction, the cleanup guy. I clean things up. I think there's going to be some interesting work that's being done around cleanup when disasters happen, collateral damage happens in the cyberwar here, Tim. Who do you, who do you think is the best company that is going to fill that Winston Wolf role here.
Tim White: Just to put some numbers around this, UnitedHealth is estimating it's going to be $600 million to do the cleanup of their data breach. I think that's very conservative. I think it's going to be a lot more than that. Obviously their own people, some very private security consultants, folks that they have engaged already, that might be their security provider, CrowdStrike or whatever. But I think there's probably room for some consultants here to come in and try to figure out how to do things like actually implemented two-factor security on everything, that sort of thing. That's where it's like an Accenture I think could be coming in and help plug those goals or at least put together plan on how to do so.
Tim Beyers: Would you imagine, it certainly seems like it. There would be some companies that either we don't know about yet that are still private or there are companies that just haven't been born yet that are gonna do things like maybe more advanced. I mean, I guess this would be a consequence of AI. Is there some AI modeling around cybersecurity, testing, prevention, maybe some amount of very active cybersecurity that is responsive based on what you can see in a network?
Tim White: Well, I mean, this is the year where every single SaaS provider, Software-as-a-Service provider, is adding to their product. If you have a product you're already using to monitor your log files so these applications generate tons and tons of logs. If you're using something to monitor your network, those things are all going to get AI level ups this year. That could be a big player. If you're already using like a Datadog to look at your logs, we're going to see AI enablement theirs.
Tim Beyers: It's interesting that you bring up Datadog because they are a company that observes what's going on in a network. They already do have some security level products that they've introduced, but certainly that seems more important than ever. I want to see what's going on in the network and then I want to be able to take action on it. This seems like a particularly interesting way to think about a tool that would be useful when you are operating in a cyberwar era where the table stakes are just so high.
Tim White: For sure. I still worry about all of the technology that is too old, too lame to dumb, it's not smart technology that's easy to monitor, that's sitting around in tiny datacenters and the middle of nowhere. For example, every one of those microwave towers that you see in the planes here, and use of Colorado has got a little tiny datacenter attached to it. Those things don't necessarily get upgraded as often as you'd like, because they are often owned by small regional governments. They don't necessarily have the money to upgrade that equipment. Doesn't really matter if you've got the best CrowdStrike and Zscaler on the world if you're operating equipment, it's just too dumb to be monitored by that.
Tim Beyers: Our show is very much about reckless predictions here. If I asked you to make a reckless prediction around, when we're talking about cyberwar protection, how much investment goes into modern tools like say, a CrowdStrike and Zscaler? How much goes into old fashion boots on the ground, upgrading old equipment, type of security? What do you think the ratio is? What's the split? Is it 50-50? What do you think?
Tim White: Well, I think to circle back to where we opened this conversation with is that most breaches are caused by human error. I would spend 25% of my money on education. This is part of the reason we want to do the show is that people need to understand that this is no longer an annoying thing that happened to someone who knows someone who knows someone. This going to happen to you at some point. And it may not happen to you directly. You may not have your own accounts hacked, you may not have your own identities stolen. But your healthcare company could get hacked and all your records or stolen and that could then build a profile on you that's used in the later attack. I would spend 25% of my money on education if I was a company on my own employees, for example, to make sure everybody's aware of the kinds of attacks that they could be experiencing. Then I would spend another 25% on the most urgent infrastructure upgrades. Really old routers, really old operating systems, anything that really just can't be monitored or can't be dealt with. Then I'd spend that last 50% on the most modern security edge stuff, which is things like CrowdStrike, Zscaler, even Okta, if you're not using something like that right now.
Tim Beyers: It's interesting. Let's end on this. Maybe a bit of a personal advice or personal bugaboo about, if you are getting attacks or maybe phishing attacks, what do you do about it? What's your best tip? We'll, we'll each give one here. Your best tip for protecting yourself in the cyberwar era.
Tim White: Well, my best tip is use a password manager. Because password managers or would allow you to use pass keys, which I talked about earlier. That again, you're using a single cryptographic exchange between you and Gmail, for example, instead of using a password and that cryptographic exchanges predicted by biometrics on your device. That's the first thing I'd do, use some password manager. I like one password. You might like a different one, but use some password manager would be my first step. Then second it'd be convinced your relatives to use a password manager too instead of keeping their passwords on a sheet tack next to the phone.
Tim Beyers: I'll go with default to know. Just just keep that phrase in mind. Default to know. If you get an email that you don't understand or looks a little funny or like, I don't really know what this is. The delete key is your friend, you get a phone call that you don't know what it is if you pick it up and I will do this, I've done this. I'll pick up a call and I can immediately tell it's a fishing attempt and I will just say no AI calls, please, hang up immediately, or just don't answer. Like do not feed the beast. If you default to know then you are more likely to actually be dealing with data that is legit. You can protect yourself a little bit easier here. You're going to miss some things, but you also protect herself much better.
Tim White: I'll bring in a final tip here from our producer Ricky, who basically said have some sort of family password. Because of this AI voice cloning, because of these phishing attempts and everything else, even if you default to know, like Tim said, if someone calls you back three times and you're like, OK, fine, and then like we have your grandma being held hostage or something, it's very useful to have some sort of family password that would have to be given for you to believe that's real.
Mary Long: Members of any Motley Fool service can watch this week in tech with Tim Beyers and Tim White on Motley Fool Live every Friday from 10:00 AM to 11:00 AM Eastern and anytime on the replay hub. To become a Motley Fool member head to www.fool.com/signup. We'll also include a link in the show notes. As always, people on the program may have interest in the stocks they talk about and the Motley Fool may have formal recommendations for or against, so don't buy or sell stocks based solely on what you hear. I'm Mary Long. Thanks for listening. Again, we're off tomorrow, but we'll be back on Monday. See you then, Fools.
