Secure With Celerity Episode 16
[00:00:07] Hello and welcome to Secure Celerity, the show we try and dissect and analyse the week’s top cybersecurity news stories and host David Taylor. And today we are shaking things up a little bit. And I am joined by founder and CEO of Cyber Risk, aware to be back. Steve.
[00:00:23] Hi, David. Nice to meet you. Delighted to be on here today. Thank you for having me.
[00:00:27] Yeah, you’re very welcome. Thanks. Thanks for filling in. So let’s before we get started, and you want to just tell the viewers a little bit about yourself before we crack on with the stories.
[00:00:37] Sure, yet Stephen Berzerk, founder and CEO cybersquatter, a former chief information security officer with over 20 years experience. So I know what it’s like to try and defend the network with limited resources and happy to talk about the latest threats that are happening against companies today.
[00:00:53] Brilliant, thanks for that. All right, so first up, our first headline we’re going to cover this week is that a cruise line operator, Carnival Corporation, has suffered a ransomware attack.
[00:01:04] The main story for this is that it’s Carnival Corporation is a huge company. Think it’s one of the world’s largest travel leisure companies. And it’s got about 100 plus vessels, one hundred fifty thousand employees and around 30 million guests annually. So it was actually one of their subsidiary companies that suffered this ransomware attack. And it was in a filing to the US Securities Exchange Commission, which the company said on August the 15th, 20 Carnival Corporation detected a ransomware attack that accessed an encrypted portion of one brand’s information technology systems. The unauthorised access also included the download of certain of certain about their files.
[00:01:50] So, yeah, I mean, this ransomware attacks are happening all the time in all types of sectors. And I’m not surprised that a company this big has been hit, especially with that many employees. Imagine how many systems and servers fall under that Carnival Corporation.
[00:02:08] Yeah, Nayoka Oware. We’re hearing about new ransomware victims every single day and multiple victims on even a single day from the likes of Travel Extra to Garamond recently. I’m a runner and I know I couldn’t get my run so difficult, but and it’s happening all the time. They’re getting more and more prevalent with the the nature of these attacks in terms of privacy. It was all about just encrypting the data, getting ransom, getting paid or stealing the data, threatening to disclose it to bidders on the dark web or whatnot. And companies are more likely to pay the ransom. And the interesting thing is when you hear the SEC so again, having worked with a company that was on the stock market, yes, you have to disclose anything to the SEC upon it being suspected and even before it’s even proven. So just to notify from a corporate governance perspective so that obviously to see this information compared to an SEC filings is good on behalf of the company that they are disclosing it. And we have seen cases recently where some companies didn’t disclose it for whatever reason, and that can lead to bad press. And that’s not really what you want to have happen. So to be out there leading and showing that you suspect something has happened and potentially has impacted personal data is a good sign that the companies are starting to do the right thing by consumers, by their employees. And but again, you know, Chimaira was one strain of ransomware going back twenty fourteen, twenty fifteen. They were the first group who said that they would exfiltrate data and sell it on the dark web unless you paid the ransom. Now, I think that that was scare tactics because when I did my investigations as a former CEO, it was incumbent on me to understand the latest threats. And we found that actually was very difficult to say if they were actually taking the data. I think, as I say, it was just scaremongering where now they have proven to be stealing the data, whether it’s rebel, whether it’s mace, they are stealing that data and people are having to pay up. And just from an SEC perspective and various acts in the US, you cannot be seen to be paying the ransom. So you have to use a third party in order to do so. So it just adds another layer to incident response and actually how one goes about getting back up and running and you can elongate an outage as a consequence. And and so incident response plans that cater for potentially having to pay is an ethical, moral and legal challenge that companies have to confront. And in order to get back up and running, sometimes you have to do it. So, yeah, it’s unfortunately, it’s sad to hear that yet another company has been targeted and there are large companies who are going to have lots of money and who will pay.
[00:05:01] You know, definitely, I think reading the story and no details actually came out of the story in front of my whole family ransom that was used.
[00:05:10] But there was some speculation by a cybersecurity intelligence firm called Bad Puckett’s. They seem to think that the attackers may have gained entry to the cruise operator. For the vulnerable and vulnerable CV twenty nineteen one nine seven eight on the floor and that floor specifically affects Citrix application delivery controller Citrix Gateway and Citrix SD-Wan, one of appliances which Sitrick seem to have released a patch back in twenty three in January of this year. And I believe they also speculated there was another way that they got in as well, was it was a different floor, which it was an issue that was related to the Pargneaux operating system. So it was a firewall issue that could all by issue that could allow unauthenticated network based attackers to bypass authentication. So they haven’t come out with, say, what could have happened. But as packets, they said this is what could have happened. I saw some tweets from them as well, but it’s said it’s it’s a big company like that, the biggest world leisure company in the world. So the fact that they’ve been targeted is not surprising that the article that I was reading also came up and mentioned that they also suffered a data breach back in March twenty nineteen, which again, is no surprise and not one they seem to say that it was exposed, gets personal information. So that was the names, addresses, Social Security number, passport number, licence number, all stuff you don’t really want to get.
[00:06:46] But it’s things like this that you hear more and more every day is that people are living with the rising data protection legislation. Obviously, in California, you’ve got various legislations in the different states in the US. But if you’ve got European citizens and I know family members who have been on various cruises with that company, that if their data has been stolen, it’s a GDPR breach. So it really comes down to notification requirements and then it’s going to be the scale of fines, whether it’s multiple jurisdiction or not. And I know historically, for me as a CEO, when we try to look at our own data, we try to anticipate what the implications will be in terms of who we would notify, how quickly we had to do so, whether it be in the states, whether it be in Singapore, whether it be in Europe, it’s not an easy thing to do, but you have to confront it and get ahead of it. And I’m glad to see that they made that filing.
[00:07:39] And that seems to indicate that they’re on top of this from an incident response and reporting perspective. But to quantify the costs that may be encouraged from a fine perspective, God knows DDoS only they know the amount of records that they have and those various calculators that help you understand what the cost might be. And when we to use various tools to automate our incident response that had these calculator. So that’s not doing it. And if they’re watching this, who knows that maybe they can reach out to us and we can help advise around those solutions. But when you look at data protection around, no private information, client information, there’s a higher duty of care to ensure that those systems and protecting the data are robust. When you have a perimeter that is not patched, which seems to be indicated in this case, obviously, I’m only speaking about what the article is referring to. Twenty nineteen KB No tells you that this was known one in twenty nineteen coming out in January tells that that’s a long time ago. Obviously pandemic may have a VMware we know it has adversely affected from an operating perspective and financial perspective. That’s still no excuse to not do what one has to do from an ongoing business as usual. Respected and protected the perimeter. Super super important vulnerability assessment scan’s path management all low hanging fruit. For most security incidents that are out there, it often comes down to low hanging fruit IoT folks and security folks. If they can be perceived as mundane, I can again speak to this anecdotally that the mundane tasks are the ones that get dropped quicker to work on maybe better projects, more funkier projects with newer technologies, just people wanting to better themselves. Right. And we all say we’ve got our patch management processes and it’s automated and it happens every month or in response to critical patches will automatically apply. It’s one thing to apply them, but it’s one thing to verify that it’s actually been installed correctly. And again, I have a lot of history and experience with this, that if you don’t reduce certain systems, the patch isn’t fully developed yet. It’s deployed. And then you get this friction in the businesses. They actually know what system can’t be removed. Well, hang on, we need to get this done. It’s critical. It actually holds supercritical, sensitive data if something happens against are you going to put your name against risk? So these are the frictions that companies have and they have to face it and they have to get it down. I know a lot of banks, for example, they are looking at that’s the biggest issue that they have, legacy estates, legacy infrastructure, maybe afraid to reboot or turn off certain systems and I dare say kind of might be in the same boat if they have. The same boat, no pun intended, in relation to that, but and if they have legacy systems, managing those may not be that easy. And you also then have with the pandemic, you’ve got the mental side. People are busy. They’re working from home. They’re probably trying to get people up and running remotely because it was such a rush to do that. I know we’re going to talk a bit, if you would have topics later on about working from home or not. But that can give rise to these things not being done. That should have been done. And I suppose to close it off, in my mind, from a systems perspective, this the perimeter of a network is so porous today. It’s not like you have your firewall that’s gone. You’ve got mobile, you’ve got multiple access points. This is probably just another example that we have to work on the basis that the perimeter is so porous. We have to work on a zero zero trust of anything coming in. Trust but verify. Look at our core assets. Where is that data and monitor that big time. Does a great pictorial view or an image that I often try to depict, and that is the US president motorcade going down the road. You have a lot of police along the side on the perimeter, really, and they’re spread very far out and lots of two major social distancing. Fantastic. But then in the middle, you’ve got the car with the president in sight and you’ve got the Secret Service and they are really close together around that car. That’s kind of like your date, your your your crown jewels, your most valued data sets. Protect that and then zero trust apply to the network.
[00:11:55] That’s what I like. I like that analogy. All right. Yeah. So I think we should probably move on to the next story. So the story is that headline, thousands of cyber attacks are hitting UK firms every day.
[00:12:08] We already know that. But much more specifically, as referring to a new report for global security, Robert Walters, they provide a vacancy, quote, soft, and that’s what they found, that sixty five thousand cyber attacks are launched against small and medium sized businesses in the UK every day. Are you surprised by that number or are they just that kind of hitting where you would expect?
[00:12:31] I’d say that that is probably smaller than what it really is, to be honest with you. And I think an estimated number, I think just five million SME companies in the UK and obviously employing lots of different people. We previously would have looked at various statistics around the amount of new websites, malicious websites and domains being registered in the hundreds of thousands. That’s because they’re running phishing campaigns using these domains they’re using and domain generational algorithms to avoid being blocked by antivirus and intrusion detection and intrusion prevention systems. It’s just random generators. And then they will use one of those domains as part of the campaign that they know is not going to get blocked. And why do I give such a high number? Because they are launching attacks because of the commercialisation of cybercrime. You’ve got so many service providers working together now. It’s a multi-billion dollar industry in its own right and they’re all working together. So you’ve got the malware writers, you’ve got the malware testers, you’ve got the people who are and writing crime hacks who are then leasing this out to wannabe and seasoned cyber criminals. I’ve presented this presentation probably in 2011 and 2012 to various companies, and it still hasn’t changed. Crime packs, different service providers and generating new domains, people who then specialise in selling access to infected computers whom they have control.
[00:13:57] And they sell that on to somebody else who says, oh, I know that company. I know what they do. I’m gonna specialise in getting data off that network. If they’re not a people who specialise in getting money out of bank accounts, who has access to money mules, you can observe the case. There are tracks and get away with that. So armed with that information, sixty five thousand cyberattacks today sounds quite low, to be honest with you. And but that said, it’s still a high number and will raise eyebrows. And one piece that I do have a bit of an issue with is businesses lose three point to six million per incident. I, I challenge that. I think that’s exceptionally high for an estimated business. And I think I’ve seen figures more closely aligned to fifty to two hundred and fifty, depending on company, depending on the data, depending on whether they’re part of a supply chain. Are they working with larger companies, for example. And yes, this have to be careful what we found. This is where Ford and people in security can be accused of selling Ford and on seventy three point eighty six sounds a bit high.
[00:15:05] And yeah, I think it does. I mean, we’re talking about UK SMEs, definitely. I think that sounds quite high. And I know that three point three point eight million dollars is the cost of a data breach has been floated around for a while. And IBM, some of our studies is that.
[00:15:23] But that wasn’t because oil companies, it wasn’t necessarily know and it could be far better, David, if you were to say look for an estimate or even a microenterprise, this is the typical size. So you’re probably looking at 20 to 50 K from micro and fifty to two hundred and fifty for a medium sized company. And then above and beyond that, for the very large organisations. I think that’s relevant. I think that should be sent out there to be deemed to be practical and reasonable by those folks in those industries to be able to do something. I think that’s important where I made an estimate and I see three point six million. This isn’t related to this. I don’t have confidence in what’s being said here. And the reason why this trip, one to six million comes up is this cost per record tends to be quite high. Let’s say one hundred and thirty dollars per record. And then the typical size, the number of records and then quickly mushroom’s. And it’s not just the cost of a broken of a lost record. I’m a broken record, but it’s it’s the impact to the organisation’s ability to operate that won’t cost DDoS. The cost of the cleanup does the cost of obviously the records. And is it personal information or is it not? And the cost to stack up more often, not as business interruptions, the biggest cost and obviously tidying up sometimes as knee jerk purchases afterwards, that you then have to spend more money than if you had a pre preplanned and bought at attractive prices, then and that can be better. But 3.0 is too high for the market.
[00:16:57] Do you see? I see a lot of times when they’re try to work out the cost of a breach on a company is customers not wanting to either purchase from them in the future and losing confidence in companies to find that to be quite a big factor.
[00:17:15] And so I repeat, that question again is just when do you find the people or companies I decide not to no longer work with companies who have suffered quite a big data breach and because of loss of confidence, that factors into it as well.
[00:17:32] I think it’s hard to say I could give you a general sweeping statement, I’d say it’s more likely than not if I was to apply my own personal logic to it. And it depends on the data and it depends on the service. If it’s sensitive, if it’s my personal information, if it’s my privacy, or if it affects my family and whatnot and it affects me financially, well, then you can be damn sure I’m going to be very less less likely to buy anything with it. If it’s something like a newspaper or something like that, maybe I’ll be more forgiving. For example, this really depends, but. If the threshold around privacy and my sensitive data and if it has an impact to me in my day to day, living around my digital identities, for example, and personal and financial well-being, well, then it’s far less likely. And I’d say most people would be in the same mindset of that.
[00:18:21] And that’s it for companies who are concerned about their reputation in the market. Often times this also brings in the third party suppliers, and if a third party supplier is holding data on behalf of another company or a company is holding and processing data on behalf of somebody else, this is how reputations get damaged as a consequence. And if you look at the AIX issue and that other financial institutions who are dependent on them, they then couldn’t transact. And that can lead to an issue with that vendor and customer service and what they’re reliant on another provider to do something. And so it does give rise to, well, who are my trusted suppliers and partners that I wish to work with? How seriously do they take security? And I think that’s rising all the time now that people have to demonstrate that they take security very seriously in order to work with older and larger suppliers. And to go back to answering your question. Definitely, people will be less likely to work for companies that have been affected.
[00:19:28] Thanks for that. We move on to the next story, so the next headline is that 61 percent of airlines have no published Dimmock record, and this is finding to suggests that the customers are more susceptible to email fraud. So we had a bit of a chat about this off camera, didn’t we? So the report itself is was by PowerPoint. And like I said, they found that 61 percent of member airlines belonging to the International Air Transport Association do not have published domain based messaged authentication reporting and conformance records DIMMOCK. And then this will therefore increases the risk of the identity being spoofed, emails being sent to customers and getting essentially and. We you’ve kind of set off cover that, yes, this seems quite high, and when you look at it, it’s like facts are black and white, yet it’s not great. But you think it’s probably could apply to many of us, is not just the airlines?
[00:20:29] Yeah, I think it’s a little bit unfair to call it one industry here, because as I CEO and I tried to invoke an introduced DMARC, again, it’s trying to bring a company on a journey and one at a time people are mourning what should one do? And given that email and phishing campaigns are the root cause and over 90 percent of issues. And it’s why our company cybersquatter focuses on human and phishing simulations to help avoid it from happening. But when you look at Denmark, it is a tech, not a technical defence or a control that can add a lot of value to prevent phishing emails from getting through the email technical defences. Because we all know that email phishing emails are getting through on a on a large scale. The most emailed defences are sixty six to sixty eight percent effective, meaning over 30 percent still getting through, which means that getting to people. So cyber criminals are targeting people, not systems. Historically, from an email perspective it was SPF records and dickin and those two protocols are out over well over 10, 12 years. And that was really trying to aimed at helping the sender and the receiver of an email somehow trust each other. But due to complex email environments, that handshake, that interrogation between each other just really couldn’t work. So I believe it was two thousand seven. We were told by David that 2007 PayPal, Google and Yahoo! Tried to work together to share that information. Hence, that’s why DMARC is coming from and has been around for a long time. This is not something new and that tells its own story that it has not been embraced to the level that it should have been. There’s been a rush to order technical defences to defend the network, but DMARC will enable a better handshake between the sender and receiver to authenticate that the sender and the sending domain has actually come from where it was supposed to come from. That’s what the market is all about. And if implemented correctly, it can do a great job of reducing the emails that will get through those defences. There’s no kind of see it. It’s not going to stop it. But this is about a numbers game and stuff and stuff from coming through. But to single out the airline industry, obviously it’s a timely thing. And we talked about this, David, so I wish you to run in the Berlin Marathon. Obviously, Berlin Marathon was cancelled, but my flight has not been cancelled. So over the last week, I’ve been getting emails, flight changes, flight change. If I change, if I change now, it’s changed over three hours. Now I have an option of a refund or I can change it to be another time. I’m expecting that email. So if the airline industry has not secured their emails, well, then guess what? There’s going to be phishing campaigns that are going to come out and they’re more easily spoofed. Therefore, people who are waiting for similar emails like me, given what’s going on. And I really feel for the airline industry because we’ve all loved to travel and provided a fantastic service and as the levels of service gauguin’s all of that. But that’s a different thing. But really they should be embracing dmarc it is there to be used and probably one of the lower hanging fruits. Again, we talked about Pats management. There are certain things that one should do and this should be one of them. And but if I look at retail and I look at other industry sectors, even legal, for example, they’re sending out emails. Retail is another example. We talked about emails. So this is emails of your text messages is also the rising threat. And you said five years ago we were all talking about SMS and then we forgot all about it and now it’s coming back in again and, you know, clicking on links, given away username passwords or banking details, like I’ve seen it in the banks here who are now having to refund customers who have lost money as a consequence of fraud. You’ve got retailers who are being mimicked in terms of sending out vouchers and then you’ve got the airlines who are potentially going to get compromised to SMEs as well as emails. So.
[00:24:25] Know, I would say it off camera again, IoT. I mean, we all had the best water pipe near Minamo.
[00:24:32] My local water company was constantly sending me text messages, then have to click on anything because I was to try to find out any more information, but I don’t really buy into it. So if people are getting emails about Pannovate or flights that they’re expecting to get a refund for and it’s maybe time sensitive, people are going to be because that agency that Babycham knows what when to use efficient and they going to be clicking on them and, you know. You can open up an email so you can you can click a link and take it to a Web page, people might expect that quite a lot more on the phones because a lot of people got smartphones. So, yeah, that’s a good point to make, that the airlines are probably being singled out. It would be a fairly but and I think it’s a good point that everyone should be sort of looking to get this info.
[00:25:13] Is it quite hard to get in for a lengthy process or is it quite simple?
[00:25:18] It’s not as complex as one would think. I think it’s just the messaging team and the email team and making sure that it’s configured. It depends on the complexity of the email environment. Obviously, very large companies are going to be complex, smaller companies less so. And a lot of people are working with managed security service providers now because they know they’re struggling to hire security people so they can leverage those relationships to get it done in a cost effective way. And if you look at the cost of one incident versus maybe the cost of implementing this correctly, it’s far better to be focussed on that. And, you know, the two things. One is, as a CEO, I always wanted to be in a defensible position. I could stand up in front of anybody and say we did this. We focussed on our people. We had security awareness training around fishing simulations. We had vulnerability assessment, weapon testing. We had pat management that incident response with instant response playbooks that we tested amongst the team. What more could I have done with my limited time people and money? The resources it becomes an industry issue. If people are following best practise and doing all the right things. If you’re not doing it, then you’re leaving yourself open to ridicule and critique. And Target was the for me, they want us. Security was the target breach because that’s when the C suite were all sucked. As a consequence, that’s when security became no longer an issue. It was a business. And that’s where seesaws and companies need to get to is a defensible position and not wait for an incident to invest in certain things, because I definitely know that that still happens out there and in terms of budgets and whatnot.
[00:26:53] But there are low hanging fruit items, process and technologies and security awareness for staff that if done right, you can actually mitigate a lot of stuff, including multifactor authentication, for example, that we’ll get rid of 99 percent of impersonation attacks, which if you have given away your username and password, it will stop that from becoming exploited. Right. And but the final piece then go back to it on the on the on the phone side of it, people tend to think that their phone is not a computer. Phones today are more powerful than the computers we had several years ago, and they tend to think that because I’m not a computer. They’re more secure as a consequence. But we all know on Android there’s been a lot of malware on Android devices that have led to access to bank accounts, as well as stealing of data and monitoring what people are saying, what sites are visiting. But there’s also an Apple on the iPhone. The Pegasus malware came out last year that was able to install you wouldn’t even know it was installing this Blue Chip of a tiny fraction of a second. The Safari browser would open up and it wouldn’t be installed and it would be able to monitor everything and anything you did on the phone knowing that they’re criminals. That becomes open source of email, running a phishing campaign or an SMS text campaign. People click on that that then gets installed onto the device. And that’s what cyber criminals are trying to do. The following where people go, people are on devices and working from home has exacerbated this. How can you monitor phones? How can you monitor where people are going? How can you monitor personal devices and personal accounts that people are using when working from home? So it’s not an easy one, but by raising awareness, by being forewarned is four means that we can be prepared and.
[00:28:43] I think you just give me a brilliant Segway onto our next story and final story of the week, which was a report by Malware Bites, which found that 20 percent of organisations have experienced a breach due to remote workers. And so it’s actually what you’re talking about. So this was the enduring from home covid-19 impact on business security report from Moabites. So it was great from product telemetry results from a survey of two hundred and five decision makers and small business owners. And what they kind of found is from the start of the pandemic is that 20 percent of respondents said they faced security breach as a result of a remote worker. And and then they also found increased costs by twenty four percent. And they found a unexpected expenses to address cyber security breaches or malware attacks following shelter in place orders. I’m not I mean, I’m not surprised that there’s an increase of breaches from workers. Is that no sound that you or would you expect it to be a bit higher than expected?
[00:29:51] This is going to come down to. Do people know they have suffered a breach and if you look at it, you want to knowing if you breach, it’s at least three to six months. And when people I touched on it, which was if people are using devices that haven’t been set up to be as secure as maybe they would have been done previously with secure bills in the rush to get laptops to get people up and running, antivirus wasn’t installed. I think that’s in that report as well. We’re talking about antivirus wasn’t installed. Forty four percent of people haven’t been given assistance on how to security work from home, whether it be how to secure your remote network and not to use the same password across multiple accounts, not to click on links and open attachments. And then the sharing of computers, as in using, I think it was an increase of using personal devices instead of the work, the device that was installed on the person who’s using it. You know, is it infected already, if I know from using that account and I’m storing company data on that device, I’m storing it in a personal Dropbox or Google Drive or one. Is that leading to a GDPR breach? Because that data, if it’s being backed up in the cloud environments to the US and it happens to be personal information and tied to a client, these are all the issues that are going to rise. We’ve been talking about our platform in terms of you can run an assessment on our platform, for example, which will be to ask the questions of staff whilst at work from home to say. Did you use a personal device? What did you do on it? Did you use company data? Did you save it using a personal account? If so, where did it go? Have you deleted this? Is it still intact? Did you pack your system? Did you have antivirus? Did you ever get any spurious messages to say you’ve been infected and click here to install free antivirus? Because we’ve all heard those stories and they’re still there, too. And I had a very funny story about that. And sorry for going off on a tangent, but as someone who worked in law enforcement, who I greatly respect still to this day. But he rang me one day because, Steven, I got this pop up. I had to get antivirus installed. I said, OK. And he said, yeah. And it was very quick, very efficient. And they even rang me up offering premium support. So I bought the fake antivirus and people still get caught for it. But we have to do a better job of raising awareness for our staff members when they’re out of the office, out of mind, out of sight. People will circumvent controls to make their job and their lives easier. It’s the dental insider.
[00:32:27] And, you know, again, just to probably finish off on this people, if they’re helped, right. They can be the greatest security asset in every organisation out there. But. Forty four percent not getting any assistance was working from home. That’s not cool.
[00:32:42] Yeah, absolutely. I think just some of the some of the more findings when I was the 80 percent of respondents said that cybersecurity wasn’t a priority for their employees and five percent said employees were a security risk. So to hear those the numbers that they’re not given the training and almost a fifth of the workforce aren’t finding the cybersecurity be a priority, it’s it’s quite worried. Do you think is going to be a big change in the culture of the company? The security make people aware of what could actually happen, especially in a big company where maybe, I don’t know, sort of safety in numbers. You can you’re a faceless employee almost. So you’re like, oh, will never happen to me. It’ll be someone else’s someone else’s issue. And again, that sort of culture change to actually know by clicking on the links, you could be the start of this big cyber cyber incidents that could you know, we were a country, a company, even essentially so. But. Well, I think that’s all we’ve got time for today. Steven, I want to thank you so much for coming on for your time. It’s a brilliant point, which I think that the viewers would have enjoyed as well. So thanks for that and everyone else watching at home.
[00:33:54] Thank you for watching. Secure Celerity and catch us next week for some more cybersecurity stories.
[00:34:00] See you then.