Breaching the Boardroom

Breaching the Boardroom is a high-level podcast designed to explore the intersection of leadership, growth, and technology. Each episode brings industry leaders, experts, and innovators together for candid conversations on how to navigate the evolving tech landscape while driving business success. We’re on a mission to simplify complex topics like AI, cyber threats, and IT strategy, making them accessible and actionable for executives in mid-market businesses.

All Episodes

Breaching the Boardroom

The Anatomy of a Cyber Attack

December 17, 2024

🔍 In this episode of Breaching the Boardroom, we explore The Anatomy of a Cyber Attack with our special guest, Natalie Suarez from ConnectWise, alongside co-hosts David Mauro and Ashley Sebastian.

Natalie takes us on her unique journey from commercial real estate to the world of cybersecurity and breaks down critical insights into the evolving threat landscape. Learn how organizations can leverage frameworks like MITRE and why fostering a security culture is the most important step in protecting your business.

💡 Key Discussion Points:

What is the MITRE ATTACK Framework and how does it help businesses - fight cyber threats?
The rise of AI in Cybersecurity and its impact on threat automation and deep fakes.
How small businesses can prepare for ransomware attacks and data breaches.
Building a human firewall through cybersecurity awareness and education.
Practical best practices: incident response plans, AI use policies, password managers, and MFA.

🔗 Resources Mentioned:

Webinar: "Human Firewall: Fostering a Cyber Safe Culture" 👉 https://www.netgainit.com/human-firewall-fostering-a-cybersafe-culture/

🖍️ No-Cost Collaborative Whiteboarding Session

Meet with Us: https://meetings.hubspot.com/tmarvin

🎧 Who Should Watch?

This episode is perfect for business leaders, SMB owners, and IT professionals looking for actionable strategies to defend against cyber threats, understand modern attack methods, and empower their teams with proactive cybersecurity measures.

🔵 About our Guest: Natalie Suarez, Principal Solutions Advisor at ConnectWise

Natalie brings over 25 years of experience in cybersecurity, software, and systems engineering, serving both private and public sectors, including Fortune 100 companies and government agencies like the Department of Defense. She currently leads cyber risk education for ConnectWise partners and was named to the 2023 Channel Chiefs list. Natalie also facilitates the ConnectWise Evolve™ cybersecurity peer group and serves on CompTIA’s ISAO Governance Committee. Previously, she led solutions engineering at Perch Security.

☎️ Connect With Us

Website: https://www.netgainit.com/

LinkedIn: https://www.linkedin.com/company/netgain-technologies-llc

Book a Meeting: https://meetings.hubspot.com/tmarvin

Receive Alerts When New Content Is Released: https://www.netgainit.com/resources/

🌟 Who Are We?

NetGain Technologies is a leading managed IT and security service provider with over 40 years of experience helping small to mid-sized businesses succeed. 💻✨ Specializing in IT management, cybersecurity, and strategic consulting, we empower businesses in healthcare, finance, manufacturing, and beyond to turn technology into a competitive advantage. 🚀

☎️ Connect with Us

🌐 Website: www.netgainit.com
💼 LinkedIn: NetGain Technologies
📅 Meet with Us: Schedule a Meeting

0:01

Hi everyone, we have David Mauro here and Natalie Suarez. Natalie is with ConnectWise, one of our partners. Natalie, can you tell us a little bit about your origin story? How did you get started in cybersecurity and IT? So that's a really strange story. I actually was working for a commercial real estate company. I was very young and I'd always been interested in computers and the owner of the real estate company needed someone to help him manage the computers for the commercial real estate agents. So he really took me under his wing and just showed me everything and absolutely loved it. Decided to go back to school, get my computer engineering degree. and then became a software developer for the MITRE Corporation, worked in the government space, helping intelligence analysts for the longest time. And it was a natural progression because threat intelligence is threat intelligence. It doesn't matter if it's for military or if it's for cyber threats, it's the same type of processes and moved into my first startup and just loved it. long story short, and here I am now at ConnectWise. That's phenomenal. Can I ask you a follow up to that? So explain for the listeners kind of the role of the MITRE organization. Like they're kind of a independent nonprofit. They kind of set standards. They create sandboxes so that when a lot of the software out there, you know, in the cybersecurity space or otherwise, when they can test it and see what it looks like, right? yeah, they do a lot of cool work. So MITRE is actually what's called a federally funded research and development center. So even as a software developer, we were doing a lot of experimental stuff. Like you said, a lot of working in sandboxes and making sure that what we did was actually helping and not messing things up for a data analysis or a cybersecurity perspective actually. MITRE publishes the MITRE attack framework, a lot of our listeners might be familiar with. I did not work on that project, but was aware of that and also publishes the common vulnerability and iterations, the CVEs, cve.mitre.org, MITRE.org. And it's not an acronym, allegedly. They do a lot of great, yeah. that MITRE ATT &CK framework. And can you kind of just explain to us, like I'm a third grader, kind of like what is it's the way I look at it. And I could it's a basic view, but it seems like a framework for evaluating the risks that are out there, the cyber crime risks, certain types of ransomwares. you know, remote access Trojans, things like that. So what it does is it's actually, we're gonna go back to MITRE's military roots here, believe it or not. They're called TTPs, and that's a military term. It stands for Tactics, Techniques, and Procedures. And basically what that is, is a taxonomy or a dictionary of the TTPs that the threat actors or the bad guys use so that we can, so we have to know what the bad guy is thinking and what they're. what, how they're going to do it. If we know what the bad guy, how the bad guy is going to accomplish their goal, which is stealing our data or, you know, conducting a distributed denial of service attack. If we know what they're going to do or how they're going to do it, it makes it that much easier to prevent it, to, you know, to have safeguards that mitigate our risk. And that's the purpose of the attack framework. As a matter of fact, our cyber research unit here at ConnectWise, I know you're aware, but our listeners may not be aware. They actually, all the threat research they do and the attacks and the threat actors that they investigate, they map all of that back to the MITRE ATT &CK framework. So it's easier to defend yourself against those attacks. So for most listeners, let's say there's business leaders or business owners of smaller businesses and they don't have the internal security teams or they're not versed in this. It seems to me like it's similar to traditional crime fighting that the police departments do or the standard detectives do. And then there's an element of understanding the modus operandi. Like, you know, when you think of the old movies, if you will, right, like somebody would always kind of do a thing and leave a mark, right? Like that's their modus, that's their MO. That's how we know the Joker did it, right? Like that's how we know these people did it, right? Like, I'm not trying to make it too simplistic, but really it's, it's really not more complicated than that at the end of the day. Right. And that MO, that unique TTP that they use, right, kind of defines them. And then when we see evidence of that, we know how to defend it. Okay, and when threat researchers, the good guys, see certain TTPs, that's how they identify which threat actor it is too. So you could take that even further. It's useful both for us on the defense side and for the actual threat researchers to understand what may be coming next. If we know it's a certain threat actor and they're doing... these three things, well, they always do these three things first, and then they do steps four and five. So we can kind of get ahead of that. Yeah. Yeah, it's it's interesting. They don't always advertise what their plans are on the dark web, right in their forums when they're kind of getting together as gang members and they're talking and you see those chats going on. They don't always go, hey, we're about to hit, you know, this health care organization next Tuesday. They don't really tell us that. But the the researchers are able to tell by the way in the the software that's used, like certain gangs will write certain code in certain languages, you know, and by being able to identify that, then they can kind of attribute the cybercrime to a certain gang element. And then later on, the gang will like take credit for it, right? Like after it's kind of made the mainstream news. Yeah, then they're like, yeah, we did that. Right. Yeah. Interesting. Interesting. there've been so many changes and we've seen since, you know, 2011, 20, you know, back in the day, I always come back to like 25 years ago, we had two versions of our lives, right? Would you agree with that? Like we had a computer version, there were computers in the offices, right? But we also had our pen and paper or our physical world. And if the computers were down that day, we didn't skip a beat. We could still. pay bills, engage with clients, have meetings, take notes and have them all continue to operate. Today, all of that's changed. Thanks to digital transformation and as organizations have advanced and digitized, if any of us have ever received health care or been at a hospital or a doctor's office recently, they don't walk in with the physical charts, like with all your history right there, looking on the pieces of paper, flipping it over like they used to, it's all on a pad. It's all in a system, right? Like Epic or one of the healthcare systems. And when they go down, things come to a screeching halt. What have you been seeing lately in terms of, there, Are there any trends that you're seeing, you know, in the last six months? Any anything new or things that are being highlighted more that business owners and leaders can take into consideration? Yeah, that's really a loaded question. I was even at my doctor recently and the first question when it came in after he said hello was, do you mind if I have this HIPAA compliant AI agent? And I just like to use this to make sure that I'm not missing anything in our conversation so I can look back later. and make sure I didn't miss something. So I would say AI, know, everything is automated. There's so many ways to automate things. can automate from a marketing perspective, you know, take for instance, your digital signature as a small to mid-sized business. Think of the power of capturing all that information that your clients, how they're interacting with your website. It can tell you what's working on your website, what's not working. Look at some of What language you're using is resonating with your barriers, right? what's your buyer sentiment? Are they buying from you because you're their only alternative? Are they buying from you because they really love your company or love your service? Do they love your product but not so much your customer support or vice versa? There's just so much power there from a marketing perspective and a sales perspective. We have tools that we use with our partners like NetGain, all kinds of social media campaigns or email campaigns that we can automate and measure. And AI is so powerful. The only thing we have to remember is if we're going to automate something and it could be anything, could be a business, any type of business process can be automated, right? You just have to understand what the outcome should be so you can measure your automation. Don't just go wild automating everything, even though that sounds like a blast, doesn't it? We have to make sure we can still measure and we have to be cautious, right? Because with AI, even though I'm glass half full on AI, I know you know this David, I'm a huge AI proponent. I just see all the fantastic things it can do for us. We do have to be cautious, right? We wanna make sure we're using, like my provider was using a HIPAA compliant AI, right? Are we using a public AI? just an app that they downloaded on their phone. Right? Right. know, right? You want to make sure you're using a private AI if you're dealing with client financial information or HR information. You don't want to be using chat GPT or co-pilot on the web, right? Because we don't, mean, there's been companies like Samsung lost intellectual property, right? There's always. Yeah. I think about that all the time. When OpenAI first came out, Samsung engineers were putting in the design and the intellectual property to fix some code, but they were putting it out in the general AI as opposed to behind a private AI. Right, and you wanna talk about the old days. You remember, I mean, as a software developer, Stack Overflow is where we would go to get help with code, right? And it took longer. Now, if I'm writing a snippet of code, which they don't let me do that anymore, by the way, but if I was writing a snippet of code, I'd probably plug it into a GPT, like ChatGPT, your Gemini or Copilot, right? But what happens if a bad guy... it in there, then I could get it out. Right. Like if I'm on the other side and I say, what's the code for this? Right. And I prompt it correctly. It's going to spit out what you input it. definitely. Right. But what happens if a bad actor puts in a code snippet? It's really malicious. Right. We have to be cautious. This doesn't mean we can hire all brand new software developers out of college and they're just going to be fantastic because they're going to use AI. You need some experienced people on your staff too, right? Because I would know well, back in the day, I would have known the difference between real code and malicious code. but a really junior developer or a junior project manager may not understand the implications of what they're automating with AI because it's just there, it's just so easy. So you have to be careful that what data set was used to train your AI. And is your AI just hallucinating and making stuff up? We can't accept it. that Ashley and I talk about quite often are the risks of AI in social engineering. Social engineering, you know, there's, we can have all the threat hunting and all the security expertise, but when the people let them in around all those safeguards, then that's how a lot of the data breaches that are in the news wind up. AI and in particular synthetic media, deep fakes as we hear about them, like images, audio, voice, live picture, the face, hand movements, et cetera. When those are generated, it really can make social engineering very, very effective. And it's like on steroids. And what's amazing is there are a lot of legitimate companies that are promoting the use of these avatars, right, where you can make your own avatar and they're promoting it like two companies so that you can scale your efforts so that you can attend 15 sales meetings at the same time. You can attend several customer, you know, attend to several customer meetings or customer, you know, customer service calls. And you can think about the leverage that that can give you. But by training that AI avatar, it can speak like you. It'll look just like just like us. It'll sound just like us because it's trained on our voice, our syntax, our idiosyncrasies. And then it can think like us, which is really, really freaks me out because that is just something where you're just asking. We've seen several cases of breaches. mean, when we all imagine what happens when we get a phishing email and we spot it, right? We're like, I remember that training. There's a red flag here. I'm not going to click on that. But then they send you a calendar invite for a Teams meeting or a Zoom meeting. And then you go and you jump on it and it's your boss or somebody that you work with. And they sound like themselves. They're calm. They're answering all your questions. they resolve any questions or any suspicions that you had from that prior email, and then you go ahead and you make the wire transfer, or you release the W-2s of all the employees or whatever, whatever sensitive information that is being requested, only to find out later that that was a deep fake. Are you seeing that more and more out in all of your... deep fake video. There's a very publicized case in Hong Kong of a financial worker who had a web meeting with his CFO and other colleagues and wired the equivalent of $25 million. Yeah, there was apparently eight people on that meeting and the only real person was the victim. Yeah, everybody else was a coworker who a couple of them here she recognized and none of them. I know it's crazy. mean, and really the only thing that you can do to protect yourself from that is have policies in place and the training that goes with them. You know, we always recommend that businesses should have a personal relationship with their banking, their banker, because if you authorize that transaction, that does not come under FDIC insurance or fraud because it is a fraud, but you have entered a contract with the bad guy. Right? And you've said, hey, I'm going to give you this money. Now, unless the bank catches it on their own, your only protection is to say, have relationship with the banker and say things like, hey, over a certain threshold, someone from my company, this particular person from my company actually has to come in person to the bank to make changes to wire transfers or changes to ACHs. That's a great point. I'm so glad you brought that up because most people don't understand that. Right. It's different if somebody gets your credentials on the dark web or they buy them or they steal your credit card and they go and like they're making the transaction. But if you're calling up and you're making the transaction, it's not covered. Yeah, you're liable because you are you are the one doing it. The bank can't be held to to have to double check you and be like, are you being fooled? Are you under duress? Say vanilla, like say a word if you're, like, do you have a safe word together? Like something like that, right? It's so, that's a great point. So, Ashley, was there anything you wanted to, anything you were wondering, I you wanted to ask about like what best practices for small businesses. You had talked about that. also wanted to ask what actually happens during a data breach. so what happens during a data breach? Well, you know, the way it could happen could be different. mean, it could be someone, you know, purchase credentials on the dark web, because what happens is a lot of times people will use their work email and that same password that they use for accessing their Facebook or their Amazon, they'll use it for their work. So the first. Yes, I know it's crazy, isn't it? Well, it's funny because you and I have been doing security awareness trainings out in the public for decades, right? And in the beginning, we were like, let's use stronger passwords. And then I would do the same ones to the same groups and they'd come back and be like, I took your advice. I have a great password. I use it on everything. And I'm like, no, you didn't listen to the other part of it. Yeah, I know it really does. is really a big deal because with data brokers and everything, your data gets sold and you forget where you used it. Yeah, you forget what app you used it on. And even though it is a good password, it's going to get compromised by somebody that doesn't take security seriously. And now they can get into your bank as you. Now they can get into your work as you. Great point. I think a lot of people that are, I guess, non-technical think, but what does it matter if somebody gets into my Gmail account? I don't do anything in my Gmail account that. What happens in your Gmail account? Well, are you using that Gmail for accessing your bank or your 401k? Or is it your backup for password resets? It doesn't take much from that one Gmail account or a certain other account that might not seem very important to you to become you. It's only a couple of steps because they can go and easily online because we curate our lives online. I can find out all the apps that you use. I can find out all of that stuff. And then from there, reset all of your passwords immediately to the Gmail account I now have. and then have new logins where you're locked out and I'm you and I can do everything. Like I can go and redo the banking easily or wipe out your 401k easily because if there's any confirmation, just send it to the Gmail account. And that's actually what does happen. And it's not like in the old days, even our personal email isn't just email. I if you have access to someone's Gmail account, have access to their, you probably have access to their web history. right? in their right there, their search history and their Google Drive, you know, and the first thing that in my interview of certain threat actors and hackers, the first thing they always do is go into your sent folder, because so many of us keep so much data that we've sent out our taxes, we send them to our accountant. It's not in my inbox. I don't think that it's in my email anymore. Yeah, it's still there. It's in the sent folder, right? Like we forget about that and all those confidential things are in there. Yeah, so typically that's how the bad guy first gets in is through your Gmail or through your work email or whatever, you know, because think about it when you first get your job offer wherever you're working, where does that come to? It comes to your Gmail. So then they're like, I know where this person works. You've emailed. be on there, the application, the direct deposit information. A lot of that oftentimes is right in your personal information. because what the bad guy does first is they do investigations. What is publicly available about this person? What's on their LinkedIn or their LinkedIn's linked to this Gmail? Well, I've got this breach here with this Gmail password. So let me figure this out. Who are they working with? What are they working on? You know, maybe they go to a company website and go, look, this company website provides VPN access. I can tell by this VPN access that it's this VPN. or they offer remote access to computers. Well, let me see if I can test this and see if I can get remote access to something. well, you're not really very interesting, but I see you're working on this project with these software developers. Maybe they have some cool stuff. So I send out some malware to them, right, that looks like the project we're working on. And one of them clicks on something, because it's someone they know. And it's something that they're expecting because they're working on a project with you. And I mean, we have all kinds of tools now. I don't want people to get too scared because there are all kinds of tools that can help detect this type of malicious activity. Right, David? We have, yeah. when we when you hear the phrase of threat hunting and MDR and EDR and things like that, that is what they're looking. There's 24 seven eyes on glass looking for anomalies, which is a fancy word for weird stuff that shouldn't be happening. Right. And it's looking for people moving from account to account. It's looking for data being exfiltrated, which is a fancy word for stolen. Right? Like, where they're just like downloading it all of a sudden, it's being downloaded over in Russia. You're like, we don't have a Russia office. What's going on? Right? Like in that type of thing. Yeah. But I mean, there's the question is a really good question, though, because a lot of business leaders don't understand that when when an attack like ransomware happens, it is very emotional. It is it is there have been there are people that are have passed out. They've had heart attacks. They see their kids not go to college now. They see their homes foreclosed. They see all that because everything that they've been using is gone. Like their icons on their desktop don't work. It's all white. There's a text file and it says, you know, talk to us on this talks channel. And you're like, what? You're like, what is that? You like it. Now you have to go and negotiate with a, you know, foreign ransomware gang that is very good at their job. Like that's all they do. And they make hundreds of millions of dollars. Like this is what they're doing. Like they know what they're doing. Yeah. their job. It's a total criminal enterprise. It's not like some guy or girl in their basement, right, just packing away at a keyboard. Most of this is automated. And with AI, it's even more automated. You can see in some of the threat reports that you read or the cyber trends that you read, like the Verizon Data Breach Investigations Report. a great, that's like one of the original, it's like the, yeah, it's very, they translate it well. They do. I mean, they just show the exponential increase from last year to the beginning of this year. I can't wait till the next one comes out, right? From January to January 24, how the mention of AI in criminal forms is almost like a straight line up, right? Because like you're to go back to the deep fakes. I mean, you can even do it with an email. If I have several emails from David, I can say, hey, chat GPT, I want you to write an email. to Ashley and ask for this, but write it in David's tone. Here's a sample. Nuances. probably laughing going, yeah, all the spelling errors and the all caps. I left my caps lock on all that stuff. I'm like, sorry. But she'll get one and it'll look and sound just like it was me. Yeah. And that's how they get people. And that's why it's just so important. You know, talking about new things, I really also recommend that you have an AI use policy. I don't recommend that you weave AI into your other policies. Absolutely. that is something. Yeah. And they're out there. There's templates out there. But there that is something that anybody that engages with a security company that has some some virtual see. So ours like having an AI use policy because you don't want to not use it. Right. Like like let's be let's I'm I'm I know you're glass glass half empty on AI. I'm right down the middle. Like, yeah, I'm right. I'm sorry. Half full. I'm I'm half full and then very paranoid at the same time. So I've got a layer of paranoia on it. But it's really important because you don't want to be like, I personally don't believe, I'm not one of these people that believe that AI is going to come taking jobs. I think that people leveraging AI will be more productive than those that don't. And so you want your employees to embrace it and to test it and to try it and to leverage it and to get good with it. like the prompting is a it's an art as well as a skill. And so just like, yeah. And once it spits out, you know, if you're ever going to post something publicly, if it starts with like in this digital age, like just delete that part, because that's the telltale sign that it's been written by. Other than that, I mean, no, but it's so important to have a policy, right? Like to actually have. a policy of like, this is how we use it. What are some other, so you've identified some good best practices, having the threat hunting, having an AI policy, right? I mean, today, to me, the two least lower expense, like the least expensive efforts that make the most impact is ongoing education, like the phishing, the platforms that are out there. I know it's not perfect, but it does give a good baseline of a constant reminder. Like it's ongoing job embedded, like regular professional development should be. And it's something that just keeps everybody at a heightened alert. And then to me, just doing fire drills once a year, having an incident response plan that's updated, right? And when I'm speaking with leaders a lot, they'll say, well, I've got a disaster recovery. And I'm like, no, no. I'm like, that's good. But no, no, I'm not talking about a flood or a fire. We're talking about a ransomware attack. We're talking about a data breach. We're talking about something like that. Do you have a plan for that? Meaning in hour one, who does what? Who's responsible, accountable, needs consulted, and then needs informed. In hour two, same thing. Right. Because it shifts over time. At what point are we telling our customers? At what point are we contacting law enforcement? At what point? Like who's going to negotiate? Who like do we have insurance? How much insurance will they cover? Will they decline coverage? Like all of those things. You need those those variables kind of fettered out. And and we all did fire drills as kids in school. And it's. very similar to just doing a once a year fire drill. And so having those, just think if organizations would do those things, would reduce the amount of risk goes down. It's never down to zero, but it definitely would improve. When you think of people started... putting rubber mats by the front doors when it rained. Now people are falling less. You're getting sued less, right? Like it's that type of thing that if we just do what's kind of obvious that it's been talked about for a long time, then we'll start to see some some stemming of the tide of all this growth in cyber. Now, the other thing I would say is they definitely have to have someone in their corner like NetGain. It's a very complicated landscape. No, you didn't. They didn't even pay me to say that. It's true. You have to have someone who's keeping up to date because you're concentrating on your business vertical, whether you're a law firm or healthcare provider or a real retail or whatever job you're in. That's your specialty. When it comes to technology and cybersecurity, that's net gain specialty, right? And they're gonna have a much broader understanding of what you should do. And David's 1000 % right. I want you all to notice that when he talked about the most important things to have, he did not really talk about technology. He really concentrated on people and process. Now, of course, the security awareness training has a technology component, but right, you have to have... in the background. That's in the background. Yep. You have to have all three. And people, a lot of cybersecurity people say that your people are your ricas link. I refer to them as your human firewall. They are your best first defense. Yeah. Yeah. And the more we I mean, this is why I've been doing a podcast for a long time. Like the more we just translate all the complex technology speak into like things that matter for business leaders, the better and the more safe the business leaders will be so that they can focus on what they're really good at. They're really good at practicing law, practicing medicine, building, you know, running financial organizations, know, building widgets, they're really good at that. We want them to be able to build and grow and not get torpedoed unexpectedly. You know, because that's what's in the news. Like all we hear about in the news is this great organization that's been around since 1964 is closing their doors. They had this data breach and then they had some other rocky like sometimes it's not a data breach that may put them out of business. Right. they're financials, if they're having a rough year, that data breach will tip them over the scales. And that's what we want to avoid, because the more we look at them, they can all be prevented. Right. want to protect your people, right? You we all talk about mental health in the workplace. An incident response plan is like a mental health policy, right? Because we don't have people running around crazy, you scared and confused. We know if we have an incident response plan, we don't have to think about our next action in the crisis. We've planned before the crisis so we can be much more relaxed and calm and know what to do and know who to talk to and know what to say and what not to say. Right. yeah, you're right. mean, it is very similar to a fire drill because like if a fire breaks out in the corner of the the room and all we have our paper plates on us and we have no planning, like what are we going to do? We're going to freak out. We're going to make it worse. Right. Like and that is literally what does happen as opposed to, hey, every room's got a fire extinguisher. We're ready. If it happens bad, it might damage a little wall. Might have to get some drywall. But we stopped it. Didn't burn down the whole building. The drama was a lot less, and we're back on building our widgets and practicing law and practicing medicine, et cetera. Natalie, I love that you referred to it as a human firewall. I think it starts with just fostering that security culture in your organization, beginning with cybersecurity awareness training, simulated fish tests. In the description of this podcast, I'm going to link out a webinar that we recently did called Human Firewall, Fostering a Cyber Safe Culture. Awesome. give business leaders really great resource for getting that started, getting buy-in by your employees, buy-in by the executive team, because it really starts at the top. it does. it's so important to, I mean, that's a great way to, to protect your organization is to do those kinds of things and have a good culture of cybersecurity, which means, you know, because you have to remember it's not, it's not always because we didn't know better. You know, we're so busy today. We're doing 50 things at once. And sometimes we click on something and then afterwards we're like, I can't believe I clicked on that. Right. And if I know who to go to and say, hey, because I've had the training, hey, I clicked on this. That person can say, you're okay. You just need to take some more remedial training. That was a test. Or they can say, Ooh, we're not okay. Let's log you out of everything. Let's take these, you know, five steps to make sure that that's as far as the bad guy's going to get. Right. So you really want to have build up that human firewall and build up that good culture of cybersecurity. So people aren't afraid to say, hey, I made a mistake because time is so critical when something like that happens because those threat actors, they're automated, they're working fast. And if I click on something by accident, first thing you should do, disconnect yourself from the network and then contact whoever you have to contact, right? Yes, exactly. It's really important. And then as far as, you you mentioned people in process, as far as technology, in my opinion, the two most cost effective technology things you can deploy are a password manager and good multifactor authentication, right? Not a text message on my phone, but you know, something like a hardware token or even authenticator app is better than a, than a text message because you know, Time marches on, technology just moves faster and faster and it's easier and easier to take advantage of, you know, old technology like sending a code to this phone is very easy to intercept. Right. Excellent. Well, thank you so much for your insight today. That was just, yeah, was really useful and I hope that the listeners got a lot of practical insight from it. Mm-hmm. Thank you for having me. I really appreciate it. Thank you and thank you for all you do. talking with you, Natalie. I learn something every time. I love it. Thank you. Me too. You too. Thanks.