Demystifying Cybersecurity and Updating the Human Firewall
In celebration of National Small Business Week, Timothy Torres, Chief Security Officer at TriNet, speaks on cybersecurity and the integral role your people play in the protection of your business. Timothy goes over the many risks of doing business from a cyber perspective and proactive steps you can take to protect your organization.
Please note that these sessions are for educational purposes only. TriNet provides HR guidance and best practices. TriNet does not provide legal, tax or accounting advice. The materials in these sessions and the products, advice and opinions expressed in these sessions are solely those prepared by the presenter and not necessarily those of TriNet.
Hello everyone. I'm so excited to be here today and I'm so glad that you joined us. I am pumped about talking on security, specifically demystifying cybersecurity and updating the human firewall. I'll just add this note that in my role, our team is passionate every day to help protect our organization and our thousands of customers in enabling all of you to fulfill your mission.
And so it's my honor to be here. I'm excited about it and I believe there's some relevant content we're going to cover today. If you have questions, as it's already been stated, please don't be shy. Put your questions in the chat. And if we have time, we'll absolutely get to it. And then you can also look me up afterwards on LinkedIn or in any other way, and I'll be happy to engage you as well.
Alright, so we're going to talk today about a storyline that I love starting the conversation with. You're gonna see a series of images. I want you to follow along and I hope it draws you into the conversation. Before I get there, you can kind of see the agenda. We're gonna first, talk about the actual problem of cybersecurity around small to medium-size businesses.
We want you to understand the risks of doing business and helping you take proactive steps to protect your organization. And then of course, it's not a matter of if, but when, and being prepared for that inevitable. We've also got some free cybersecurity tools and resources to share to make sure you're aware of.
And then we want to provoke you to think about what's next on the horizon and how you should be thinking about protecting your company and adapting to the ever-changing world that we're involved in with technology. So, if this picture resonates with you or if you ever remember watching Lord of the Rings or The Hobbit, you'll probably remember the Shire.
Tolkien is a great author and we've seen many of the movies produced on the story of 'The Hobbit' and 'Lord of the Rings.' But he describes the Shire as this beautiful, idyllic, fruitful land where the inhabitants, hobbits, are able to live free from the threats and vulnerabilities of middle Earth.
It's really a state of living in a naive world of the realities and harsh adventures outside of the Shire. Side note, I was fortunate to be able to take my, now late mother, but at the time she was just diagnosed with stage 3C ovarian cancer. I was fortunate to take her to New Zealand, where this very scene was filmed.
And so I have both the memories with my mom at this scene, looking at this beautiful landscape, and the movies and pictures don't do it justice, but also the memories that I have with that storyline of seeing the hobbits live in the Shire and wanting and unwilling to move outside of that. Why do I have this on the screen as my lead-off slide?
The reality is that most people and businesses throughout the years have existed, from a cybersecurity standpoint, in the Shire, wanting to live in a naive, fruitful land free from the threats and vulnerabilities of the real world, but the harsh reality is this is not where society has moved to.
The cybersecurity problem has grown year over year, and I'll talk about that in a minute. But many organizations are caught sort of stuck in this land thinking that the problem will go somewhere else and unwilling to really address it. And my point is that this is not what success looks like if you're attempting to move at your future safely and successfully.
And so, we really want to reset the thinking about the cybersecurity problem from a landscape perspective, but then every security practitioner in the world, if they had unlimited budget and everybody took security seriously, this is what they would build. And if you're having trouble remembering what this facility is, this is Fort Knox.
And I'll tell you that this is absolutely not what success looks like from a security perspective. The juxtaposition between the Shire and Fort Knox has left many organizations confused about what to do from a security perspective. But if a security practitioner had their way, they would lock everything down so good that the business couldn't even operate.
And every dollar that they earn would go to the security budget and it's just untenable. And so the reason I bring this up is to continue the conversation from an imagery standpoint. While the Shire is not success, Fort Knox is also not success and so we've got to sort of find that middle boundary of—well, where should we operate? Where should we exist?
Lastly, this is the reality of where most businesses actually live. Now if you know some realtor out there that's clever, they would probably put a house for sale, they would list this as a beautiful fixer upper on the California coast with tons of potential. But the reality is this house propped up with some stilts is one wave short of utter disaster. It's one storm away from being completely wiped off the beach.
And this is where many organizations actually are doing business. And I'll share a statistic. In fact, I'll interject it now. But there's a large percentage, I think over 60% of businesses that have been hit with a major cyber-attack, have struggled to even stay in business afterwards, and so this is also not success.
Can't live in the Shire, can't be Fort Knox, but you also can't exist one wave short of being wiped out. Really, this is where I think most of you probably want to exist—is understanding what are the risks and trade-offs? What are the worst-case scenarios from a cyber perspective that could occur? And how could we prevent loss? How could we minimize loss and how could we recover from loss?
I've said it already and I'll probably say it again: it's not a matter of if, but it's when, and we have to be prepared. And so whatever line of business you're in, you have to understand what are the loss events that could occur, whether it's Fukushima, whether it's an aircraft carrier, whether it's medical malpractice from a botched surgery, whether it's landing a plane on the Hudson, or even for TriNet, ensuring that we're able to continue to serve our customers and process payroll.
We have to have the right thinking about security and it is about risk management. Now, it doesn't just stop there. The cybersecurity problem actually is a human problem. I really want to lay the foundation about when we demystify cybersecurity; it's a human problem. We would not have a cybersecurity problem if humans didn't create it in the first place.
When we started our journey in building interconnected systems, we didn't build it years ago with the ability to have security by default, to have zero trust principles that deny by default. And so because of this open, interconnected web of networks that we have on the internet, and because of technology needing to be used for commerce and for transportation and for finance, systems are open and they talk.
And because of that, there are vulnerabilities. And really the biggest vulnerability out there is the human. If humans built technology, they can break it. And that's exactly the war games that we're dealing with today with cyber criminals. And just to touch on that for a minute, cybercrime is actually a trillion-dollar industry.
If it were an economy—I've said this many times—if all the cyber criminals of the world formed their own country, they would have the third largest gross domestic product next behind United States and China. This is just the reality that we're living in. And so we're constantly sort of positioning ourselves to be just a little bit better than the adversary, so that we can protect against loss events.
At the end of the day, 82% of data breaches involve the human element. Humans are involved in creating the problem and also attempting to solve the problem. Yet, even on the screen, you'll see that we're having challenges finding people these days. The talent shortage from a cyber perspective is immense. And so, the cybersecurity problem is wrapped up all around humans, but it's not just that.
The cybersecurity problem is an SMB problem. I'm gonna touch on this for a minute because I think that the reason why you're here is you understand that or you're on your journey to understand it better. But there was a poll that was taken last year, where over two-thirds of SMB leaders that were surveyed said that they didn't believe they were susceptible to cyber-attacks.
So you have that data point that, on the nose, seems to be at odds with the reality. Again, that's the shire, right? But we've seen over 40% of cyber-attacks leveraged against SMBs. This past year, we saw an increase of over 400% of successful cyber-attacks against SMBs. In fact, I'll say it even further, small to medium-size businesses make up 90% of businesses in the United States.
And so, the reality is these smaller organizations don't have robust enterprise level security technology and security programs. They can't afford it. It's not on their priority list. And so because of that, adversaries see SMBs as a target rich, soft environment that they're able to exploit.
And so what success for all of us looks like is understanding the problem, understanding sort of where you are in the story and moving yourself to a position to be able to manage the risks and to make wise decisions. At the end of the day, you'll never get the risk to zero. But we all have responsibility to protect our organization, which is why that leads me to the next point.
Really the question could be asked, okay, we got it. It's a human problem. It's an SMB problem. We know we can't live in the Shire. We know we can't be Fort Knox. We know it's a risk management problem, but now where do we start? That's where most organizations struggle to sort of get the ball rolling.
Do we just dive right into technology? Do we go buy a solution? What do we do? And so the reason I'm talking about this today is I think that it's best for leaders of SMBs to start and begin with sort of the end in mind. What are the loss events that would put you out of business? What are the loss events that would destroy your reputation? What are the loss events that could impact your liquidity or that could impact your availability or ability to serve your customers?
Those are the loss events from a cyber perspective that you want to sort of understand how those events could occur, what capabilities you have today and what you may need to strengthen yourself to prevent those.
I highly encourage you as leaders to know what are your top three risk scenarios. Many organizations, their top risk scenarios are ransomware incident, because if they get hit with ransomware, and their computers and their data is completely locked out, they have no ability to sort of operate as a business or to be able to communicate with their customers or with each other or to be able to process their business workflow.
And so where we start with this is, number one, we understand what those loss events that you would least like to see materialize. You take a step back and say, what are the assets? What are the technology solutions that you have that you need to protect around those events? And then who would actually want to attack us?
I know that that's a difficult exercise to take on, but most of the time what you're dealing with are very motivated cyber criminals that are looking to go after low hanging fruit that allows them to turn around profit quickly. Most of the cyber criminals these days have families, they live in homes, they take their kids to school, they work a job.
Many of these cyber adversaries don't even know how to sort of commit cybercrime themselves. They subscribe to services that have already pre-designed packages for them to phish your organization, get you to click a link and install ransomware, and so understanding sort of who wants to go after you.
Sometimes there are other motives for adversaries to go after you, but having a firm understanding of like, who wants to cause harm to my organization. And then if they were to take action, how would they do that? And then what are the defense mechanisms that we have in place today?
Most of the time, the easiest way that cyber criminals compromise organizations, as I mentioned, 84% are related to humans, is they phish you. They send a link. It looks legit. Now, with sort of generative AI out there today, they're able to craft more sophisticated phishing emails without having to do it themselves.
Gone are the days of run-on sentences and misspelled words from a Nigerian prince that was trying to get you to wire all your money because they needed to get married or they couldn't get their inheritance. And so all those stories are years ago. That's the Shire. We now live in a reality where it's a trillion-dollar economy. There are motivated adversaries, and understanding how they would act against you and how you can protect yourself is how you can actually begin to manage the risk.
And then lastly, if they succeed, how would you respond? We'll talk about incident response in a minute, but this is the methodology that I encourage you to sort of begin to think about. This is how success on your journey begins.
Success on your journey in protecting your company doesn't begin by going out and buying the latest security technology or going with some of the things that you see that are really popular. At the end of the day, you start with understanding what are your risks, what are the threat scenarios and how can you make your company more resistant against those attacks?
So now, we understand it's a risk management program. We understand that it's really about making trade-offs, but then what I think you're asking is the right question is—what are the basic things that I don't even need to do a risk assessment to actually start moving the ball and protecting our company?
And so we've listed a few things. Number one, your best defense or your weakest link are your people. As I mentioned, it's a human problem and that's why we're updating the human firewall today. Success cannot be achieved without a strong culture of security and awareness in your organization. And that starts with the top. That starts with the leadership of the company. That starts with onboarding of employees and making sure that they get trained.
And many companies today lack the ability to create the content. There are so many solutions out there that you can literally buy for a nominal fee that you can use and subscribe to have your employees trained to have a very basic proficient level in security: understanding how to avoid clicking on links, understanding how to create strong passwords, understanding how to sort of behave in a safe way to protect your company.
So I would say this over and over and over again. Train your employees. They're your best defense. Many of you out there say, "I can't afford a cyber security team." Well, your team is your entire organization. That's your security team, that's your best firewall to help prevent a disaster.
And so, foster a strong culture of security. Focus on access management. Limit access to the very minimum necessary. And that is a practice that will go a long way, especially if you're compromised. Ensuring that those that end up getting compromised don't have the keys to the kingdom, but you provision roles and access to minimum necessary and need to know. That doesn't cost you anything, by the way. Both of those first two are very limited investment.
Number three, this one also doesn't really cost you: keep your software up to date. Ensure that you have all the patches that are applied in a timely manner. You can even turn on auto updates to ensure that you're continuing to do your business, and all that software gets updated by the third party automatically. I'll mention this, though—every year, roughly close to 20,000 new vulnerabilities are discovered. And so what that means is that during this presentation, there's likely one new vulnerability that's going to be discovered and we just can't keep up with them. And so the real solution is to ensure that you have real-time updates to your software so that you can stay at least current.
Install and maintain endpoint security. You should not have any computer on your network or in your business environment that does not have sort of endpoint security and is updated. I've talked to a lot of people and they have endpoint security. Maybe it's not deployed fully and maybe it never gets updated. Again, that doesn't do you the service that you need. You have to be vigilant. You have to maintain updates and ensure that you're able to protect against the latest threats.
Number five, reduce your attack surface and make it difficult for adversaries to attack you. Now, this is where a lot of layers of defense and security controls come into play. I won't list them all, but I'll call out a few. Multi-factor authentication is absolutely a must. Now you ask, well, what is multi-factor authentication?
It's that second factor after you type in your password that requires you to validate that it is you that is authenticating. Usually, it's a one-time password through a text message or a phone call. Sometimes there's an app that you have that'll give you a code or you'll actually accept it with a push. Sometimes they'll send a code to your email.
No matter the form, the reality is if you don't have multifactor turned on for your email, for remote access to your network, for all the other systems and applications that you use, passwords are so easy to crack. They're so easy to guess. You have to imagine that just about every password that you've ever created has already been discovered on the dark web.
And adversaries scan that on a regular basis. They create massive databases, and then they run all those passwords against usernames, associated usernames and find which passwords actually work. And those people that use the same password for every account likely get hit in that. And if you don't have multifactor, they're able to get right in and access whatever you had access to.
And so that's why it's important to have that. And I mentioned strong passwords. I'll just mention this. Pass phrases are much better. I believe in working towards a passwordless future. But on the journey, one of the ways is to start creating pass phrases: easy to remember, longer, stronger, more robust, but that's gonna help you go a long way as well.
Number six, this one is a very, I think, Main Street solution. Leverage the cloud, when possible. Leverage the cloud. They have better security than you. I know that a lot of businesses are shy to move in that direction, whether it's for financial reasons or for other reasons. But the reality is these cloud service providers, as a total, I know there's always unique situations, but most of them, if not all of them, have better security than you. And so it's better to leverage that from a security perspective to help protect your organization.
And then lastly, test yourself regularly. I believe in phishing simulations regularly. You should test; you can sign up for these. There are many services out there that will do this for you. You want to know what's the susceptibility of your organization against a phishing attack and this will allow you to test and to know what your click-through rate is and to help create goals for the year.
Have a goal for your organization, baseline it and find out what your click rate is, and then by the end of the year or rolling 12 months, have a goal to reduce that in half or reduce that by 75% and hold your colleagues accountable to that. And that's back to number one, fostering a culture of security.
There are other things that you could do to test your environment. Penetration tests by third parties, run your vulnerability scanning on a regular basis if you have a large enough environment. Make sure your backups, that you have them, and that you actually test them in the event of a ransomware event or other incidents.
If you haven't tested those, you may find out that they are also corrupt or that they never worked in the first place, and that's the last time you wanna find that out. And then let's talk about actually being prepared for the inevitable. As I mentioned, it's not a matter of if, but when.
These are motivated adversaries. They're looking for the weakest link and should they be able to compromise you, the last thing that you want to be is unprepared. And so, you know, the first thing is to have an incident response plan. Most SMBs think that that's too complicated to create, and so they don't know where to start.
But I'm gonna share some resources for you in a minute that I believe is going to unlock the door for you to be able to excel in some of these basic things that you may not have the subject matter expertise to be able to operate. So we'll get back to that. I'll talk about that in a minute.
I already alluded to the fact that good backups are critical. I'm gonna ask you the question—if you're a leader of your company, do you know what your backup schedule is? Do you know the last time it was tested? Do you know that it passed the test? Have you had to rely on them in the past? Do you know that all of your critical applications and data are backed up?
Those are the questions that I would ask yourself. And if you don't have the answer, I would make sure that by this time next week, seven days from now, you have the answer. Because at the end of the day, being prepared for the inevitable means you know you have a plan in place to respond and recover. And you've got solid backups in place to the best possible solution that you can afford to be able to help you recover in the event of a ransomware attack or the event of a system outage.
And then three, incident response firm on retainer. What does that mean? Well, what it means is, if you remember the old Ghostbuster song, you know 'Who you gonna call'—who will you call in the event of an incident that you don't have the expertise inside your organization to be able to contain, eradicate, forensically investigate what happened, where did it happen, how bad is the problem and to be able to recover.
And so if you don't have sort of your go-to, like we've got a firm on retainer. We know who to call. We know we've talked to them regularly. In the event of an incident, we know who to pick up the phone and talk to. If you haven't checked that box, I highly encourage you to proceed in researching firms in your area or firms nationally that you can afford. And there are many of them out there that will do this for you and all they'll do is set up a sort of a retained contract with you, and you use it when you need it. Hopefully you never need it, but it's better to have it and to not need it, than to need it and not have it.
And then four, conduct tabletop exercises. What does that mean? What it means is that there are specific incidents. I talked about ransomware—we'll use that one here, that you may not even know how prepared you are to respond. And so I would carve out half a day where you and the leaders of the company get together and you can go online and actually download ransomware tabletop scenarios.
You don't have to come up with it yourself. There are worksheets out there that allow you to process this, but it requires you to stop, get in a room and work through—how would you respond if your crown jewels were locked up from ransomware? How would you respond? Would you pay the ransom? Would you recover from your backups? Would you get the FBI involved? Would you call your retaining firm to come in to help clean it up? Do you have all that contact information?
Those are the things that help you understand how complicated a major cyber-attack can be and allows leadership to get to build the muscle and the rigor and the rhythm of being prepared for the worst. It doesn't have to be a passing grade. You could fail the tabletop, but the good news is you didn't fail the major incident. You failed the exercise. And you can document the lessons learned. You can learn from that and move on and do another test and be prepared for the future. So I absolutely encourage you to make that one of your priorities once you've already got an incident response plan in place.
And then five, cybersecurity insurance. Most people think that's for big organizations and you know, little companies like me, you know, we don't need it, but there is a growing need for this. There are affordable products out there that will take into account your security posture, your risk profile and will write policies for you.
And the reason that's important, I alluded to the fact that a lot of organizations go out of business after they get hit with the cyber tap, because of how long it took to recover from the ransomware with the cost associated, with buying new equipment or the loss of their business from customers that they lost trust with. And so cyber security insurance will help as a mitigating factor to address some of that loss exposure that you want to reduce so that you can maintain your business operations and not go out of business should the worst-case scenario occur.
And then lastly, continuous focus on resiliency. You know, it's not all about cyber-attacks. You could have an insider who intentionally or unintentionally caused a major incident. And the focus within an organization on resiliency is critical and the culture of high reliability, the culture of focusing on what could go wrong and how could we avoid that. That's, I think, the premise of being vigilant and prepared for these scenarios as they occur in the future.
Now, we talked about free security tools and resources out there. I don't know that most of you realize this or not, of course this is SMB Week and we're thankful that SBA kind of facilitates that, but if you go to sba.gov, there is a 'strengthen your cybersecurity portal' where you are able to sort of access information out there that can help prepare you for strengthening your security program. It'll help actually even guide you to the point where there's a cyber planner link that I highly recommend you do.
Now, I mentioned earlier about incident response plans and a lot of companies don't have the talent in-house to write an incident response plan or a cybersecurity strategy. So if you go to sba.gov and you go to 'strengthen your cybersecurity', there are a series of links. One of those is a cyber planner and I have that image on the screen.
All you have to do is type in your company, your industry and then select what you actually would like it to help you build. You click those items and you hit generate and it will actually generate a cybersecurity plan for you, based on your profile. You're able to then take that. It gives you the steps necessary to sort of begin to create the documentation or to create the controls that you need to help be prepared for a cyber incident. I can't encourage this enough. I would write this down. I would go check it out today. It's incredibly helpful.
Cisa.gov has a great sort of cyber guidance for small business portal as well. And all of these have an immense amount of resources and documents and guidance and you don't have to spend any money on adapting your business environment from a security perspective to some of the guidance that they provide.
And then lastly, nist.gov. There is a small business cybersecurity corner where they provide tools and resources. I mentioned earlier about conducting a risk assessment. They actually provide the template for you to do that in a formal way. And so incredible resources, it connects you to various ways of learning. There's even free training out there. So I mentioned this. You've gotta have a security culture. Well, you know, that costs money. You can actually access free training that's available out there for SMBs and you can incorporate that into your onboarding and into your annual training so that you can raise the bar in a way that doesn't break the bank.
And so I encourage you, check out sba.gov, check out cisa.gov, check out nist.gov, and then you can also, you know, search out there on the internet. There's a lot of other resources as well. So kind of looking backwards, what are some of the challenges now on the horizon? How should you be thinking from your perspective around your business, trying to secure your environment, trying to make sure you don't go out of business if you get hit by an attack, and then also looking ahead at what are the things that are on the horizon? As you've seen a rapid explosion around generative AI, you've probably seen Chat GPT out there and you've seen some of the other solutions that are being talked about in the news. That presents a tremendous amount of risk and opportunity to organizations and to individuals.
I'm gonna show you a few things in a minute. But I wanna say this, that I think it was Bill Gates who actually gave a recent talk and alluded to the fact that you know, when the internet exploded, the sort of the rate of innovation and the inflection point on our advancements hit a new level. And he likened that with artificial intelligence.
And so the last thing that you want to do is sort of be in a panic and sort of push yourself back into the Shire and wanna live in a state of naivete; that's not success. And so I wanna encourage you to actually embrace it and to become acquainted with it.
Understand, kind of table mat, what the world of artificial intelligence looks like from your perspective, from your business. Maybe it's something you embrace from your product standpoint. Maybe it's something you embrace from a solutioning or a security standpoint. Or maybe it's something you identify as a threat or a vulnerability that you have to deal with.
The last thing you want to do is go backwards into the Shire and expect the world to solve the AI problem. This is going to be a continuous, evolving item that I think from a security standpoint is going to only increase, but it also produces a lot of opportunity.
Adversaries on the inside. The monetization of cybercrime, because it's a trillion-dollar economy and growing precipitously, is causing insiders that have low morals and low ethics to be available for hire. And we've seen scenarios where insiders working for organizations have been maliciously used to work with outsiders to cause cyber-attacks.
And so I think that being prepared to be able to detect that as soon as possible and to be able to advance against that is important. Remote workers, you have no idea where some of the remote workers live. You don't know what's going on in their home. You don't know who has access and if they're sharing that. These are risks that you have to understand and be prepared for.
The global supply chain. That's important to understand how you can be prepared to navigate, should there be another major global pandemic or other shortages in the supply chain that you're able to address that. That also involves the software supply chain, where we've seen a tremendous amount of risks and vulnerabilities materialize.
Talent shortage, skill gaps and then also the need for security as a core competency for employment. Gone are the days where you could just hire somebody and allow their thinking from the Shire to exist. We've gotta bring people into the new era. This is the new era that we exist and we need people to come in sharp and being cyber-aware, and that is becoming more and more a cultural imperative.
Lastly, I talked about AI. Let me kind of end with this. And I know there's a question, so I'll talk about that in a second. But what artificial intelligence has also done has changed the game. It has changed the game. There are now more challenges than ever to understand what is true, what is fact and what is fiction, what is authentic and what is fake. And so the rise of the deep fake has become a growing advancement that we have to deal with to the point where now computers can generate faces of people that never existed. You can also take a series of images.
I did this, I'm not gonna share it. I took 10 images of me and I said, "I want you to put me in a painting with JFK." And it literally put me in a painting of JFK and it's amazing that the lack of need for Photoshop has never been stronger, but this is actually a challenge.
Look on the screen. Can you spot the fake? Now, one of these images was created by a computer. The individual never existed and one of these individuals is actually a real human being. The reality is I couldn't spot the fake, but the one on the right is completely generated by a computer. The one on the left is Lady B in Philadelphia.
Let's go with the second one. Can you tell which one is the deep fake? Again, one is generated by a computer. The other is a real human being. Of course, the man on the left is Tom Hardy. And the man on the right, it was generated by a computer and so this is more and more becoming a trend where content can be generated and attributed to people that never even existed. And so we have to start thinking about that.
So as I wrap up putting it all together, why cybersecurity is a problem, especially for SMBs, it's because there's a trillion-dollar economy. It's very lucrative and SMBs are target rich and have never been softer. Number two, how should you approach the problem for your organization? Remember, it's a risk management challenge that you can rise to. Number three, practical ways to implement adequate security protection. We've laid out a list of things that are best practices, many of which you don't even have to spend money for. Number four, it's not if, but when. How should you be prepared for the inevitable? Plan, drill, drill, plan, drill, drill.
And then five, what challenges are on the horizon and how should you be thinking about them? Don't go back to the Shire, embrace the challenges of the current and future, which is rich with generative AI, is rich with automation, and learn to leverage that for your advantage, rather than a problem.
So with that, I think one of the questions was: does TriNet offer cybersecurity awareness? So great question. Not today, but that is a topic that we've talked about where we can sort of assemble content and make that easily available even for the onboarding of clients. And so the answer is not today, but it's an opportunity that we are looking at.
So with that, thank you for joining. Thank you for the engagement. If you have questions, you're also welcome to look me up. And I would love to engage you, love to be an asset and a resource for you. And we will win this battle, but it's going to take all of us together to fight against sort of cybercrime and those adversaries and to help all ships rise with the tide.
So thank you for the time. Enjoy your day and let's stay connected.