The latest cyber news and resilience insights: 29/03/21

The team discuss the biggest cyber news stories from the past fortnight including the impact of the Verkada CCTV data breach that allowed hackers to gain access to over 150,000 private surveillance cameras, the data breach of global information technology company SITA that provided hackers with access to passenger data from multiple airlines around the world, and how the Australian Prime Ministers office failed its own security audit after declaring the country was under attack.

UPDATE: Two days after recording this episode Nine Entertainment Co. was hit with a cyber attack causing problems with live broadcasting and print production systems. This is one of the largest cyber attacks in Australia to date, and will certainly be a topic we will deep dive into during our next news episode. For more information please visit this link: https://bit.ly/2PzXxzY

 

The Get Cyber Resilient Show Episode #47 Transcript

Dan McDermott: Hello and welcome back to the Get cyber resilient show. my name is Dan McDermott and I'm joined by our resident experts, Garrett O'Hara, and Bradley Sing for another review of, cyber security in the news across Australia, New Zealand and across the world. Garrett and Brad, great to have you join us again on the podcast.

Garrett O'Hara: Great to be here, looking forward to the chat today.

Bradley Sing: Some exciting topics.

Dan McDermott: Definitely. And, I hope you're, staying dry during the big wet up there in Sydney. it's been a difficult time, everybody all okay?

Garrett O'Hara: Yeah, so far so good. I saw one of the best things that came out of, it was, a little meme that was getting sent around and one of the houses that was floating away with a 3.1 mil price tags saying, you know, water views and all that stuff. So,  yeah, I think the housing market is probably our biggest concern outside of the floods at the moment. It's old, a little bit crazy.

Dan McDermott: Well, linking that too, our topic of cyber security,  I think is, is something that we see all the time. We saw it during the bush fires last year, obviously during COVID and that,  you know, that cyber criminals look to, you know, take advantage of people when they're at their most vulnerable at that. So let's hope that that doesn't happen, but expect that it probably will during this time for insurance type scams or, you know, people, you know, rebuilding or needing help and that sort of thing. And it was interesting that,  even the recent FBI report that came out on cyber security in 2020,  has a quote in there from the, the chief, financial crime section, head of the FBI saying, unfortunately, criminals are very opportunistic. they see a vulnerable population out there that they can prey upon.

And I think that that's, an indictment, but,  the reality, I guess, of the world that we live in.

Garrett O'Hara: Yeah, most definitely. Scary times.

Dan McDermott: indeed. And,  I think, one of the things that we've noticed, come up in the news recently around sort of, I guess, you know, scary times and, and, and people's vulnerability, and I guess the impact of, of being hacked is, we are, we literally being spied upon?  and we've seen that, you know, the breach of webcams,  in many places around the world,  and what implications that has,  on, I guess, on what we need to do. And we've spoken about this before, around with the internet of things growing and the proliferation of these devices and without any security frameworks and often in place to actually, you know, support,  what needs to happen from a best practice point of view,  we're starting to see those vulnerabilities come to life,  in a, in a very real and meaningful way.

Bradley Sing: Yeah. And like there's a big one which hit the news recently. And I think I initially saw it on ABC, so kind of like primetime news and it was a shot of, I believe a school and they kind of webcams, but I'm sure many of you might've heard it as well, but it kind of feels like a bit of a black mirror episode.  but an organisation called now known for, I think, deploying webcams around the world or CCTV,  they recently had over 150,000 of their, their company, cameras, compromised. If we think about where some of these cameras are, we're talking things like banks, hospitals, there was a phenomenal imagery of,  the department, the DOJ in America, where they were literally showing, you know, prisoners being arrested and kind of handled by prison staff. So absolutely phenomenal footage.

Garrett O'Hara: One of the things, I mean do you guys remember, I think it was like 2019, I'm probably gonna get the dates wrong, there was some of those, some of those kind of more consumer based cameras that were getting popped also. And there was some of the stories were hitting of from memory there was a lady who's woken up in bed because one of the, I think it was a well-known brand. One of the cameras apparently have microphones attached or kind of speakers attached. the camera was basically, we had woken her up saying, you know, wake up, wake up. And then I think one more recently where there was a lady who was in her living room, notice that the camera was moving. It was one of those, you know, the IP cameras where you can actually move the lens on a sort of 360 mil, 360 swivel or whatever, but she noticed it was following her.

And she thought it was, like an update that had been applied through firmware and the camera was, I don't know, resetting its position or something. And only to hear a voice coming through again, saying, you know, "Hey, I'm over here, pay attention." And again, you know, consumer grades, cameras in a home that had been popped, I think, it's, it's bizarre to me. And to your point Dan and, you know, the, the lack of, what do you call them standards, I suppose,  makes that, so that people just buy the cheapest thing that's out there and then, you know, wonder why wonder why a strange voice will come through and say, "Hey, I'm watching you."

Dan McDermott: And I guess, what are you seeing in terms of that and the evolution of these standards? I mean, it has come up before,  and we sort of started to go down a path, but I think something like this just highlights the need that like one that something bigger needs to happen and be done about it.  but also now it shows that the difficulty of sort of, you know, looking back retrospectively, right? And then trying to now go back and fix the things that are now out in the wild. Right?

Bradley Sing: I guess the, the interesting thing about this hack as well, I wanna say how easy it was, but if we kind of look at it a bit around the background of what actually happened. So it was a super admin account which was, found on the public internet.  the group behind it are quite well known, and, and there are charges brought against them.  there, I guess you call them a hacktivist group. So part of their goal, I guess, their, their mission objective was statement behind this wasn't so much, I think, financial gain, but more to try and highlight the problem, obviously still illegal.  in terms of some of the other victims as well, like we saw under the offices of Tesla, Nissan, CloudFlare, Equinox, some really big companies as well.  the interesting thing about this company, though, in terms of their software and Garrett, you were touching on it earlier when you were talking about, I guess, you know, this tracking software you have in your home is a big part of their value proposition is the ability to do facial recognition and monitor and mark where employees are and understand their agenda within the office. So if we're talking about, it's not just looking at them, it's all their personal information as well, alongside side of it.

Garrett O'Hara: It is truly scary. I got a buddy who I had coffee with, recently and who works in a, I'll just call it an interesting job. But part of what he has to do is get access to cameras on occasion weirdly. And then he described how his organisation has a relationship where the sensors are about taking call up some of the manufacturers and actually be provided with essentially backdoors in to view premises, which I was quite surprised by. But to your point, Bradley, I wonder if half the time with this stuff is default passwords not being changed. You know, it's not even a hack so much it's just, it's just not good security on the organisations who have implemented them. I don't know. Or, you know, or what was the use case here? Like hard-coded admin creds?

Bradley Sing: Oh, like I think it was something which was probably left default, could have been changed.  it was just left online.  to your points though, like I think like who's the humans behind this as well. I'm doing a bit more research into the company they did have three employees fired last year for using company cameras to spy on fellow employees, as well as making some sexually inappropriate comments as well.  we've seen criticism of ring, Amazon's the doorbell company as well, where potentially law enforcement can gain access to the cameras. so there's a whole, I think this is a huge thing happening right now in terms of who has access to that and the people behind it. And I guess who do we trust, right? Like we know Alexa is listening to us, that's part of the product design, but to what extent?

Garrett O'Hara: I think i’ll buy another tinfoil hat. I don't think one is enough for me anymore. I need a second one.

Bradley Sing: I was gonna say you would be, I was waiting for that to come out Garrett. I was thinking you'd be completely freaking out about where things are at.

Garrett O'Hara: Definitely. I'm gonna be, I'm gonna be walking around looking like a real oddball in tinfoil suit eventually.

Dan McDermott: That's a good look for you. And,  one of the, biggest,  breaches that we've seen over the last couple of weeks has been around,  the star Alliance, frequent flyer program as well.  well obviously many of us are flying at the moment and, and, and enjoying the rewards per se.  but it's obviously something that,  has happened in the past, but has a bigger imputation as well as we do go forward in terms of, what's gonna happen around sort of, these are the new requirements with passports and the health data that's gonna be needing to be there and verify it as part of it. So I think to me, it's like one thing is, is obviously the current break itself, but is what does that mean in terms of the implication? And again, the eroding of trust, where as we move forward into these new era of what will travel look like,  and therefore, you know, how important, you know, the sanctity of a passport is gonna be? Because it's not only the great identity that it is today and that, but it will add additional layers with our medical records and health information being a part of, of those passports as well.

What can you tell us about the, this bridge?

Bradley Sing: So in terms of the star Alliance breach, so thankfully there was from my understanding, anyway, it wasn't things like credit card information or financial data, it was mostly things like,  your name, get to your status, your membership number. I think it's always quite interesting when we talk about travel, it's like there's one rule for the rich and famous and one rule for us. I'd love to be out there again and I have been watching my status go down. I think I'm now bronze or whatever's below that, wood tear.  but I guess more interestingly, like, you know, kind of moving forward thinking about the whole aspect of digital passports, it's something the world health organisation has recently kind of, I guess the advised against.  over in Europe, we're seeing the European union trying to create a digital passport, as well. And I guess it kind of raises the question like who controls these? Are they managed independently? I think it's a great thing to get people flying and, you know, business opening and people home and, and where they need to be, but with that needs to come with great, a lot of foresight or oversight.

Garrett O'Hara: Yeah, definitely agree. I mean, to that question about who owns or who controls, I mean, I know we're kind of Blab on after the conversation last year, but,  these just seem to be such a beacon of how this stuff can be done. You know, and to get to the point where citizenry trusts digital storage more than they trust, you know, traditional or paper storage or physical versions of things, because they're kind of in control. They can see anyone who's accessed it, they can give permissions to access. In my head when I visualise it, it's almost like, you know, digital citizen information where you, you know, request, allow or deny access to a particular data. And yeah, so I think it's doable. I think it's just that we need to build trust and we need to build a systems that allow for that trust to exist.

Bradley Sing: I guess, in this country we've spoken about, you know, digital medical health records for a long time. And, but I've really struggled to, to bring it to life in a meaningful way. And, and I guess, you know, a lot of that is the ownership of this who takes control of it? Who has access?  and it creates a lot of those complexities around, you know, being able to solve for that.  I think this digital sort of health passport is gonna be in exactly the same vein.  so it will be interesting to see whether the need for opening borders and allowing travel, and that can actually help overcome some of the, I guess, the politics and the, and the security and the data privacy concerns that have been around, you know, in trying to get these programs up previously and maybe create a United front on it.

Garrett O'Hara: Definitely. And there's, there's an interesting that actually I flipped to you guys during the week.  it's a report into the US and the title is horrible. It's guidance regarding methods for de-identification of protected health information in accordance with the health insurance portability and accountability act, privacy rule.

Bradley Sing: Is there an acronym for that Garrett?

Garrett O'Hara: I, I think people call It hippie. No, I'm joking. It's, it's HIPAA, but one of the things in there, which I, I was absolutely fascinated by is that it's been estimated that the combination of a patient's date of birth, gender, and five digit zip code is unique for over 50% of residents in the United States. So that, I mean, that to me, points to how little data you actually need to identify somebody. 'Cause in my, you know, in my mind, I think it's up to now, if you've got like 12 things and you can probably figure out who I am, but actually it's, it's way less than that.

Bradley Sing: You're a hundred percent, right. We covered this, I think over a year ago, the, the, My key data breach where there's a whole much of Victorian My Key data published. And a lot of people were saying, what can you do with these records? Right? Like, it's just touch on touch off. But I do remember there was a,  was a university, I can't remember which one, they released a research report and effectively said, look with one or two touch offs. They could go back and identify people. So you don't need much information. I think you just, you just need to wanna target someone. I think it's sort of starting to learn, right? If there's enough ambition and drive and potentially money behind it, then you're gonna get through at some point.

Dan McDermott: And I think that, that notion of the, the digital health passports and, you know, the role of obviously government in is, is critical. But,  I guess what we've seen is, is that the government's done a great job of continuing to raise the issue of cybersecurity.  we all remember, press conference now in June last year, you know, Australia is under cyber attack.  the tinfoil was going crazy that day Garrett. And,  you know, we, we all remember that.  but unfortunately what we've seen now is, is that, in the recent auditing of, of the government themselves and the different departments and on their own security measures,  them actually failing. So,  it's great to have that,  you know, awareness is being driven up and that people are talking about this and that we're seeing some action happening.  but it's obviously still work to do in terms of the government itself,  being able to actually live up to its own standards and be able to deliver, you know, a cyber secure, government machinery of government as well.

Garrett O'Hara: Yeah. Look, there's so much here Isn't there?  you know, I think government, in some ways is held to a higher standard and I personally think it should be. You know, we, we pay a lot of money in taxes and we're citizens of this country. So I, I think it's right that they are held to a higher standard, but they also have to deal with many of the same challenges that, you know, standards, you know, private enterprises and organisations do you have to deal with. And I don't think despite their, the recent audit, the results aren't new in a way, you know. If you go back to March, 2020, it would have been the,  Commonwealth cybersecurity posture,  the, the kind of response to government, I think it was delivered in parliament. They called a lot of this stuff out and, you know, it was a similar story where there wasn't alignment or compliance with that baseline for let alone the additional for the makeup, the essential aid.

Um, and it was similar things. They, they didn't have visibility of their systems and it was obsolete and unsupported operating systems. And, you know, I think what we're looking at is it takes some work to fix this stuff. You know, you've got to update and modernise the ICT before you can actually sometimes even tackle or think about tackling, the essential aid. So I think we've gotta be okay with spending money on this stuff because it is important.  and especially for some of the departments that were audited, it's big stakes.  it's bigger stakes than what I would say is maybe, you know, some of the private enterprises where it's gonna affect a couple of people's jobs and not that that's not serious and clearly is, but when you scale it up to organisations that are responsible for literally, you know, sovereign nation strategy and approach to how they kind of move through the world, and that's a huge thing to not get right.

Bradley Sing: And it wasn't just the top four, like in the report as well. I think it talks to the fact that, out of all of the,  the, the, the, non-corporate government, sorry, non-corporate, Commonwealth entities, only 24% of them were actually meeting that. But it also raises the question considering we've seen record numbers of breaches and reported through, you know, the mandatory data breach program over the past couple of years, you know, what's, what's the punishment for, for a government organisation for breaching your data or failing to meet these standards? Like obviously for a, for a corporate or private organisation is financial loss and a whole range of reputation loss as well, but yeah, I guess from an accountability perspective, it's, you know, it's great that they're highlighting it, but what's the follow-up or next action.

Dan McDermott: And what is the, what's the solution Gar? I know you have, you must have an answer here because, you know, do they just need to throw more money at it? What do they need to do? Because, you know, yes, you know, if they don't have, you know, endless pockets and that, but, you know, they should be able to have, you know, the ability to, to solve for this as well.

Garrett O'Hara: I totally agree.  I think, I think part of the problem here is that government is competing with private enterprise for talents, excuse me, for talents. And the horrible reality is that generally private enterprise can pay significantly more so, yeah, there's a bit of a talent train that potentially gets outside of the government circles. And let's, let's be honest, we know people in government are phenomenal people, extremely smart, extremely intelligence,  so there's no comments on that in any way, shape or form, but it's just a natural centre of gravity that I, I feel happens with, you know, private enterprise just being able to throw mud coin at people,  for cybersecurity.  I mean, there's, there's a simple solution, which is that we all just go back to pens, papers and abacuses and analog phones, I don't think that's gonna happen.  but you know, this is just not to, I'm gonna play it down here, but it's, it's security management.

It's sort of, it's looking at the current risks. It's having a, an adult conversation about what those risks mean. Are these, government entities willing to accept the risks at the level they're at? Clearly they're not, if they're being audited and not meeting the essentially.  they're, they're the simple solution, I know simple isn't always easy, but it is updating ICT systems. It's spending some money, it's training, you know, like I say, this solution is simple, but it's not an easy one to do necessarily because there's barriers sometimes to, you know, for me easily to say, "Oh, you just update the ICT." Cool. And then once you get in there and you realise that there's a legacy system that's tied into some of their legacy system and if you change system A it actually has a ripple down effect and avalanches out into systems, B, C, D, E, F, and then break something that, you know, an entire state or federal level system relies on.

So, you know, I realised I'm kind of being a little bit reductionist, but at some point we have to wear the pain and we have to wear the work and we have to spend the money to get this stuff right. 'Cause my two senses, the longer we leave it the more we're gonna see the PM sitting at a pulpit and telling us, the sky maybe is about to fall in.

Bradley Sing: Yeah. And like you say, the technology depth that exists,  in federal government we know is huge, right?

Garrett O'Hara: Massive.

Dan McDermott: It's a reality and that does create layers of complexity,  in those environments to actually, you know, what might from the outside look like an easy solve,  becomes very, very difficult. I think just circling back Brad to your question around, you know, what's the accountability and the impact on the government. My take is, is that it impacts what else they can do and the remits that they're looking to put in place around cyber. So right at the moment we have the critical infrastructure bill,  and  next week, and there's our briefings on, on the next phase of that and what that means and the implications, for industry and for many, many businesses across the country,  many of which will be held to a, a very high standard and a higher standard than what they're used to.

Um, and it's putting obligations on them that, that may be great from a, from a cyber security point of view and, and required.  but it is creating stress on them in terms of the resourcing, the dollars,  the reporting, what do they need to do to actually show that they can now meet those obligations? And I think that industry is pushing back a bit and, and sort of saying like, you know, well, if you can't meet your own standards internally, what, what right do you have to actually impose these higher order standards on us,  and what we need to do? Of which are many small businesses in supply chains, and that, that will be impacted by this,  who don't necessarily, you know, won't have the same resources as looking at our, as, as the government itself. So I definitely think that there is an implication there around how do they hold, you know, they've got to hold themselves up to account in terms of being,  delivering against their own standards in order to then impose those, you know, more broadly across the community as well.

Garrett O'Hara: Do you think,  you know, government services are critical, you know, they're, they're sort of top of the food chain when it comes to managing a nation. But then when I think about sort of business impact analysis that you would do in a normal organisation, sometimes the really critical functions aren't necessarily the high profile ones. It could be a back-office function that, you know, there's sort of invisible for the most part, but when it comes to the operation of an organisation, it's massive. And it sort of feels like while, you know, emotionally and personally, I definitely believe our governments and agencies and entities should be at a really high standard for security when it comes to critical infrastructure. So, you know, energy provision, critical services like water, healthcare, for me, I'd much rather they were doing security better than the guys who, you know, can go into parliament and say some stuff and, you know, bang tables and do whatever they do.  but like, I think you're right Dan, the optics are so bad in so many ways, right?

Because it feels like, hey, you're, you're preaching, but you're not really living and breathing this. It seems a little bit on the nose, but,  being, you know, sort of, yeah, trying to remove myself from, from how that feels. I think I get why critical infrastructure should be under a, sort of a higher burden to do good security.

Dan McDermott: Exactly. I think it just, it just undermines the credibility of opting out to make these things a reality, right?

Garrett O'Hara: Totally agree.

Dan McDermott: And then, you know, the trust that we have in things like, as we've been talking about the digital health passports and, you know, this is gonna be the government that is gonna be running this and controlling these things.  you know, what sort of trust does everybody have in that as well? So I just think that it, it does create those, those difficulties, Brad, and, and, and, you know, it is, it becomes politicised then, and then sort of sometimes the greater good and the things that we're trying to achieve,  as a cyber security industry and community,  can potentially be eroded to some degree.

Bradley Sing: I mean, look, ultimately this, this audit is a good thing, right? Like it's, you know, it's, it's highlighting that there's gaps, like we was acknowledged those gaps and really what this needs to be is essentially it should be just like a baseline, like a bare minimum, you know, every organisation works towards that and I know a lot do. But hopefully with things like the critical infrastructure bill, like it does kind of seem like kind of moving to that, that phase, but, you know, to your point, I think we need the government to,  lead by example with this one.

Dan McDermott: Well, I think we've done enough analysis on the government for today.  and just the ending off on the, on the last topic that we've got for, for this episode,  and getting back to sort of where we started a bit with, you know, I guess webcams and, and being able to access what are doing and understanding their information.  the issue of pixels,  has come up, Brad, tell us a bit more about the security concerns that, that underlies this.

Bradley Sing: Well, you know what a pixel is, right, have you ever seen a one by one invisible pixel in an email before? [laughs]. You probably haven't right? Because that's the nature of it.  tracking pixels, like tracking pixels would be making the headlines recently and I guess for a whole host of different reasons, but I think there's a, probably a little bit of a lack of awareness in terms of, I guess, their, their uses and also, I guess the prevalence that we're seeing right now. 'Cause definitely from a, I guess, nearly every email that you interact with, there is a chance that as soon as that email is opened,  somebody on the other end is gonna know that you've interacted with it and also then type of metadata that can be passed along as well. Whether it's an IP address potentially, you know, almost gonna go into a location level. Again you also, you know, potentially de-identify, you know, sorry, identify rather, people behind,  using the method of tracking cookies as well. Sorry, not tracking cookies, tracking pixels.

Dan McDermott: You, you're sounding as though like, you know, marketers might be trying to understand what people are doing and then being able to maybe create meaningful and, you know, engaging and personalised experiences for people. I mean, kind a nice, seems okay to me, but maybe, maybe I'm missing something. What do you think Gar? Am I, am I not taking this seriously enough?

Garrett O'Hara: Oh, look, I think it's both right. I think there's definitely a utility in things like tracking pixels,  similar to cookies, right? I mean, there's an argument to be made for, I don't know, targeted ads and things that are relevant and potentially a better online experience. And then I think where everyone starts to feel a little bit funny is the bit where you start to see some of those big tech and social platforms trapping, you know, maybe it feels like they just overstepped the line a little bit. And to both of your points, I mean, let's be honest. I think most organisations in some way, shape or form are using tracking pixels because they wanna see if what they're doing is working or not working what's its efficacy, um, And you do your maybe testing for ads and all that stuff.

I mean, there's none of that works without this, this sort of tracking technology.  I think the problem here is maybe you wanna psychology and maybe truly privacy to where, to Brad's point, like if you can see where somebody is physically in a city or what they've just done, like you can start to correlate that data and build a picture of people's actions and activities. And there's been some, some kind of freaky stories about people opening emails and getting phone calls from, you know, sales guys saying, "Hey, so you're in Houston today. How'd you like to go grab a coffee?" And, you know, the person will say, "What, you know, I'm normally based in LA, how do you? What? What's going on here?"  so I think partly it's a, is it like maybe just a very human response to a thing that happens where you just feel a little like, Ooh, that's, that's a bit, that's a bit weird. And I think mostly it's because it happens in the background for all of us all the time. Like pretty much any email you open probably has a pixel in there somewhere to say, hey, they've just opened the, you know, the email from, you know, X, Y, Z brand, or a newsletter or whatever it may be.

And I think it's that, we were talking before we started recording, you know, my wife was on a website trying to buy a domain, got a phone call while she was on the website because they were already a customer and it just freaked her out completely to the point where she backed away from actually making any purchase, because it just feels a little bit like whoa, whoa, whoa, you know, what's going on here? But like, pixels are not ready for the tinfoil hat? Pixels are the least of our worries in many ways, because everything you do online is being tracked. You're probably having signatures built on your lag time between letters typing on your keyboard, how your mouse moves. Everyone probably knows that this stage, the captures, they aren't necessarily capturing the fact that you can translate a weird set of letters into a typable format, they're actually looking at what your mouse was doing just before you typed in the letters. You know, the, the reality is the data that's being collected on us is astonishing. Pixels just one part of it.

Dan McDermott: I don't think it is the, it is the blurring of ethics into the technology itself, right? It's actually what you do with it in hand. How do you, how do you not look as though you are overstepping that line and gonnao far?  so it's, it's, you know, there is a little bit of how do you use it for good rather than evil that's for sure.

Bradley Sing: It is potentially like, so if you look over in Europe and I'm sure everybody's noticed this, but over the past few years, nearly every website you visit it'll have a whole set of different privacy options, right around cookies tracking the right to consent. And obviously part of GDPR is the right to consent on data capture and I know over in New Zealand we've recently seen that the new privacy laws encompass that as well. But I think it's probably important for organisations just to consider that as well. Like, you know, if you are using tracking pixels, which pretty much everyone does, you know, as the laws change, there may be a requirement for you to,  you know, potentially notify how your capturing that content or data

Dan McDermott: We might need to start up a digital marketing podcast as well. And we can dive into the world of pixel it and,  and a, and a cookie list future that, is coming as well for us. So, but definitely things for us to all consider.

Garrett O'Hara: When you said cookieless future, there a little moment of anxiety 'cause I, I thought maybe there's no biscuits in my, you know, in the next, the rest of my life and that, that would not be good.

Dan McDermott: And, and on that, dad joke, I think a good way to end the episode. Thank you Gar for that.  thank you Brad, thanks Gar again, for all your insights on what the happenings of the cyber security world,  and beyond,  and the implications were for government and for marketers of globally as well. So, something for all of us here. So, thank you again. Looking forward to, next week's episode, Gar, who do you have on, for, for next week?

Garrett O'Hara: We have, Lee Wiener, who Is the chief innovation officer over at. So I've got a really good, a good conversation coming up with him.

Dan McDermott: Terrific. Really, really looking forward to that conversation as well. We will return again in two weeks time to, to review the latest musings and happenings in the, in the cybersecurity space. Until then enjoy, enjoy the weeks ahead, have a good Easter and, we'll speak to you again soon.