The Power of Probability with Alex Cosoi
50:40 Share

Running a small business takes endurance, determination, and the right support to reach your goals. And MasterCard is here to help fuel that journey in a fast-paced digital world. With innovative tools and resources, we're here to guide businesses every step of the way digitally. Because when small business wins, everyone wins. Let's power up our communities, one small business and one step at a time. Keeping the community running strong, priceless...

This episode is brought to you by Progressive, where drivers who save by switching save nearly $750 on average. Plus, auto customers qualify for an average of seven discounts. Quote now at Progressive.com to see if you could save.

Progressive Casualty Insurance Company and affiliates national average 12-month savings of $744 by new customers surveyed who saved with Progressive between June 2022 and May 2023. Potential savings will vary. Discounts not available in all states and situations. You are alive against stupendous odds.

And I take the posture that because of this, life should be cherished. Welcome to StarTalk. Your place in the universe where science and pop culture collide. StarTalk begins right now. This is StarTalk Special Edition.

Neil deGrasse Tyson here, your personal astrophysicist. And of course, we got Gary O'Reilly. Gary, former soccer pro, sports commentator. Yep. Hi, Neil. And longtime co-host of StarTalk Tech Nice. What's going on, guys? Today's topic is one of my favorite, just as an educator, simply because it's where people misthink things most often.

And I feel extra responsible to try to get in there and make it work for them. We're going to talk about probabilities. So Gary, it was your idea to do this topic.

I love the topic. I devoted a whole chapter to it in a recent book I published. So I'm pretty fresh in commentary regarding it. But more specifically, where did you want to take me on this? So probabilities, Neil, calculating risk gambling, call it what you will. We all do it. Stand on a wobbly chair, eat that food in the fridge that's been there two weeks. It's a gamble.

Probabilities has its own branch of mathematics. Yeah. And it's intertwined into so much of our everyday lives. Risk and assessment for insurance, predicting extreme weather models, which has been very, very important in the last few weeks. It's baked into AI and especially technology.

that annoying predictive text program in my computer that tells me what I should be typing and I hate it for that only. It's probability that's used in cyberspace.

And we do without realizing have that baked in again. And we'll get to that later on in the show when our guest, Alex Koshoi, he's chief security strategist at Bitdefender, the cybersecurity experts. And we'll open up what it's all about, where it's going, what it's likely to look like going forward and our approach to risk itself. So having said that, Neil, let's find out more.

about what happens when a bunch of physicists turn up in Las Vegas. Let me preface this by saying, back in the 1980s, my community of physicists, the American Physical Society, the APS, have annual meetings, and one of them was scheduled for San Diego.

San Diego, especially of late, is a big convention town. Comic-Con, the most famous of the world's Comic-Cons, takes place there. The whole city sort of adjusts for it. There's a convention center and everything. Anyhow, the community of physicists had booked hotels and was ready. And it turned out there was a snafu where the hotel reservations failed for some reason, and I don't remember why.

So here's this convention that was supposed to happen and it can't happen. So what do you do? Well, the MGM Grand, then the MGM Marina in Vegas says, we'll take you. We are the largest hotel in the country. We can take you on short notice. So the APS pivoted to Vegas.

pivoted. And so that year's convention was in Vegas where people give talks and their public talks and, and professional talks and this sort of thing. All right. A lot of breakout rooms. It's where we sort of reconnect, especially in an era before there was much emailing going on. It's a geek, it's a geek fest. Yeah. Thank you. Physics geek fest. Well, a week later there was a headline. This is after the conference.

physicists in town, lowest casino take ever. The American Physical Society has been asked to never return to the city. That's great. And so you can ask, well, did the physicists sort of know the odds and play the odds? No, they just didn't. Didn't play. Because here it is. It is the only activity where physicists

The people tell you we are legally cheating you. Now, we just want you to know this. When you come in, the reason why we say good luck is because we already win. Right?

And the great thing is, Chuck, when you get a little bit of a run going, if that ever happens, they see you and they bring you free drinks. Well, I was going to say, any place that brings you free drinks, there's a trap somewhere. There's nobody that says, hey, just drink up all my liquor. And yeah, and that's all. We're good. No. So...

No. Here's the cabinet. Here's the key. I had a party where my best friend at the time opened up my cabinet and took out a bottle of the Macallan

30-year-old Scotch. Right? Which I don't share with anybody. Okay? And proceeded to pour off my Macallan to my other friends. And I went around and picked up the glass and said, what the hell are you doing? You don't get to do this. So anybody giving you free liquor is a catch. That's all there is to it. So that lets you know what Vegas is up to. Nice to know you've let that go, Chuck. Yeah.

Chuck is still in therapy for many things. Yeah, many things. That is one of them. Yeah. So I thought I'd look a little more deeply into this, only to discover that...

If you look at various branches of mathematics, of which there are many, but let me list a few. Let's go in sort of historical order. There's sort of geometry. Geometry means earth measurement, by the way. I guess that would be Greek. Geometry, earth measurement. You have geometry. You have arithmetic.

You have algebra. Which is the terrorist version of mathematics. I'm sorry. Just move on. Let's keep moving. Algebra. We keep going. You can get to calculus. There's trigonometry.

Whole branches of math that we remember, even if you're part of the walking wounded of those classes, we remember these from perhaps as early as middle school, certainly high school. If you sequence these, do you realize all of those branches of math were discovered, invented before it occurred to anyone to take the average of numbers?

Okay. Oh, interesting. I see what you're saying. Okay. Yes. That's weird. That is. That's weird when you think about it. So here are these numbers. You add them together, divide by the total. Somebody had to do that first. Okay.

That didn't happen until, when did I have, late 18th century? Long after calculus. Newton had calculus in the bag, okay? By the late 1600s, early 1700s. Calculus, people. And now someone later on says, hmm, let me sum these numbers together and divide and see if that means anything. Well, that's early statistics. Right. And

And there are books as late as the 1800s that believed, these are official math books that describe how you can influence the outcome of a certain set of probabilities because they believed that was the case because probability and statistics was not yet properly formulated as an authentic and bona fide branch of mathematics. Right. Point is, why is that so?

How is it that people, we in our species can say, we need calculus and there's no probability. Okay. There must be some, something absent in our brain wiring that prevents us from thinking natively in this space. Yeah. It's, it's, it's called heuristic hubris. Yeah.

That's who we are. Because outcomes are what we want them to be, not what the math says they will be. And we still do that. We still do that. We still do it. To this day. Are we not hardwired, Neil, to calculate risk as a survival mechanism? Well, okay. So if you speak with sort of evolutionary biologists, they will frequently, and I think without much debate, tell you,

that we do make certain assessments. For example, if this will take us to an aspect of how the brain works, but consider there's something that repeats multiple times and you learn that, and it hurts you. Then you say, well, let me not do that again. So then you don't, and then you avoid it. So this is, this is simple. So this is the act of how repeated occurrences

decide for you what the future is going to be. All right. And this, this matters for survival. My favorite survival fact is how we live.

put order on things, even if there's no order there. That has extraordinary consequences. Let's look at how it might have begun. So we're in the Serengeti and you don't want to get eaten by a lion. And there's the grass, you know, the amber grass is blowing in the breeze. And you say to yourself, I wonder if there's a lion there.

In fact, I think there is. Let me go check. Yeah. Yeah. Right. Okay. This will summarily remove sort of the curiosity gene. Yeah. Because you don't get to have children to be curious. If it is a lion. If it is a lion. You don't get to have curious children to the extent that curiosity is inherited. Okay. So, yeah.

It turns out we are better off thinking there's a lion in the grass, whether or not there is, and then going in the opposite direction than not thinking there's a lion in the grass, missing it and having it eat us. But consider that we think there's a lion in the brush, whether or not there is one, and that's the genes that got protected.

Okay. So this is pattern recognition. We will see patterns even if there isn't a pattern there. We can put a set of random dots. Right. And you say, oh, I see this and I see that. You must have done that on purpose. Clouds. Because I see it. And your life experience overrides the mathematics of what just happened.

or your life expectations or your life belief system overrides it. The pattern recognition, Neil, is the probability that that will happen, as you say, from experience. And we use this in sport a lot from analyzing gameplay. So let me bring this to the present. We have this feature in our brain wiring to detect patterns even if they aren't there because that was in the interest of our survival.

we're not making those same decisions anymore about whether we might get eaten by a lion, but that's still that, that brain feature remains within us.

And we see patterns in everything. And we think because we see a pattern that the pattern is real. Even we think the absence of patterns is a pattern. You had a roulette table. And I said, why do you keep betting on seven? It's due. It's due. It's crazy. And I said, how do you know it's due? Because the roulette table shows you the previous 10 rolls.

Okay, spins. Oh, the previous 20, and you don't see a 7 there. It's due. No, it's not due. Go take a freaking probability class. Yeah, it's not due the same way the Washington Generals are not due to beat the Harlem Globetrotters. Yeah. How about that? They play the Washington Generals? I don't know what they're called now. I don't know. It's like 40 years ago. Made up nine. So this notion that –

Because it hasn't happened recently, it's bound to happen in your next bet, is how casinos make money. Casinos exist to exploit these frailties of the human brain wiring. They exist for that purpose. But it goes back to the point you had about magicians. The casinos know more about how you think than you do.

Yes. And they manipulate that, obviously. And it's completely manipulated. And like Chuck said, they tell you that going straight up. Hey, by the way, we're going to cheat you today. Enjoy yourself. Right. Getting cheated. Is that why they call Las Vegas lost wages?

Lost wages, yes. And so, by the way, as a scientist, we know how important probability is to separate your own bias on what is going on in the world from what is objectively going on in the world. So every year I was in school, we had some element of probability and statistics taught related to the aspect of the sciences that we were addressing.

So I would say all told, I might have had eight years of probability and statistics. Yet, if you look at a school curriculum, it's not there at all. No. At all.

Now, will you grant me one conspiracy theory? Go ahead. Depends which one it is. No. See, Chuck believes in me. He just says go out. Go ahead. Go for it. If he doesn't like it, he's going to slam you down, but never mind. Okay. There it is. You know the state lottery systems? Yes. Do you know how they get funding for that and what they – you know, there's tax levied on that. Do you know where that money goes to typically? No.

Well, they tell you that it's for education. Education. Let's assume that's true. Let's even assume that's true. So it's for education. And I said, oh, that's good. Public education, you know, K through 12. And then I looked at the curricula across the country of what is taught. And probability, if it's taught at all, is only an elective. It's not a fundamental part of the math curriculum. And so it occurred to me that

That as long as they don't teach probability in school, you are susceptible to playing the lottery. Which funds the school. Which funds the school. Playing for your education. If they talk probability, it could be the end of the state lottery system. Well, yeah, because anybody who knows something about probability does not play the lottery. As a matter of fact, my father used to tell me, take a dollar a day.

The dollar you would play the lottery. Start right now and just take that everyday dollar and put it in the bank and through compound interest. It will take 20 years, but you will hit the lottery. That's good. People trying to assess their health or their security based on risk.

risk factors and I think in the book there are people who smoke knowing that there's a risk of cancer. Yeah. And I think if you're an active smoker, there's a one in eight chance that your tombstone will say died of lung cancer. And so then I thought, let me glorify that up a bit and say, okay, instead of you just taking that risk, let's do it this way. Today, everyone who lights up a cigarette is

One in eight of them on that first puff, their head will explode and they'll fall over in a pile of blood on the pavement. And if that is not you, you get to smoke for the rest of your life without cancer. Would you take that risk? Well, what brand of cigarettes are we talking about? The exploding kind. The exploding kind.

So what I tried to do in the book was rejigger the risk into something that might be a little more tangible, a little more devastating for you to hear, even if the numerics remain the same, just to try to get at the fact that our brain is not wired for this to happen. So yeah, Gary, it's sad even. I drive by casinos and it's like, man.

I'm sad for our brain wiring and for the education system that doesn't address that fact. You drive past a casino, Neil, how often is the car park full? Full all the time. Yeah. All the time. Yeah. That's why you got to be an especially bad business person to lose money if you own a casino. Yeah.

Or in a movie where George Clooney turns up with some friends. Ocean's 11, 12, and 13. 13, 14, 15, 20, whatever they're up to now. Yeah, the franchise just keeps paying off.

Did you know Toyota has an all-electric SUV? It's called the BZ4X, and it's a secret worth sharing. Skip gas stations and feel the thrill of electric driving from a brand you can trust. The BZ4X features smart tech that keeps you connected, and its modern design helps you stand out in the right ways. It's the excitement of a Toyota all-electric powertrain combined with the reliability you'd expect.

It's all electric and it's all real. The Toyota BZ4X. Learn more about it at Toyota.com. Toyota, let's go places.

Every memorable gift starts with a story. This holiday season, give something with power. Jefferson's Ocean Bourbon and Jefferson's Ocean Rye are aged at sea where they're transformed by unpredictable and unrelenting elements. They'll taste the journey in every sip, darkened by pounding waves, kissed by ocean air, caramelized by equatorial heat.

Give the gift of adventure. Give Jefferson's Ocean Bourbon and Jefferson's Ocean Rye. Please sip responsibly. Copyright 2023, Jefferson's Bourbon Company, Crestwood, Kentucky.

Let's talk about your holiday to-do list. Preparing for guests means more time sweeping, vacuuming, and mopping. You deserve some extra help cleaning with our most advanced 2-in-1 robot yet. The Roomba Combo 10 Max vacuums and mops with ease, and even empties itself automatically afterwards. Take more time back to enjoy the holidays while Roomba takes care of all those festive floor messes. Don't miss out on our greatest deals of the season at iRobot.com.

I'm Jasmine Wilson, and I support StarTalk on Patreon. This is StarTalk with Neil deGrasse Tyson. So Neil, we're programmed, we're hardwired, but...

How do we get here? What's the probability of actually us existing, being alive, being born? Now, do you mean like having a mother like mine and making it to adulthood? Or do you mean like being conceived at all? Well, let's start with conception. Oh, okay. And then move through the laundry list. Obviously, humans have no...

trouble making more humans, right? Eight billion in the world. We'll put an asymptote probably to 10 billion in the coming decades. So having a person of any kind is not the issue here. We can ask the question, what are the chances of you, specifically you, Gary O'Reilly, having been born? And so we look at your...

your genetic code. And a way to address that is how many possible configurations of that genetic code exist. Wow. And you're the one that's you. Yes. Okay. So you can do that now, you know, there's lots of ways that they arrange and many of them, you can, it makes a human, but it's not entirely viable where you have like three arms and two heads or whatever. So if you remove all the ones that,

that create oddly different but still living humans, okay? And so we talk about what we call a normal human. There are different ways you can estimate this, but we think it's one in a billion, trillion, trillion. Wow.

That's not even a number. What you just said, it's not even a number. That's what a kid says, right? It's a billion, million, trillion. But there's a lot of configurations. The point is, the total number of humans who have ever been born, you can estimate that, is about 100 billion.

Okay, that's a round number, but that's about what it is. So you can ask if 100 billion humans have ever been born, yet we have the capacity to make a billion, trillion, trillion humans, a vanishingly small fraction of all humans who could ever exist, have ever been born. Interesting. So what are the chances of you showing up once again in this genetic code? The answer is never. Never.

It's never. Yeah. Okay? Because of how much larger the total number of possibilities are compared to anything we will ever create on this earth. So you are alive. You, Gary O'Reilly, are alive against stupendous odds. And I take the posture in the book that because of this, life should be cherished. Agreed.

And by the way, even if you did show up again in the genetic code, there's no reason to think it would be you. No. It would look exactly like you. But we've done these experiments. They're called twins. We have identical DNA and you're not the same person. You have independent thoughts. Okay. You even have different fingerprints. Turns out.

So the clone experiment doesn't require a machine to wonder how that's going to turn out. People said we shouldn't have clone machines because we'll clone people for their organs. And I'm thinking, do we do that with twins today? Do we purposefully have twins to take out their organs? No. Why would we behave any differently with a cloning machine than we do in the presence of twins that already walk among us?

Point is, you're never going to get another Gary. And so armed with that information, that cosmic, that scientifically informed cosmic perspective, we should treat life as the most cherished thing on earth. And not enough people do, leading to all manner of misery and bloodshed and war and in this world. I wonder if people really knew the statistics of this.

If we treat each other more kindly and more considerably than we do. Depends on how much you like war and bloodshed, you know? Oh, some people. Some people are into that, you know? Not in their own bloodshed. Right. No, that's the point. Yeah, exactly. It's so funny. You're such a scientist because you actually went at that from the DNA configuration perspective, which I find fascinating because I thought about this, like, I think everybody thinks like,

you know, could there ever be another me or how many, like, like what did it take for me to get here? And I looked up the average number of viable sperm in an ejaculate, which is somewhere around 200 million. Yeah. Yeah. Half a billion. Somewhere around there, or it could be somewhere. And that means that,

for just me and that one batch. You're one in 200 million. I'm one in 200 million just in that one little batch. Forget the other batches that we don't even want to say what happened to them. You know, I'm just saying, like, you know, dad was once a teenager. That's all I'm saying. laughter laughter laughter laughter

He was 117. But that alone gives you an idea of just how hard it is for a human being to come to existence. Right. And that's another angle that probability takes you into, the rarity of who you are as an individual. Wow. Yeah. Yeah.

So, yeah, Gary, did I hit all the points you were looking for? Yeah. I mean, the thing is, if we go and do every single one, we are going to be here for another day. All right. So, Gary, where else are we going to take this? All right. So, we look at our everyday lives and without realizing it, we are calculating, as we've discussed. And it's kind of like baked into a number of things. We are living our lives online. Some people conduct projects.

a whole part of their life online. They'll have maybe a dozen, 10 or so online accounts, which they manage, which means passwords, which means protection, which means security, all those things.

And the probability of all the bad stuff, probability of it being okay. So I think what we need to do is speak to someone who's really at that cutting edge of cybersecurity. And for that, we have our dear friends at Bitdefender, the cybersecurity experts. And we have Alex Koshoi. I can't believe that's how you pronounce it. If I got it wrong, I'll stand in a corner. He is their chief security strategist.

So this guy is a guy who doesn't just try and look after things. He will go after botnets with Europol or Interpol and bring them down. They're on a large scale level as well as the personal level. So there's a whole different range of how they operate, which I think could be very fascinating. And add another facet.

to how probabilities are entwined into our lives. Yeah, because lately when I choose a password, it tries to tell me whether it's a good password or a bad password. And presumably there's some risk factor calculated to assess that. Otherwise, why would it know anything at all? Like one, two, three, four is a bad password. I mean, there's information that you have, right? That's in the public domain.

For instance, your birthday. Maybe the probability of something bad happening is greater. So we need to speak to that expert. And Neil, here is Alex. Alex, hey, welcome to StarTalk.

Hi, Neil. Hi, guys. Thank you. Hey, you have the bad assest title of anybody ever. It's made up. No, it's just made up. Chief. Give me the title again. Chief what? Chief Security Strategist. Chief Security Strategist. We should salute, shouldn't we? So, Alex, let me start with a couple of questions here. The word risk is

is related to probability and statistics. People think they understand risk, generally they don't, or what they do understand is not the full story typically, but they're making decisions about their lives, about their health, their wealth, and their security based on their understanding of risk. So Alex, in what way does the probability of a cyber attack fold into your decisions and your job?

Yeah, this is, as you were talking earlier, because I've been listening, the probability of somebody being attacked, I would say it's biased. From my perspective, it's 100%.

Everybody will be hacked or attacked or scammed at one point or another. But we also did a study a few years back and all the respondents in total, like 76% of them said, I don't think somebody will target me. I don't have enough money. Why would I be of any interest?

Super false. That's not how things are going in the cybercrime industry. They're practically attacking everybody and it's probability and percent of who actually says and accepts that link and clicks on that button and does the next step. So I'm pretty sure, Gary, Neil, Chuck, you've been targeted by a scam at least once in the past two years. I put $10,000 on that.

Yeah, of course. Can I have that $10,000? I've actually targeted people in scams myself. But the thing is, there's a sophistication to the scam. Because if someone comes in and this has happened to me, they take a very small amount to begin with. And if you don't notice it and let it skip through your bank statement, they come back in and go grab it.

No, there's an upgrade to that. So they tell you, you can invest in this particular business. You put like $10 and you receive a return $50. And then they tell you, if you put more, you'll get more. So you put 10 grand, nothing comes back. How about that? Wow. Okay, so it's a con game. It's not just a cyber attack game.

all in cyber there's somebody has to communicate with you correct in your confidence and then so it's just another con game then it's a shell game you know you're moving those shows around there's a whatever the stone underneath it is but all these things happen now in the cyber world so yeah about whatsapp telegram instagram facebook things that you actually uh use every day

And these platforms are actually challenging you into spending more and more hours in front of them. So when the scammer shows up in your platform, you already believe that this has already been vouched. It has been checked if it's safe or not. So you already have like a 50% bias to do it, right? To fall for it. So our familiarity with these platforms, with our time,

spent on a screen, that familiarity breeds the complacency. Is that what you're saying? I'm sorry, guys. I hate to interrupt, but as you can see, I got to answer this call. It's potential spam. How about that? So you know that it's just coming in right now. So you know that. Hilarious. Clearly that's a scam of somebody trying to get something from me.

Yeah, the idea is that when you received like an anonymous call from a number you don't know or an email from somebody you don't really know, you're like, yeah, it's probably a scam. I'm going to ignore it. Like you have your phone with potential scam. But when you receive these ads directly to a platform that you trust, you've been using it for years.

the chances of you being biased and ignore, Neil, as you're saying, the probability of being scammed, you pass the bias, are so much higher. Like, oh, so I received this ad on Instagram to buy a ticket to some concert, okay? Maybe Taylor Swift because it's super in the news right now.

And it's so much cheaper than the actual prices. And it's on this Instagram or Facebook or whatever. You'll buy it. Oh, wow. And if you read the news, it's about at least a million or more on every concert. A million dollars? Yep. On every concert? Per country. Per country, per concert. Yeah.

That's a very good business. Yep. So now a lot of bands, a lot of bands use one particular outlet. We all spend our times doing PhDs and research. Parents, when you visit California, childhood rules. If you don't remember how awesome childhood is, just ask yourself. What would kids do? Let childhood rule your family vacation. Start planning your trip to the ultimate playground at visitcalifornia.com.

Let's talk about your holiday to-do list. Preparing for guests means more time sweeping, vacuuming, and mopping. You deserve some extra help cleaning with our most advanced 2-in-1 robot yet. The Roomba Combo 10 Max vacuums and mops with ease, and even empties itself automatically afterwards. Take more time back to enjoy the holidays while Roomba takes care of all those festive floor messes. Don't miss out on our greatest deals of the season at iRobot.com.

When you choose to earn your degree online from Southern New Hampshire University, you're saying yes to new opportunities and to new adventures. You're saying yes to something big, something you've always wanted to do. If earning your degree is one of your goals this new year, SNHU can help you get there. With low online tuition, no set class times, and multiple term starts per year, you can set the pace that works for you and save money along the way. Visit snhu.edu today to get started.

So can I ask, why do they want your emails? Like, I get a lot of emails from, I just delete them because there's either nothing in the body or it's a link. And I'm like, okay, everybody who knows me knows I'm not opening any links. So I just delete it. Why would you want to get my email list? You hear people say, oh, I got hacked.

Don't, you know, my email list got hacked. What is the value in an email list? Okay. So if I get a single email address, okay, I can search known databases of passwords associated with that email address. Oh my God. Companies or other leaked databases. Okay. So I have your email address and now I have a list of passwords that you use on different websites. Oh, what? Yeah.

I can go further. Anyone else scared right now? With those passwords. Dude, you're freaking us out. Oh my God. This is terrible. Shut up now. I don't want to hear anything more from you. I'd rather live in my blissful. If you want, you can give me your email addresses and I can do the search for you.

No, no, no, no, no. You already said trust me, right? Now you want my email address. So wait a minute. First they get your email, then they get the passwords, and what else can they do? I mean, what's the next step? Well, there are many steps later on because I can...

see if these passwords are still working. So getting into your various accounts. I can also see if you have the same password to a different email address that I don't know about, like your business email or your Yahoo email that you used 10 years ago and you didn't change a password. And I can see all your previous girlfriends from when you were 17. How about that?

There are so many possibilities. If you work in a company and email and passwords work, I can use those to connect to your, I don't know, VPN account, launch a ransomware attack, make some billions out of it. Okay. Mental note, change all email passwords. Every password I must change. Change it every day. Every day, yeah. We see hacks. We see data leaks and breaches everywhere.

And it seems to be one a week almost. And I know you do this, you fight these bad actors daily and thank God the people like you are out there. But are we not now kind of desensitized and people are to the point where it's going to happen. So what the hell? Have we lost that sensitivity to the impact that this could make? Yes, but not with the right mindset for this conclusion because we

Yes, there are news of cyber attacks literally every day. So when I wake up and read the news, at least one hack per day, right? So people are reading this and they're like, yada, yada, yada, not going to happen to me. That's unfortunately the bias and the conclusion of having being desensitized by this news. And when it happens, and I've been talking to hundreds of victims, they're like, I had no idea this was going to happen to me. You know, I just came up with an idea that I'm sure somebody else has had to have.

But why isn't there a service where I subscribe to

I have a master password, but then that service changes my password on a daily basis. And all I need to do is have the one password to get into them. Yes, these services exist. They don't change your password every day because you don't have to do that. Okay. It's recommended to change your password, I would say, maybe every three months, the password that you use on these accounts.

But these password managers, this is how they're called, they will do what, when you subscribe to a service, you don't have to think about, okay, what password should I use? Should it be long, short numbers? So these are going to suggest a password. They're going to save it for you. You don't even need to know it.

And every time you need to log into that service, the password manager will fill in the password for you. And some of the browsers already have this functionality built in, so that's fine. There are other dedicated software that they're going to keep this passwords list super protected with super encryption. But yes, the idea is that you remember one single master password.

and everything else is being taken care of because for us, every regular people, let's be honest. Okay. So now in 2024, we might have an education of this, but I bet you we have accounts that have been created in 2010. We stopped using them in 2012. They're still active. The passwords are still poor. I don't know.

1234, for instance. And there is information in there that can still cause us trouble if it goes out. Oh, cool. I've got a different angle here. If password hacking occurs because someone gets access to

to a file of previous passwords, then they're not actually decoding your password. No, they're not actually figuring out your password from scratch. Correct. So why is there any difference at all between a simple password and a complex password? If,

They're not decoding your password for its complexity. That is correct. And that's the other reason why you should have a complex password, because there are different ways into finding out a person's password for a particular account. One of them would be, you know, just brute forcing, trying all the passwords.

Another technique would be password spraying, which means trying the most common passwords on a particular account that are known to be used by people. And in many cases, these actually function because

For particular languages, statistically, people use similar passwords. Test one to four, that's quite similar. From one to nine, that's quite similar. I know in 2024 sounds stupid. Even nowadays, we find these passwords in reality. My password is password. Don't never figure that one out. Yeah, yeah, yeah. Somebody from the military.

in like a high-end grade in the military saying that I had a very simple password because I thought they will never try that out considering my job title. It was a big assumption. So do you run algorithms based on the probability of a certain set of characters?

Yeah, where do you have a language? Is that right? Not necessarily the probability set of languages, but also by words in that particular language. And also there are billions or hundreds of billions of passwords that already are in the public space or the public domain from previous hacks. So you can make a statistic on that. They can say, hey, 20% of the people use this password. Let's try that on first. Wow. And chances are it'll work, huh?

We know probability, criminals know probability. So they will do their math first. Damn.

Wow, you want to talk about using math for terrible purposes. You can use it for many things. You know that joke with a very important mathematician that received the Nobel Prize and he had to fly to get it. And he was so afraid to fly because he thought somebody would be with a bomb in the plane and he wanted to reach the destination. But eventually at the event, he shows up.

Everybody knew about his fear. So they asked him like, hey, we knew your fear about a bomb exploding. So why are you here? How did you come? Like, well, I took a bomb with me. What were the odds of two bombs being in the same place?

Well, you can still... That joke... No, all that joke is it's older than TSA, right? Because... Yeah, exactly. Before they checked for bomb. Oh, wow. So, Alex, we're in October 2024 right now, but last month...

There was the National Institute of Standards and Technology. That's the US National Institute that stated, and this was an article that was written in Forbes. So it's a reputable news outlet. But complicated passwords can make you less safe. Yes. Now we're talking about how to make complicated different characters and different cases and numbers and all sorts of things. But why now complication is an issue?

Because otherwise it's password 123. Yeah, there are two ways of defining a complicated password. And one of the ways is actually okay. The other way is not really that okay. So by complicating a password, by making it longer with alpha characters, numbers, and everything else, that's going to make the password super hard to remember.

So unless you're using a password manager, it means that you're going to have to write it down and so on, which basically sets in the mindset of, you know, just giving up, just giving up, putting the same password because it took you so long to create it or just bring them down to make it easier for you. However, you can make long passwords easier.

without doing all these characters, unless the website or the service forces you to, by having a passphrase. I went to the moon and back in a car. That's pretty safe, okay? Or an even longer phrase, something that's easier to remember.

But I think NIST and also our recommendation is to use a password manager. That's going to make your life a whole easier. And also use a multi-factor authentication or two-factor authentication. So besides the password, you can use something else or even eliminate the password at all. You can use all these things. You're going to have a better peace of mind by that.

Yeah, in fact, I have a couple of websites that don't use passwords. Exactly. It's two-factor authentication. Don't you love going to those websites? Yes, it's beautiful. Okay, so...

Neil has quite a distinctive voice and he's in the public domain. Are we now at the point where we no longer use voice recognition as the password? That was like in style for like six months, a couple of years ago. Are we out of that phase because there's just too much AI coming along to replicate?

Yeah, I don't think voice recognition can be still considered a way of authentication. And even face recognition, that's not going to work any longer. I was in a meeting with some of my colleagues and

And one of them was in vacation, but he was showing up in the meeting on Zoom. It was the fake AI. Somebody was playing a joke, which was very nice because he seemed a bit younger. He probably had photos from a previous training, but that was it was scary for us because we know the possibilities. But it was very nice to have. Wait, wait, wait, wait. You just said you had a business meeting and something.

Someone duped you into thinking an AI version of an attendee? Yes, but it was a colleague. It was a colleague. However, there is... Yeah, yeah, yeah. It was on purpose. We knew what's going on. We were just analyzing it and we're like, oh, this is so cool. He looks so close by. But I remember reading an article quite last week about a scam in China where somebody paid $55 million because

Because he was in a Zoom meeting with, I don't know, 13 or 14 other people from the organization. His manager, CEO, CFO, everybody was saying it's safe. He did it. He was the only real person in there. Everybody else was deepfake. Oh, my God. That's Bond villain badness. That's the level we're talking to him. That is, yeah. I have a question. Plus, we got to sort of think of landing this plane. In the old days...

A computer virus was really just mischief. People just trying to see if they could harass you in one way or another. There wasn't much financial motive behind it. And so it was a nuisance. Now, this kind of hacking always seems to have a financial objective. What is the total...

money earned by bad actors? So I would say a total would be what a total last year was $1.5 trillion. What? There's a team? We're talking about ransomware and other scams. Yeah. These numbers vary. I mean, if last year was 1.5, this year can easily go to two or three

Trillion dollars. We're talking about scams that target consumers. Right. I mean, that's a national debt for some countries. Yes. These are just money that are earned by cyber criminals. These are not money that count in...

your financial loss as a victim. Because if you're a company, when you pay, that's one number. But you also have a loss in reputation. You have a loss of productivity. You have a loss of, you know. So, God, I can't believe I've been telling my son that he should continue to study to be a biochemist. What the heck? He's in the wrong business. He's in the wrong business. I got one other thing I have to, like, just get clear in my head.

So that means in your business, you're worth one and a half trillion dollars to this world if you can prevent that from happening. If you can prevent it, right. Okay, that's fact one. Fact two. It would protect everybody, which is not the case. Okay, but here's my thing. If someone retains you to protect their organization, then they're putting all their trust in you. So maybe the organization won't get hacked.

But suppose you get hacked, a single point failure of that entire system because we're all entrusting you in this one, what do you call it, bottleneck of trust. Yes, that is called supply chain attack. So basically when you're targeting a customer, you can actually target all the software that they use.

in their organization. So if we have a vulnerability, that's going to affect most of our customers. Yes, that is a correct statement. So now why aren't you just... Why are you a good guy? Why don't you become Dr. Evil? What the heck is your problem? Yes, we get that question a lot. You can make a lot more money on the dark side, but then again, how will you sleep at night?

On a very expensive mattress, that's how. That is correct. Because I'm part of a trillion dollar industry that I created. So Alex, you're chief security strategist. Yes. How much of your strategy is, oh, this is a supply chain bottleneck. We have to get ahead of a story. How many stories are you getting ahead of rather than putting out fires?

Oh, good point. Interesting. I think it's an equal amount, I would say. Because, yes, there are some situations that you can actually prevent because you thought about it and you knew that would happen and you make some plan. But then by working with your customers and victims and having a lot of conversations with law enforcement, they're going to come up with stories that you were like, whoa, I'm an engineer. I never thought of that scam.

So you start to figure out, you know, what can you build from a technological point of view to prevent that? So I would say it's a fair equal amount. So, you know, I think we would be remiss if we didn't leave our viewers and listeners having you at our disposal.

at least one or two of the top things they should do to protect themselves from a cybersecurity incident. So we were discussing about passwords. So that would be like the main thing.

Get the password manager, make him take care of your passwords and try to remember all those accounts that I'm pretty sure are connected to your present accounts, but you no longer use them. They're still active, they're still there, they can still be hacked if they're not already, right? And second, still for consumers, minimize your footprint, your internet footprint. Don't post stupid stuff, okay?

Now you tell me. I'm pretty happy I'm a Dinosaur 41 years, so I don't have online all the stupid shit I did. Oh, don't post stupid things that you did. Exactly. Oh, I got it. No, no, I don't do that. And for enterprises, there is a wide range of tips and tricks. But the idea is that since ransomware is the number one threat right now, make sure you have backups and make sure you have systems that are...

are going to log things that happen in your organization. So when we come in and say, let's see how you were hacked, if you have logs, we're going to tell you how. If you don't, we're going to say, well, it happened.

Wow. Wow. All right. Well, those are lessons for the ages, really. Yeah. Actually, for the current age. Exactly. They're lessons for the next couple of years. Yeah. Maybe even that. Maybe even that. So, Alex, great having you on StarTalk Special Edition on a topic that we all care about. Gary, thanks for putting that together. My pleasure. Thank you, Alex. Good. All right. And Chuck, thanks for doing nothing. Mm-hmm.

Someone hug Chuck. Chuck, thanks for showing up. This is Neil deGrasse Tyson, your personal astrophysicist. As always, I bid you to keep looking up.

Let's talk about your holiday to-do list. Preparing for guests means more time sweeping, vacuuming, and mopping. You deserve some extra help cleaning with our most advanced 2-in-1 robot yet. The Roomba Combo 10 Max vacuums and mops with ease, and even empties itself automatically afterwards. Take more time back to enjoy the holidays while Roomba takes care of all those festive floor messes. Don't miss out on our greatest deals of the season at iRobot.com.

When you choose to earn your degree online from Southern New Hampshire University, you're saying yes to new opportunities and to new adventures. You're saying yes to something big, something you've always wanted to do. If earning your degree is one of your goals this new year, SNHU can help you get there. With low online tuition, no set class times, and multiple term starts per year, you can set the pace that works for you and save money along the way. Visit snhu.edu today to get started.