Martin Hinton (00:05)
Welcome to the Cyber Insurance News and Information Podcast. I'm the host and executive editor of Cyber Insurance News, Martin Hinton. Before we go any further, if you could like, subscribe. We really appreciate the support. Moving on, joining me today is Jason Makevich He is the founder and CEO of Greenlight Cyber, a company he founded 16 years ago. So he's got a long history in the cybersecurity world. More recently, about a year ago, he founded Port1 which is an organization designed to support MSPs.

So we can get into that and he can explain a little more about that. But first of all, Jason, the first time I'm going to say it, welcome back. You're the first repeat guest on the Cyber Insurance News and Information Podcast. So we should probably have a cake or something like that, but I don't, unfortunately.

Jason Makevich (00:44)
I think so.

Yeah, it's an honor to be here. I really appreciate it. I've been excited to get to join again. Thank you.

Martin Hinton (00:56)
So before we get into some of the nitty gritty, what we're going to get into today is sort of a, you know, I guess a free range conversation about the state of cybersecurity, what Jason's seeing, some ideas I have as an outsider, insider kind of. Look at some of the predictions that everyone's been making for 2026. Obviously, we're going to dive into AI and deep fakes and a big range of topics. So hopefully you'll stick around or jump around to chapters that suit you and may interest you more than all of it. But Jason.

Before we go, a little bit about the company, a little bit about Greenlight and a little bit about Port1 1. Tell us a little bit.

Jason Makevich (01:32)
Yeah, sure. Yeah, I I started Greenlight back in 2010. Back then, I was a network engineer and, you know, IT was, I mean, infrastructure was a big part of it, a big part of what businesses needed. you know, I've always enjoyed working with small mid-sized businesses more so than enterprise. And I've had experience throughout.

both as well as public and private sector. And really that kind of private sector, privately held, small, mid-sized business, really just always felt like home to me. And maybe now in large part because I am a small business owner, 2X I guess, but just I feel like I can make a bigger impact on people and on their livelihoods and all that, especially as things shifted into

the necessity for real cybersecurity and cyber risk management and the leadership that goes along with that. And that's where things really pivoted for me in my career professionally, as well as at Greenlight, where as our clients in that SMB space really needed much better protection, and we can definitely dive into why that is.

It really forced every MSP out there to step up and get a lot better at cyber. And it was either do it yourself or partner with folks that understand this stuff. We actually tried partnering. We just couldn't find anyone that really had what our clients needed at that kind of leadership relationship level, as well as tactically just being able to...

not only protect the clients, but also with the right to care to where, you know, not every small business can go and afford some unlimited budget for cybersecurity. So you have to have, you have to have that do care kind of approach to, you know, understanding that there's only so much that they can invest in. It's important that we help business leadership understand the risks so they can make informed decisions. But at end of the day, those decisions are business decisions.

because we couldn't find a partner that really understood that it seemed. We made the decision, you know what, we'd better do this ourselves because we know we can do it right if we do. And we did, we invested a ton into skilling up into very strategic hires to get really good at this. And it's taken years to get to the point where we are, but out of it, we're able to do a lot. And given that journey that we decided to take, you know,

you got me thinking the amount of impact that we can have ⁓ on small business owners, small business leaders, managers, all the way to the employees and even their families. When you think about the livelihoods that are impacted, particularly by cyber risk, there was only so much impact that I could have at one MSP. And what we had done at Greenlight was something that we could

help other MSPs replicate in certain ways, in ways that are very scalable, that are very, I like to say, MSP friendly, ⁓ that work for that business model in a way that MSPs can go and be successful with at their clients. And so that's what inspired me to start Port1 One. And Port1 One, we only serve MSPs and MSSP's, really that man of services for the SMB market.

And we specifically work in the cybersecurity space where we have certain solutions that we are able to bring to market that otherwise wouldn't be there. But we have a lot of services, lot of guidance, training. So we're really, really going deep with our partners. And ⁓ we've had Port1 1 now for about a year, and it's just been a huge hit. And I couldn't be more excited about what we're doing there.

Martin Hinton (05:52)
So a lot of what you said sort of takes us into the conversation that we've planned. And part of that is the scale of this problem, the idea that people, I think you use the word help more than once, and the idea that people need resources, and the idea that even a good MSP needs connective tissue with the network of other MSPs to create a mosaic of protection, I suppose, for their clients and everyone's clients. So we're almost...

to the end of January. ⁓ The third week is about to end tomorrow. And I wonder, you know, we've seen these predictions that come out every year for what's coming next. And I think AI might have gotten the word count win in that situation, but ransomware, say it over time.

Jason Makevich (06:38)
of the year probably.

I was saying word of the year, I'm sure, AI. Yeah.

Martin Hinton (06:43)
the word of the year

and in good respect. So I wonder if, know, the degree that any of us can predict the future and we can't, but with AI and geopolitics and supply chain fragility and third party vendors and, you know, cloud this and browser security that what do you see now? And, you know, what's, you know, scratching at your ear and got you

thinking or worried, what big things that we know about are still around and not going anywhere, and what new things might be coming along.

Jason Makevich (07:19)
It is pretty crazy when you think about it because the landscape changes so fast. And it really wasn't that long ago that, you know, I touched on how, you know, MSPs got thrown at cyber. You know, before that, to protect a client, what are you protecting from? You're protecting from a nuisance of maybe a virus or malware or whatever on a computer or a set of computers. wasn't.

It wasn't some catastrophic event generally. And so you'd put a firewall in place, antivirus in place, and that was about it. Well, today, the amount of security just in terms of the technologies and the services and all the things that go into it are mind boggling really. When you think about the different angles that we have to protect from that defense and depth approach, hardening systems, zero trust principles, all that, there's so much that goes into it just

practically speaking, and then when you get into the administrative side of security and the policies and governance and regulatory compliances, now, as a whole other layer, you have the legal aspect there, you have the insurance, of course, which is quite relevant here with your audience, and just so much. But as that digital landscape changes, as we keep seeing progress, especially with AI and, you

buzzword of the decade, but the reality is like, this is happening. We are here. And it's the first time I've experienced, I think to a degree, it's the first time we've all experienced a technological innovation that even the experts don't know what's coming next. That.

That's a position I don't think we've been in before. I think we have in certain aspects. I we go back to when we first invented the atomic bomb and what's to come from that, we didn't know, right? But had some ideas and then internet and the advent of that and kind of the adoption of that in such a global scale. ⁓

probably didn't really, we couldn't have predicted where we'd end up. But I don't think we've, I don't think we've ever been in a position quite like we're in now with AI, simply because it's the first time that we have technology that is going to advance with to some degree and eventually without our involvement. You know, we're going to get to that point where AI will

continue to evolve on its own. And it is doing that already, but it's gonna get to that point where it's doing it at a scale that I don't think we can fathom. So given all that and given the fact that we're dealing with so much risk out there and organizations have to do more and more and more, if this is not a leadership discussion on a very...

Martin Hinton (10:13)
You, you, you.

Jason Makevich (10:36)
know, broad scale and very regular cadence, ⁓ every organization, not just AI, we're talking, you know, cyber risk and data governance and all the things that go into that. Then those companies, those organizations are going to be ⁓ not only way behind, but honestly, they're going to be just way too much risk. So I think the whole mindset needs to change in throughout industry. The whole mindset needs to change. And this needs to be at the forefront of

leadership conversations across the board.

Martin Hinton (11:11)
Some of what you said just now makes me think, you know, one of the things that we benefit from now as human beings is fairly well recorded history back through, you know, a few hundred years to say the least. Lots of written records by professionals who were recording in the manner a historian might today. And we see what people have been capable of. And the great example might be the industrial age.

happened to the pace and scale of economy and what was possible from a literal point of view with regard to construction or engineering, materials that we couldn't build with before that we were now able to use in ways that hadn't been previously possible. We see that, we know what people are capable of and maybe that's inherent to us as human beings but there's real evidence to it now. And layered on top of that wisdom and knowledge or knowledge, maybe not wisdom, is

AI, is the example I would use and the one you've made me think of is, is it's a bit like a child you might have and you have no idea what it's going to become. But one day, if you get it right, you're going to set it free upon the world and it's not going to need you anymore. Right. That's the goal. You raise your children to be independent. Now you obviously want them to come home. They'll bring their laundry if they're still in college and maybe after. But that idea is that, you know, the point I'm getting at is that you have this sort of

know, race to mimic the past because we want to achieve things on the scale of, you know, the greatest minds and wealthiest people ever. We know that about the billionaires now. They look back and a lot of them see, you know, the Rockefellers and the Carnegie's and they want to reincarnate that reality for themselves. AI, lately, seems to be the vehicle for it and the method by which it's going to occur, except it's not a machine that is envisioned to be

turned off or controlled. are many within the sector that view it. I mean, we hear the phrase agentic AI, which is this incredibly generic way to say AI that does its own thing, right? It's on its own. And maybe you've given it some guidance, but whether or not it's aligned with what you think it should be is a big question that they don't really know the answer to. And I guess that scale of it, that mystery of it is one that really triggers the scale to which

things and tools can be used for good and bad is not new. And what is new, I think, is the potential scale for this to do things that are incomprehensible for us to even imagine right now. you know, again, it's sort of an aside, but as we look at cybercrime and cybersecurity and the resilience that comes as a function of security and then even cyber insurance, there is this player at the table now in AI that

If you are a little cynical about it, you'd like, everyone's just saying it. Everyone's just saying it. They need to say they're involved. They need to say it's part of the picture because that's the way they make their investors and shareholders feel like they're current. I don't think it's quite that simple. I think that there is a ⁓ raw material that's been set upon the world that is, and you use the atomic bomb as example of splitting the atom. ⁓ You could argue we haven't really

Jason Makevich (14:13)
.

Martin Hinton (14:30)
taking advantage of the energy that can be derived from that for various reasons with regard to nuclear power and energy creation and electricity. But I think that what's going to come of the world if AI survives the financing period, it seems to be in, whether or not it can hold up to the quarterly demands that these companies face. mean, smarter people than me might be able to predict things. I agree with you that whatever it is, it's going to be heavily influenced.

Jason Makevich (14:56)
That's the thing.

I think the smartest people in that world are the ones that admit they can't predict it. That's the thing that really, I think, hurts my brain is it's the first time that we've been in that position. There's always been experts and there's always been experts that are very wrong, but at least people that are confident and, know, okay, well, this is the direction we're going.

But it's not by accident that I picked the atomic bomb and splitting the atom as an example. When you think of technology that is invented or derived out of development, it's hard for me not to liken it to splitting the atom. And it's because

You touched on the nuclear power. A lot of good, I'm sure, can come from that technology, atomic technologies like that. But we know a tremendous amount of bad, you know, it can be weaponized. And in fact, that was the motivation of it was to weaponize it. AI, the motivation of AI isn't primarily to weaponize it, but we're also unleashing this incredibly powerful technology, or at this point, it's unleashed.

And it could be used for tremendous amount of good, but it could also be weaponized. And in some cases certainly is already, but we're also in this very early stage. And I think five years, 10 years from now, we're going to be laughing. If we're still, if the robots still let us live, we're going to be laughing about, I'm not that cynical, about, you know, just how little we knew and how,

tip of the iceberg that we really were in 2026. I I think that's what we're dealing with. We're dealing with a curve, an exponential curve that we're just starting on of advancement in what technology is going be able to do, be capable of. And then as soon as the convergence of that in quantum computing really takes off, I think it's just impossible to even fathom.

where we're going to end up with any of this. You mentioned that it's like having a little kid and setting them free one day. Well, I just hope that this little kid not only lets us live, but maybe takes care of us in our old age too. Hopefully it's there for good, much more than bad. ⁓

It's one of those things where, you know, I'm not going to try to worry about the things we can't control, ⁓ but we're going to certainly do everything we can to control and to, to, you know, raise awareness around what it is that's so important, you know, from legislation down to, you know, what is ethical amongst the development of technologies and how do we apply these technologies and, and how do we do it safely and how do we do it without.

hurting ourselves in the process.

Martin Hinton (18:08)
So you sort of get us into the big, forgot, first topic for the cyber risk part of you. You know, we hear phrases like cybercrime, cyber risk, and you hear about ransomware and business email compromise and deepfake frauds and all that sort of thing. One of the things that we sort of touched on is the idea that because it's cybercrime, it's kind of invisible. And there's a framing problem with how...

small businesses and individuals and even very large corporations view the risk that poor cyber security or cyber resilience creates. It's like a bit of a language problem. You know, we treat cyber like a bit of a mystery. And I wonder whether or not, you know, there's, know, a demand for a greater level of understanding about this. And one of the ideas that I put to you as we were exchanging emails over this was the idea that

maybe we should have to some degree a mandatory requirement to report ransomware payments. There's talk of banning them in places and that's problematic. There's issues with making it public. So maybe you have to divulge your ransomware payment, but it's confidential. Just so we can start to collect a data set for just how often it happens so that governments can act in a manner that's comprehensive.

that ⁓ companies can, in the case of insurance, underwrite properly and look at things in a way that is clear. So I guess I'm curious about, ⁓ the language part of this and understanding the problem, the scale of the problem, and then also the idea that there are maybe some small steps to start that might be possible. So I guess I'm curious what you think about that.

Jason Makevich (19:55)
Yeah, mean, you know, lot there, but I would say, you know, to unpack that, yeah, as far as the reporting goes, and I believe CISA has, they've pushed off the final rule, what, to May. So, you know, you got, what is it, CERCIA, the Cyber Incident Reporting for Critical Infrastructure Act. You know, you got that basically coming and the rolling on that in just a few months.

on what the reporting mandates are going to be around, I think it's going like 72 hours of reporting and ransomware payments and 24 hours and all that. Yeah, I think it's critical that

folks understand that we're trending toward that, tell the government right away when you have to pay. Because it comes down to, a lot of it comes down to, I think the data too, the intelligence, the enforcement and kind of better loss modeling around that. But you're also going to have very,

variations of this across states and then across different countries and regions. know, Australia already has mandatory reporting. That's pretty well established for organizations. And I know the UK has some stuff going on and of course there's things in the EU. yeah, I think it's going to be trending more and more towards that. And it's critical that, it's critical folks,

stay up to date with new legislation, but also work with folks that are more expert in that field. Now, I'm not an expert when it comes to the legal legislative stuff at all. I do try to keep read up on these things, but that's why we partner with ⁓ an attorney who, they're firm, that's what they do and they do it really well. And so we're constantly in touch with them and

That's what organizations need to do now is have the right experts, have seats at the table for the right experts to stay up to date and be able to make informed decisions.

Martin Hinton (22:19)
Do you think that, again, one of the things I've said to you in the times we've spoken is that there's an element of cybercrime where it's still very ⁓ common to feel like the victim is being blamed. If you're an employee and you click the phishing link, you made the mistake. You are the bad person, not the person who tricked you. The human nature element of it all, you staying informed, do you think, you know,

if you're a CEO or, you know, on the board of a large company or even a mom and pop dry cleaner is the example I seem to keep using. Where do you think that is generally? the understanding at the, let's start with the corporate level, you know, the concern that exists in the, know, fortune 500 world. Do you think on a scale of one to 10, 10 being, you know, incredibly concerned and doing what they should within the budgets?

that they have or is it closer to three or four?

Jason Makevich (23:20)
think it could be above five. Everyone has their own risk tolerance and you're going to have larger orgs, they're going to have boards and leadership that are going to have higher or lower risk tolerance and some will be more knowledgeable of the topic than others too. Ignorance seems to be pervasive in this area across any organizations, public, private sector, anywhere.

But you know, with these giant companies, it is disruptive as cyber risk can be and the impact of it. It's rare that a very large company can't survive an event, a bad incident. I mean, we've seen some really terrible ones happen. A lot of retailers lately, a lot in the UK, car companies and so forth.

But they're all, you know, most of them survive these things and generally rebound pretty well. It is the small and up into the mid market, but definitely the small businesses. Those are the ones that often don't survive. The statistics are overwhelmingly ⁓ scary. that's where I think, to me, that's where my passion is to help.

those folks, but you mentioned the cyber crime and who's at fault and yeah, I mean, like if, someone steals your car, is it your fault that your car was stolen? No, you're a victim of crime. But what if you leave your car unlocked and you leave your keys on the seat of the car and your car just so happens to be parked in the most dangerous neighborhood in the entire world, which I would liken to the internet. So

keeping in mind that all our businesses being online are in the most dangerous neighborhood in the entire world. So now if you have your car unlocked, keys on the seat, sitting there.

and someone steals it, you're still a victim of crime. But the fault does shift a bit, doesn't it? Because even though it's crime and you're a victim, you do have a responsibility to take reasonable action to mitigate that risk. You should be locked in your car and try to remember to bring your keys with you. That's still important. So it's about having that due care. It's about

taking reasonable steps to know that, okay, yeah, if I leave my keys on the seat of the car and the car's unlocked, chances are, there's a good chance the car's not gonna be there when I get back. I think that we need a version of that in cyber, especially in the SMB space. And that's what we're missing is that reasonable knowledge of, you know, we do need to...

be aware of these, business leadership needs to be aware of these things and needs to take reasonable action. And they owe it to themselves, to their employees, to the families of those employees because of the devastating loss that can occur.

Martin Hinton (26:42)
You touched on the sort of overwhelming challenge that small medium sized businesses face in the cyber attack. You know, that often doesn't make the headlines, right? You don't hear that story. I MGM, Jaguar, Land Rover, Marks and Spencer, Colonial Pipeline, that fills the headlines. Do you think that there's, because large corporations to your point have the capacity to survive, they can suffer the loss, if you will?

Do you think that creates the impression that that's the case for smaller players and when they find out they're often burned? I guess what I'm getting at is the idea that there's a real misconception about the scale of this crime. I think I've said to you that the number I always refer to now as the Moby Dick number is that last year the global economy lost 10 and a half trillion dollars to cybercrime, which for context, if that's true.

it would make it third in GDP after America, then China. So even if that's accurate, 50 % of that is still, you know, $5 trillion. That's, know, to bleed that sort of money into nowhere, to God knows where, well, I should say just to add, we know that a ton of this money goes to fund the activities of

Jason Makevich (27:57)
you

Martin Hinton (28:04)
Regimes and nations that America would view as their enemies so Iran and North Korea And certainly competitors if not enemies depending on who you are in America China and Russia and There is you know, these are countries we embargo we bomb Yet we let all of this money bleed into them either at the criminal level which invariably involves paying people off to exist or

straight into the government reality. I guess, you ⁓ what do you think should be done to raise the sort of concern about that to the degree maybe you need to?

Jason Makevich (28:42)
think that in order to get critical mass ⁓ awareness.

I don't know that there's a way to do that without some sort of carefully thought out regulation. For instance, car dealers, they ⁓ do financing, right? So FTC has identified them as lenders. And because of that, they've applied their safeguards rule. ⁓

ruling which requires them to use multi-factor authentication on their systems. if the other very critical to me, very no brainer things everyone should be doing. But the fact is most aren't and it's still crazy that so many aren't using these very standard, know, seat belts and airbags in their car kind of standards. ⁓ But the reality is that FTC ruling has forced

a lot of automotive dealers to do the right thing. Those businesses to do the right thing and to take reasonable action to protect their business because it's not about protecting that business, it's about protecting the financial data, the personal data, the personal property now of all the customers. Right? And so I think it's that kind of approach.

that but across all industry. And that's where, know, maybe, you know, maybe we need a internet access role. Hey, in order for you to connect to the internet, ⁓ you know, you need these things. I don't know. ⁓ There has to be something at a large scale. I think I look at it as, you know, I'm in California and I know California has, you know, some of the most

forward thinking legislation going through for data privacy, especially on, you know, consumer rights and all that. But federally, you know, it's going to be a while until we see anything there. And in order to deal with data privacy and consumer privacy, cybersecurity is a fundamental prerequisite for that, reasonable cybersecurity. So I think

that might be the driver. We've seen it in Europe. The difference is it seems like Europeans are far more, they care far more about their own data privacy than most Americans. It's surprising to me, but it seems to be a big difference. rather than going state by state, think federally we need some legislation and that needs to happen soon because yeah, you're right. ⁓

bleeding money and so much of that money is going into some pretty dangerous places.

Martin Hinton (31:48)
So you touched on something just now, which is again, something that I think people comprehend, but the level to which it makes you vulnerable is ⁓ maybe a little bit hard to imagine. And that's supply chain and or third party risk. And the simple way I think about that, and you can please correct me if I'm wrong, is that these devices connect us to the world, to each other.

That connective reality exists in a much less amusing way than, Snapchat or even the video conference with grandma. There is all of this information that transits the internet, the tubes as Senator Stevens once called them from a laptop. And it is incredibly vulnerable in respect to the fact that I'm my brother's keeper, maybe.

Jason Makevich (32:25)
huh.

The tubes. A set of tubes.

Martin Hinton (32:45)
Or maybe not. And the idea is you might be dealing with people that check the box on their cyber insurance policy and they don't really have MFA across the spectrum, but they check the box and that's how that works. And I wonder whether you could get into sort of the idea that because of the brilliant friction, the way we've removed friction from the economy, even with email and communicating in the written form with someone not having to mail or FedEx a letter or fax it.

The idea is that that's come at a price and we haven't paid the piper for that price and that supply chain third party risk is a huge factor in all this. We hear a lot about breaches where it starts at a vendor or it starts at a, even a cybersecurity or an IT firm that's an, know, outside of your physical existence, but very, very much in your system and in you, in your space that you would hope to keep secure for your

for your own company's benefit so that you can keep paying your employees. But then as you touched on with the auto dealer thing, mean, if you've got 5,000 credit cards on file, so you can charge people for their most recent, here we go again, dry cleaning delivery, there is a vulnerability there that I don't think people quite comprehend. that supply chain risk, tell me a little bit about where you see that right now and what you think about the coming year or so with regard to that.

Jason Makevich (34:09)
Yeah, I mean, it's definitely starting to get a little bit more mainstream in terms of, you know, some of the conversations around cyber risk management in terms of supply chain. And we saw, you know, not everything is even malicious or considered, you know, I don't know. I don't know how to define the term cyber, to be honest with you. Is it, is it just bad or it can it be good? ⁓ But, you know, I love the buzzwords, but ⁓ information security is what we always called it in the industry. ⁓

But cyber sounds cooler. But when I look at like what happened, AWS went down not too long ago, right? And I mean, good God, everyone got brought to their knees. Nothing was working. I literally couldn't open my garage door because the app that I use, because I'm a geek, their system was hosted on AWS and that was down and couldn't open my garage.

It's crazy. It's weird, right? So the dependencies we have on certain, infrastructures out there, AWS, Microsoft Azure, Google cloud on, and then, you know, the fact that you got all these companies out there, they put all their eggs in that basket, but they're not even like thinking about the old principles of redundancy and fault tolerance in that regard.

because they think, well, okay, that's on Amazon. They're the ones hosting it. They have all the redundancy and sure, they have tons of redundancy, but we know that can still go down. And so I do think that there's a responsibility of these vendors out there. And you know what, maybe depending on which model of gadget and gizmo you get at your house, if you get the garage door opener that costs, you know, $19.99,

Maybe, that company's not going to invest in the redundancy of having multiple cloud zones to fail over to. But a consumer should have the opportunity to spend more money on the one that might be more resilient, right? And have that redundancy. And that's at one level. But then you look at business to business and you look at, well, you all these companies out there that are dependent on this technology. It's important that the businesses think about

having fault tolerance and redundancy, but also recoverability and resiliency around what can happen and how do we recover from it? How do we continue business continuity? These are principles that have existed since well before I started working in technology, which is a long time ago. But as we've moved into the cloud and moved into these SAS models and everything else, the roles and responsibilities are misaligned a bit.

It is a responsibility and customer to ensure they have proper resiliency. But if let's say you sign up for a CRM and you need that CRM to operate your business and that CRM doesn't have the right redundancy, do you even know that as a customer? Is that part of your due diligence in selecting that technology and enough reason not to go with the one that has the right features for your business? So it's tough.

And that's why I really think that there just needs to be more pressure from the through the supply chain from the customers all the way up through the vendors on looking for more resiliency as well as better kind of secure by design architecture, ⁓ which that's a huge part of it is you go get any of these platforms out of the box and out of the box, they are wide open.

They're wide open because by design they're wide open and you have to go and configure them. The vendors could do a much better job of educating the clients on, look, you just bought this car from us, but we didn't put brakes in it yet, let alone seat belts or airbags. So here's how you would want to do that. But we know that some people don't want the brakes. They want to just keep going. you know, and you know,

maybe they should start putting the brakes on the cars. You know what I mean? So, but there are certain things where we're in this situation where the, whether it's the consumer or the large corporation that, that, you know, implement some big technology, you're in that customer end of the supply chain where it is your responsibility to architect these environments with zero trust principles, principle of least privilege, know, a defense in depth ⁓ strategy. And

And I think it's lost upon so many of these organizations as to whose responsibility that is. ⁓ So I think a lot of awareness needs to continue to ⁓ go out there. I just wrote a new LinkedIn post about this topic that will be going out soon. Yeah, I mean, it's a big deal. And I really hope that more and more people in our industry and throughout the technology space ⁓ really start seeing this. And I'm hoping to see some

legislation that would put some requirements around a secure by design approach. Like for instance, you buy a wireless router in your house, does it come with a default password? I mean, that's like, it should never, know, cause no one ever changes those, right? It shouldn't, that should never occur. That should never exist, but those still, those things still happen all the time.

Martin Hinton (39:47)
Louv 123, right?

Jason Makevich (39:49)
Yeah, so, you know, it's things like that that we do need to see a lot of change with. And if we did, I think it would make a big difference.

Martin Hinton (39:57)
You touched on something now that for all the doom that perhaps people have taken from this conversation today, none of this is new in the human sense. And the idea that you can go to a vendor, take your car to a garage, right? I wouldn't know how to fix particularly a modern car. I maybe I could have changed the oil on my car in the 80s. And nowadays they are

sophisticated complex, they require computers and code readers and all sorts of things that specialized training would suggest. And you see little seals at garages indicating that mechanics have been trained to some standard or another, which I don't know anything about. But that idea that when you're dealing with someone, when someone comes to your door with a quote unquote default password, i.e.

my name is John Doe. go, yeah, your name's not really John Doe. Who are you? Before I let you into my home where all my valuable things are, likewise in the business sense that there needs to be the ability to move past the sense that this is abstract and that this is just security and it's not cyber crime, it's just crime. I think that in sort of pulling back the sort of curtain that makes people feel a little bit like.

I don't know, or it's not gonna happen to me. I don't get MFA. Okay, you don't have to get it. I don't know how a key works when it goes into a lock either, but I use them. And just, you don't have understand it.

Jason Makevich (41:23)
Yeah

Yeah, exactly. mean, that's the thing. You're 100 % right. There's nothing new here. At this point, I would say the majority of the cyber risk that folks need to pay attention to really do come down to cyber crime. And it used to be that those script kiddies and hackers out there that would just go and cause damage because they thought they were

you know, cool amongst their group of strange peers. You know, those days are long gone. And so we're not protecting from what I think most people think of hackers. Okay, we're dealing with criminals and a lot of it has been monetized now, ⁓ commercialized to where ransomware is a booming industry. And people need to understand that

It's not the most sophisticated hacker out there that's getting them. It's just a shitty criminal, just a bad person with a computer and with a subscription to a ransomware as a service toolkit, because it doesn't take much for a criminal to get online to sign up for one of those, get a email marketing list just like

any business would do when they're trying to send emails out to consumers or B2B or whatever. But instead of marketing your product or service, your widget, you're marketing some sort of bad link or bad file or bad something, something that's going to get them. And they're casting this wide net. These are cyber criminals that are not discriminating. They're not targeting a particular company, you know, 99 times out of a hundred. is they're casting a fishing net.

with a pH, right? And whoever ends up in there is, you know, they're toast, right? It's that simple. And so we are all targets. We are all susceptible to this. And even with really good security, there are chances that we could get hit, but here's the deal. If you've got, if you live in a neighborhood, a not so safe neighborhood, we'll say a dangerous neighborhood,

Martin Hinton (43:34)
Yeah.

Jason Makevich (43:53)
You've got some bars on the windows and you've got the locks on the doors and you've got cameras up. And your neighbor doesn't have any of those things. Which one is a criminal going to go hit? They're not going to hit yours. Now, if that criminal is very sophisticated and only wants to get in your house, can they? Probably. It's not Fort Knox, right? There's probably a way to get in. We're not we don't have to protect from those.

hackers, those guys. That's not what we're looking to do here in the broad scheme of things, in the mass adoption of ⁓ critical mass of protection. We're just trying to make sure that we're taking the reasonable steps so that business leaders understand that their business is in the most dangerous neighborhood in the world, the internet, and there are criminals all over the place and they're absolutely trying to break in all the time, but they're not trying that hard.

yet they're still going to get in. But if you take the right steps, we can keep them out most of the time. And part of risk management includes the resilience side, know, recoverability and all that. So if they do get in and do something, we can minimize the impact and it doesn't need to be devastating. So there are things that can be done. They can be reasonable, but it's a cost of doing business today and that needs to be understood.

And I think we're getting there, but it is taking a long time. And in the process, a lot of livelihoods are getting destroyed.

Martin Hinton (45:31)
I mean, you touch on it a little bit and obviously I don't want to devolve into a cable news segment, but the geopolitical part of this and the way that geography doesn't protect you, right? There's no ocean that stops cybercrime. And you can be in Iran or Myanmar or any number of places where there is some degree of protection offered to you by the location. What do you think that the...

the situation with regard to that is, I mean, we know that China, Iran, North Korea, and Russia are the big four. And they, I think it's fair to say, do cybercrime, quote unquote, for different reasons. ⁓ Some it's money, some it's stealing IP, and some it's just disruption of the good order of any civilization viewed as a foe. Where do you think that that stands now as a

as a driving force or a of bedrock for how successful cybercrime is because, one of the things we touched on, we talked quite a bit about broadly is AI and AI and cybercrime, you know, it's the new new thing, but as a number of people have said, and I think maybe you were one of the first is cyber criminals were doing just fine without AI and you know, this is just another tool. So don't get too distracted. So I guess I wonder, you know, is there,

Is there a geopolitical element to this from a small business owner's point of view that you need to pay attention to?

Jason Makevich (47:05)
To a degree, mean, it's good to know about these things, right? I think that awareness is important. And yeah, I think that understanding the motivations could help. You know, let's say North Korea, for instance, you know, we know what motivates North Korea. You know, the Intel is there. You know, it's their funding, their whole country, they're trying to fund so much of Pyongyang out of cyber crime.

It's not just ransomware attacks and all that. Now, and Deeper Hit is doing this a lot where they are, they are actually trying to infiltrate companies with fake hires. that's a pretty, becoming a more common tactic for any organization out there that is hiring people. If you are not meeting them face to face, you have that risk, period.

Martin Hinton (48:04)
I do want to, Jason, I just want to stop you there because every time someone talks about this with me, you have to make it clear to people who don't know this. What we're talking about now is the idea that largely driven by remote work and the capacity to fake your voice or even your video image on a video call, someone in Pyongyang, the North Korean capital, can pretend to be ⁓ an IT worker named Suzy from, you know, Phoenix.

Jason Makevich (48:04)
And if you... Yeah.

Martin Hinton (48:32)
get a job at a large firm remotely and be paid in dollars and be inside sensitive areas of a corporation that could be doing any number of things. And they're in fact an agent of the North Korean government. Are they in there just to make some money to help bring capital and currency to North Korea in some fashion? Are they also in there stealing IP or looking at how phones are configured or?

Imagine if someone is within the Verizon network who just had an outage. just to stop there, this is what we're talking about. We're talking about a completely fraudulent person ⁓ being inside, the ultimate con. think of, we've seen it in the Mission Impossible movies with the amazing prosthetic face mask and someone looks like someone entirely different and sounds entirely different. That's literally what's happened.

Jason Makevich (49:03)
Mm-hmm.

100%.

Martin Hinton (49:27)
So pardon me, I just want to make sure that's clear for people to watch.

Jason Makevich (49:27)
Yes.

100 %

and it's easy. It's too easy. That's the crazy thing. A year ago it was hard, now it's easy. So that's the advancement that we're in with AI. Deepfake is easy. There are apps out there that do it, do a really good job. I guarantee you, if you have kids on TikTok or something, they've seen a million of these, okay? They're everywhere. You know, I saw a funny video of it.

a dog driving a car getting pulled over and yelling at the cop. Like it's, and it looked real. Like it's obviously not. And it's just crazy, right? But the deep fake thing is real. It's a real problem. It's going to get worse and worse. But at this point we're already there and it is happening and companies are falling for this. And if you're not meeting someone face to face, you have that risk. You have to figure out other ways of vetting them. And the most dangerous thing here is trust.

And it's tough because I don't want people to feel paranoid. mean, our society, it's so important that we have good relationships and we treat each other well and respectfully. But man, if it's digital, just stop trusting it. If it's email, stop trusting it. If it's a video call, stop trusting it. If it's a phone call, don't trust it. Don't trust these things, any of them. You have to prove beyond a reasonable doubt.

that you can trust it. And if you can't prove it, don't trust it. It's going to take, I think, a generation or two for us to get there in terms of the hard wiring we have in our heads on this stuff. We're all susceptible to this. I know I am. I know I am susceptible of trusting someone a little too much and falling victim to a pretty dangerous fraud. Absolutely. That's why I know we have to have

all the right processes in place in our businesses to make sure that we don't fall victim to this because we can't afford to. So that's kind of what I'm getting at here. It requires so many different things to figure out what to do to protect your business. It's not just one or it's not just byproducts of, yeah, you know, we have antivirus. have cash. We're way past that. We're way past that. And if you don't have experts sitting down,

with that seat at the table that you put there for them, you're way behind. I don't care if you've got the, and I get it, a dry cleaner shop isn't going to have a monthly meeting with a cyber risk expert, but at the same time, if you're online, you got it. You got to have the help. And there's a lot of good folks out there, like my firm, but many, many others that are really good at this. ⁓ And then there's a lot of IT folks out there that haven't really skilled up on the cyber side. And so they might not...

be able to give all the right guidance. So I think it's up to everyone to really understand who they're talking to and that they're getting the right advice, right guidance.

Martin Hinton (52:28)
You touch on something that a few people have said to me in the last year, even less, six months, as AIs move from being detectable because people have six fingers and now it only has five. They've solved that coding error or whatever it might be. But this idea that you cannot trust anything. So if your bank says, ⁓ we've got a new security measure, we need to call you.

at the number you've given us, don't give it to me now, and do a verbal call where we record it to transfer this money or process that request. You might instinctively, because it's a new thing you've got to do, be annoyed, but in this moment in time, you should just say thank you. And if the person you're dealing with says, really apologize, it's going to take a couple more minutes, say, do not apologize. The level of fraud and the capacity with which, as human beings, we are potential victims of it,

is extraordinary. So trust but verify has never been more important. that's a of a consumer takeaway moment, if you will, from the cyber insurance news. But it is.

Jason Makevich (53:37)
would change that, Martin. I would say don't trust and verify at this point. Don't trust and verify. Yeah, that's where we need to be.

Martin Hinton (53:41)
Don't try to verify. There you go.

Yeah, I mean, is, like you said, it's so easy now. And the scale of it, if you can rip off 100 people for a thousand bucks, that's a good day's work. And that's where I think people don't quite appreciate, I mean, if you're a bank robber in the olden days, you can rob one bank at a time.

If you're a bank robber now, you can rob five bags a day and not leave your laptop. I mean, think that that is sort of, when we think about.

Jason Makevich (54:11)
Yeah.

It's like train robberies.

where you're everyone's everything. They're just all, you know, and it's, you know, I will say this. I would say the vast majority of organizations out there are not protected enough. ⁓ And I would say it is very cliched to say it's just a matter of time. But what I would say is this.

The only reason why almost every single organization and even small business hasn't been totally devastated by cyber crime, the only reason why that hasn't happened at a really massive scale is scary enough. I would say a talent shortage of cyber criminals. That's it. They're just.

As there are more and more cyber criminals, it will get worse because the tactics are there. The capabilities are there. There's just only so many criminals out there and there's a lot of businesses out there. They are having a field day. There is no shortage of market for these criminals. And we're all out there for them. And it is critical that anyone in a position of a leadership

Martin Hinton (55:36)
Yeah. ⁓

Jason Makevich (55:39)
Take this seriously.

Martin Hinton (55:41)
This is not a career path endorsement, but you make a really, really good point, right? The opportunity to do more exists. And you touched on earlier that the nature of these criminal networks is they're highly organized. We're talking about, you know, they're businesses. I mean, we say organized crime. That's what we're talking about. And what that means is it's organized like any business with bureaucracy and shifts and an office and a Slack channel, if you will.

Jason Makevich (55:45)
Certainly not.

Martin Hinton (56:10)
And that idea that if businesses that made a million dollars last quarter, and it's just a business, they're going to want to make a million and a quarter this year. Well, how do we do that? We got to hire more people. And we see it. There was just a really good New York Times piece out of Myanmar where they went to a place. had been love scams that they'd been doing where men were posing as women or they didn't get into the details of how the scam unfolded. But there were just thousands of phones and, you know,

the way you can create the sort of personas and personalities digitally that people trust now, right? Particularly if you're digital native, right? You grew up trusting what you see on your phone. And back to your point, the sort of the midst of this conversation, you can't, you can't. Don't trust and verify is a good motto. When it comes to...

Jason Makevich (56:57)
Yeah, those romance scams

are a big, big problem. when, and we all get those text messages where it looks like it's the wrong number. Hey, Susie, you know, I went to that coffee shop last week. Thanks for the recommendation or whatever, some random thing where you're like, that's not wrong. Delete it, just delete it. Don't respond, just delete it. Just delete the message. Just saying, very important people know that.

Martin Hinton (57:18)
Yeah, yeah, yeah.

The same like when you get a text or any kind of message that makes you feel like you suddenly owe someone money and you have to stop everything you're doing and get them that money right away. Anything that ever makes you feel that way, ignore it, delete it.

Jason Makevich (57:32)
Yeah. But even non-threatening

texts, like, like what I mentioned, delete it because that's what they're doing now. They're, they're, they're starting not with the threat. They're starting with this and those romance scams are real and, and be surprised who's vulnerable to those. It's shocking.

Martin Hinton (57:51)
As we move to wrapping up, one of the things that we discussed prior to this was the idea that there are a lot of things small businesses can do to make themselves secure that don't mean spending more money. And one of the big things, and you touched on this, is if they buy a new piece of equipment and it comes with a standardized password, like password123, change it. So I wonder whether or not you might offer some ideas for ⁓ small businesses to check things, like basic configurations for security that may exist in the equipment they have.

Whoever sold it to them didn't explain or they don't quite understand so they never engaged. What are the things that companies can do to, you know, I mean the basics like closing the gate to the field after you pass through it so the sheep don't get out. Like simple basic stuff in the digital sense.

Jason Makevich (58:37)
Yeah, I think the most important thing truly is, tactically speaking like this, is any software, any platform, any sort of technology that you're using, go on to their website or reach out to that vendor and ask for some sort of hardening guide or best practices for security for that platform. If it's Microsoft 365, there's tons of resources. If it's Google Workspace,

Tons of resources, salesforce.com, tons, like HubSpot, you name it. They're out there. Pay attention to those things, go through those efforts and configure these systems to these security best practices, these hardening guides or whatever the vendor calls it. It should be free or, you I mean, you will see like Microsoft, they're going to be like, oh, you can do these things. But if you spend, you know,

five times what you're spending today, you could do all these other things. You can make your decisions based on what you learn or by working with someone that can help advise. ⁓ But yeah, without spending any money, you can typically go in and really do a lot to harden systems. And it generally requires someone fairly technical to do that. And you always want to be careful with any change control. But yeah.

Those are all doable and very, very important. I do recommend ⁓ professional technologists, IT professionals are the ones executing changes with proper change control. But at the end of the day, you're not necessarily having to buy more products for that.

Martin Hinton (1:00:19)
I mean, the analogy I would use is if you've bought the stuff, it's a bit like joining the gym and you didn't ever go, right? You're not gonna get the benefits of the gym membership. There is this exist. You touched on the technical part of it. And I think that in my conversations with small business owners who are not working nine to five, right? Six, seven days a week, depending on the nature of the business, you're either in a store or in some other physical location to do the work that is required. And there's all sorts of...

taxes and regulations and payroll and whatever it might be. When it comes to seeking out advice from people like yourself and companies like yours, what should small business owners, what are a couple of questions, know, do I need an MSP or if you get this hardening guide and you're like, I don't understand how to do any of this, know, I'm, you know, a tech illiterate or whatever it might be. How would you sort of guide someone through that process to sort of find some expert help? And here's the million dollar question.

quite literally for small business owners is, is this stuff expensive? Am I going to break my bank? know, cause you, it'd be all well and good. You can't go bankrupt making yourself cyber secure because that defeats the whole purpose, right? The whole point is to make yourself resilient should and when, if, and when something happens. What are some approaches that people might have if they find themselves listening to this or realizing that the problem is bigger than they thought, or they hear about a business in their neighborhood that has a problem. They're like, man, I want to make sure that doesn't happen to me. What do I do next?

Jason Makevich (1:01:46)
I think the best step is yeah, to find the right professional or firm that's going to fit your, you know, your culture and kind of fit what you're looking for in terms of the way they would work. I mean, if you're a tiny business, you don't want to hire the, you know, giant enterprise, cybersecurity firm that doesn't obviously not going to care that much about you. But if you're a giant business, you don't want to hire the mom and pop cybersecurity firm necessarily either. Right. And so you fit the right model to what you got.

But to particularly look out for product versus service, the best cybersecurity firms out there and MSPs that are good at cyber are not the ones that are going to sell you on a bronze, silver or gold package and call it a day and say, yeah, if you've got the gold, you're really safe. Silver, you're pretty safe. And bronze, you're still okay safe.

security is not a product. Now that you do have to invest in some solutions, they have to exist. You don't have antivirus, advanced next gen stuff on your systems, that's a problem. If you don't have good email filtering beyond what comes with Microsoft or Google, it's probably a problem and so on. So there are some investments in technologies, but don't think of it as products. Think of it as you have...

You have an advisor, someone that can bring in these solutions, manage them if you don't have the right people to manage them because it's a day to day ongoing process. The detection or responses 24 hour service that needs to be there. It's like having CCTV with an alarm company monitoring your stuff. That's what you need. You know, maybe not day one. Like if you're really in really bad shape, maybe you start by, you know, meeting with someone and you build a roadmap. But if the

MSP or cyber firm or expert doesn't work with you strategically on building that roadmap and meet with you on a maybe monthly or quarterly basis and really take this seriously and help you help take leadership of this, then they're probably not the right partner because if they're just trying to sell you a product, that's not going to be enough. It will not be. In fact, it might just cause more problems than not. You're putting your money in the wrong place. There are products involved, but it takes a strategy around it.

Martin Hinton (1:04:09)
You touched on something earlier and something you just said now reminded me. How cautious or what word of caution do you think people need to have with confusing maybe their IT provider with someone who can create this cyber resilience and cybersecurity environment that you're describing? Because I think that there is this conflation of cybersecurity and IT, which does a disservice to the role either play. So what do you think about that?

Jason Makevich (1:04:35)
Yeah,

yeah, indeed. mean, my background was network engineer and some security involved, but primarily not. It was mostly availability. Our job was to keep things available, not necessarily protected. And we're talking, you know, back in the nineties and the two thousands, but, you know, pre kind of scary cyber, but

It's evolved, right? And the fact is back then, I was very good at network engineering. I knew very little about information security. And that's the case with a lot of IT folks. They're really good at IT, but that doesn't mean they're cyber experts. And in fact, unless they've really put a tremendous amount into their development to learn about cyber and possibly get some certifications or at least, you know, spend a lot of time dealing with these things, real world experience, chances are they're not the right person to sit at that seat.

And that's okay, don't rule out IT. They're part of the solution, but they just might not be the ones to advise. But they should still be in the room and have a seat. You need to have somebody that really knows this stuff, that has that actual information security, cybersecurity experience, that can take that leadership role with you and really lead you towards a path of having a resilient business.

That's what this is about. It's about making your business resilient. And there is investment into that, but there's a return on that. And if you don't do it, the risk is just getting worse and worse. The impact is potentially devastating.

Martin Hinton (1:06:13)
You remind me of the symbiotic relationship that an architect and an engineer might have on a large building project, right? They're very different disciplines, but if they don't align their goals, you have real issues and problems when it comes to actually building and maintaining the thing that one envisions and the other constructs, if you will. ⁓ So we've been talking about it now. Is there anything we didn't get to that we discussed in advance you'd like to touch on before we wrap up?

Jason Makevich (1:06:41)
We did talk, well, we had explored the idea of talking about AI, ⁓ governance with AI and the risks around that. I don't know if you wanted to touch on that at all.

Martin Hinton (1:06:53)
No,

yeah, that's a good, you know, I mean, is that the phrase, everything has to have a phrase now, the shadow AI reality and someone dumps a contract into chat GBT without realizing that it's an open frame and you've sent it off to everywhere. So yeah, go ahead, data governance. mean, here's the thing, right? In the information age, what's important is information. We hear about IP theft and all that sort of thing. And there is...

Obviously every company is embracing AI and trying to bring it in if you're the CEO and make it look like ⁓ you've got efficiencies and you're going to be able to do work in this much faster. And there some studies already coming out that suggest companies that have employed AI are actually seeing things take longer than they would for variety of reasons. ⁓ yeah, so what about that? What about the idea that the, you know, if you're not careful with who you talk to and AI is someone to talk to, like if you share things with AI and explore ideas with AI. ⁓

That data, that information, those thoughts, those potential product improvements, they're free range, right?

Jason Makevich (1:07:55)
Absolutely. You know, any business out there that has computer users, chances are someone's using AI in their job today. Chat GPT, pretty common. ⁓ I love it. I mean, it's amazing. It can do wonders for us. Just dealing with that. Then there's Agenic and all these other things and sure. Businesses are thinking right now about innovation. The conversations around AI are primarily around innovation and

What do we need to do and how do we take advantage of this? And you got some business leaders that are like, how soon can I get rid of my employees and replace them with computers? Which I'm not, obviously not a fan of. But the reality is the kind of low hanging fruit here is, you've got these, these,

chat TPT type of, you know, LLM, GenAI solutions that folks are using. And it's either that the company is going to really put some design and strategy around architecting an environment for their users and making sure that you got all the right, you know, ⁓ policies in place, which is hard to do in these programs. Otherwise, you're going to have...

sensitive data leaking out to AI models. And that's the risk that I'm surprised not more people are having conversations about. If let's say you've got a, physician ⁓ is working with you on a care plan because you you recovered from a heart attack and so, okay. So now that physician might want to use ChachiPT or perplexity to

put your patient chart up there and have it help draft a care plan for you. Because if I were a physician, that would be amazing to be able to do that. And you saved me probably a ton of time and probably do a better job overall. And, you know, especially as you continue to do more and more and refine, you know, all that work. But now you've got all this very sensitive data that's potentially going out to an AI model. And now, you know, in that case, OpenAI or perplexity might know that.

so-and-so had a heart attack and is at this age and this address and there's a million other data points that, or many other data points anyway, that are terribly sensitive. And that's in one example of an infinite number. mean, an attorney, a big one is attorneys with attorney-client privilege. mean, you think about it, the way that works, as far as I understand, is let's say you're my attorney and we're talking and...

we're talking about something, but we're on this podcast and someone listens to podcasts no longer is whatever we talked about privilege. We just authorized it not to be. And it would be very similar if there is privileged information that goes out into an AI model. And so you have to have governance and there has to be really smart strategy around how to protect from that. Well, that's kind of a shameless plug, I suppose, but there's really good reason why we at

Part one and through another company, Greenlight, we work with a company called Liminal. ⁓ It's a partner of ours and they have an amazing solution. And there are many good products out there. I'm not saying there's only one, but we did a lot of due diligence and we love the solution that we've put together with them to where it's very approachable for small businesses. It does not break the bank, but what it's doing

for us and for our clients and for all of our partners through PortOne is it's giving businesses that ability to give a shared workspace, very similar to the ChatGPT. It gives a multi-model, so they're getting actual ChatGPT. They're also getting Proplets. They're also getting Grok. They're also getting Gemini. They're also getting Claude, right? So the five big ones, they're getting all of them unlimited.

for the price of one basically or two or whatever, you know, they really, really, really good value. And the most important thing is the data governance. So what it can do, and it's important to have an MSP manage it to do it right. So having a partner that understands this stuff, but the policies can be set up to where when that physician uploads a patient record or the attorney puts in the case, you know, or the deposition file or whatever,

It dynamically strips out all of that sensitive information so that it does not go out into the AI models. You can do a bunch of other things, create your own models. Like there's a bunch of stuff you can do with it, but just out of the box, that's the goal. It's a low hanging fruit. It's an easy thing for organizations to implement. It could potentially save them. And we're not just talking about healthcare and law firms. We're talking about any business out there because chances are you got people using.

these tools and chances are they're putting some sensitive stuff, emails with clients or maybe financials, all this stuff. These things, that's how AI works is they take this data and they learn from it, right? So you got to be able to strip that data out, the sensitive data. And that's what this platform does. It's what we've been working really heavily on with our MSP partners really around the globe now to ⁓

⁓ try and get the word out and help their clients protect from this very serious risk that has just popped up. Has nothing to do with hackers or cyber criminals. This is just an inherent risk of the technology.

Martin Hinton (1:13:55)
I think you touch on two things. It's liminal, right? And there'll be a link to your companies and obviously people can find more of that out. But the idea, and when we discussed this before, and I'm annoyed I didn't bring this up earlier, is that what this does is it anonymizes sensitive documents. So it takes out on its own, to your point, how it does it, someone else will have to explain. That then gets analyzed by the AI and...

on the way back into your system inside your safe space where you can trust yourself to read a client's name or see the amount being offered for a settlement or see the diagnosis for a patient or the prognosis for a patient, that reappears on any relevant document. That's what we're talking about, right?

Jason Makevich (1:14:37)
That's right. So it sanitizes to go out and it rehydrates as they call it when it comes back to the user. So for the user, they love it because they're getting everything they want. Plus they're getting that multi-model unlimited. I mean, it's awesome. It's really cool. It works better than any of these products. Other products do users love it. Businesses love it. There's collaborative opportunity there amongst teams. But yeah, the most important thing is just protect that data. And this is what this is why we care so much about it is.

Let's keep that data from going out because it's just a terrible, terrible risk that we can totally avoid if we do it right. and you know, I'm not a big fan of banning AI. think that just leads to shadow AI, basically people using their own personal accounts, which is even worse. ⁓ or maybe even worse yet is missing out on AI, which you just can't do, you know, definitely dive into it safely smart, but you have the right, have the right solutions in place. And I think most.

organizations would benefit greatly from Liminal and what the MSP partners of ours are bringing to their clients.

Martin Hinton (1:15:43)
Great. Anything else?

Jason Makevich (1:15:45)
I can't think of anything. think we've touched on a ton. Yeah. Yeah.

Martin Hinton (1:15:48)
Yeah, we

touch on a lot. So I guess I want to wrap up. I'll put you on the spot. you have any one prediction for the next 12 months that you'd put your name on? Maybe not Polymarket, but an actual real bet. ⁓ We can come back in 12 months and see how you did. What do you think?

Jason Makevich (1:16:06)
Well, let me think here.

I'm trying to think of what prediction I would have.

I am going to predict that sometime this year, we're going to have a bigger outage than we've seen so far. And when I say we, I mean, we, right? We saw AWS, know CrowdStrike had that, that issue that took so many companies down. would liken it to those. But I think it's going to be bigger. I think it's going to be more widespread and possibly to the point where it's going to be kind of like, you know,

to tie it into cyber insurance, kind of like what maybe a big hurricane or some major event, how it would potentially permanently change how that insurance market ⁓ looks at the risk. And I think it's inevitable that something big is gonna happen. I do...

I do believe it's a matter of time until the cyber insurance market and the underwriters and the carriers and all that are going to be looking for more evidence to prove certain compliance on an ongoing basis in order to guarantee that coverage. Because I it would take a large event for that.

kind of change to happen at that scale. And ⁓ that's been the case with other forms of insurance over the years, right? So, and I don't know if that'll happen in 2026, but I know at some point it will. I'm certain of it. And I'm going to say that that's my prediction that something larger scale, I'm not talking about a terrible, you know, ⁓ you know, water system attack from China or something like that. I'm not saying that I would never predict that because I hope to God that never, ever happens.

Martin Hinton (1:17:36)
Yeah.

Jason Makevich (1:18:03)
even though we all know it's possible. ⁓ But I am going to say that some major disruption ⁓ is going to occur and it's going to bring us to our knees for a period ⁓ and make us all realize a lot and hopefully we'll learn enough from it.

Martin Hinton (1:18:21)
Part of what I've learned doing this for a couple of years now is that historically, we tend to require an event that touches everybody in order for us to come up with comprehensive change. We don't fix problems till they truly break and we have not really gotten there. But maybe we haven't had the full blown flu, but we've been touched by a bad cold here and there. yeah. Well, Jason, thank you so very much. Jason Makevich, a big...

founder and CEO of Greenlight Cyber and excuse me, Port1 Links in the show notes so you can find him on LinkedIn and the company websites and we'll have some other links in there to some of the stuff we've referenced. Jason, thanks so much for the time. I really, really appreciate it. For everyone else watching, I'm Martin Hinton, editor and chief of Cyber Insurance News and Information. Thank you so much for watching. I hope you enjoy the rest of your day.