RiskMD; Risk Management for Today and Beyond

Risk management is foundational to the insurance industry at large.  Not only as a means to ensure the pricing integrity of insurance products, but most importantly, to continue to achieve and maintain safer, healthier environments for all.   Innovation in this space should be recognized, encouraged and celebrated.  To that end, we celebrate RiskMD!

RiskMD holds one of (if not the) only patents specific to PEO.  This patented business intelligence platform organizes insurance-related data in a proprietary way to empower risk managers and insurance executives to completely change the way they approach decision making.

Risk managers and insurance executives spend countless hours poring over numbers in search of opportunities to mitigate losses and increase profitability. This requires many hours of tedious work, compiling and deciphering mountains data using multiple complex tools, and the experience and instincts to find actionable insights.

RiskMD completely reshapes this process. The technology seamlessly automates data aggregation and integration to provide clear and meaningful insights with detailed and impactful visualizations. It gives users the ability to schedule recurring reports for quick and easy insights on demand, while also allowing for more advanced users to dig deep into the numbers and find the most granular of opportunities.

What makes RiskMD unique? Where did the concept come from?

Risk MD is an insurance data analytics tool that was built with the goal of changing the way the industry uses data to understand loss ratios and maximize profitability for any given insurance transaction. It’s a system and method for the valuation, acquisition, and management of insurance data. The concept was developed by Paul Hughes, the Founder and CEO of RiskMD, with the idea of bringing the mentality of stock trading analytics to the insurance world.

This system follows a patented process that uses a common identifier, the Federal Employer Identification Number (FEIN) to efficiently and effectively aggregate data in a new and powerful way. The process makes it possible to funnel data into the system without the need for labor-intensive manual input.

The use of FEIN also enables a more precise normalization of the data so that it can be more easily manipulated. This allows users to easily drill down to a deeper level for more impactful insights.

Another unique feature of the tool is that it’s designed to produce insights, rather than requiring users to find the insights themselves. Without RiskMD, risk managers and insurance executives have to dedicate countless hours to building and manipulating spreadsheets and pivot tables, then try to search the resulting data points to verify whatever insights are available to be found. RiskMD compiles the data much more efficiently and can be pre-programmed to surface the most important insights automatically, presenting them visually through the use of graphs, tables, and charts.

Whether risk managers and insurance executives are using it to manipulate data in real-time on their own or relying on custom reports that are delivered automatically, those using RiskMD have a competitive advantage over those who don’t.

How is RiskMD relevant to core concerns of risk managers?

One of the most critically important concerns for insurance executives is to maintain profitability across a book of business. They manage the total cost of risk, which can come from claims paid, or dollar values that are paid internally within a deductible limit, and additional costs that aren’t easily quantified, like the value of opportunity costs missed. Their ability to do this depends heavily on using data to gain an understanding of which accounts might create profitability issues. Without knowing which accounts are presenting exposure points and fueling losses, a risk manager cannot effectively manage them. This leads to reactionary behaviors rather than proactive ones.  Minor “hot spots” can become major loss leaders.

It gives the ability to quickly and easily see loss ratios for each account or exposure in their book of business, in real-time, through visualizations. If profitability is the macro problem, RiskMD is a tool that helps take a granular look to find the micro issues that cause that macro problem.  This prevention-based approach maximizes profitability.

How is RiskMD effective in solving one or more problems in the risk management process?

Managing risk effectively and profitably relies on finding and addressing loss leaders proactively. To do this, risk managers face the problem of compiling and deciphering large quantities of data. This process is labor-intensive, time-consuming, and typically requires a deep knowledge of multiple data manipulation tools.  Even with all the tools and manpower, the problem is often compounded when insights are unfound, like a needle in a haystack.

At its core, RiskMD is a risk assessment and analysis tool. It simplifies the data evaluation process and allows C-Level Executives and Risk Managers to discover key insights that help them make better business decisions. Using visualizations for risk identification makes insights easier to find and understand at all levels. Delivering performance metrics in real time through visualizations ensures that the internal and external stakeholders of an insurance transaction can always “keep score.”

How is RiskMD presented to risk managers to ensure ease of understanding and use.

RiskMD is an incredibly robust data analysis tool. The sheer volume of information and insights that it provides can be overwhelming. With that in mind the platform was specifically designed to make those insights as easy to access as possible using Tableau Software, which is the industry standard for user-friendly data visualization.

Using the automatic data-input process and the interpretations made possible by the proprietary algorithms, RiskMD delivers insights to the user or insurance executive in the form of graphs, tables, and customizable gauges. These visualizations are designed to make understanding the insights simple and easy enough for any user to understand. They are color-coded in a green-to-red, “stoplight” method that makes quickly understanding areas of potential risk easier.

RiskMD provides automated reports that can be built once and then scheduled for direct delivery at the desired interval. This allows a more hands-off approach in which the most important indicators are delivered directly to the user’s desk, ensuring consistent oversight.

For users with a higher degree of data acumen, RiskMD allows them to pull various levers and manipulate data to gain deep and precise insights that would otherwise be extremely time-consuming to uncover. This ability to “slice and dice” information provides a level of understanding that makes a user’s ability to mitigate potential losses invaluable.

What results and objectives are achieved by RiskMD in a risk management setting.

Benchmarks are instrumental in providing key insights using data. RiskMD houses more than 100,000 claims files and exposure data for more than 20,000 client companies. This cache of data allows RiskMD users to benchmark against RiskMD proprietary data, as well as industry data. That ability to benchmark against the proprietary data became incredibly useful during the COVID-19 outbreak.

The insurance industry cycles through exposure, premium, and claims data on a period of about 12-18 months when accounting for audit periods. RiskMD cycles through this data on a bi-monthly basis due to data ingestion from its expansive PEO clientele, which report on a “pay-as-you-go” basis. When the global Coronavirus pandemic shut down the economy and upended the industry, NCCI, the preeminent Workers’ Compensation Bureau, contacted RiskMD for insights on how COVID was affecting claims and payroll.  RiskMD was the only known source that could provide real-time insights on jobs and job-related COVID claims. RiskMD provided NCCI with important insights as to how COVID affected jobs and payroll nationwide by quantifying claims incurred versus the reduced premiums collected.  This accurate capture of loss ratio was simply not available anywhere else due to the proprietary source of “pay-as-you-go” payroll exposure information.

Scott Ferguson to Lead Operations for RiskMD

Welcome Scott!

Orlando, FL

RiskMD is proud to announce the addition of G. Scott “Scott” Ferguson as Chief Operations Officer.  Scott will bring RiskMD’s cutting edge data analytics to the insurance industry and beyond.  Started in 2005, RiskMD retains a process patent for a “System and Method for Valuation , Acquisition and Management of Insurance Policies” (Patent #10846801).

Scott has over 30 years of Risk Management, Insurance Brokerage and Professional Employer Organization (“PEO”) experience.  He has been a Director of Risk Management for a national publicly-traded specialty retailer. A Risk Management Practice Leader for a national publicly-traded insurance brokerage house, and most recently, a Business Partner for a national publicly-traded PEO/Human Capital Management firm.  He looks forward to being in the private realm.  In his latter role, he turned around a failing business unit during the Covid pandemic through strong leadership and management. Scott not only brings a technical insurance expertise to RiskMD, but solid insurance fundamentals and organizational development skills to help profitably grow a company.  Scott analyzes processes, and is able to determine the most efficient method of accomplishing tasks. 

According to RiskMD Founder and CEO Paul Hughes, “it is rare to find anyone with the depth of experience in insurance brokerage and risk management.  The fact that he has used that in the past to run a substantial block of business for a large Professional Employer Organization (“PEO”) is huge.  He is foremost a great guy I look forward to everyone having the opportunity to work with.  He brings immediate value to our client and carrier stakeholders. We look forward to him being in the lead on crucial initiatives such as API connectivity with vendors, pricing models and benchmarking of data sets to provide quicker, and more impactful, directional information than anyone else”.

Scott is a proud father of two children.  His son is a recent West Point graduate (Go Army! Beat Navy!) and his daughter a senior graduating with a degree in Public Relations from his alma mater, Biola University in La Mirada California.

Scott holds a BA in Psychology from Biola University, MA in Organizational Management from University of Phoenix, and has earned the Associate in Risk Management (ARM).  Scott also is licensed with the State of California as a Self-Insurance Plan Administrator.

Lastly, Scott is also a die-hard Patriots fan (in good times and bad,) and a proud member of the Red Sox Nation.

Scott can be reached at (619) 203-0337 or scott@riskmd.com regarding any questions about RiskMD and its capabilities.  He looks forward to working with you in the near future.

NAPEO’s Risk Management Community Conversation Tomorrow 10.13.21

Is your PEO’s insurance program ready for the challenges of your upcoming renewal and beyond? A discussion on the state of PEO and insurance.

In an effort to keep NAPEO constituents current with the property and casualty insurance marketplace, NAPEO has gathered PEO/insurance industry veterans Jennifer Robinson of Risk Transfer Insurance Agency, Paul Hughes of Libertate (Assured Partners) and Jeff Rendel of Stonehenge (Arthur J. Gallagher) to provide a sense of the “new normal” in 2021 straight from the trenches.  Amongst the topics expected to be discussed are:

  1. Cyber liability breaches, claims and the insurance retentions and premiums that are following as a result  
  2. Employment Practices Liability Insurance (“EPLI”) and mandatory  vaccinations at the workplace; market reaction
  3. Update on the ongoing drop in workers’ compensation rates Countrywide
  4. The registration of 1099 employees in Florida and potential impact on “gap in coverage”. https://www.fisherphillips.com/news-insights/florida-businesses-report-earnings-independent-contractors.html
  5. The impact of Covid on data and future analytics
  6. Introduction of AI in identifying problematic claims

It is almost 75 days before 2022… is your insurance program ready? Jennifer, Paul and Jeff look forward to discussing what they see in the market today, and where it appears to be going in the longer term.

Cyber Villains’ Strike Again!

The Verge reported on Wednesday, October 6th, 2021 that cyber villains unknow have struck again!  This time targeting Twitch, an content sharing and streaming platform owned by Amazon. 

The Verge had the following report, which can be found at https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor

Twitch source code and creator payouts part of massive leak

The leaked data also includes a Steam competitor

Twitch appears to have been hacked, leaking source code for the company’s streaming service, an unreleased Steam competitor from Amazon Game Studios, and details of creator payouts. An anonymous poster on the 4chan messaging board has released a 125GB torrent, which they claim includes the entirety of Twitch and its commit history.

The poster claims the leak is designed to “foster more disruption and competition in the online video streaming space.” The Verge is able to confirm that the leak is legitimate, and includes code that is as recent as this week. Video Games Chronicle first reported details on the leak earlier today.

Twitch has confirmed it has suffered a data breach, and the company says it’s “working with urgency to understand the extent of this.”

The leak includes the following:

  • 3 years worth of details regarding creator payouts on Twitch.
  • The entirety of twitch.tv, “with commit history going back to its early beginnings.”
  • Source code for the mobile, desktop, and video game console Twitch clients.
  • Code related to proprietary SDKs and internal AWS services used by Twitch.
  • An unreleased Steam competitor from Amazon Game Studios.
  • Data on other Twitch properties like IGDB and CurseForge.
  • Twitch’s internal security tools.

The leak is labelled as “part one,” suggesting there could be more to come. Video Games Chronicle reports that Twitch is aware of the breach, but the company has not yet informed its userbase.

The leak doesn’t appear to include password or address information on Twitch users, but that doesn’t mean this information hasn’t been obtained as part of this breach. In fact, the leaker seems to have focused on sharing Twitch’s own company tools and information, rather than code that would include personal accounts.

While Twitch has confirmed a data breach, it’s still unclear exactly how much data has been stolen. We’d recommend changing your Twitch password and enabling two-factor authentication on your account if you haven’t done so already.

Twitch has been struggling to contain ongoing hate and harassment recently. After weeks of hate raids, some Twitch streamers took a day off in August to protest against the company’s lack of action. Twitch has responded to the #DoBetterTwitch movement, and it’s a hashtag that the anonymous poster has used today to promote this leak.

Updates on the Twitch security incident can be found on the platform’s own website at https://blog.twitch.tv/en/2021/10/06/updates-on-the-twitch-security-incident/

OSHA Guidelines on Hurricane Preparedness and Response

Summer has ended and we now enter that wonderful time of year when evening shadows dawdle, and dawn hesitates on the horizon a bit longer each morning.  Even as the days begin to shorten and the breeze brandishes a hint of cool, hurricane season persists.  The last day of hurricane season 2021 is not until November 30th.  We are 127 days into this season with 21 named storms so far, averaging 1 storm every 6.05 days; and we have 55 days yet to go!   

That being said, I felt it valuable to share the following hurricane preparedness and response guidelines from OSHA.  Full content from OSHA on this topic can be found at https://www.osha.gov/hurricane.

Hurricanes are a form of tropical cyclones that are capable of causing devastating damage to communities. Hurricanes are storm systems with circulating air and sustained wind speeds of 74 miles per hour or higher. The strongest hurricanes can have wind speeds exceeding 155 miles per hour. Areas on the Atlantic Coast, near the Gulf of Mexico, as well as parts of the Southwestern United States are vulnerable to hurricanes. The Atlantic hurricane season lasts from June to November and peaks between August and October. The Eastern Pacific hurricane season begins mid May and also ends in November. This page provides information on hurricane warnings, hazards that hurricanes cause, and precautions that workers and employers should take after a hurricane has occurred.

The Preparedness page outlines the warnings and watches used for hurricanes, including the five categories used to rate the strength of a hurricane. The page also contains information on creating evacuation plans and supply kits.

The Response/Recovery page features a link to OSHA’s Hurricane eMatrix, which features information on hazard exposures and risk assessments for hurricane response and recovery work. The information in the matrix is organized based on the types of activities performed so that it is easy for workers to identify the precautions they should take based on the tasks they will be performing.

OSHA and NOAA are working together on a public education effort aimed at improving the way people prepare for and respond to severe weather. This page is designed to help businesses and their workers prepare for hurricanes, and to provide information about hazards that workers may face during and after a hurricane.

Employer Responsibilities

Each employer is responsible for the safety and health of its workers and for providing a safe and healthful workplace for its workers. Employers are required to protect workers from the anticipated hazards associated with the response and recovery operations that workers are likely to conduct. For additional information on Workers’ Rights, Employer Responsibilities, and other services OSHA offers, visit OSHA’s Employers PageWorkers Page and Publications.

Workers’ compensation cases fell during the pandemic, but home-based workers still have aches and pains

By STEPHEN SINGERHartford Courant

In the coronavirus pandemic that sent millions of employees home to begin new work routines, reports of occupational injuries that were expected failed to materialize.

Remote workers still have lower back aches, neck pains and other afflictions common to sedentary jobs. But many are not reporting their physical ailments, instead seeking health advice to avoid or treat musculoskeletal and other problems.

The Hartford Financial Services Group Inc., which handles about 1 million workers’ compensation and disability insurance claims a year, said the number of business customers seeking services to prevent work-from-home injuries jumped 200% in 18 months.

Vivienne Fleischer, co-founder and president of Performance Based Ergonomics, a consulting firm in the San Francisco area, said her company faces a “tidal wave” of requests for virtual ergonomic help and advice.

She, too, said an “anticipated uptick” in workers’ compensation cases has not been reported.

Mary Nasenbenny, chief claims officer at The Hartford, said employees who would be unable to go to the office because of lower back aches or shoulder pains have instead, as remote workers, accommodated themselves at home and kept working.

The Hartford expected rising claims “because people were sitting at their couches without the proper keyboard, without the proper chair height,” she said. Expectations of musculoskeletal problems and injuries were the focus of a “lot of talk” early in the pandemic and employers “caught on quickly,” providing ergonomic help and advice, she said.

Fleischer said cases of eye strain; neck, shoulder and lower back pain; even ear fatigue from too-frequent use of ear buds were the highest she’s seen in more than 20 years. The aches and pains did not end up in workers’ compensation claims, she said. She believes employees who prefer working from home balked at reporting injuries to avoid a forcedreturn to offices.

“They’re not going to HR to report things,” Fleischer said. “They might say ‘I need support. My back hurts. I need a new chair.’”

In Connecticut, 3,574 workers’ compensation claims related to COVID-19 were reported as of May, more than double the 1,454 in September 2020. More than 21,000 non-COVID-19 claims were reported as of May.

The exodus from offices left employers and employees unprepared, Fleischer said. Some clients had to work around roommates or were forced to do their jobs from their cars, off a yoga mat, even in a hammock.

“People were struggling to find comfort and privacy,” Fleischer said.

Nasenbenny said workers in The Hartford’s claims organization have been working remotely for years, while other employers had no experience advising workers about how to set up a home office.

“So we thought, boy there are a lot of rookies, employers that are going to be doing it or trying it for the first time and maybe not having all of the tools that they needed,” she said.

The Hartford offers virtual ergonomic assessments, health reviews, an analysis of physical demands and on-site strength and conditioning programs. It also uses analytics to monitor medical conditions such as carpal tunnel syndrome, neck strain and tendonitis, which can afflict workers in the office or remotely.

In April 2020, just a month after COVID-19 began its spread in the U.S., the American Chiropractic Association surveyed its members and found 92% of respondents reported an increase in musculoskeletal conditions such as back pain and neck pain or knew of people who were having these issues as a result of working from home.

More than half of respondents, or 57%, said a lack of movement was the main reason for a rising number of musculoskeletal problems during the pandemic, followed by psychological stress, at 20%, and poor posture, 12%.

Kelly Ingram-Mitchell, president of Unify Health Services, which partners with The Hartford and other companies for injury prevention and post-injury treatment, said many businesses that budgeted for pandemic-related expenses such as temperature checks and lab testing services failed to anticipate a growing need to pay for workplace injury prevention services.

Businesses are now using work-from-home as a recruiting tool, Ingram-Mitchell said. Bosses are pitching a work-life balance, time for exercise and eating better than at the office, she said.

Workers’ Compensation Outperforms all Casualty Lines

So awesome to see everyone at #NAPEO this past week. What a spectacular collection of friends and family!

For the third straight year, the combined ratio for workers’ compensation has hovered in the mid-80’s. This means insurance companies are making +30% ROI on the line, which is historically rarified air. These results have no historic precedent, and with plenty of carrier surplus on the shelf, rates are going to severely drop again going into 2022. While there is still talk of a spike based on COVID “long-haulers”, the initial estimates of COVID impact on workers’ compensation were not even close, and thus the speculation that this will increase, is, at least at present, noise. I would make sure you know what your rate sets look like going into this 1/1 as it should be a very dynamic session with some states like Oklahoma are already dropping rates close to double digits https://news.ambest.com/newscontent.aspx?refnum=236530 . Expect 6-8 down across the board for policies with a 1/1 inception, in those states that change rates/loss costs on 1/1.

Beware of the other casualty lines, especially EPLI and cyber. Both are taking severe losses with no end in sight. EEOC claims are up exponentially due to vaccination mandate. The average ransom fee requested has increased from $5,000 in 2018 to around $200,000 in 2020. (National Security Institute, 2021). We are seeing most everything up on these lines, with heavy pressure to also increase retentions. If you do not know what MFA is, you better find out https://www.youtube.com/watch?v=tFv101qURKE . Without it, you are deemed uninsurable.

Foremost, be safe and have a great weekend.

Next week, check on your workers’ compensation pricing as you may need some budget to address the other two lions at the gate – EPLI and cyber.

From our friends at the Insurance Journal…

September 30, 2021

Workers’ compensation underwriters have been consistently generating better underwriting profits than other property/casualty lines of business, and did so again in 2020 amid the pandemic.

According to an AM Best report, underwriting results of workers’ compensation insurers remained strong in 2020, despite a 10% decline in bottom-line net premiums written, which was due to a substantial drop in payrolls during the second quarter of the year. The hospitality and service industries suffered considerably, driving the NPW decline.

The segment’s combined ratio of 91.1 was a few points higher than in 2019 (88.5), but still reflected profitable underwriting. Homeowners multiple peril, by contrast, booked a 107.4 combined ratio in 2020, private passenger auto had a 92.5 combined ratio and commercial auto was at 101.9. The workers comp combined ratio also won out when compared to the P/C industry combined ratio overall.

Expense ratios rose given the decline in premium, but AM Best said the increase was “nominal and did not overly dampen underwriting earnings.”

Premium volume for workers’ compensation writers also has been constrained by rate decreases in most states. According to the report, some writers are looking to develop new products and explore new markets in other lines of coverage and allowing their workers’ compensation top-line premium to decline in the states where they generate significant premium.

Despite the smaller premium base, workers’ compensation insurers remained highly profitable in comparison with other P/C lines. Workers’ compensation underwriters have benefited from a decline in lost-time claims frequency tied to efforts to improve workplace safety. Other factors that have benefited the line’s profitability are declines in fraud, workplace accidents and defense costs.

Lessons from the Pandemic for Workers’ Compensation

Workers’ Compensation Numbers Indicate Strong Performance During 2020 Pandemic

AM Best also analyzes the business through its Workers’ Compensation Composite, which is composed of U.S. companies, including state funds, whose workers’ compensation and excess workers’ compensation net premiums constitute 50% or more of their total net premiums. Even with the 2020 decline in workers’ compensation premium due to the pandemic, the market share of these specialists rose to 26.2% in 2020, up considerably from 16.7% in 2011.

According to the report, 24 of the top 25 workers’ compensation writers had their premium decline in 2020, with a number seeing double-digit premium declines.

Despite all the good news from 2020, AM Best has a negative market segment outlook for the workers’ compensation segment, the largest component of the U.S. commercial lines market,. The outlook reflects the “continued uncertainty about the effects of COVID-19, from an economic and a regulatory perspective, as well as a legislative one as states consider presumptive legislation stemming from the pandemic,” the ratings agency said.

AM Best said it also has concerns about the prolonged low interest rate environment. As a result, investment returns are expected to remain flat, and insurers may begin seeking riskier investments to generate higher yield, the firm said.

Source: Best’s Market Segment Report: Workers’ Compensation Still Outpacing Other Lines

You’ve Been Hacked

“We regret to inform you that, you’ve been hacked”


Following the Florida Association of Professional Employer Organization (FAPEO) conference in Tampa this past Summer, I had to skip a flight to Las Vegas to visit with Brother Abram Finkelstein and his extended StaffLink family.  Little did I know that such a seemingly mundane flight to “Sin City” would frighten the hell out of me, and for once, not just because I was 40,000 feet in the sky.  As I sit on another flight to San Antonio going to the National Association of Professional Employer Organization (“PEO”) annual conference, it occurred to me, I had not shared a story with my extended family.

I sat on the aisle, and beside me were a couple normal gentlemen who appeared to be already “Vegas-ready”.  Both in their thirties, the white and black gentlemen were close friends it appeared.   As usual, I was trying to clean out my second home (aka inbox), minding my own business, and then I hear “You going to Defcon?”, from the seat next door.

I paused; I had heard of Defcon and knew that it was a big cyber/computer-related conference, but answered no.  Being a computer/data nerd that sells property and casualty insurance, to include cyber coverage, I started to ask some questions.  My curiosity was now piqued. 

The cyber market is extremely dynamic at present, with both the frequency and severity of cyber events are moving targets.  Too many people with too much time on their hands and open access to “loot” through the world wide web.  Due to my intrigue, and with four hours to spare; I got a quick overview of the biggest hacker convention/bash in the world. 

“I’m not going, but have heard of it.  What is Defcon about?” 

For those that are interested in the history behind Defcon, it was founded in 1993 by self-proclaimed hacker, Jeff Moss. In the first year, Jeff’s parent’s left him in Las Vegas for a weekend.  Bad idea. Shortly thereafter, one hundred invited hackers converged to the desert from the US and Canada and created what is now the world’s largest and most notable hacker convention, held annually still by Mr. Moss, still, and always in, Las Vegas, Nevada.  There have been many documentaries made about this event and the incredible history behind it, in which I have since checked out.  A mini-series, never-mind an article, on its own.

Now split into two conferences week after week, “Black Hat” and “Defcon”, attendees at both events include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, hardware modification, conference badges, and anything else that can be “hacked”.  The event consists of several tracks of speakers about computer- and hacking-related subjects https://forum.defcon.org/node/236142.  Black Hat is more geared to the cyber professionals, engineers and law enforcement meant to prevent hacks.  A higher cost and more formal event.  Defcon is anyone and everyone.  The “curriculum” for Defcon is widely varied with many contests and prizes based on who can hack who, to include the Defcon tickets themselves. That’s the fun of it all.  

My internal IT department was less than enthused about “the fun of it all” when it was understood I was going to be in the cyber equivalent of Beirut.  Hacking is encouraged and celebrated, and you are an unknown participant to the theater if not careful.   This is where the hackers and the enforcement that tracks them converge.  The “white hats” use their knowledge for good; protection and identification of perils.  The “black hats” use this same knowledge, or new technologies/intelligence, for malicious intent.  It is the “gray hats” that create a more opaque quandary; the vigilantes of the cyber community, gray hats are “for-pay” mercenaries used for either side, arguably the most dangerous based on the unknown purpose of their mission and who is behind it.

Defcon was virtual last year (2020), so was sure to be an “out of control” cyber bash in 2021, in accordance too my two new friends.  Some of the highlights that they were looking forward to attending:

  • A follow up to the 60 minutes special on “could the election have been hacked”
  • The ease to “pirate” any commercial marine vessel without ever having to go aboard – in essence, through nothing but the internet, take over all command of a c-5 vessel
  • “Sky Talks” – this is when hackers (black, white or gray hat) go into a sealed off environment and without identity, explain some act of hacking that moves the needle in one way or another
  • Finding fellow ham radio operators because, “what are you going to do if the grid goes down?”

As we continued our discussion, my new friend Tom, probably seeing the fear in my eyes, made the comment “one really should not use the public wi-fi”.  I nervously chuckled, as of course, my computer was connected to the airplane’s wi-fi.  He proceeded to turn his computer towards mine, where my inbox appeared on his screen, and with a big smile asked, “do you want to send your mom an email”. Ha! Big smiles…

This type of hack, very common, is called “Man/Machine in the Middle”.  It is when one computer is taken over by a hacker, whereby the new user has full control, and access, to anything.  Passwords, emails, health info, share drives… anything.

Getting into my system, finding the name of my mother and teeing up an email in Outlook to her took all of three minutes… maybe.

After the fear settled down, I came to a very personal realization that we all need someone like Tom in our lives to help us navigate the cyber threats that accelerate by the day.  The convenience and efficiency of the internet, and all it brings to us, is scattered with unknown perils to most anyone that is not expert to it.  And if you are expert today, tomorrow is yesterday in this field, at the rate it is growing in intellect, opportunity and impact.  Due to our lives now revolving around a “wi-fi Sun”, our control of who comes in and out of our “digital lawns” will be paramount in protecting our business, and ourselves. Make sure to build a fence and lock your doors, as to our hacker friends, “Freedom is Slavery”.

Defcon Conference Badge