Bitcast Cyber Security Series is an interactive podcast series that goes in-depth into important IT security issues that matter to today’s business and technology leaders.
In this episode we interview Holger Schulze, CEO of Cybersecurity Insiders and Jacob Serpa, Senior Product Marketing Manager at Bitglass. We do a deep dive into the topic of "insider threats" and what they mean for today's enterprise, the recent 2020 Insider Threat Report and practical steps to de-risk this growing challenge in today's cloud-first, and mobile-first remote working environment.
About this episode:
Bitcast Cyber Security Series | Episode 3
Duration: 40 min
Host: Jonathan Andresen
Jonathan Andresen (00:03):
Welcome to Bitcast, an informative interactive tech talk series that goes in depth into important security issues that matters today's IT security professionals? My name is Jonathan Andresen. I'll be your host today. I'm Senior Director of Marketing and products at Bitglass. And today I'm joined by a special guest Holger Schultze CEO of cybersecurity insiders, and Jacob Serpa senior public marketing manager at Bitglass. Today's podcast will delve into the topic of insider threats, those that originate from inside the enterprise. And in particular, we'll talk about the 2020 insider threat report that was just released by Bitglass a week ago, as well as steps that companies can take to reduce the growing challenge of insider threats. Welcome, gentlemen! Welcome to the show. How have you guys been handling the pandemic and the lockdown in your areas?
Jacob Serpa (00:52):
Hey, thank you, Jonathan. This is Holger. First thanks for having me. And yes, the, the covid19 pandemic, you know, right, it has changed life for virtually everyone. Not just here in the U S but globally. And I guess some of us have been lucky in a sense that our jobs and businesses are not as hard hit by the pandemic. And there are some who have actually benefited. But then you compare that to say travel or hospitality or you know, businesses like airlines, hotels, restaurants, right. It's nice that our kinds of jobs sort of allow for remote work quite easily and wherever we have a laptop phone or network. And I realize many people are not that lucky. And it's also interesting to see that I can be productive even in pajamas.
New Speaker (01:51):
Welcome to the club! Exactly. Well, it definitely shows that digital transformation is alive and real and probably being fast tracked that's for sure. How about you, Jacob? How have you been finding things?
Jacob Serpa (02:05):
Yeah. You know, just like Holger said, I'm just very appreciative over here. The fact that I do have a desk job and a computer job, and I'm able to work very productively from home and you know, just jump out of bed and start hammering away on the day. So fortunate and grateful for that. And in terms of how I've been, you know, passing the time. Elementary school, Jacob would be very happy because I've been playing a lot more video games than I have in the last several years here. So fun stuff.
New Speaker (02:34):
Excellent. That's great. Well, let's get started. Maybe we can kick off with you Holger first, if you don't mind, maybe you could explain to folks that are listening a bit of background about yourself and cybersecurity insiders, how the business got started and where you guys focus?
Holger Schultze (02:53):
Yeah, absolutely. So we started cybersecurity insiders over over a decade now with the goal of of building an online community of IT security professionals. To share information, learn about the latest trends and solutions and make professional lives more productive that way. Cybersecurity insiders today has grown to over a half a million members. So we're, we're growing by leaps and bounds, which I'm very grateful for. And today we produce things like, you know, a news website, cybersecurityinsiders.com. We do monthly research studies on hot cybersecurity topics like cloud security, insider threats, zero trust, just to name a few. We produce things like annual awards. We have an awards program - security excellence awards, and we do a weekly webinar and podcast. All to provide interesting content news and education for our cyber security members.
New Speaker (03:58):
Interesting. But definitely the issue of cybersecurity is just getting more and more prevalent as more and more of our work and lives becomes digital. How have you noticed in the past six months to a year, any changes in the focus on cybersecurity?
Holger Schultze (04:20):
Yeah, actually, it's interesting. I've done a lot of these changes are driven by or at least accelerated by the covert pandemic. Right. For example, I'm looking at just insider threats. We noticed and confirmed right in our research that instead of threats continue to be on the rise. Right. And they're expected in my mind. And then from what we're seeing in the trends to only increase further right through to the increased, uh, economic uncertainty. Right. And the effects of the COVID COVID pandemic.
New Speaker (04:56):
Exactly. So I guess for our audience to start with a level set of understanding here, maybe Jacob, you can explain what exactly are insider threats and how are they different from other types of threats that we see in the cyber security landscape.
Jacob Serpa (05:14):
Yeah. That's a really good and important question. So as the name implies, an insider threat is one that starts from within your organization, as opposed to something external, like a hacker, a malware, you know, something that tries to get at your data, your employees, your organization from the outside. So a couple of examples of an insider threat. One might be a careless user. Someone who doesn't necessarily have a malicious intent, but is nonetheless doing things that are going to impact the organization in a negative way. So maybe they leave something like an S3 bucket misconfigured so that it's public facing and S three bucket has really Sensitive information inside of it. That would be one example. So it can be a careless user, or it might be a malicious user. And that could be somebody who has had a really bad day and wants to get back at, you know, their employer in some capacity. Maybe they want to send sensitive information off to a competitor. You know, there's no shortage of ways that they could do these things, but again, insider threats, those things that stem from within an organization. And obviously it gets a little bit fuzzy because an insider threat can enable an external threat. What I mean by that is think of that careless employee who falls prayed with phishing attack. And now they have surrendered their credentials to corporate systems, to an outsider who can use those legitimate credentials, credentials to log in and, you know, implant malware or steal data or something like that. So it can get fuzzy.
New Speaker (06:54):
So would you say that inside of the threats are predominantly employees? Like who would you classify as the insiders, for example?
Jacob Serpa (07:03):
I think in many cases they're going to be employees, but, you know, as organizations build out their ecosystem of partners. There's no shortage of different types of users that you might extend access to. So maybe you're going to give your channel partners access to something like a Salesforce, or you're going to give technology partners access to something that is being used in engineering in order to build your integrations. So it can be a number of different organizations and different users.
Jonathan Andresen (07:37):
Excellent. So for those who haven't read the report, maybe Holger you could explain what are some of the key findings in the 2020 insider threat report that you found? What are some of the themes that you discovered while doing the report?
Holger Schultze (07:57):
Yeah, that's a good question. The core theme goes back to the trends we're seeing around the covert pandemic. Especially now with a majority of people, knowledge workers, and security staff working from home right outside the corporate firewall. And we can drill down into some of the effects of that, I guess, over the next couple of minutes. But it seems that not only is the pressure increasing in terms of insider threats and perhaps that has to do with looming layoffs. Are people being uncertain about their future and their organization? So perhaps having increased motivation, right. To you know, do something malicious. But be that as it may it doesn't mean we see that trend in all research and also in other data sources. Such as the Verizon data breach report. Right. That also confirmed that I think if memory serves, serves well, it's about a third of all data breaches today that involve threat internal threat actors. That's a significant threat vector. It's increasing and it has been increasing organically if you will. And now I think it's been accelerated by the pandemic and the resulting change in work environments. And we also see that anecdotally from clients. So it's definitely one of the hottest topics in cybersecurity today.
Jonathan Andresen (09:24):
Interesting to say, thinking that with, um, with people working remotely, being almost a hundred percent reliant on digital and internet connectivity to do their job, that the risks are, are even greater now than it would have been maybe a year or two ago.
Holger Schultze (09:41):
It's interesting that this, as you said, right, this proliferation of digitalization of work cuts both ways, right. It obviously makes remote work possible. So it had this pandemic hit say 10 years ago, or even five years ago, a lot of the tools and cloud solutions and things would not have been in place to enable a remote work in the first place. Right. But the downside of that is as you pointed out an increased vulnerability. Because most organizations really have not built their remote workforce, in remote environments in a way that are really secure. So that's a good point.
Jonathan Andresen (10:33):
So what are the following in that theme - what are some of the effects insider threats have on the enterprise? One kind of assumes its intellectual property that might get stolen, but what kind of damage can be done. What did you discover in your survey around the types of data that get that are at risk?
Holger Schultze (10:56):
Yes. Good question. We found that insider threats can have a wide range of impacts on organizations, depending on the organization, and depending on the type of data, the type of systems that have been accessed – be it health records or customer records or personal identifiable information. Or credit card details. And the impacts really range from loss of critical data and operational disruption. Those seem to be the two top impacts in our survey followed by brand damage. Certainly the cost that's associated with remediating successful attacks. So those are the top type of negative impacts that we've seen in the survey.
Jonathan Andresen (11:44):
Interesting. I've actually found one interesting piece of data in the report that is interesting to call out. Fifty percent of organizations find it harder to detect insider threats after they migrate to the cloud. I mean, one would assume the cloud is more secure, but why is that, do you think, and what is it about cloud services that make it harder to find insider threats versus more traditional approaches of network security on premise security?
Holger Schultze (12:17):
Yeah. That's an interesting finding that that really stood out. And, uh, I guess we see a number of factors, right. That make insider threats generally cloud or not, that make them harder to detect overall, right. And then perhaps that's emphasized or magnified in cloud environments. The biggest tuitions we see are, you know, first many insiders have privileged access to sensitive data on the cloud. And they often have enough expertise to stay below the radar and not make changes that are too obvious, or for example, you know, extracting data in ways that is too easily detectable. Combine that with perhaps a degree of lower visibility for many organizations into, you know, third party cloud or SAAS apps and systems and it's easy to imagine that threat indicators around unauthorized or malicious insider activity remain often undetected. Another major factor that was currently added to the mix we're coming back to that theme is the complication brought by the covert pandemic, not only in terms of, as I mentioned earlier, right. In certain motivations, you know, driven by say expected layoffs, but also that the work from home situation, those work from home scenarios, they've also dramatically changed end user behaviors. And and patterns that used to be normal and that, you know, user behavior analytics platforms, for example, you know, they used to be able to detect abnormal or suspicious behaviors. For example, behaviors that alerted organizations when a user access their system, you know, from outside of the corporate firewall or when they access systems after official work hours. And those two behaviors alone are not completely normal, right? Mostly everybody, every knowledge worker works from home now, and many do work as they, when they can working around their kids' homeschool schedule. What have you, uh, working after hours working at night. So all those factors have shifted for everyone during covid making it much harder to detect those, those suspicious patterns. Perhaps a third factor to layer on top of that, all we're also seeing a shift, not only for employees that do the day to day jobs working from home, but also for IT staff and security people who have perhaps limited access to their systems working from home. So those are just some examples that I think stand out.
Jonathan Andresen (15:06):
Jacob Serpa (15:07):
Yeah, definitely agree with everything Holger was just saying in terms of the lack of visibility that he was alluding to in the cloud, I think that can occur for a number of reasons. And maybe that's part of the challenge. In some cases, I think that there might be a bit of an assumption that the legacy security solutions and on premises tools will naturally extend to the cloud and give visibility and control in that environment. But that's not necessarily what those things were designed to do. And so it's a bit of a faulty assumption, but then you may also have the fact that, uh, you know, maybe there's just a lot of budget issues and it's hard to get the tools you need. Maybe it's having the, uh, you know, needed number and quality of security professionals who can help you figure these things out. We are seeing a bit of a labor shortage, so to speak in security professionals. And so I think things like lack of budget, lack of the right security professionals and some assumptions around cloud security are all contributors to this issue.
Jonathan Andresen (16:26):
It's interesting. I mean, you think about cloud services, you know, the, the data is in, instead of being a year data center, it's now in someone else's data center, which obviously probably complicates it and you know, look, you probably need different types of tools to see inside someone else's data center. That's not what traditional security was all about. So what about Jacob detection and recovery is there any statistics or like how long it takes typically for companies to detect the cover from these kinds of insider threats? Is there any kind of average or timeframe that people experience?
Jacob Serpa (17:04):
Yeah. So from this survey data that we got, it looks like about half 49% of respondents said that it would take them at least a week before they can detect insider threats or actual insider attacks that occurred rather, uh, likewise about 44% said that it would take another week or more to recover from such an attack. And so, you know, we don't have to provide too much color here for it to be fairly obvious that that's not fast enough. And, you know, this is largely a reactive approach where if you have to wait a full week or perhaps two in order to detect and respond and recover from an insider attack, there's a lot of things that can go wrong in time period. And, you know, I'm reminded of things like S3 buckets being public, public facing, which I alluded to a little bit earlier, I think, where, you know, months can go by potentially before those things are identified. And so the longer that you have a threat or an attack that hasn't been responded to the greater and greater the amount of damage is that it's going to do to your enterprise.
Jonathan Andresen (18:18):
Yeah. The damage is actually some of you alluded to earlier. The damage is also financial, maybe you could speak to that as well. Thanks Holger.
Holger Schultze (18:31):
Yeah, absolutely. And yeah, Jacob said, right. Detection and recovery times, they vary right. From organization to organization. And also depending on the type of attack of course, and the true length right. Of discovery and remediation I think is a function of the complexity of attacks. If it was simple, it would also be easier to lock down systems and data in the first place. We would see perhaps fewer attacks and it's what makes it more difficult is that insiders, um, yeah, they have an inside track. They have perhaps credentials that allow them to do things that might make it much harder to be detected. And allow them to evade detection for a long time or perhaps forever. Many data points we might have about detection and response and recovery periods, we have very little data that talks about what share of breaches of internal attacks actually get detected. Whether that's just 10% 50% or 90%, and my guess would be it's the minority of attacks that actually that organizations become aware of. You asked about the financial impacts. It seems that about a third of organizations in our survey revealed that the costs that they experienced cost per attack somewhere between $100,000 and $2 million. So quite significant and going back to my previous comment, it always depends on the unique situation and bridge, right? What types of data have been compromised? How critical is the data to the business? But I think the bottom line is that a successful breach effecting business, critical business, sensitive data can be quite significant and quite expensive for an organization, both indirect damages to the business as well as recovery costs.
Jonathan Andresen (20:43):
That's amazing. Cause you often think about, you know, threats as hackers, as somebody trying to get into your system to steal your data, but this is actually people working at your company, either inadvertently or on purpose manipulating the data and can cost you millions of dollars. That's something different. What do you think Holger are the biggest barriers to better insider threat management? Why hasn't more been done to stem the flow of insider threats or what do you think the barriers are?
Holger Schultze (21:20):
Yeah. Jonathan, that actually, that's the key question, right? That we need to answer, um, in order to get better, right. Instead of threat detection and prevention and the top three barriers that we see in our survey, um, are, and not surprisingly first – lack of budget, which by the way, in my mind also often, sometimes at least as used as a, I don't want to say an excuse, but little bit of sidetracking, um, organizational issues. Right? For, for not say finding ways to improve policies. Or training employees to detect suspicious behavior within the constraints of existing tools say, and so following that, the more material barrier in my view are things like lack of IT security staff, qualified people that know how to set up an insider program, insider threat detection. Training programs to set up the right systems and platforms and that lack of security expertise - nobody's surprised about that. That's a perennial concern and it's not going away anytime soon. And finally I think the third bucket of barriers is the lack of tools. We talked about legacy tools that were built for on prem environments, now not being able to deliver results in cloud environments. And that's just one example of organizations really benefiting from, you know, new cloud native tools that are easily manageable, cost effective and that meet the breadth of insider security use cases.
Jonathan Andresen (23:12):
Interesting. Talking about visibility, I think you mentioned that earlier as well, Holger where, you know, being able to find threats, being able to find their data, even in a cloud environment can be, can be difficult. In the report, it talks a little bit about unified visibility and control and security terms. Where does this fit for most organizations? How important is this idea of visibility and your data control the data? How important is that for the typical typical enterprise?
Speaker 4 (23:47):
Yeah, it's absolutely critical. And in the survey 88%, so almost nine out of 10 respondents confirm that unified security across applications, devices, on prem and cloud resources, infrastructure, everything is critical for counteracting insider threats. And unfortunately though, 61% of respondents say that they lack unified or comprehensive security and visibility into their security. And then so their tasks and asked by management to manage multiple disjointed solutions with only varying or limited levels of protection and, and then sort of failing at that goal of unified visibility and control.
Jonathan Andresen (24:37):
It sounds like the complexity is a key part of it. And the more complex, the harder it is to, to see quickly discover quickly the threats that you need to stop. One question I have for both of you is kind of top of mind since I have a daughter and she has multiple devices, I have multiple devices. What is it about, you know, personal devices now that people have so many devices that are connected to, how does that play into insider threats? Does it make it harder and harder for companies to manage their data when you're accessing a multiple devices? I mean, what is your thought about this whole topic of, of BYOB personal devices and I guess working from home to maybe start with you, Jacob.
Jacob Serpa (25:23):
Yeah, sure. So, uh, I mean, BYOB bring your own device. That's something that has been on the rise for quite some time now. And I think what we saw with the, you know, shift to remote work because of COVID was that BYOD adoption really just got accelerated. It got ramped up very quickly out of necessity because as you have users moving off premises they experience device challenges. In many cases, they have to keep working. And so they can't sit around and wait to mail their laptop to it and then get it back or, you know, however this is going to work. And so they'll just start working from their personal devices. And so at Bitglass, we've definitely seen this occurring with customers, more users syncing data to personal devices, as opposed to just corporate endpoints. And so the issue that we're seeing is a lot of the time the tools that are used to secure managed devices are usually agent-based. They usually are software focused and you have to install something on the endpoint. But on personal devices, employees don't always want to have to have software installed and feel like, oh, you know, the IT department can now see everything that's happening on my personal laptop, my personal credentials or web traffic or social media or whatever the case may be. And so I think that that's one of the large challenges associated with BYOD which has really been thrust into the spotlight largely because of COVID and the shift to remote work where personal device access has become far more common.
Holger Schultze (27:05):
Yeah. Jacob, I think you're exactly right. And then the research confirms us. And I think we see that 82% of organizations say that they cannot guarantee that they can detect insider threats stemming from personal devices. And you mentioned, for example, the inability to install agents on personal devices. And again, this trend was really accelerated by the covert pandemic and we see the same thing that the use of personal unauthorized devices by employees it's skyrocketing.
Jonathan Andresen (27:43):
I guess, not just that there's so many types of applications, devices, cloud services that people can use. So it just adds to the complexity. Jacob, there's one thing that also came out in the report that was that I noticed – the idea of consistent security – when it comes to defending insider threats. It seemed like virtually all the survey respondents found that to be important, but at the same time they didn't have it. Can you explain what is consistent security and why that matters?
Jacob Serpa (28:14):
Yeah. So the, the idea behind consistent security is twofold. And so why do you want consistent security? Well, one is you just want consistent security and I'll explain why that is in a second and the other is some of that management type stuff that Holger was mentioning previously. So for the security component of this. The analogy I'll use is one of a boat. So imagine you're giving somebody a tour of your boat and you're very proud of it. And you say, okay, well, here's the first half of the boat. And here you can see it's all state of the art. We have all the latest equipment, no holes. It's perfect. It does exactly what it's supposed to do. It looks great. Okay. Now this next 25% of this boat, uh, there are some holes here it's not quite as good. But still, all right. You know, and nothing bad is happening here. And then the final 25% of the boat it's not even done being yet. And so, you know, there is these massive openings in the hole and water can come in. This over here is a bit more of a problem. I think this is a simplification obviously, but a helpful analogy when we think about the need for consistent security, because it doesn't matter where you're taking on water, water is going to get into your boat. And so, another kind of turn of phrase that might be helpful here is your security chain is only as strong as its weakest link. So if you, if you lack that consistent security, then what that means is you have these disparate levels of protection across your different environments, and you can't ensure the same degree of security wherever data goes. And so in that sense, your security posture is, is lacking. Now for the, the management piece. We already talked about having, uh, you know, these disjointed solutions that protect different areas of your organization, like, okay, these are our tools for on-prem. These are our tools for web. These are our tools for SaaS. This is for IaaS, all of these different kinds of things. And what happens is you just have this creeping of how many tools you have to use that your IT and security professionals have to manage. And you're, you're basically giving them an experience that is very difficult because they have to pivot from dashboard a dashboard from product to product, trying to recreate security policies, to protect data and defend against threats according to the needs of your organization. And, that's becomes a big time sink for them. And because time is money. Well, you know, that has its own problems, right? So I would say when we think about the need for consistent security those are the two main reasons. One would be the fact that you want consistent security because your organization is one whole, not just a bunch of disjointed compartments and the other is that management piece and the fact that you want to have something that isn't a time sink and doesn't take all of your IT and security professionals time.
Jonathan Andresen (31:27):
I suppose that in the cloud world where data, once it's out of the enterprise, it's gone forever and just takes one, one activity to get that out. And it can be, can be copied in the cyberspace. So probably not a good idea on that note, though. What about another issue that came up in the survey around – security performance, like performance and uptime. How important is security and uptime to stopping insider threats, finding them quickly, being able to detect and remediate. How does that play into the need for protection for insider threats?
Jacob Serpa (32:09):
Yeah. So for, for uptime, I mean, there's one level at which everybody knows this .– uptime is important because if your solution isn't up, it's not protecting you. So what would the point be of having that kind of a solution? So, 84% of the organizations that we surveyed agreed performance and uptime are essential for preventing insider threats. And so that's another massive statistic. It's over eight out of 10 organizations. And so uptime, once again is key, but so too is performance. And you need both of these together because if your solution, for example, we'll talk about data loss prevention, DLP. If the engine doesn't perform, if it doesn't actually detect the sensitive data patterns that you want to protect and then apply some kind of a policy to them, once again, you know, what's the point of having that solution in place. And so I think that those two concepts go hand in hand uptime and performance, because you want to know that your data is safe wherever it goes around the clock and to the highest degree possible. And it seems from our survey that that's agreed on almost universally.
Jonathan Andresen (33:25):
So for like on-premise tech solutions, you know, we've used for years, we use DLP you, but you just mentioned data loss prevention, but in the new world of cloud and hyper connected devices, what are the types of technologies companies should be thinking about to get a grip on insider threats and not be exposed to the sort of financial exposure and all the other problems that come from insider threats, Jacob? Like what kind of technologies should they be investigating?
Jonathan Andresen (33:56):
Yeah, I would be remiss if I didn't talk about secure access service edge or SASE. This refers to cloud delivered platforms – what they really do is they integrate complimentary technologies like cloud access security brokers (CASB), like secure web gateway (SWG), like zero trust network access (ZTNA), because in many ways, those are already overlapping technologies that can, in some cases solve similar use cases. And so these platforms are useful in that they are a) just that – a single platform where you can secure all of these different areas, web SaaS, IaaS, and on-prem resources from a single dashboard with a single platform through a single set of security policies. And so in that sense, it gets it a lot of these issues that we've talked about and you know, because they are integrating all of these technologies, you get things like DLP, you get things like advanced threat protection or ATP, the ability to defend against malware. You also get something Holger mentioned, which I think is really important – user and entity, behavior analytics (UEBA) and this is particularly important for insider threats because what they do is they baseline user behavior. And for each user it says, okay, this is usually what this person does. Oh, well now they've done something strange and they've departed from that normal baseline. What what's happening here? Let's let's block access. Let's do step up multifactor authentication, let's alert it. You know, there are all these different responses you can, but UEBA is one example of a tool that's very helpful for identifying when someone is doing something that looks unusual or suspicious, which is really important when it comes to insider threats. And you have legitimate users with valid credentials inside of your cloud footprint and your, your network and these areas where you have a lot of sensitive data and resources.
Jonathan Andresen (36:02):
Excellent. Well go for it Holger...
Holger Schultze (36:08):
Yeah. So yes Jacob is right and the new work from home environment, what organizations really need to cover their bases with security solutions that include, as you pointed out mobile device management, UEBA, VPNs, and, the new normal also drives a need for, as Jacob pointed out, integrated platforms. So integration is key cause complexity and integrating point solutions really runs against the new complexity brought about by dispersed workforce. And so those integrated platforms that provide better visibility and integrated capabilities for those new workforce environments. And in addition, another best practice just to take a step back is to revisit and identify and confirm where sensitive data and systems reside, right. And who has access to it, especially with increasing remote access to cloud resources. This needs to be consistently reduced if you will to a least privilege model. Important also is to have an insider attack response plan. That includes disabling of suspicious users, revoking their access privileges, alerting the right people in the organization should a breach occur, restoring deleted data if necessary, and re-enabling security controls that might've been disabled and also performing forensics to really understand what happened and how to prevent it from happening again.
Jonathan Andresen (37:44):
Excellent. Those are some great practical steps that companies can take to get a grip on insider threats. I think we are pretty much out of time. Any advice for those out there that want to get a grip on insider threats? Any last minute thoughts before we go?
Jacob Serpa (38:13):
Sure. Yeah. I agree with everything Holger just said, and I think that implementing zero trust security is really important. So make sure that the right people have access to the right information at the right time and the wrong people do not. And I think that having that in place is going to go a long way in terms of defending against insider threats, preventing attacks, and just shoring up your security posture in general. I would double down on highlighting secure access service edge platforms (SASE) as I think those can go a long way for helping you do just that.
Holger Schultze (38:59):
And so addressing security controls on the technology side of things is critically important. But it's also important, for example, to train users, right? To avoid inadvertent insider threats that happen out of neglect or by mistake. We talked about a couple of those examples. More damage is often done that way than through deliberate insider attacks. And this could include training about phishing awareness, not using untrusted networks without VPNs, using company issued devices, et cetera. So I think the balance between training and softer controls and policies and the absolutely critical technologies that Jacob mentioned, I think, is going to be important for success in this new normal.
Jonathan Andresen (39:59):
Excellent. Well thanks gentlemen. That's a great discussion. Unfortunately, that's all the time we have today. Thanks to everyone for listening and see you all next time on another session of Bitcast Cyber Security, have a great day!