fbpx
Adrienne Lally & Attilio Leonardi
This week on the Team Lally Real Estate Radio Show, we interview Attila Seress of Cypac Deep Cybersecurity. Attila explains how cyberattacks are happening all around us, focusing on local risks and how these attacks work. He provides tips on how to avoid becoming a victim, emphasizes the importance of social engineering and cyber hygiene, and shares key insights to protect yourself in today’s digital world.
 
We also have our Experts We Trust with their Tip of the Week. We hear from Jake Kissack of Go Local Powur on how federal tax incentives are making solar energy more affordable and why now is the best time to own solar. Bradley Maruyama of Allstate Insurance explains the importance of keeping your home insurance up to date as your home changes to ensure proper coverage.

Watch or Listen to the full episode

Ready To Find Out How Much Your Home Is Worth?

With over 25 year of Real Estate experience we’ll give the most accurate home evaluation in the market today.
Who is Attila Seress?
 
Attila is the founder and CEO of Cypac Deep Cybersecurity, an expert in IT and business strategy committed to helping companies stay secure. His inspiration to protect others stems from his grandparents’ escape from Hungary in 1956. You may have seen him on PBS Hawaii, KITV, KHON, and Hawaii News Now, where he shares his expertise. He continues to support clients across the islands with strategic plans to stay competitive in a changing economy.
 
Cypac Deep Cybersecurity is Hawaii’s leading cybersecurity specialist, dedicated to protecting organizations from cyber threats with tailor-made solutions for all industries. Their mission is to enable businesses to focus on growth and serving clients, while Cypac ensures their digital security. They serve top industries such as energy and petroleum, construction and engineering, financial services, and automotive sectors.
 
To reach Attila, you may contact him in the following ways:
Phone: (808) 861-9595
Email: attila@cypac.com

Interview Transcription

ADRIENNE:
Welcome back, and thanks for listening to the Team Lally real estate show, home of the guaranteed sold program, or we’ll buy it. I’m Adrienne and I’m Attilio, and if you have any questions, just give us a call at 7999596, or check us out online at Team lally.com

ATTILIO: 
Well, hey everybody, today’s guest is the founder and CEO of Cypac Deep Cybersecurity and expert in IT and business strategy, committed to helping companies stay secure. His inspiration to protect others stems from his grandparents escape from Hungary in 1956

ADRIENNE: 
you may have seen him on PBS Hawaii KITV, K, H, O N and Hawaii news now, where he shares his expertise. He continues to support clients across the islands with strategic plans to stay competitive in a changing economy. Please welcome back our guest. Attila Seresss, hey,

ATTILIO: 
Attila. Hey,

ATTILA: 
thanks for having me. Yeah,

ATTILIO: 
I was gonna say you’re also the reason they built the China wall, but that was Attila the Hun. It’s

ATTILA: 
okay. We’re all kind of related.

ATTILIO: 
And I just for clarity, because people are like, what it’s Attila, but my name is Attilio, but I will tell you, when I introduce myself as Attilio, they always say, Oh, you mean, like Attila, the Hun, like the hunt. I’m like, No, that’s, that’s what the A

ADRIENNE: 
you’re with the O, yes.

ATTILA: 
Well, every time that happens, there’s a, there is a licensing fee you have to give me. So keep, keep, keep a tab. Keep a tab on that. How

ATTILIO: 
did your parents come up with that name? Were you named after somebody else.

ATTILA: 
Well, in Hungary, Attila is, is a more common name than you think, gotcha. And between some other really unpronounceable names, you know, Attila would be good to for him to keep some heritage. But, you know, I was born in the US, and you know, it’s kind of good to to have some, you know, some kind of heritage back, you know, from another part of the world. Yeah, but yeah, well, my kids are have much simpler names, though I didn’t burden them with that,

ADRIENNE: 
and I learned something new about your your ins, you’re the inspiration for your company, yeah, from your grandparents. Yeah,

ATTILIO: 
tell us about that. Yes,

ATTILA: 
sure thing. So, you know, growing up, I would hear all kinds of stories about, you know, fighting the Russians and fighting the communists, and how, you know, they had to sneak out of the country under the darkness of night. And you know they had to, you know, they would hide, you know, ammunitions and stuff in my mom’s crib underneath, you know, where she’s slept, you know, as part of that revolutionary movement. You know, the kind of things you see on Star Wars now, yeah, with the, you know, with the rebels, that’s, that’s kind of where it stems from. And, you know, as hearing those stories, I always wanted to, you know, I kind of had, like, this protectionist, kind of Papa Bear mentality from, from hearing those stories. And you know, when I, when I moved to the islands over 20 years ago, you know, I saw that, you know, this place was vulnerable in the same way that, you know, my family had been vulnerable, and I wanted to do something to protect the community. And you know, the next front, of course, is cyber, is technology, and we, you know, we created a small team and and brought in some good experts to try to protect the islands from what I saw was starting to happen again. From Russia, they were again the antagonists in this story. And, you know, of course, there’s other places in the world, like China and Iran. They’re also trying to get at us, but we are the gateway to the east. Hawaii is at the front lines. We’re in the trenches, literally, and we have to do all we can to keep ourselves protected, because we’re a community or an ecosystem. If any one small piece of that falls, if any sort of disruption occurs in the economy, then that does have a trickle down effect, and it can affect our ability to be mission ready if there’s a, you know, a real problem that occurs, that’s, you know, a kinetic piece of warfare. So, yeah, we see these things all the time. Just the other day, I was listening to how Kansas City’s water treatment system got shut down because of a cyber attack. So these things are happening every day, all around us, yeah, and in real estate, too.

ATTILIO: 
Now, the thing to note, and I we see it on your website, because we’re live streaming, and it’s, it’s coming up on our screen, is that you live here. You’re not calling from, you know, Guangdong, China or somewhere in the mainland. You actually live here in Hawaii,

ADRIENNE: 
right? And for over 20 years. Yeah, you’re right, yeah, yeah.

ATTILA: 
Kids weren’t raised here. All the families here, everything’s here. So, you know, I’m probably one of those rare transplants that came here. And, you know, want to do good for the place where I hope my kids can continue to live and thrive and be professionals. Yeah,

ADRIENNE: 
now I want to encourage our listeners to to go. I mean, they go to your website, Cypac, Cypac com, can they sign up for your newsletter? Because you send an amazing email with all these tips. Every I don’t know, every couple weeks I’m getting some new tip from you.

ATTILA: 
Well, you know, we do our best to try to to try to actually give instructive weekly emails, and that is the called the deepwatch newsletter. And the problem is this, if you go online and just look for cybersecurity news, it’s this tsunami of highly technical news that you can’t really do anything with. It’s not something you can take to heart and say, oh, you know, let’s say Disney was hacked, which they were right, yeah. What do you do with that? Right? Nothing. You can’t really do anything in your life. But if there is a breach where perhaps your email address was involved in your password, which did occur recently. Then I give you some tips on how you can search to see if that information is out there and what you can do about it. So that’s kind of the thing. We try to give actionable content and actual, real advice to the everyday person, for the grandparents, for the kids, for the people at home and in their business, so that they can stay safe and not have an incident. Because we get the calls and there’s an incident, and by that time, the money is gone. It’s hundreds of 1000s of dollars. It’s shame and embarrassment, yeah? It’s, you know, reputation damage. That’s hard, that’s really hard. Yeah? But health care, right? Prevention, brushing your teeth, doing your oral change, all these prevention kind of techniques that you can do with cyber hygiene so much easier.

ADRIENNE: 
And these are all like, relevant things that are happening right here in our community. And, you know, we again, we’re live streaming and showing some of the, you know, past newsletters and videos that you’ve, you know, you’ve shared, like,

ATTILIO: 
by the way, if you want to sign up again, That’s Cypac.com Why see it? Cy pac.com and get that newsletter? But go ahead. Adrienne,

ADRIENNE: 
yeah, so there’s a lot of relevant issues, of things that are happening right here in our islands, which I think is, you know, it’s important to stay on top of that and be aware, like, there’s one thing about the parking ticket scams and, you know, like, what else? What else is are you seeing happening here locally that we need to be aware of? Well, certainly,

ATTILA: 
but this is a real estate show, so yeah, I have two things we can talk about real estate. Yeah,

ADRIENNE: 
let’s go over there. So the big

ATTILA: 
ones were in November and December of last year. So first American and df and Fidelity National, yeah, they

ATTILIO: 
both got an escrow companies. Yep, they got hacked.

ATTILA: 
And when a hack occurs, you know, escrow gets delayed because they can’t work. And and this is a when these things happen. These are great case studies for us to go back and say, Hey, if you were them, what would you have done differently? Yeah. Now a clue could be that first American was hit with a $1 million fine by New York State Department of Financial Services for violations stemming from a cybersecurity breach back in May of 2019, so our first clue is that there’s a history. So the most important thing to note is that when, when there’s a little tip tap, when there’s a little you know, when the bad guy kind of gets their way inside of your system, they’re not going to give up. Yeah? So if you ever gotten an email where it’s asking you to enter some information, and you got fooled into entering some information, and you think, well, maybe that’s not so bad. I changed my password. I’m in the clear. Guess what? You’ve been more moved to the front of the line. Yeah, you’re you’re now on the buffet tablet guys, yeah, they’re a target, and they’re gonna keep coming after you. And when I say they it’s because it’s an ecosystem. It’s a one group of bad guys says, oh, you know, we had a little luck with these guys here. Why don’t you try it? And then they pass it over to the next group of bad guys, yeah, and then they try to get you. And then, you know, it goes the next group of bad guys. And the reason that I can say this is because we see this happening. Someone gets hacked or compromised, and everything goes away for six months, and then boom back again, full force. Then it goes away for six months again comes back. So what can we learn from this? And the two big things are social engineering and. And cyber hygiene. And I can talk a little bit more about these things if you’re interested.

ATTILIO: 
Cyber hygiene, yeah, give us the mouthwash for for cyber security,

ATTILA: 
sure. So this all comes down to having some really good habits, and we can all start with a thing that no one wants to talk about because it’s so boring, but so important, it’s passwords. Yeah, so and 90% plus of people use the same password on multiple accounts.

ATTILIO: 
I think, isn’t it? Like 50% of the people use the word password as their password,

ATTILA: 
you are correct.

ATTILIO: 
But do that is unfortunate. That’s

ATTILA: 
unfortunate because imagine if that’s your password to your Netflix account. Yeah, so what they’re gonna say Netflix? Big deal. But what if that’s the same password for your payroll, your email, your LinkedIn account? Now they can go outside the bank accounts, absolutely and all these things can, you know, once they’re in, they can start impersonating you and start doing some malicious actions, yeah, and it’s very difficult to get that back. So, for example, a local accounting firm recently called us and someone had gotten inside their email. And this has happened and more than one accounting firm locally where they got inside there, you know, this the CPA offices email, and they start sending out invoices to all the clients, saying, Hey, you owe us money. And, and, you know, okay, so the clients pay the money, and don’t think much of it, because they already have a relationship with their you know. CPA, yeah. And that money disappears, of course, and now there’s a reputation damage. How can you trust the CPA? Yeah, to really do their job? Well, if you know that, it damages relationships, and we’ve seen this firsthand, or CPA firm had to close their doors, oh, because of that reputation damage, yeah,

yeah. Well,

ADRIENNE: 
at Hello, we actually had a close friend of ours who these bad guys were able to get into his phone and get all of the passwords and just start, like, trying to move money around, impersonate him, and had he changed his phone number several times, and they just kept coming because they knew he had money, and they just kept trying, like, all these different angles, so much so that no more credit cards, just everything is, I guess, cash and check. You

ATTILIO: 
know, we had, I don’t know if you would know this until then. I don’t, because you can’t just know everything. But I heard, and you tell me whether you’ve heard this or not, that the iPhone is a little bit more secure than the androids, or is that just all Apple people gossip?

ATTILA: 
Well, you know, to be honest, it it’s not an easy answer, yeah, it depends. So what, what happens, and this is not just Apple and Android and computers, is that a vulnerability will be discovered and they will say, Okay, this is called a zero day vulnerability. Zero Day means that it’s day zero right now. It can be exploited. And depending on how bad the zero day is, it can do as you describe, take over your phone, download all your contacts. In fact, installing a malicious app, even if it doesn’t have a zero day, the app can access your contacts, takes those contacts, sucks them out of your phone, sends them off to the bad guys. Yikes. Now what? So those kind of zero days need to be patched. And typically, there is a cycle where the security researcher will discover the Zero Day, gives it to the manufacturer, such as Apple, to fix, and then Apple says, Okay, we’re going to patch this up and send it out. And so that’s why it’s always important to do those security updates on your iPhones. However, many times manufacturers don’t get around to getting a patch done, or somehow the zero day gets leaked, and when the Zero Day is leaked, now we get into something called a zero day in the wild. So that exploit is in the wild and currently being used by the bad guys. And they’re, believe me, they’re going to use it up as much as possible, or even after the Zero Day is published, if you’re not unpatched, they’re going to still try for a month or two, just, you know, for all those guys that are lagging behind on their patches, so they can take advantage of as much as possible. So I wouldn’t really say it’s iPhone or Android. It’s really the iOS and Windows and everything keep your systems up to date. That is a good, you know, tip for cyber hygiene, in addition to unique passwords for every site and ensuring that you have two factor turned on, is making sure that you have

ATTILIO: 
the two thing updated, yeah, and it’s not like a like a thing in line dancing. It’s a security procedure. So different

ADRIENNE: 
passwords for every site, having the two step authentication, yeah, enabled on all of your accounts.

ATTILIO: 
You know? And I’m guilty of it too, and you probably hear this from clients, we’re just too lazy. I’m like, Oh man, I gotta do a two step thing. Yeah?

ADRIENNE: 
Well, think about your your bank accounts being infiltrated, and then become un lazy. Well,

ATTILIO: 
when you’re eating candy, you don’t think about the dentist drilling the cavity. You just enjoy that. Snickers. So I think that’s human nature is the challenge, but that’s always gonna keep a Attila in business. Well,

ATTILA: 
remember, I’m not going to give you any advice. I don’t do myself, and I don’t have a solution for so the solution I offer you is to get a password manager and LastPass and keeper word. And these are all kind of well known names. You can install a browser extension that will automatically generate a complex password. So when you change the password to your bank account, let’s say, and it can store a very long, complex password, and then on the second page, where it says, Hey, enter that two factor code instead of having a text message you, which, by the way, in the country of Taiwan has been outlawed because sim swapping got so bad, which is what you described earlier, how their phone got taken over and the text messages were so you can use something called an authenticator app, and that’s done through Google or in any of these password managers. So in keeper, for example, it takes a QR code. It’ll put in that six digit code that rotates every minute, and it’ll automatically populate your website’s form field where it’s asking for the six digit code automatically, so you get two factor authentication by having a password manager be your password storage and your two factor authenticator, your authenticator application. And so that way you get lazy, right? No problem. You just go to your banking website, click on, sign in, boom, two factor code. Boom, plops in automatically on your browser, hit next, you’re in your bank account.

ATTILIO: 
Gotcha. Easy peasy, yeah. So you just, it’s just a just putting it in place is the effort

ADRIENNE: 
that’s it. Just knowing about these, these little tools that are available, and it’s not hard

ATTILIO: 
now and then. But I I know, because I’m like, one of those listeners walk us through that, describe it one more time. Because I know there’s people right now listening like, Huh, what did he say? Mildred? Turn that up. I didn’t hear what a Tello said. Say it one more time. With, with all that password stuff,

ATTILA: 
if it’s if it’s a Mildred, we’re gonna have to turn it up extra loud, but it’s okay. I’ll go slow. So what you want to do for your password management is have a unique password for every single site on the internet that you use. Yeah, and it should be complex and not similar. So for example, you can’t use password one on one site and then password two on another. Or some folks try to get creative. They say password F for Facebook or password L for LinkedIn. So they try to use an algorithm. Don’t bother have it do the generation of the password for you. So use a password. Install the browser extension. So that means that when you go to that website, it’s going to say, Hey, I see a password here. My repository for Facebook. Would you like me to fill it in for you? Yes, you can hit Yes. At that point is going to say, Hey, would you like to set up a two factor code instead of having it text message you? Yeah, that two factor code use the built in authenticator. So there’s typically two ways, or at least two ways, sometimes three, that you can get inside. One is through SMS, so text message. Second is a phone call, where they can call you with a code, or third is the authenticator, which is a QR code and will automatically put in a cycling six digit number into that website. And it’ll automatically fill it in for you, so you don’t have to do steps one and two, because one and two is vulnerable, and with enough time, effort and energy, bad guys can steal your cell phones access. Yeah, we do have this happen. We’ve had people had their homes, titles transferred to bad guys. We’ve seen that happen firsthand. Yeah, absolutely. And the key thing you want to look out for is when, if your cell phone suddenly stops working, yeah, and that it has zero bars and says no service, that’s your sign Something’s happened.

ADRIENNE: 
Someone’s in your right away, yeah, turning your phone off doesn’t help. They’re in there because

ATTILIO: 
they already got it and cloned it to another phone. Yep,

ATTILA: 
correct. And you have to remember, the industry that you’re in has high dollar value transactions. Yes, that’s what they’re after. So it’s not necessarily in real estate, it’s also in construction. So we’ve had contractors and subcontractors get scammed out of 10s 1000s, sometimes hundreds of 1000s of dollars. AO, aos. It’s well known locally that’s happened. They’re

ATTILIO: 
fun. They’re flowing their access to funds. Well, there’s a lot of money transacting every month. And then you have, there’s the budget man. They could have like two. Million dollars sitting in an account for their budget. Same thing with construction companies. You know, construction loans are getting a lot of money in a short title

ADRIENNE: 
and escrow companies, they’re collecting the down payments. And, you know, by

ATTILIO: 
the way, I just want to say Attila is so dedicated to this process that his kids will be wearing authenticator costumes for Halloween. They’re dressing as authenticators.

ATTILA: 
That’s not a bad idea.

ATTILIO: 
Who are you little Timmy, oh, I’m an authenticator. Okay, here’s a full size

ATTILA: 
Snickers. So

ADRIENNE: 
what other chips do you have for this cyber hygiene and these habits that we must implement? Well,

ATTILA: 
I definitely want to, you know, talk about the second thing was the social engineering.

ATTILIO: 
That’s the way that really, these guys get in. They call you up. It was Jerry from accounting. I’m locked out. Can you give me my password? That’s how they got into MGM, wasn’t

ATTILA: 
it? That’s it, yeah, and it’s it has happened over and over again, yeah. So social engineering is a is a way to, you know, prank call someone Yeah, and get them to either let you in by phone, yeah, or they can even put on, and we saw this during COVID 19. They put on an official looking uniform with a clipboard and asked for information, and they can go door to door and and fill out the information. Now they have your social security number, and what can they do with that all kinds of stuff, yeah, so social engineering is a way to fool someone into giving you access to their important information, yeah. Now remember, there’s different values for different types of things. Your credit card number is pretty low on that chain, yeah, but things like your blood type can’t change that very easily. You know, medical history also hard. Social Security number even harder. Place of residence, who stuff? Mothers, right? Mothers maiden name Absolutely. Once they get that stuff, it’s out there. And we’ve seen, you know, everything from this was just a couple weeks ago, speaking with someone locally who had his identity had been stolen, and they opened up something like 15 or 20 credit cards under his name, and the only reason he found it was because he had the he went out of town and the mail, and the post office was holding his mail for him, and so They were literally stealing it out of his mailbox as it came in. So all these things are happening, but what can you really do about it? And that comes down to having a structured cybersecurity awareness training program for your team, because those training curriculums are going to help your staff understand what to look out for in a text message, not to give out on a phone call, what to look for on an email. And I’ll tell you right now, the calls that we’ve seen and heard, I’ve heard, even firsthand, are amazing. Using AI, they can impersonate clone voice anyone. Absolutely, yeah, absolutely. They can replicate our conversation with perfection. Yeah, and you wouldn’t even know it.

ADRIENNE: 
That’s so scary, like you might be thinking like you’re talking to your mom, well, but it’s the bad guys

ATTILIO: 
I want to tell you right now. Just tell a really horrible dad joke. And if there’s no reaction, it’s a real person. But, I mean, it’s, it’s, I was thinking you were just reminding me of something where the somebody had actually done that. I mean, I heard a recent podcast where this guy was just actually, I think the FTC has just ruled it that Robo dialing with clone voices for sales purposes now is has been deemed illegal. I think it was, like the first of this year, and there’s a big fine that comes with it, yeah. But it’s pretty scary out there, because I think, like, what you’re saying is that, you know, we’re not, you know, Hawaii, we’re all, we’re known for volcanoes and a false inbound missile message that went out to everybody and and the point I’m making is that it’s not going to be an inbound missile that gets us. It’s probably going to be cyber hackers, yeah,

ATTILA: 
and they’re already in, yeah, yeah, yeah. They’re already here in many networks, yeah, if you kind of look at a successful virus, yeah, right, a human virus, it’s not one that comes in and kills the host, it’s one that can come in, replicate inside of your body and then transmit to another, yeah, and continue the process. And that’s what they’re doing. So the, you know, the big kinetic, you know, bomb coming out of the sky that doesn’t do anyone any good. What? What does do good is if they can worm their way inside of a DOD contractor, yeah, and then that DOD contractor has access to other federal, you know, something called FTI So, or controlled unclassified information. And then that control and classified. Permission. Then makes their way into the hands of the enemy, at the adversary, yeah, and then they come in and they, they’re able to shut things down that way by going into other ways. So it’s, you know, we’re, it’s part of this internet, connected world we live in. It’s, it’s wonderful, but it’s terrifying at the same time, yeah, it’s

ATTILIO: 
the good and the bad and so

ADRIENNE: 
and then, Attila, we’ve only got a couple minutes left on the show, and I know you were starting to talk a little bit about educating and educating the staff, just like, for, you know, basic things to do to avoid an attack on, you know, personal self or your company.

ATTILIO: 
So that’s something you can like, do a zoom, or come into an office do a presentation if they end up being clients, and that’s part of your your checklist with them.

ATTILA:
Oh, we can yes and no, okay, I recently did this for a real estate firm, and it was really fun. Yeah? But you know, the sugary donuts and coffee tend to kind of make most of it fade, yeah? And most of this really does fade by the time they walk out the door. So one thing I would leave your listeners with is look for any sense of urgency. That’s your red flag. If they’re trying to get you to do anything now, then stop and reassess and especially tell someone, because often times they tell you not to tell someone. I was doing a webinar, I think it was with Kirk Caldwell or something recently, yeah. And afterwards, I heard from some from one of the listeners. They said, You know, I was listening to you talk. And as it was happening, my mom was running out the door behind me, yeah? And he said, Mom, Mom, Mom, where are you going to do?

ATTILA:

And he says, Oh,

I gotta get these gift cards, pick up some gift cards, because the police are gonna come arrest me. And she said, Hold on, mom, yeah. And so there is a lot of embarrassment behind this. Yes, don’t be embarrassed. Happens all the time. We do some community service with, you know, older people who have, you know, I won’t get into details, but they’ve had a lot of money stolen because of either, you know, romantic, you know, interest, or they’ve come across somewhat, you know, a good story, but it’s always a sense of urgency, yeah? It’s always something like, Oh, I got to get this money to this doctor, because he’s in Africa and he can’t cross the border to help the children who are in need because he doesn’t have the money. So I gotta get him $30,000 yeah, absolutely true. Example, they’ve

ATTILIO: 52:23
gotten more sophisticated than the Nigerian prince that needs to get the $3 million out of Africa. So Alrighty, well, thanks for being on the show. I know we’ll have you on here again. We just want to remind our listeners, saipak.com is where you want to go to get more information. Sign

ADRIENNE: 
up for the newsletter. For the newsletter, yeah, get in contact with Attila and his team, especially if you’re like, running a company that has money going through those accounts. All right,

ATTILA: 
absolutely glad to help.

ATTILIO: 
Yeah. Thank you for being on the show, Aloha, aloha. All right, so that was Attila with Cypac security, their website, C, y, p, A, c.com,

Follow Us On Social Media

Looking For A Home in Hawaii?