WEBVTT 00:00:00.939 --> 00:00:04.660 Today on our Tech for Business podcast, we are 00:00:04.660 --> 00:00:08.140 joined by Ven, the Director of Information Security 00:00:08.140 --> 00:00:10.800 at ArmorPoint. Thank you for taking time to be 00:00:10.800 --> 00:00:13.099 here. I really appreciate it. Yeah, of course. 00:00:13.099 --> 00:00:16.059 Thank you so much for having me. Yeah. I should 00:00:16.059 --> 00:00:18.620 have mentioned this is going out during Cybersecurity 00:00:18.620 --> 00:00:21.359 Awareness Month, which when we're recording this 00:00:21.359 --> 00:00:25.059 is still a couple weeks away. But we're talking 00:00:25.059 --> 00:00:29.679 ransomware as a service, like the business model 00:00:29.679 --> 00:00:33.859 of it. So, Ven, can you tell me a little bit 00:00:33.859 --> 00:00:36.820 of what does that mean, ransomware as a service, 00:00:36.880 --> 00:00:39.520 and how it's kind of changing cybersecurity? 00:00:40.679 --> 00:00:43.000 Yeah, definitely. So, ransomware as a service, 00:00:43.100 --> 00:00:45.560 like you said, it's a business model where ransomware 00:00:45.560 --> 00:00:48.439 developers create and sell or lease their malicious 00:00:48.439 --> 00:00:50.700 software to other criminals. They call those 00:00:50.700 --> 00:00:53.399 RAS affiliates. So, ransomware as a service, 00:00:53.500 --> 00:00:57.640 or RAS. So, we have the RAS operators or developers, 00:00:57.659 --> 00:01:00.310 and then we have the RAS affiliate. So the RAS 00:01:00.310 --> 00:01:02.609 operators and developers, they are the ones with 00:01:02.609 --> 00:01:05.849 the high technical coding expertise who create 00:01:05.849 --> 00:01:08.150 the ransomware, but not just the ransomware itself, 00:01:08.230 --> 00:01:11.629 but also the infrastructure to deploy it, to 00:01:11.629 --> 00:01:15.269 manage it. This means monitoring who your victims 00:01:15.269 --> 00:01:19.969 are. This means they provide a payment system 00:01:19.969 --> 00:01:23.590 where victims are able to make their ransom payments. 00:01:23.959 --> 00:01:27.260 And then the RAS affiliates are often individuals 00:01:27.260 --> 00:01:29.060 with less coding skills. They don't have the 00:01:29.060 --> 00:01:31.159 high technical expertise to create ransomware 00:01:31.159 --> 00:01:35.019 themselves, but they usually have other technical 00:01:35.019 --> 00:01:37.540 expertise, things like social engineering. They're 00:01:37.540 --> 00:01:40.180 phishing experts. They may be your traditional 00:01:40.180 --> 00:01:43.480 hacker who's able to infiltrate networks through 00:01:43.480 --> 00:01:48.680 your other technical means. And so they work 00:01:48.680 --> 00:01:52.810 together to... to where the RAS developers create 00:01:52.810 --> 00:01:55.170 the ransomware and the RAS affiliate deploy the 00:01:55.170 --> 00:01:59.209 ransomware. Traditionally, an attack like ransomware 00:01:59.209 --> 00:02:02.390 would all be conducted by a single person or 00:02:02.390 --> 00:02:04.989 maybe a couple people, and they would be responsible 00:02:04.989 --> 00:02:07.989 for the entire attack chain. But now, because 00:02:07.989 --> 00:02:10.250 ransomware as a service is becoming such a growing 00:02:10.250 --> 00:02:12.909 threat, people with less technical expertise 00:02:12.909 --> 00:02:15.310 who are interested for whatever their reason 00:02:15.310 --> 00:02:19.810 in entering the world of cybercrime, that... 00:02:19.759 --> 00:02:22.539 barrier to entry for technology expertise is 00:02:22.539 --> 00:02:26.400 a lot lower now because of this ransomware as 00:02:26.400 --> 00:02:30.159 a service growing. So the RAS developers focus 00:02:30.159 --> 00:02:32.840 on creating powerful tools while the affiliates 00:02:32.840 --> 00:02:35.500 handle the attacks themselves. And this increases 00:02:35.500 --> 00:02:37.680 just the scale and the frequency of ransomware 00:02:37.680 --> 00:02:40.759 campaigns, honestly, worldwide. Yeah. I mean, 00:02:40.879 --> 00:02:42.560 that was going to be my next question was who 00:02:42.560 --> 00:02:45.039 was doing this. But as you're talking, it sounds 00:02:45.039 --> 00:02:49.250 like the speed at which this could be deployed 00:02:49.250 --> 00:02:54.050 is just growing because of this service model, 00:02:54.849 --> 00:02:58.930 which is crazy. Yeah, definitely. The speed is 00:02:58.930 --> 00:03:01.770 one of the big issues, too, is how fast an attack 00:03:01.770 --> 00:03:04.530 can be deployed means that us on the defensive 00:03:04.530 --> 00:03:08.729 side, we have much less time to defend. Yeah. 00:03:09.050 --> 00:03:11.990 So I would love to dive a little bit more into 00:03:11.990 --> 00:03:15.969 some unique issues that this service is creating. 00:03:16.270 --> 00:03:19.669 But I want to touch on who we're talking to today 00:03:19.669 --> 00:03:24.409 because when I think of ransomware, I think of 00:03:24.409 --> 00:03:27.530 like large corporations or people who have a 00:03:27.530 --> 00:03:30.349 lot of data and also have a lot of money being 00:03:30.349 --> 00:03:34.729 the targets. So is this a concern for small businesses 00:03:34.729 --> 00:03:38.389 or is it a concern for specific industries? Who 00:03:38.389 --> 00:03:41.550 are we talking to today? Oh, yeah, this is definitely 00:03:41.550 --> 00:03:43.729 a concern for small businesses. In a lot of ways, 00:03:43.830 --> 00:03:47.129 small businesses are the primary target. Like 00:03:47.129 --> 00:03:49.490 you said, large corporations may have the resources 00:03:49.490 --> 00:03:52.330 to pay a large ransom, but that also means that 00:03:52.330 --> 00:03:55.349 they have more resources to invest in stronger 00:03:55.349 --> 00:03:58.389 cybersecurity defenses. So small businesses often 00:03:58.389 --> 00:04:01.389 lack a dedicated IT security team. They usually 00:04:01.389 --> 00:04:03.770 have less budget for advanced protection. So 00:04:03.770 --> 00:04:05.969 this makes them a much more vulnerable and attractive 00:04:05.969 --> 00:04:09.009 target. Some data reports even show that small 00:04:09.009 --> 00:04:11.650 businesses make up a larger percentage of ransomware 00:04:11.650 --> 00:04:17.990 attacks than large businesses do. And it becomes 00:04:17.990 --> 00:04:20.790 much more threatening because attackers and cybercriminals 00:04:20.790 --> 00:04:23.569 will happily adjust their ransom demands to increase 00:04:23.569 --> 00:04:26.449 the odds of payment. So they'll happily ask for 00:04:26.449 --> 00:04:28.329 less money if it means that you're more likely 00:04:28.329 --> 00:04:32.970 to pay. So it's much easier to ask 10 small businesses 00:04:32.970 --> 00:04:35.670 or demand, I should say. It's much easier to 00:04:35.670 --> 00:04:38.509 demand that small businesses pay $100 ,000 than 00:04:38.509 --> 00:04:41.930 one large corporation demand pays a million dollars. 00:04:42.949 --> 00:04:46.360 Interesting. I'd love to talk a little bit about 00:04:46.360 --> 00:04:48.660 some practical steps. We don't need to go into 00:04:48.660 --> 00:04:51.720 too much of incident response, because that's 00:04:51.720 --> 00:04:54.600 a whole other conversation. But before we do 00:04:54.600 --> 00:04:58.319 that, can we go back to the unique issues that 00:04:58.319 --> 00:05:01.519 ransomware as a service is really causing? We 00:05:01.519 --> 00:05:04.139 talked a little bit about speed. Is there anything 00:05:04.139 --> 00:05:07.660 else that comes to mind that's unique to this 00:05:07.660 --> 00:05:10.620 service that's affecting the cybersecurity world? 00:05:10.879 --> 00:05:14.459 Yeah, I mean, really it's that speed and the 00:05:14.459 --> 00:05:17.120 widespread nature of it. It's the fact that it's 00:05:17.120 --> 00:05:20.540 so much easier for people to execute the attacks 00:05:20.540 --> 00:05:23.500 than ever before. Previously, you might have 00:05:23.500 --> 00:05:26.800 seen malware tools out there, like a malware 00:05:26.800 --> 00:05:28.920 developer might create something and they might 00:05:28.920 --> 00:05:31.860 share it with some of their close friends or... 00:05:31.740 --> 00:05:34.540 their close affiliates the same way that, you 00:05:34.540 --> 00:05:37.279 know, I might find a new tool or a fun new app 00:05:37.279 --> 00:05:39.160 in the app store. And I would send it over to 00:05:39.160 --> 00:05:40.740 you because I'm like, Hey, this is a fun app. 00:05:41.360 --> 00:05:45.660 But now because of more professionalized nature 00:05:45.660 --> 00:05:48.060 of it or the more organized nature of it, it 00:05:48.060 --> 00:05:50.100 becomes more of a, more of a business model, 00:05:50.279 --> 00:05:53.879 honestly. So it becomes, we have more of a tiered 00:05:53.879 --> 00:05:57.019 structure of the developers at the top, and then 00:05:57.019 --> 00:05:58.899 we have the affiliates. They kind of act like, 00:05:58.899 --> 00:06:01.240 let's say salespeople. They're responsible for 00:06:01.240 --> 00:06:04.579 that last mile of, of the sale or the attack 00:06:04.579 --> 00:06:07.740 really. And, and then even beyond that, there's 00:06:07.740 --> 00:06:10.579 a little bit, there is a role that's a little 00:06:10.579 --> 00:06:12.720 bit less spoken of. We call them initial access 00:06:12.720 --> 00:06:15.339 brokers. So we have the RAS developers who develop 00:06:15.339 --> 00:06:18.620 the ransomware, the RAS affiliates who are responsible 00:06:18.620 --> 00:06:21.660 for deploying the ransomware. And then the initial 00:06:21.660 --> 00:06:25.439 access brokers are those who. focus more on gaining 00:06:25.439 --> 00:06:28.800 access to networks. So they might be internal 00:06:28.800 --> 00:06:31.079 threats. They might be people, I don't know, 00:06:31.980 --> 00:06:34.439 disgruntled employees or ex -employees of companies 00:06:34.439 --> 00:06:37.720 who leave their company with credentials that 00:06:37.720 --> 00:06:41.220 they've stolen. Or they're technical hackers 00:06:41.220 --> 00:06:43.779 who focus more on breaking into a network and 00:06:43.779 --> 00:06:46.740 they sell that access to the network to the RAS 00:06:46.740 --> 00:06:49.160 affiliate so that they have access to deploy 00:06:49.160 --> 00:06:53.149 the ransomware further. I keep thinking about 00:06:53.149 --> 00:06:56.930 this business model. I mean, is it kind of the 00:06:56.930 --> 00:07:01.990 same as there are the big hitters and there are 00:07:01.990 --> 00:07:04.449 the small ransomware service businesses and they're 00:07:04.449 --> 00:07:06.709 getting acquired and they're having holiday parties? 00:07:06.990 --> 00:07:10.370 I mean, how deep does this true business model 00:07:10.370 --> 00:07:13.709 go? Yeah, this definitely happens. We've seen 00:07:13.709 --> 00:07:17.740 a new ransomware as a service provider. It's 00:07:17.740 --> 00:07:19.980 funny to use that word, but they really are a 00:07:19.980 --> 00:07:22.959 service provider. Ransom Hub is a new one that 00:07:22.959 --> 00:07:26.379 has launched and we've actually seen them, security 00:07:26.379 --> 00:07:29.319 researchers have actually seen them poaching 00:07:29.319 --> 00:07:32.720 other cyber criminals from other ransomware groups. 00:07:33.519 --> 00:07:35.980 And so the way that the ransomware as a service 00:07:35.980 --> 00:07:38.339 typically works is the RAS developer creates 00:07:38.339 --> 00:07:40.839 the ransomware and then the affiliates deploy 00:07:40.839 --> 00:07:43.819 it and they share the profits. So usually the 00:07:43.819 --> 00:07:47.819 profits have been... About 50 -50. Sometimes 00:07:47.819 --> 00:07:50.899 the developer will take 70%, the affiliate will 00:07:50.899 --> 00:07:54.639 take 30%, but it's that kind of range. But with 00:07:54.639 --> 00:07:57.620 Ransom Hub, we saw them essentially campaign 00:07:57.620 --> 00:08:00.560 and try and poach cyber criminals by offering 00:08:00.560 --> 00:08:03.540 90%. You get to keep 90 % of the ransomware payment 00:08:03.540 --> 00:08:06.879 and it will take 10%. So they really are employing 00:08:06.879 --> 00:08:10.259 legitimate business tactics. Increase their, 00:08:10.379 --> 00:08:14.139 to build their organization. Wow. That's crazy. 00:08:14.379 --> 00:08:17.019 I mean, to have a business model, you must end 00:08:17.019 --> 00:08:19.660 up having a lot of companies that have that end 00:08:19.660 --> 00:08:22.439 up paying out. I mean, can we talk a little bit 00:08:22.439 --> 00:08:26.699 about if you're a business and you are a victim 00:08:26.699 --> 00:08:29.660 of ransomware, sort of what some of those first 00:08:29.660 --> 00:08:32.679 steps you should do? I know everyone's big question 00:08:32.679 --> 00:08:36.279 is, should I pay? Should I not pay? What does 00:08:36.279 --> 00:08:38.919 that look like from a business point of view? 00:08:39.500 --> 00:08:41.740 From a business point of view? Whether or not 00:08:41.740 --> 00:08:43.679 you should pay the ransom, you know, generally 00:08:43.679 --> 00:08:46.019 speaking, law enforcement agencies like the FBI, 00:08:46.120 --> 00:08:48.340 they don't support paying a ransom. I personally 00:08:48.340 --> 00:08:50.279 also don't support paying the ransom because 00:08:50.279 --> 00:08:53.500 it encourages further criminal activity, you 00:08:53.500 --> 00:08:55.480 know, and also it offers no guarantee that your 00:08:55.480 --> 00:08:59.379 data will be returned. You know what, actually 00:08:59.379 --> 00:09:02.220 that traditionally speaking, paying the ransom 00:09:02.220 --> 00:09:05.399 doesn't always guarantee that your data will 00:09:05.399 --> 00:09:07.679 be returned, but this is something that the ransomware 00:09:07.679 --> 00:09:10.840 as a service model has changed. because they 00:09:10.840 --> 00:09:12.919 want to operate more as a legitimate business. 00:09:13.299 --> 00:09:14.960 It actually is more likely that they're going 00:09:14.960 --> 00:09:16.820 to return your data because they don't want to 00:09:16.820 --> 00:09:19.799 be known as a group who, well, we're going to 00:09:19.799 --> 00:09:21.179 pay you, but we're not going to release your 00:09:21.179 --> 00:09:24.620 data. In a sense, they want to build a reputation 00:09:24.620 --> 00:09:27.419 that they're trustworthy, that, hey, you pay 00:09:27.419 --> 00:09:31.039 us, we'll give you your data back. But even still 00:09:31.039 --> 00:09:33.820 with that, government agencies, law enforcement 00:09:33.820 --> 00:09:36.139 agencies definitely don't support paying the 00:09:36.139 --> 00:09:38.759 ransom because of the fact that it encourages 00:09:38.759 --> 00:09:41.220 further business. You know, it further supplies 00:09:41.220 --> 00:09:45.460 the service operators to continue their operations. 00:09:45.899 --> 00:09:48.279 But one of the things that often are the main 00:09:48.279 --> 00:09:51.759 influences to whether or not a business sees 00:09:51.759 --> 00:09:54.519 that ransom, it's usually how critical the data 00:09:54.519 --> 00:09:57.159 is and how available their backups are. Those 00:09:57.159 --> 00:09:59.039 are going to be the biggest influencers on it. 00:09:59.059 --> 00:10:02.519 So if the business has no recent reliable backups 00:10:02.519 --> 00:10:05.539 and the data that is encrypted is essential for 00:10:05.539 --> 00:10:08.019 their operations, A lot of the times, the cost 00:10:08.019 --> 00:10:11.500 of paying the ransom is going to be seen as less 00:10:11.500 --> 00:10:14.360 than the cost of the law of business. Oh, sure. 00:10:14.879 --> 00:10:17.080 It's definitely a slippery slope. There's no 00:10:17.080 --> 00:10:21.460 real one advisement, but the best advisement 00:10:21.460 --> 00:10:24.059 is going to be to be able to respond and recover 00:10:24.059 --> 00:10:26.240 from the ransomware attack without ever having 00:10:26.240 --> 00:10:28.759 to pay the ransom in the first place. Right. 00:10:29.279 --> 00:10:35.080 Right. How quickly do people bounce back from 00:10:35.080 --> 00:10:38.159 a ransomware? Like, how quickly do businesses 00:10:38.159 --> 00:10:40.299 get back up and running? I mean, it depends, 00:10:40.399 --> 00:10:43.440 but... Yeah, it definitely depends. It definitely 00:10:43.440 --> 00:10:46.440 varies. But how quickly a business can bounce 00:10:46.440 --> 00:10:50.139 back mostly relies on how good their backups 00:10:50.139 --> 00:10:53.100 and how available their backups are. If you have 00:10:53.100 --> 00:10:55.620 regular backups that you trust and you've tested 00:10:55.620 --> 00:10:59.200 them and you're able to quickly bounce back and 00:10:59.200 --> 00:11:02.379 restore data that's been lost, that's how quickly... 00:11:02.570 --> 00:11:06.190 you can bounce back from an attack. So if it 00:11:06.190 --> 00:11:08.090 takes weeks to restore that data, it's going 00:11:08.090 --> 00:11:10.629 to take weeks to bounce back. But in some instances, 00:11:10.909 --> 00:11:14.090 if you have backups that can flash back in an 00:11:14.090 --> 00:11:16.330 instant, then it's almost like it never happened. 00:11:17.789 --> 00:11:22.190 Yeah. So we've been focusing a lot on the financial 00:11:22.190 --> 00:11:23.850 part of it, because that's a huge part of this 00:11:23.850 --> 00:11:27.129 conversation. But attacks like this also are 00:11:27.129 --> 00:11:31.179 affecting reputation, compliance, you know? And 00:11:31.179 --> 00:11:34.860 security in general. So beyond that financial, 00:11:35.059 --> 00:11:38.720 what are some concerns about ransomware for businesses? 00:11:39.600 --> 00:11:42.679 A lot of concern, like you said, it's a reputational 00:11:42.679 --> 00:11:45.159 damage. So customer trust is going to be harmed. 00:11:45.279 --> 00:11:48.519 And we are also seeing a lot of focus on the 00:11:48.519 --> 00:11:51.500 supply chain right now. So if you're a service 00:11:51.500 --> 00:11:55.500 provider who contracts your services out to several 00:11:55.500 --> 00:11:58.110 large organizations, and that service provider 00:11:58.110 --> 00:12:00.389 gets knocked out by ransomware. That means all 00:12:00.389 --> 00:12:02.909 those large organizations also lost access to 00:12:02.909 --> 00:12:04.870 that service. We thought that a lot with the 00:12:04.870 --> 00:12:07.549 Change Healthcare breach, where Change Healthcare, 00:12:07.870 --> 00:12:09.730 the division of United Healthcare, they got taken 00:12:09.730 --> 00:12:13.190 down, so their payment processing and access 00:12:13.190 --> 00:12:16.190 to critical data got shut down, which meant that 00:12:16.190 --> 00:12:19.149 smaller providers, small medical providers all 00:12:19.149 --> 00:12:21.409 around the country also lost access to that. 00:12:21.570 --> 00:12:23.549 I actually have a personal connection to this 00:12:23.549 --> 00:12:26.230 particular data. A close friend of mine She is 00:12:26.230 --> 00:12:28.649 a marriage and family therapist and she runs 00:12:28.649 --> 00:12:31.389 a small, she runs a small therapy practice in 00:12:31.389 --> 00:12:34.009 Southern California and healthcare, change healthcare 00:12:34.009 --> 00:12:38.090 was a large portion of her patients, their insurance. 00:12:38.590 --> 00:12:41.450 So because they were taken down, she was unable 00:12:41.450 --> 00:12:44.590 to process the, her patient's pay payments, which 00:12:44.590 --> 00:12:47.970 also meant that her employee's payroll was affected 00:12:47.970 --> 00:12:50.250 and it just created this whole cascading effect. 00:12:50.919 --> 00:12:54.440 Oh my gosh. Yeah. And then reputation, I mean, 00:12:54.440 --> 00:12:56.960 it's so hard. It can be really difficult to come 00:12:56.960 --> 00:12:58.639 back from that. Even when you have all of your 00:12:58.639 --> 00:13:00.279 backups, you have all of your things, everything 00:13:00.279 --> 00:13:03.039 is back into place. I mean, once people kind 00:13:03.039 --> 00:13:05.980 of have that feeling, it's hard to come back. 00:13:05.980 --> 00:13:08.600 Yeah, definitely. I even feel guilty just calling 00:13:08.600 --> 00:13:11.700 out Danger Healthcare and United, because it's 00:13:11.700 --> 00:13:15.919 not necessary. I feel guilty calling them out 00:13:15.919 --> 00:13:19.259 because I'm just perpetuating that reputational 00:13:19.259 --> 00:13:22.129 damage. At the same time, we also do have to 00:13:22.129 --> 00:13:24.669 speak about these real -world examples. They're 00:13:24.669 --> 00:13:28.269 important for us to learn from. I call them out 00:13:28.269 --> 00:13:31.370 not to say, hey, you did a bad thing, but this 00:13:31.370 --> 00:13:33.409 is an example that we can all learn from, really. 00:13:34.029 --> 00:13:36.549 Definitely. And it's come up on our podcast before, 00:13:36.629 --> 00:13:39.169 and we definitely talked about other events that 00:13:39.169 --> 00:13:43.190 we've seen and kind of talked about the importance 00:13:43.190 --> 00:13:47.610 of communication and having not only an incident 00:13:47.610 --> 00:13:50.470 response plan, but a communication response plan 00:13:50.470 --> 00:13:53.090 and being able to have that open communication. 00:13:53.490 --> 00:13:56.909 I mean, maybe you can touch a little bit on how 00:13:56.909 --> 00:14:00.409 important that open communication is in an event 00:14:00.409 --> 00:14:03.440 like this. Yeah, the open communication is huge 00:14:03.440 --> 00:14:06.100 because the response needs to be very fast. The 00:14:06.100 --> 00:14:07.779 attacks are happening much faster, so that means 00:14:07.779 --> 00:14:10.379 our response needs to be much faster. So having 00:14:10.379 --> 00:14:12.879 those open lines of communication between incident 00:14:12.879 --> 00:14:16.860 responders, between staff who may have been affected 00:14:16.860 --> 00:14:19.100 by a ransomware attack, that open communication 00:14:19.100 --> 00:14:21.600 is huge. Say you're a lone employee, you're working 00:14:21.600 --> 00:14:25.059 remote, but your workstation is connected to 00:14:25.059 --> 00:14:28.519 all of your work resources and notice something 00:14:28.519 --> 00:14:31.059 strange on your computer. If you don't know who 00:14:31.059 --> 00:14:35.039 to talk to or who to tell about that, then that 00:14:35.039 --> 00:14:36.980 strange activity is just going to continue happening. 00:14:37.419 --> 00:14:39.840 But if you know exactly who to report, hey, this 00:14:39.840 --> 00:14:42.000 is happening on my computer, can we take a look 00:14:42.000 --> 00:14:44.600 at it? Or what do I do? If that open line of 00:14:44.600 --> 00:14:47.259 communication is there, then response can be 00:14:47.259 --> 00:14:50.039 much faster. And on that line of, or on that 00:14:50.039 --> 00:14:51.480 note of communication, it's also important to 00:14:51.480 --> 00:14:54.039 have backup communication methods because sometimes 00:14:54.039 --> 00:14:56.720 the ransomware attack might take out your initial 00:14:56.720 --> 00:15:00.610 communication method or... maybe themes having 00:15:00.610 --> 00:15:03.230 a service issue or something like that. If you 00:15:03.230 --> 00:15:05.789 don't have backup communication method, then 00:15:05.789 --> 00:15:07.809 that could also hinder your response time as 00:15:07.809 --> 00:15:11.330 well. That is so smart to consider. I hadn't 00:15:11.330 --> 00:15:13.450 even really thought about that, but you're totally 00:15:13.450 --> 00:15:16.570 right. It's true. And, and like even our team, 00:15:16.830 --> 00:15:18.809 we, you know, we have our, we have our traditional 00:15:18.809 --> 00:15:21.250 teams channel, and then we have our, our, our 00:15:21.250 --> 00:15:23.289 email platform. And then I also, we also like 00:15:23.289 --> 00:15:26.600 to keep a backup discord chat. open for our incident 00:15:26.600 --> 00:15:29.659 response just to be sure that should anything 00:15:29.659 --> 00:15:33.139 happen, if there's ever a team's outage or anything 00:15:33.139 --> 00:15:37.139 like that, we have backup just in case. Super 00:15:37.139 --> 00:15:41.320 smart. So coming back to this ransomware as a 00:15:41.320 --> 00:15:44.279 service, and you spoke a little bit about open 00:15:44.279 --> 00:15:49.019 communication, what are other ways in which cybersecurity 00:15:49.019 --> 00:15:52.500 professionals like yourself are adapting to this 00:15:52.500 --> 00:15:56.809 new model that's out there? Oh yeah, so it's 00:15:56.809 --> 00:15:59.110 definitely changing the landscape mostly because 00:15:59.110 --> 00:16:02.370 of how quickly attacks are being deployed. I 00:16:02.370 --> 00:16:04.590 mean, from the defender side, the attack is going 00:16:04.590 --> 00:16:06.909 to look pretty similar to previous. It's going 00:16:06.909 --> 00:16:10.009 to be initial access, be that a phishing email 00:16:10.009 --> 00:16:12.789 or someone stole credentials and they were able 00:16:12.789 --> 00:16:14.730 to access the network and then they deployed 00:16:14.730 --> 00:16:18.690 malware. So part of the problem is how quickly 00:16:18.690 --> 00:16:21.750 they're able to respond to that and how quickly 00:16:21.750 --> 00:16:24.120 the attacks happen. But one of the ways that 00:16:24.120 --> 00:16:27.980 defenders are adapting to it, rather than only 00:16:27.980 --> 00:16:31.320 focusing on simply blocking the attacks and responding 00:16:31.320 --> 00:16:33.220 to things, they're starting to be a little bit 00:16:33.220 --> 00:16:35.419 more proactive with things. So we're increasingly 00:16:35.419 --> 00:16:37.279 using what's called zero trust architecture, 00:16:38.539 --> 00:16:40.440 or sometimes you'd get a zero trust networking 00:16:40.440 --> 00:16:44.539 architecture. And that means that it operates 00:16:44.539 --> 00:16:47.100 off of the principle of never trust, always verify. 00:16:47.370 --> 00:16:50.090 So traditionally, traditional network architecture 00:16:50.090 --> 00:16:52.750 would say that if you're connected to the corporate 00:16:52.750 --> 00:16:56.250 network, if your device is connected to a corporate 00:16:56.250 --> 00:16:59.029 Ethernet, if you're on premises, that means we 00:16:59.029 --> 00:17:01.110 trust you. You have access to everything that's 00:17:01.110 --> 00:17:03.909 on the network. Now with zero trust, it means 00:17:03.909 --> 00:17:06.329 that regardless of what network you're connecting 00:17:06.329 --> 00:17:10.069 from, regardless of what your device ID is, you're 00:17:10.069 --> 00:17:12.789 always going to have to verify who you are and 00:17:12.789 --> 00:17:15.650 that you are who you say you are and that you... 00:17:15.549 --> 00:17:18.150 have legitimate access to whatever you're trying 00:17:18.150 --> 00:17:20.809 to access, be that a critical application for 00:17:20.809 --> 00:17:23.690 business use, be it administrative functions, 00:17:24.049 --> 00:17:27.029 if it's HR files, things like that. And then 00:17:27.029 --> 00:17:29.450 in that same vein, we're also more increasingly 00:17:29.450 --> 00:17:33.650 using micro segmentation within a network. So 00:17:33.650 --> 00:17:36.769 micro segmentation is making sure that each department 00:17:36.769 --> 00:17:40.670 really has a specific segment of the network. 00:17:41.589 --> 00:17:43.890 So HR will have different a different section 00:17:43.890 --> 00:17:46.130 of the network than finance and they'll have 00:17:46.130 --> 00:17:48.269 a different section of the network than R &D 00:17:48.269 --> 00:17:52.069 and so on and so forth. So that means that you 00:17:52.069 --> 00:17:54.789 only have access to what you need access and 00:17:54.789 --> 00:17:56.869 we call that the principle of life privilege. 00:17:57.170 --> 00:17:59.150 So you're only going to have access to what you 00:17:59.150 --> 00:18:03.230 actually need to access. Yeah, I'm going to move 00:18:03.230 --> 00:18:07.450 a little bit forward in an or like higher level 00:18:07.450 --> 00:18:11.589 in this conversation. We talk a lot or are excited 00:18:11.589 --> 00:18:15.609 about AI. So I'd love to talk a little bit about 00:18:15.609 --> 00:18:19.710 what the changes in AI and all these new amazing 00:18:19.710 --> 00:18:23.230 tools, how they're sort of helping with that 00:18:23.230 --> 00:18:26.789 attack and defend from your point of view. Yeah. 00:18:27.230 --> 00:18:30.029 So attackers are definitely using AI. Well, we're 00:18:30.029 --> 00:18:32.529 definitely using AI on both sides of the battle. 00:18:32.990 --> 00:18:35.690 Attackers are using it more to create more believable 00:18:35.690 --> 00:18:39.289 phishing emails. So that old adage of, you know, 00:18:39.289 --> 00:18:41.589 if there's typos, then it's definitely a scam. 00:18:41.829 --> 00:18:44.670 That doesn't really apply anymore because a generative 00:18:44.670 --> 00:18:47.390 AI is much more able to create more believable 00:18:47.390 --> 00:18:50.289 phishing emails. Not just with grammatical errors, 00:18:50.490 --> 00:18:54.609 but also AIs to scan social media to see how 00:18:54.609 --> 00:18:57.569 what someone's communication habits are. And, 00:18:57.670 --> 00:19:00.849 you know, it's more able to recreate or copy 00:19:00.849 --> 00:19:03.369 someone's communication style and specifically, 00:19:03.369 --> 00:19:06.089 you know, what types of words they use, what 00:19:06.089 --> 00:19:08.029 types of punctuation they use, things like that. 00:19:08.200 --> 00:19:10.579 And then AI is also being used to automate parts 00:19:10.579 --> 00:19:13.880 of the attack chain, so it's able to deploy and 00:19:13.880 --> 00:19:16.039 send out phishing emails at a much greater speed. 00:19:16.859 --> 00:19:19.380 And then on the defense side, we're also leveraging 00:19:19.380 --> 00:19:22.859 AI to do more real -time threat detection. So 00:19:22.859 --> 00:19:26.059 AI is much quicker at analyzing huge amounts 00:19:26.059 --> 00:19:28.940 of data than any human analyst or any group of 00:19:28.940 --> 00:19:31.220 human analysts would be able to do. And then 00:19:31.220 --> 00:19:34.279 we're also able to automate responses. So things 00:19:34.279 --> 00:19:37.349 like quarantining an infected endpoint, before 00:19:37.349 --> 00:19:40.369 the ransomware can spread. Things like that are, 00:19:40.369 --> 00:19:42.930 are how we're utilizing AI, but it's definitely 00:19:42.930 --> 00:19:45.750 changing and it's changing fast. I just saw something 00:19:45.750 --> 00:19:50.950 this morning. One of the new AI models has, is 00:19:50.950 --> 00:19:53.369 much better at creating the deep fake technology. 00:19:53.630 --> 00:19:56.849 It's, it's AI actor type. It's, you know, it's 00:19:56.849 --> 00:19:59.190 an AI actor where, you know, me on a webcam, 00:19:59.190 --> 00:20:00.869 it's going to change my face. It's going to change 00:20:00.869 --> 00:20:05.160 my body. And up until recently. our defense, 00:20:05.700 --> 00:20:08.160 our recommendation for defending against deep 00:20:08.160 --> 00:20:11.119 fake interviews like that would be, you know, 00:20:11.240 --> 00:20:14.059 have the, have, have the interviewee stand up, 00:20:14.220 --> 00:20:15.839 have them wave their hand in front of the camera, 00:20:16.440 --> 00:20:18.880 because previously AIs would be able, you know, 00:20:18.960 --> 00:20:21.039 you'd be able to spot a little bit of blurriness 00:20:21.039 --> 00:20:23.359 in the eyes, you know, the hand might move weird, 00:20:23.799 --> 00:20:26.400 but this new, new developments in AI are making 00:20:26.400 --> 00:20:29.190 that much more believable. It kind of tricked 00:20:29.190 --> 00:20:32.329 me out this morning, seeing this, this AI actor 00:20:32.329 --> 00:20:36.609 and it was, it was really good. Yeah. You know, 00:20:36.670 --> 00:20:38.990 it's, and it's getting better. So it's moving 00:20:38.990 --> 00:20:42.289 fast. So it, it is, it is a little bit unsettling 00:20:42.289 --> 00:20:45.730 if I'm being honest, but it's also, it's also 00:20:45.730 --> 00:20:50.519 true that As AI continues to develop on the attacker 00:20:50.519 --> 00:20:53.359 side, we're continuing to develop AI on the defense 00:20:53.359 --> 00:20:55.960 side. You know, using AI tools could conduct 00:20:55.960 --> 00:20:59.940 live scanning of an interview today. Hey, you 00:20:59.940 --> 00:21:03.779 know, this is unlikely to be an AI actor, an 00:21:03.779 --> 00:21:07.859 AI generated video, things like that. So it's 00:21:07.859 --> 00:21:11.460 developing fast, but on both sides. Yes. I've 00:21:11.460 --> 00:21:15.119 heard some IT professionals that I work with 00:21:15.119 --> 00:21:19.059 who To combat some of that stuff. They almost 00:21:19.059 --> 00:21:23.779 to go backward in technology for example They 00:21:23.779 --> 00:21:27.480 will just have like a code word that they will 00:21:27.480 --> 00:21:30.339 use and they'll be just say the code word You 00:21:30.339 --> 00:21:33.819 know because yeah, even some of that simplified 00:21:33.819 --> 00:21:38.299 ideas or technology Kind of works. I mean, I 00:21:38.299 --> 00:21:39.900 don't know if you have anything like that that 00:21:39.900 --> 00:21:42.740 you do or that you could think of No, definitely 00:21:42.740 --> 00:21:45.210 that that that subject actually came up with 00:21:45.210 --> 00:21:48.069 in our team recently and, and it feels so, it 00:21:48.069 --> 00:21:50.910 feels so like 1950s spy movie, like what's the 00:21:50.910 --> 00:21:52.470 secret password, you know, what's the, what's 00:21:52.470 --> 00:21:55.450 the, but it's, it really is kind of the, the 00:21:55.450 --> 00:21:58.309 way that it's one of the best ways that we can 00:21:58.309 --> 00:22:01.009 defend against it right now is, is that your 00:22:01.009 --> 00:22:03.509 team has a daily or weekly code word and you 00:22:03.509 --> 00:22:05.589 have to start a meeting with this code word or 00:22:05.589 --> 00:22:10.470 you start an interview with that specific passphrase 00:22:10.470 --> 00:22:13.319 or, you know, things like that or. So it definitely 00:22:13.319 --> 00:22:14.819 feels that way. It definitely feels like we're 00:22:14.819 --> 00:22:17.160 going back a little bit, but it's kind of nice 00:22:17.160 --> 00:22:20.660 in a way in that like one of the recommendations 00:22:20.660 --> 00:22:23.119 that I have now is if you don't trust whether 00:22:23.119 --> 00:22:26.319 or not a message coming to you is legitimate, 00:22:27.700 --> 00:22:29.619 one of the best ways to verify that is to see 00:22:29.619 --> 00:22:31.980 the person in person. So it kind of bringing 00:22:31.980 --> 00:22:36.660 us back to an in -person and a more human connection 00:22:36.660 --> 00:22:39.740 than we had before. So there is a bright side, 00:22:39.859 --> 00:22:44.279 there is a silver light. However, however, I 00:22:44.279 --> 00:22:47.579 don't know, however, however, I don't know, campy 00:22:47.579 --> 00:22:50.200 or silly it may feel to have that task phrase. 00:22:50.779 --> 00:22:53.980 It really is effective. Yeah, it did. Yeah, it 00:22:53.980 --> 00:22:58.759 for sure is. That's so funny. So to close out, 00:22:58.819 --> 00:23:00.900 I'd love to talk a little bit because we like 00:23:00.900 --> 00:23:04.200 to give advice on this podcast to make sure that 00:23:04.200 --> 00:23:06.579 businesses have some action steps. Are there 00:23:06.579 --> 00:23:10.509 any kind of practical? everyday steps that businesses 00:23:10.509 --> 00:23:14.970 can easily do right now to risk being targeted 00:23:14.970 --> 00:23:20.309 or to just kind of improve that defense of their 00:23:20.309 --> 00:23:23.529 security? Yeah, I wouldn't say that there's anything 00:23:23.529 --> 00:23:25.970 that businesses could do to reduce the target. 00:23:26.569 --> 00:23:30.529 It's kind of a theory, not a theory, it's kind 00:23:30.529 --> 00:23:32.430 of a philosophy within cybersecurity that it's 00:23:32.430 --> 00:23:34.410 not a matter of if you get attacked, it's more 00:23:34.410 --> 00:23:37.759 a matter of when. So the best strategy that you 00:23:37.759 --> 00:23:41.259 can have is great defense. So making sure that 00:23:41.259 --> 00:23:43.720 you focus on resilience. So that means, firstly, 00:23:43.920 --> 00:23:46.500 implementing a robust and regularly tested backup 00:23:46.500 --> 00:23:48.599 strategy and recovery plan, that's going to be 00:23:48.599 --> 00:23:50.819 huge. So making sure that your critical files 00:23:50.819 --> 00:23:55.130 or your entire network is backed up. and able 00:23:55.130 --> 00:23:58.490 to be restored as quickly as possible and that 00:23:58.490 --> 00:24:00.569 you regularly test it to make sure that it's 00:24:00.569 --> 00:24:03.029 effective. That's huge. And then there's also 00:24:03.029 --> 00:24:07.170 the 3 -2 -1 rule. So the 3 -2 -1 rule advises 00:24:07.170 --> 00:24:09.930 you to maintain three copies of your data and 00:24:09.930 --> 00:24:12.450 store those copies on two different types of 00:24:12.450 --> 00:24:15.150 media and keep at least one of those copies on 00:24:15.150 --> 00:24:18.579 an off -site location. So that just helps to 00:24:18.579 --> 00:24:21.319 ensure that, you know, your backups remain secure, 00:24:21.319 --> 00:24:23.460 because that's going to be one of the first things 00:24:23.460 --> 00:24:27.859 that ransomware attackers will target, is your 00:24:27.859 --> 00:24:29.700 backup strategy. So to make sure that you're 00:24:29.700 --> 00:24:32.660 not able to restore from that. Second, enforce 00:24:32.660 --> 00:24:34.500 multi -factor authentication on all critical 00:24:34.500 --> 00:24:37.400 accounts. Really all accounts possible. Personal, 00:24:37.660 --> 00:24:39.819 professional, multi -factor authentication is 00:24:39.819 --> 00:24:42.579 going to be huge. There are still some ways around 00:24:42.579 --> 00:24:44.880 it, but it's not, it's still one of the best 00:24:44.880 --> 00:24:47.630 ways to make sure that your critical account 00:24:47.630 --> 00:24:50.609 stays secure. And then the biggest thing for 00:24:50.609 --> 00:24:52.450 me, I'm always going to be an advocate for this, 00:24:53.150 --> 00:24:55.589 is conduct regular employee cybersecurity training. 00:24:56.049 --> 00:24:59.309 Cybersecurity awareness is huge. Human error 00:24:59.309 --> 00:25:02.750 and through things like phishing attacks, even 00:25:02.750 --> 00:25:06.029 something as simple as misplacing your work device, 00:25:06.549 --> 00:25:08.710 the human vector is the primary attack vector. 00:25:08.869 --> 00:25:10.710 That's why social engineering is such a huge 00:25:10.710 --> 00:25:13.579 thing. conducting regular cybersecurity awareness 00:25:13.579 --> 00:25:15.460 training to make sure that everybody knows what 00:25:15.460 --> 00:25:17.920 to look out for. That's going to be huge. And 00:25:17.920 --> 00:25:20.319 I feel like that there's a lot of development 00:25:20.319 --> 00:25:23.220 and there's a lot of progress that can be made 00:25:23.220 --> 00:25:27.519 in the security awareness realm. Traditionally, 00:25:27.700 --> 00:25:30.940 you might see once a year, cybersecurity awareness 00:25:30.940 --> 00:25:33.839 training or even one cybersecurity awareness 00:25:33.839 --> 00:25:35.759 training at your onboarding and you know, that's 00:25:35.759 --> 00:25:38.079 it. And it covers the basics of like, this is 00:25:38.079 --> 00:25:39.779 what a phishing email looks like. This is how 00:25:39.779 --> 00:25:42.200 to set a strong password. These are safe browsing 00:25:42.200 --> 00:25:45.359 techniques, but I think that security awareness 00:25:45.359 --> 00:25:48.279 training needs to evolve to where we're sharing 00:25:48.279 --> 00:25:51.640 with all employees at all levels. These are the 00:25:51.640 --> 00:25:53.720 threads that are on the landscape. This is how 00:25:53.720 --> 00:25:55.460 it affects the business. This is how it affects 00:25:55.460 --> 00:25:57.799 you in your personal life. And this is how these 00:25:57.799 --> 00:25:59.819 are ways that you can protect yourself. And that's, 00:25:59.819 --> 00:26:03.099 that's one of the things is it's with the advancement 00:26:03.099 --> 00:26:06.000 of remote work and with cloud infrastructure 00:26:06.000 --> 00:26:09.039 and just how vast the landscape, the attack landscape 00:26:09.039 --> 00:26:12.660 is. It means that a cyber security attack does 00:26:12.660 --> 00:26:15.700 not only affect a business. It can also affect 00:26:15.700 --> 00:26:18.599 your personal life as well. So like my friend 00:26:18.599 --> 00:26:21.279 who ran her business and was unable to process 00:26:21.279 --> 00:26:24.380 payment for her employees, that affected a whole 00:26:24.380 --> 00:26:28.200 bunch of people. And it was strictly a business 00:26:28.200 --> 00:26:30.799 attack and it didn't even happen to her practice. 00:26:31.759 --> 00:26:33.920 So that's huge. Definitely a security awareness. 00:26:34.140 --> 00:26:35.880 I like that you kind of wrapped it back around 00:26:35.880 --> 00:26:38.500 to that communication too and that training and 00:26:38.500 --> 00:26:42.920 that human element is huge. As we close out here, 00:26:42.940 --> 00:26:44.839 I want to give you an opportunity to share anything 00:26:44.839 --> 00:26:47.940 else that you didn't get to. And then I'd love 00:26:47.940 --> 00:26:53.420 to close out with sort of what 2026 or what five 00:26:53.420 --> 00:26:55.819 years from now, maybe what 10 years from now, 00:26:56.140 --> 00:26:58.839 this ransomware as a service is going to start 00:26:58.839 --> 00:27:02.579 looking like. Yeah, definitely. I think that 00:27:02.579 --> 00:27:05.839 ransomware as a service on the defender side, 00:27:06.420 --> 00:27:10.380 it's going to look the same. It's going to look 00:27:10.380 --> 00:27:16.480 like attacks. They might be more organized. On 00:27:16.480 --> 00:27:19.660 the defender side, like the ransomware, it's 00:27:19.660 --> 00:27:22.339 gone beyond just a simple ransom note on your 00:27:22.339 --> 00:27:24.319 device that says, ha ha, we've locked all your 00:27:24.319 --> 00:27:27.640 files. Send this many Bitcoin to this wallet 00:27:27.640 --> 00:27:30.569 or else. You know, and it, it gotten much more 00:27:30.569 --> 00:27:33.390 advanced where now they have dark web websites 00:27:33.390 --> 00:27:35.130 where they'll point you to, and you'll be able 00:27:35.130 --> 00:27:37.730 to chat live with a representative from the ransomware 00:27:37.730 --> 00:27:40.829 as a service operator to say, to even negotiate, 00:27:41.369 --> 00:27:44.049 to, to ask for more time. You know, there's a 00:27:44.049 --> 00:27:46.910 whole customer service or victim service, I guess. 00:27:47.250 --> 00:27:49.170 There's a, there's a whole service operations 00:27:49.170 --> 00:27:52.849 line there. And then one of the bigger trends 00:27:52.849 --> 00:27:54.829 that I feel like businesses should look out for, 00:27:55.130 --> 00:27:57.329 there's an increase in what we call double extortion 00:27:57.329 --> 00:28:00.390 attacks. So criminals are not only encrypting 00:28:00.390 --> 00:28:02.710 data and demanding ransom, they're also stealing 00:28:02.710 --> 00:28:05.329 that data so that if the ransom is not paid, 00:28:05.390 --> 00:28:08.869 now they're threatening to release the data publicly, 00:28:09.470 --> 00:28:12.269 you know, cause more reputational harm or just 00:28:12.269 --> 00:28:14.089 sell the data in the first place, which will 00:28:14.089 --> 00:28:16.049 lead to further ransomware attacks or further 00:28:16.049 --> 00:28:20.970 cyber attacks. Double extortion, it made tougher 00:28:20.970 --> 00:28:24.250 because of how quickly technology is advancing 00:28:24.250 --> 00:28:27.220 and particularly internet speed. Because the 00:28:27.220 --> 00:28:30.880 internet is so fast, because we have 5G and the 00:28:30.880 --> 00:28:34.019 speed of the internet is evolving quickly, that 00:28:34.019 --> 00:28:36.539 means that they're able to steal larger amounts 00:28:36.539 --> 00:28:40.259 of data much faster. And devices are able to 00:28:40.259 --> 00:28:44.799 encrypt data much faster than before. I think 00:28:44.799 --> 00:28:49.200 we remember an hour or... is to have to leave 00:28:49.200 --> 00:28:51.980 a download overnight. So that download one music 00:28:51.980 --> 00:28:54.500 video, you know, I don't, I might be aging myself, 00:28:55.000 --> 00:28:59.980 but yeah, it's so much faster now. You can download 00:28:59.980 --> 00:29:03.140 a block of data in a blink of an eye with these 00:29:03.140 --> 00:29:05.779 internet speed. So this makes double extortion 00:29:05.779 --> 00:29:08.640 that much more threatening where they can, they 00:29:08.640 --> 00:29:11.640 don't even need to send through the company data 00:29:11.640 --> 00:29:14.220 to find the key important stuff. They can just 00:29:14.220 --> 00:29:15.680 say, Hey, I'm going to take this whole block 00:29:15.680 --> 00:29:19.369 and I'm going to do it later. You know, so that's 00:29:19.369 --> 00:29:22.609 definitely a big, a big threat to deal with. 00:29:22.869 --> 00:29:24.910 So that's where, that's where initially defending 00:29:24.910 --> 00:29:27.930 yourself to begin with, you know, keeping that 00:29:27.930 --> 00:29:30.490 human attack vector, making sure your employees 00:29:30.490 --> 00:29:32.950 are trained to spot these things so that to stop 00:29:32.950 --> 00:29:36.029 the ransomware attack in the first place. That's 00:29:36.029 --> 00:29:40.150 going to be huge. Yeah, for sure. Anything else 00:29:40.150 --> 00:29:43.250 that we didn't cover that you would like to share? 00:29:44.369 --> 00:29:47.279 You know, I'd say. Looking forward, the best 00:29:47.279 --> 00:29:50.299 piece of advice I could give is to treat cybersecurity 00:29:50.299 --> 00:29:54.480 as a core business function and a strategic investment. 00:29:54.779 --> 00:29:58.079 It's not an IT expense. It's not something that 00:29:58.079 --> 00:30:03.019 you have that good budget and try and find the 00:30:03.019 --> 00:30:05.099 chief provider. I mean, of course you're going 00:30:05.099 --> 00:30:08.059 to want to find the most or works best for your 00:30:08.059 --> 00:30:11.690 revenue for those numbers. But the key is treating 00:30:11.690 --> 00:30:14.730 it as a core business function and not just an 00:30:14.730 --> 00:30:18.710 arm of the IT department. So making sure that 00:30:18.710 --> 00:30:20.990 treated as something important to the business, 00:30:21.049 --> 00:30:23.309 as something that's core to the business, that's 00:30:23.309 --> 00:30:25.650 investing in ongoing employee training, conducting 00:30:25.650 --> 00:30:28.710 regular tabletop exercises, test the risk bond. 00:30:29.329 --> 00:30:32.089 And then like we said, ensuring that your data 00:30:32.089 --> 00:30:36.650 backups are strong and that they are functioning 00:30:36.650 --> 00:30:40.130 as they should be. That's going to be... huge 00:30:40.130 --> 00:30:43.509 for your defense. And then yeah, just building 00:30:43.509 --> 00:30:45.750 that culture of cybersecurity. That's, that's 00:30:45.750 --> 00:30:49.269 huge. You know, by investing in cybersecurity 00:30:49.269 --> 00:30:51.470 awareness screening for all your employees, by 00:30:51.470 --> 00:30:54.509 ensuring that that open communication path is 00:30:54.509 --> 00:30:56.690 there for people to report something that's a 00:30:56.690 --> 00:30:58.289 little fishy or something that's a little off 00:30:58.289 --> 00:31:01.250 on their device or, or what have you, that's 00:31:01.250 --> 00:31:03.730 going to build a stronger culture of cybersecurity 00:31:03.730 --> 00:31:07.029 where people are watching out now. And, and that 00:31:07.029 --> 00:31:09.859 just makes it that much harder for for an attack 00:31:09.859 --> 00:31:13.140 to take place. This is a great way to start Cybersecurity 00:31:13.140 --> 00:31:15.920 Awareness Month, but it's not just a month. It's 00:31:15.920 --> 00:31:18.740 all year and it should be integrated into all 00:31:18.740 --> 00:31:21.960 pieces of your business. So we love it. Thank 00:31:21.960 --> 00:31:24.200 you so much for joining us today. I really appreciate 00:31:24.200 --> 00:31:26.259 it. Of course, thank you so much for having me. 00:31:26.660 --> 00:31:30.019 I really enjoy it. Thank you for joining us today. 00:31:30.460 --> 00:31:32.819 If you enjoyed this topic, please let us know. 00:31:33.039 --> 00:31:36.900 Like, subscribe, or reach out to us at info at 00:31:36.900 --> 00:31:41.599 cit -net .com or head out to our website cit 00:31:41.599 --> 00:31:46.140 -net .com slash podcast. We'll be back next week 00:31:46.140 --> 00:31:47.480 with an all new episode.