WEBVTT 1 00:00:00.160 --> 00:00:03.319 Welcome to the deep dive, your shortcut to being well informed. 2 00:00:03.919 --> 00:00:08.119 Today we're diving into a digital nightmare that's become all 3 00:00:08.160 --> 00:00:10.480 too real for so many. Ransomware m hm. 4 00:00:11.039 --> 00:00:13.800 It's more than just a tech issue, right, it's digital extortion, 5 00:00:14.080 --> 00:00:15.240 pure and simple. 6 00:00:15.160 --> 00:00:20.480 Exactly, holding your data, hostage, personal photos, critical business files, everything. 7 00:00:20.600 --> 00:00:21.920 Yeah, it's scary stuff. 8 00:00:22.120 --> 00:00:24.920 So our mission today is pretty straightforward. We want to 9 00:00:24.920 --> 00:00:28.480 give you a clear, concise, but really thorough understanding of 10 00:00:28.519 --> 00:00:29.359 this threat. 11 00:00:29.239 --> 00:00:33.679 Well drawn, some great insights, particularly from na Haasan's ransomware revealed. 12 00:00:33.799 --> 00:00:35.679 Right, well, look at how it works, how it gets in, 13 00:00:36.039 --> 00:00:39.079 and crucially, what you can actually do to protect yourself 14 00:00:39.119 --> 00:00:41.719 and recover if the worst happens. 15 00:00:41.799 --> 00:00:44.799 And it is pervasive. This isn't some fringe problem anymore, 16 00:00:44.880 --> 00:00:45.359 no kidding. 17 00:00:45.399 --> 00:00:49.359 The growth has been explosive, like thirtyfold increase in new 18 00:00:49.439 --> 00:00:50.799 variant since twenty fifteen. 19 00:00:51.000 --> 00:00:51.479 Yeah, and the. 20 00:00:51.439 --> 00:00:54.200 Attack frequency went from what every forty seconds to every 21 00:00:54.240 --> 00:00:56.000 fourteen seconds by late twenty. 22 00:00:55.880 --> 00:00:59.799 Nineteen fourteen seconds. That's staggering. And the cost eleven point 23 00:00:59.840 --> 00:01:03.479 five billion dollars annually back then, heading towards twenty billion dollars. 24 00:01:03.759 --> 00:01:07.040 And that's not just the ransom demands. Right, that includes 25 00:01:07.120 --> 00:01:11.640 lost productivity, investigations, recovery. It adds up incredibly fast. 26 00:01:11.719 --> 00:01:16.239 That really does, affecting individuals, governments, companies big and small. Okay, 27 00:01:16.280 --> 00:01:18.560 let's get into the anatomy of this thing. So first 28 00:01:18.599 --> 00:01:22.159 things first, let's get a really clear definition. What exactly 29 00:01:22.359 --> 00:01:26.319 is ransomware? How's it different from say, a regular virus. 30 00:01:26.599 --> 00:01:33.000 Well, at its core, ransomware is malicious software specifically designed 31 00:01:33.040 --> 00:01:35.000 to lock you out of your own stuff. Lock you 32 00:01:35.079 --> 00:01:38.359 out how usually by encrypting your files, scrambling them so 33 00:01:38.400 --> 00:01:40.920 you can't open them, or sometimes by locking your whole 34 00:01:40.959 --> 00:01:41.680 computer screen. 35 00:01:41.799 --> 00:01:43.560 And the goal isn't destruction. 36 00:01:43.799 --> 00:01:47.079 Not primarily. No, the main goal is extortion. It holds 37 00:01:47.079 --> 00:01:50.040 your data hostage until you pay a ransom. It actually 38 00:01:50.079 --> 00:01:52.480 needs your system to be working enough to show you. 39 00:01:52.439 --> 00:01:52.879 How to pay. 40 00:01:53.079 --> 00:01:55.760 Uh. Okay, so it needs to display the ransom note. 41 00:01:55.760 --> 00:01:57.439 And what does that actually look like? For someone who 42 00:01:57.439 --> 00:01:58.000 gets hit. 43 00:01:58.120 --> 00:02:01.000 It's usually pretty obvious. You might suddenly you can't open 44 00:02:01.040 --> 00:02:04.200 your documents, photos whatever they might have, weird file extensions, 45 00:02:04.319 --> 00:02:05.680 or just show errors. 46 00:02:05.519 --> 00:02:07.760 Like that encrypted or something exactly. 47 00:02:07.799 --> 00:02:11.000 Things like that, or your desktop background gets replaced with 48 00:02:11.000 --> 00:02:13.520 a ransom note. Sometimes the whole screen locks up with 49 00:02:13.560 --> 00:02:15.360 a message and maybe a countdown timer. 50 00:02:15.439 --> 00:02:18.759 That sounds terrifying. And you mentioned finding instruction files too. 51 00:02:18.919 --> 00:02:19.159 Yeah. 52 00:02:19.199 --> 00:02:21.919 Often you'll see new text files or maybe image files 53 00:02:21.960 --> 00:02:24.479 popping up in your folders, all spelling out the demands 54 00:02:24.479 --> 00:02:27.879 and how to pay. Usually in cryptocurrency, it's designed to 55 00:02:27.879 --> 00:02:29.000 be impossible to ignore. 56 00:02:29.199 --> 00:02:33.039 Right. It's fascinating in a grim way, how this whole 57 00:02:33.080 --> 00:02:35.680 concept evolved. Yeah, can you walk us through some of 58 00:02:35.719 --> 00:02:36.280 that history? 59 00:02:36.479 --> 00:02:39.039 Sure, it actually goes back further than most people think. 60 00:02:39.120 --> 00:02:43.240 The very first documented case was the aid's trojan way 61 00:02:43.280 --> 00:02:44.439 back in nineteen eighty nine. 62 00:02:44.520 --> 00:02:45.159 Eighty nine. 63 00:02:45.159 --> 00:02:48.680 Wow, Yeah, very basic by today's standards. It just hid 64 00:02:48.800 --> 00:02:51.879 directories and encrypted file names, asked for one hundred and 65 00:02:51.919 --> 00:02:53.919 eighty nine dollars sent to a pobox in. 66 00:02:53.919 --> 00:02:55.599 Panama, a physical po box. 67 00:02:55.639 --> 00:02:58.439 That's almost quoint, right, But the idea was there. 68 00:02:59.199 --> 00:03:02.840 Then in ninety some researchers actually published a paper outlining 69 00:03:02.840 --> 00:03:06.919 the concept of using strong public key cryptography for cyber exportion. 70 00:03:07.479 --> 00:03:10.240 That laid the theoretical groundwork, So the blueprint was out. 71 00:03:10.120 --> 00:03:11.400 There pretty much. 72 00:03:11.520 --> 00:03:14.439 Things were relatively quiet for a bit. Then around twenty 73 00:03:14.479 --> 00:03:18.520 twelve we saw stuff like Revitan that was scareware carewear. Yeah, 74 00:03:18.560 --> 00:03:21.240 it would pop up fake police warnings like saying you 75 00:03:21.400 --> 00:03:24.159 viewed a legal content and demand a fine. They used 76 00:03:24.199 --> 00:03:27.120 things like anonymous cash cards, even bitcoin back then. 77 00:03:27.439 --> 00:03:31.319 Okay, so shifting tactics. Yet the real leap was the encryption. 78 00:03:31.120 --> 00:03:34.400 Right absolutely around twenty thirteen to twenty fifteen, that's the 79 00:03:34.439 --> 00:03:38.759 crypto explosion. Variants like crypto locker and crypto wall started 80 00:03:38.840 --> 00:03:44.240 using really strong encryption AZS RSSA twenty forty eight, basically 81 00:03:44.360 --> 00:03:46.199 unbreakable for victims. 82 00:03:45.840 --> 00:03:47.560 And that's when the money started pouring in for the 83 00:03:47.599 --> 00:03:48.800 attackers exactly. 84 00:03:49.039 --> 00:03:52.080 Ransom payments went through the roof, hitting hundreds of millions 85 00:03:52.120 --> 00:03:53.520 by late twenty fifteen, and. 86 00:03:53.479 --> 00:03:55.280 It didn't stop there, I imagine, Nope. 87 00:03:55.319 --> 00:03:58.759 Twenty sixteen brought even more advanced tactics, things like lockey 88 00:03:59.039 --> 00:04:02.560 petia at countdown timers, where the ransom would increase if 89 00:04:02.560 --> 00:04:03.199 you didn't pay. 90 00:04:03.120 --> 00:04:05.560 Quickly, applying psychological pressure totally. 91 00:04:05.879 --> 00:04:09.039 We also saw dock swear emerge that threatened to publicly 92 00:04:09.080 --> 00:04:11.639 release your sensitive data if you didn't pay, or even 93 00:04:11.639 --> 00:04:12.840 infect your friend's computers. 94 00:04:13.080 --> 00:04:16.399 That's nasty. And then came WannaCry in twenty seventeen. 95 00:04:16.800 --> 00:04:20.480 Yeah, WannaCry was a global wake up call, caused billions 96 00:04:20.480 --> 00:04:24.839 in losses. It spread incredibly fast using the Eternal Blue exploit, 97 00:04:25.079 --> 00:04:29.160 which targeted a Windows vulnerability, an exploit reportedly developed by 98 00:04:29.160 --> 00:04:31.480 the NSSAY and leaked man. 99 00:04:32.439 --> 00:04:37.720 So we've gone from simple file hiding to sophisticated self 100 00:04:37.720 --> 00:04:41.120 spreading encryption nightmares. It's quite the evolution. 101 00:04:40.839 --> 00:04:41.639 It really is. 102 00:04:42.199 --> 00:04:44.800 And while the volume of attacks maybe dipped slightly after 103 00:04:44.839 --> 00:04:48.560 WannaCry for a bit, the sophistication just kept increasing. 104 00:04:48.759 --> 00:04:51.000 So broadly speaking, that what are the main types of 105 00:04:51.079 --> 00:04:52.360 ransomware we're dealing with now? 106 00:04:52.920 --> 00:04:56.040 Functionally you can break it down into two main categories. First, 107 00:04:56.120 --> 00:04:57.319 there's locker ransomware. 108 00:04:57.399 --> 00:04:59.480 Locker like it just locks the screen. 109 00:04:59.319 --> 00:05:02.160 Exactly, It prevents you from accessing your computer, maybe locking 110 00:05:02.240 --> 00:05:05.879 the desktop or the login screen. These are often, relatively speaking, 111 00:05:05.920 --> 00:05:06.800 easier to deal. 112 00:05:06.639 --> 00:05:07.199 With, okay. 113 00:05:07.279 --> 00:05:10.360 And the second type, that's crypto ransomware. This is the 114 00:05:10.399 --> 00:05:12.680 more dangerous one. It doesn't just lock your screen, It 115 00:05:12.680 --> 00:05:16.759 actually encrypts your files, your documents, photos, databases. 116 00:05:16.240 --> 00:05:19.079 So it takes the data itself hostage. 117 00:05:18.800 --> 00:05:22.600 Precisely, and modern versions, as we mentioned, might threaten to 118 00:05:22.600 --> 00:05:25.560 delete the data permanently or leak it online if you 119 00:05:25.560 --> 00:05:28.360 don't meet their deadline. That's the real threat for most 120 00:05:28.519 --> 00:05:30.000 people and businesses today. 121 00:05:30.120 --> 00:05:32.720 Okay, let's shift to how this stuff actually gets onto 122 00:05:32.759 --> 00:05:37.399 our systems. What are the common ways ransomware infects computers? 123 00:05:37.480 --> 00:05:39.360 The attack vectors we need to watch out for. 124 00:05:39.720 --> 00:05:43.920 Well, the undisputed king is still email, phishing, email specifically, 125 00:05:44.000 --> 00:05:46.560 let's go number one by a long shot. Something like 126 00:05:46.639 --> 00:05:50.199 fifty nine percent of ransomware attacks start with a malicious email. 127 00:05:50.560 --> 00:05:53.120 It could be an attachment, You open a seemingly innocent 128 00:05:53.160 --> 00:05:56.160 document and bam, or a link or a link Yeah, 129 00:05:56.360 --> 00:05:58.959 click here to track your package Click here for an 130 00:05:59.079 --> 00:06:02.439 urgent invoice takes you to a site that downloads the malware. 131 00:06:02.600 --> 00:06:04.160 And it's not just random spam anymore. 132 00:06:04.199 --> 00:06:07.399 Right now, now, phishing has gotten much more sophisticated. It's often 133 00:06:07.439 --> 00:06:10.480 targeted using social engineering to trick you into thinking the 134 00:06:10.519 --> 00:06:14.560 email is legitimate. Fake PayPal alerts, fake Microsoft warnings, things 135 00:06:14.560 --> 00:06:18.399 like that. Even spearfishing targeting specific people, or whale fishing 136 00:06:18.439 --> 00:06:19.600 going after executives. 137 00:06:19.720 --> 00:06:22.199 Okay, so email hygiene is critical. What else? 138 00:06:22.519 --> 00:06:25.879 Exploit kits are another major threat. These are nasty they 139 00:06:25.959 --> 00:06:29.120 sit on compromise websites, sometimes legitimate sites that have. 140 00:06:29.079 --> 00:06:31.279 Been hacked, and you don't even have to click anything. 141 00:06:31.160 --> 00:06:34.279 Not necessarily, if you visit the site, The exploit kit 142 00:06:34.319 --> 00:06:38.879 automatically scans your computer for non vulnerabilities, outdated browser plugins 143 00:06:39.000 --> 00:06:42.759 like flash, old Jaba versions, unpatched operating. 144 00:06:42.360 --> 00:06:44.439 System flaws, and if it finds one. 145 00:06:44.319 --> 00:06:47.720 It silently exploits that flaw to install the ransomware or 146 00:06:47.800 --> 00:06:51.399 other metalware. That's why keeping software updated is so vital 147 00:06:51.560 --> 00:06:52.040 makes sense. 148 00:06:52.120 --> 00:06:54.920 What about physical stuff like USB drives? 149 00:06:55.040 --> 00:06:56.040 Yep, still a thing. 150 00:06:56.199 --> 00:07:00.120 Seems old school, but dropping infected USB drives in parking 151 00:07:00.199 --> 00:07:03.480 lots or offices still works. Surprisingly Often people are curious. 152 00:07:03.600 --> 00:07:06.199 I remember that experiment where almost everyone picked up a 153 00:07:06.439 --> 00:07:07.639 found USB. 154 00:07:07.680 --> 00:07:10.720 Right and half plugged it into a work machine. Stuxnet, 155 00:07:10.879 --> 00:07:14.399 a major piece of state sponsored malware, famously used USBs. 156 00:07:14.720 --> 00:07:18.240 And of course, downloading software or movies from pirated content 157 00:07:18.360 --> 00:07:21.439 sites is asking for trouble. They often bundle malware. 158 00:07:21.639 --> 00:07:25.319 Okay, what about inside legitimate software like office documents? 159 00:07:25.560 --> 00:07:29.480 Oh yeah, Microsoft Office macros malicious code embedded in Word 160 00:07:29.519 --> 00:07:33.800 or Excel files. Older Office versions had macros enabled by default, 161 00:07:33.959 --> 00:07:36.959 making it easy newer versions warn you they do, thankfully, 162 00:07:37.399 --> 00:07:40.360 But attackers use social engineering to convince people to click 163 00:07:40.480 --> 00:07:41.279 enable content. 164 00:07:41.759 --> 00:07:42.079 Locky. 165 00:07:42.160 --> 00:07:44.160 Ransomware spread very effectively this way. 166 00:07:44.279 --> 00:07:47.160 It always comes back to tricking the user somehow often. 167 00:07:47.000 --> 00:07:51.720 Yes, which leads to another really concerning trend, ransomware as 168 00:07:51.720 --> 00:07:53.040 a service or a race. 169 00:07:53.319 --> 00:07:56.120 Ransomware as a service like cloud. 170 00:07:55.920 --> 00:08:00.000 Software kind of yeah, but for crime. Basically, skilled develop 171 00:08:00.000 --> 00:08:02.519 sloppers create the ransomware and then rent it out to 172 00:08:02.639 --> 00:08:06.120 less technical criminals through online dashboards, often. 173 00:08:05.800 --> 00:08:06.519 On the dark Web. 174 00:08:06.800 --> 00:08:10.439 Seriously, Yeah, the customer launches the attacks and the developer 175 00:08:10.480 --> 00:08:13.160 takes a cut of the profits. It massively lowers the 176 00:08:13.160 --> 00:08:15.160 barrier to entry for ransomware attacks. 177 00:08:15.160 --> 00:08:19.240 That's incredibly disturbing, democratizing digital extortion pretty much. 178 00:08:19.360 --> 00:08:23.439 We also see attacks via Remote Desktop Protocol RDP. That's 179 00:08:23.560 --> 00:08:27.199 the Windows feature for remote access. Attackers find systems with 180 00:08:27.319 --> 00:08:31.519 weak passwords, brute force them or buy stolen credentials online 181 00:08:31.519 --> 00:08:34.519 for cheap, then log in and install ransomware directly. 182 00:08:34.759 --> 00:08:36.840 Wow, so many ways in any others. 183 00:08:37.000 --> 00:08:40.720 A few more key ones targeting managed service providers MSPs, 184 00:08:40.840 --> 00:08:44.039 the companies that manage it for other businesses. Hack the 185 00:08:44.200 --> 00:08:46.919 MSP and you can push ransomware to all their clients 186 00:08:46.960 --> 00:08:50.960 at once. Then there are zero day vulnerabilities, flaws, hackers 187 00:08:50.960 --> 00:08:54.039 fine before the software vendor does, and finally, just a 188 00:08:54.159 --> 00:08:56.919 general lack of training and awareness human error. 189 00:08:57.200 --> 00:08:58.840 So the big takeaway here seems to be that the 190 00:08:59.000 --> 00:09:02.039 entry points are incredible varied. It could be a simple 191 00:09:02.080 --> 00:09:05.600 email mistake and unpatched system, or even a sophisticated supply 192 00:09:05.679 --> 00:09:08.679 chain attack. It highlights the need for multiple layers of defense. 193 00:09:08.480 --> 00:09:11.200 Exactly, which brings us neatly to what we can actually 194 00:09:11.240 --> 00:09:11.759 do about it. 195 00:09:11.840 --> 00:09:14.919 Okay, so given this onslot of attack methods, let's talk protection. 196 00:09:15.200 --> 00:09:18.720 Starting with individuals, what are the absolute must do steps 197 00:09:18.759 --> 00:09:20.879 to shield our personal computers and data? 198 00:09:21.039 --> 00:09:21.200 Right? 199 00:09:21.279 --> 00:09:23.600 For personal protection, it really boils down to a few 200 00:09:23.679 --> 00:09:27.399 key areas vigilance, software hygiene, and backups. 201 00:09:27.720 --> 00:09:30.720 They're all cruful. Let's break that down. Software hygiene. 202 00:09:30.799 --> 00:09:34.159 Yeah, first install and constantly update a good security suite, 203 00:09:34.399 --> 00:09:39.000 not just any free antivirus, ideally something comprehensive with anti malware, 204 00:09:39.399 --> 00:09:44.720 anti phishing. The works. Modern av uses multiple techniques now signatures, 205 00:09:44.759 --> 00:09:47.879 behavior analysis, cloud intelligence to catch threats. 206 00:09:48.000 --> 00:09:49.320 Okay, good avy, What else? 207 00:09:49.720 --> 00:09:53.399 Keep your operating system and all your applications updated seriously. 208 00:09:53.480 --> 00:09:57.159 Set Windows to update automatically. Use software updators for things 209 00:09:57.159 --> 00:10:00.879 like your browser, Adobe reader, Java. This closes the holes 210 00:10:00.919 --> 00:10:03.840 exploit kits look for. Don't forget firmware on routers and 211 00:10:03.840 --> 00:10:04.559 other devices too. 212 00:10:04.720 --> 00:10:07.360 Patch fetch patch, got it? What about being smarter with 213 00:10:07.440 --> 00:10:08.320 how we use the computer? 214 00:10:08.559 --> 00:10:12.159 Absolutely practice secure web browsing. Configure your browser to block 215 00:10:12.200 --> 00:10:15.440 malicious readerrects and pop ups. Use security focused add ons 216 00:10:15.480 --> 00:10:18.559 if you can, and a big one. Disable Microsoft Office 217 00:10:18.559 --> 00:10:21.320 macros by default. Don't enable them unless you are one 218 00:10:21.320 --> 00:10:23.320 thousand percent sure the source is legitimate. 219 00:10:23.440 --> 00:10:26.200 Macros off check. What about user accounts? 220 00:10:26.440 --> 00:10:29.120 Use a standard user account for your daily activities, not 221 00:10:29.200 --> 00:10:33.519 an administrator account. A huge percentage of vulnerabilities require admin 222 00:10:33.639 --> 00:10:37.000 rights to exploit fully. This one simple step can block 223 00:10:37.120 --> 00:10:38.360 a lot of ransomware. 224 00:10:38.480 --> 00:10:40.759 Standard account for every day stuff makes sense. 225 00:10:41.080 --> 00:10:43.879 Anything else On the software side, you could consider disabling 226 00:10:43.960 --> 00:10:47.279 Windows Script host WSH if you're a bit more technical. 227 00:10:47.600 --> 00:10:50.799 It stops certain types of malicious scripts from running. Also, 228 00:10:51.039 --> 00:10:54.960 keep User Account Control UAC turned on. That's the Windows 229 00:10:54.960 --> 00:10:57.480 feature that prompts you before making sister changes. 230 00:10:57.559 --> 00:11:00.480 Okay, now, what about physical risks and habits? 231 00:11:00.639 --> 00:11:04.720 Definitely avoid pirated software. It's often bundled with malware, and 232 00:11:04.799 --> 00:11:09.240 pirated operating systems can't get critical security updates. Be super 233 00:11:09.279 --> 00:11:12.120 careful with USB drives. If you find one, don't plug 234 00:11:12.120 --> 00:11:14.799 it in. If you must check an unknown drive, use 235 00:11:14.840 --> 00:11:16.799 an isolated machine you don't care about. 236 00:11:16.960 --> 00:11:20.320 Right. The curiosity factor is dangerous there, and public charging. 237 00:11:20.080 --> 00:11:22.480 Ports avoid them. That's called juice jacking. 238 00:11:23.159 --> 00:11:26.639 Malicious actors can set up compromised charging stations to install 239 00:11:26.639 --> 00:11:29.480 malware on your phone. Use your own charger or a 240 00:11:29.559 --> 00:11:30.480 portable power bank. 241 00:11:30.799 --> 00:11:35.039 Juice jacking. Okay, good tip. What about mobile devices in general? 242 00:11:35.240 --> 00:11:36.240 Similar principles. 243 00:11:36.399 --> 00:11:39.480 Only install apps from official app stores, Be wary of 244 00:11:39.519 --> 00:11:43.360 links and text messages, use mobile security software. Check app 245 00:11:43.399 --> 00:11:46.480 permissions carefully. Does that flashlight app really need access to 246 00:11:46.519 --> 00:11:47.120 your contacts? 247 00:11:47.360 --> 00:11:48.919 And back up your mobile data too? 248 00:11:49.159 --> 00:11:51.639 Backups? You keep coming back to. That sounds like the 249 00:11:51.639 --> 00:11:52.480 most important thing. 250 00:11:52.639 --> 00:11:53.679 It absolutely is. 251 00:11:54.120 --> 00:11:57.399 Backing up your data is the single most critical defense. 252 00:11:57.519 --> 00:11:59.159 It's your ultimate safety net. 253 00:11:59.399 --> 00:11:59.879 If you have. 254 00:12:00.279 --> 00:12:04.120 Clean, recent backups, ransomware loses most of its power over you. 255 00:12:04.320 --> 00:12:06.360 Okay, So how to do backups effectively? 256 00:12:06.559 --> 00:12:10.000 Use built in tools like Windows file history or reliable 257 00:12:10.039 --> 00:12:14.000 third party software, make full system image backups periodically too. 258 00:12:14.360 --> 00:12:18.279 But the absolute key is this. Disconnect your backup storage 259 00:12:18.320 --> 00:12:20.200 immediately after the backup is complete. 260 00:12:20.320 --> 00:12:23.200 Ah, so the ransomware can't reach it exactly. 261 00:12:23.480 --> 00:12:25.919 If your backup drive is connected, when ransomware hits it 262 00:12:25.919 --> 00:12:28.720 will encrypt your backups too, making them useless. Start them 263 00:12:28.720 --> 00:12:32.639 offline disconnected. You can also enable volume shadow copies and 264 00:12:32.679 --> 00:12:36.559 Windows for quick restores, but ransomware often deletes these, so 265 00:12:36.600 --> 00:12:39.879 they're not a substitute for real offline backups. 266 00:12:39.919 --> 00:12:43.440 Disconnected backups. Got it. That's a really solid checklist for 267 00:12:43.480 --> 00:12:48.879 personal security. Now let's scale this up for organizations, businesses, schools, hospitals. 268 00:12:48.919 --> 00:12:52.039 The stakes are obviously much higher. What's the strategy there? 269 00:12:52.360 --> 00:12:57.440 For organizations? You need a comprehensive defense in depth diggy strategy. 270 00:12:57.960 --> 00:13:02.000 Think multiple layers of security castle, walls, moats, and guards, 271 00:13:02.279 --> 00:13:04.440 not just relying on one thing layers. 272 00:13:04.480 --> 00:13:05.879 Okay, what are some of those key layers. 273 00:13:05.960 --> 00:13:09.440 Starts with the fundamentals, just like for individuals, but scaled up, 274 00:13:09.679 --> 00:13:13.120 efficient patch management is non negotiable. You need a rigorous 275 00:13:13.159 --> 00:13:18.240 process to identify, test, and deploy updates for everything, operating systems, applications, 276 00:13:18.240 --> 00:13:20.600 firmware across the entire enterprise. 277 00:13:20.399 --> 00:13:21.759 So patching its scale. 278 00:13:21.759 --> 00:13:26.240 Right, then hardening the environment. This includes physical security, controlling 279 00:13:26.279 --> 00:13:30.960 access to server rooms, making sure employees lock workstations. Network 280 00:13:30.960 --> 00:13:31.879 segmentation is. 281 00:13:32.000 --> 00:13:35.159 Huge segmentation, splitting the network. 282 00:13:34.879 --> 00:13:39.000 Up exactly, using firewalls or VLANs to divide the network 283 00:13:39.039 --> 00:13:43.320 into smaller isolated zones. If one segment gets infected, the 284 00:13:43.320 --> 00:13:46.720 segmentation helps prevent the ransomware from spreading easily to other 285 00:13:46.759 --> 00:13:47.639 critical parts of the. 286 00:13:47.559 --> 00:13:49.320 Network, limiting the blast radius. 287 00:13:49.399 --> 00:13:53.480 Smart you also need specialized anti ransomware solutions that go 288 00:13:53.559 --> 00:13:58.039 beyond traditional av monitoring for suspicious file activity, enforce the 289 00:13:58.039 --> 00:14:01.440 principle of least privilege everywhere users and systems only get 290 00:14:01.480 --> 00:14:04.559 the absolute minimum access rights they need to function and 291 00:14:04.559 --> 00:14:06.360 conduct regular vulnerability stands. 292 00:14:06.399 --> 00:14:09.320 Okay, so strong foundations. What about the network perimeter. 293 00:14:09.480 --> 00:14:13.120 That's where things like next generation firewalls and gfws come in. 294 00:14:13.159 --> 00:14:16.559 These are much smarter than old firewalls. They integrate anti virus, 295 00:14:16.639 --> 00:14:22.320 anti malware intrusion prevention systems IPS. Application control basically a 296 00:14:22.399 --> 00:14:24.240 multifunction security gateway. 297 00:14:23.879 --> 00:14:26.799 IPS intrusion prevention so it actively blocks threats. 298 00:14:27.159 --> 00:14:31.600 Yes, unlike an IDs intrusion detection system, which just alerts 299 00:14:31.919 --> 00:14:35.159 and ips tries to block malicious traffic in real time. 300 00:14:35.480 --> 00:14:39.080 Often these are combined in a unified threat management UTM appliance. 301 00:14:39.519 --> 00:14:41.919 Another key network layer is sandboxing. 302 00:14:42.120 --> 00:14:45.519 Sand Boxing like testing files in a safe place exactly. 303 00:14:46.080 --> 00:14:48.600 Suspicious files coming in from the web or email get 304 00:14:48.679 --> 00:14:52.639 automatically sent to an isolated virtual environment at the network edge. 305 00:14:52.919 --> 00:14:56.480 The system analyzes their behavior there. If they're malicious, they're 306 00:14:56.480 --> 00:14:59.960 blocked before they ever reach an end user's machine. Crucial 307 00:15:00.080 --> 00:15:01.399 for catching zero day threats. 308 00:15:01.799 --> 00:15:04.279 That sounds powerful. What else at the network level? 309 00:15:04.399 --> 00:15:08.440 Malicious URL blocking using updated blocklists of known bad websites. 310 00:15:08.639 --> 00:15:11.480 Setting up a network performance baseline helps too. If you 311 00:15:11.519 --> 00:15:14.000 know what normal traffic looks like, you can spot anomaly. 312 00:15:14.120 --> 00:15:16.879 Is like a workstation suddenly trying to encrypt files across 313 00:15:16.879 --> 00:15:19.879 the network much faster, maybe even set up honeypots. 314 00:15:19.919 --> 00:15:22.000 Honeypots decoy systems. 315 00:15:22.080 --> 00:15:26.320 Yeah, intentionally vulnerable looking systems with fake data. They attract attackers, 316 00:15:26.399 --> 00:15:29.000 allowing you to study their methods and detect intrusion attempts 317 00:15:29.080 --> 00:15:31.000 early without risking real assets. 318 00:15:31.320 --> 00:15:34.960 Clever okay. Email security must be huge for organizations. 319 00:15:34.320 --> 00:15:38.360 Too, Absolutely paramount advanced spam filtering obviously, but also implementing 320 00:15:38.399 --> 00:15:43.919 email authentication standards like SPF, DCAM and DRSAR to prevent 321 00:15:43.960 --> 00:15:48.919 spoofing attackers pretending to be legitimate senders, and crucially blocking 322 00:15:49.000 --> 00:15:53.600 risky attachment types at the email gateway, things like executables, scripts, 323 00:15:54.000 --> 00:15:58.360 even password protected zip files or office files with macros. 324 00:15:58.039 --> 00:15:59.960 Be aggressive with filtering attachments. 325 00:16:00.080 --> 00:16:04.279 Definitely, you also need strong internal policies. A data classification 326 00:16:04.360 --> 00:16:06.759 policy helps you know what data is most sensitive and 327 00:16:06.799 --> 00:16:11.799 protected accordingly, in force strong password requirements, mandatory multi factor 328 00:16:11.840 --> 00:16:16.039 authentication MFA, and provide password managers. 329 00:16:15.759 --> 00:16:17.879 MFA everywhere seems key, it really is. 330 00:16:18.120 --> 00:16:22.279 Another powerful tool is application whitelisting. Like using Windows app blocker, 331 00:16:22.600 --> 00:16:24.919 Instead of trying to block millions of bad things, you 332 00:16:24.960 --> 00:16:27.000 define the good applications that are allowed to run and 333 00:16:27.039 --> 00:16:28.519 everything else is blocked by default. 334 00:16:28.960 --> 00:16:30.799 Very effective against unknown. 335 00:16:30.399 --> 00:16:33.960 Malware whitelifting instead of blacklisting interesting shift. 336 00:16:33.919 --> 00:16:36.519 It can be very effective that it requires careful management. 337 00:16:36.919 --> 00:16:40.679 Also secure your DNS. You secure the NS providers that 338 00:16:40.720 --> 00:16:44.759 filter out malicious domains ransomware might try to contact. Consider 339 00:16:44.840 --> 00:16:49.279 data sanitization or CDR tools that proactively strip potentially harmful 340 00:16:49.320 --> 00:16:54.000 content from incoming files and finally, govern USB drive use 341 00:16:54.240 --> 00:16:57.279 strictly block them or sanitize them automatically. 342 00:16:57.440 --> 00:17:00.480 Wow, that's a lot of layers, but it may make sense. 343 00:17:00.840 --> 00:17:04.319 Robust security isn't just one product. It's a whole ecosystem 344 00:17:04.400 --> 00:17:06.359 of controls and policies working together. 345 00:17:06.480 --> 00:17:08.039 Exactly defense in depth. 346 00:17:08.319 --> 00:17:10.799 But we keep touching on user actions even in the 347 00:17:10.880 --> 00:17:14.599 enterprise context. How critical is the human element in all this? 348 00:17:15.240 --> 00:17:16.880 What about security awareness training? 349 00:17:16.960 --> 00:17:18.000 It's absolutely essential. 350 00:17:18.039 --> 00:17:19.759 You can have the best technology in the world, but 351 00:17:19.759 --> 00:17:22.039 if an employee clicks a malicious link or gives away 352 00:17:22.079 --> 00:17:25.960 their credentials, you're still vulnerable. Human error remains the weakest link. 353 00:17:26.119 --> 00:17:27.599 So training is non negotiable. 354 00:17:27.759 --> 00:17:28.720 It's not negotiable. 355 00:17:29.279 --> 00:17:33.680 Effective security awareness training directly reduces breaches, it helps meet 356 00:17:33.720 --> 00:17:38.160 compliance requirements, protects the organization's reputation, and actually makes your 357 00:17:38.200 --> 00:17:42.720 expensive security technology more effective because users aren't accidentally bypassing it. 358 00:17:42.960 --> 00:17:44.079 What should that training cover? 359 00:17:44.319 --> 00:17:48.640 Key areas include teaching employees how to spot phishing attacks, 360 00:17:48.720 --> 00:17:52.559 showing them real examples of malicious emails, techs and websites, 361 00:17:53.000 --> 00:17:56.000 educating them about social engineering tactics, not just phishing, but 362 00:17:56.119 --> 00:18:00.759 things like tailgating, shoulder surfing, pretexting and reinfor forcing general 363 00:18:00.799 --> 00:18:05.839 cybersecurity hygiene, strong passwords, using VPNs on public Wi Fi, 364 00:18:06.079 --> 00:18:10.559 reporting suspicious activity, understanding the risks of attachments and links, 365 00:18:10.759 --> 00:18:11.880 the importance of MFA. 366 00:18:12.079 --> 00:18:14.480 It sounds like investing in employee knowledge is just as 367 00:18:14.519 --> 00:18:17.640 critical as investing in the technology itself. They really are 368 00:18:17.680 --> 00:18:18.759 the first line of defense. 369 00:18:19.160 --> 00:18:22.960 Couldn't agree more. A well trained, security aware workforce is 370 00:18:22.960 --> 00:18:26.039 one of your most valuable assets against threats like ransomware. 371 00:18:26.119 --> 00:18:29.039 It has to be a combination of technology, policy and people. 372 00:18:29.319 --> 00:18:33.119 Okay, so we've covered prevention extensively, but let's face it, 373 00:18:33.599 --> 00:18:36.319 no defense is one hundred percent fool proofs, especially with 374 00:18:36.319 --> 00:18:39.680 how sophisticated these attacks are getting. So what happens if 375 00:18:39.720 --> 00:18:43.000 the worst occurs? You get hit? Maybe your backup's failed 376 00:18:43.039 --> 00:18:47.079 or weren't recent enough. The dreaded question, should you pay 377 00:18:47.119 --> 00:18:47.680 the ransom? 378 00:18:47.799 --> 00:18:50.799 That's yeah, that's the nightmare scenario, and there's no single 379 00:18:50.880 --> 00:18:51.279 right answer. 380 00:18:51.359 --> 00:18:52.400 It's a really tough call. 381 00:18:52.599 --> 00:18:54.359 What are the options? Realistically? 382 00:18:54.519 --> 00:18:57.839 Basically, you have three main paths. One, try to remove 383 00:18:57.839 --> 00:18:59.880 the infection and find a way to decrypt the files 384 00:19:00.079 --> 00:19:03.920 out paying. Two do nothing except the data loss wipe 385 00:19:03.960 --> 00:19:07.240 the affected systems and restore from whatever backups you might have, 386 00:19:07.400 --> 00:19:10.680 or just start fresh, or three pay the ransom. 387 00:19:10.880 --> 00:19:12.440 What factors go into that decision? 388 00:19:12.559 --> 00:19:16.160 It depends heavily on the specific situation. How critical is 389 00:19:16.160 --> 00:19:19.160 the encrypted data? Can the business function without it? What's 390 00:19:19.200 --> 00:19:23.200 the potential cost of downtime, lost revenue, operational disruption? How 391 00:19:23.240 --> 00:19:26.160 does that compare to the ransom amount? Is their reputational 392 00:19:26.200 --> 00:19:29.240 damage to consider? If data was potentially stolen. 393 00:19:29.079 --> 00:19:31.160 But paying doesn't guarantee you get your data. 394 00:19:30.960 --> 00:19:33.799 Back, right, absolutely not. That's the huge risk. There is 395 00:19:33.839 --> 00:19:37.680 no guarantee. Some ransomware gangs just take the money and disappear. 396 00:19:38.160 --> 00:19:41.400 Some variants like not Petia famously, were designed to be 397 00:19:41.480 --> 00:19:46.039 destructive and couldn't actually decrypt files even if the attackers wanted. 398 00:19:45.720 --> 00:19:47.640 To, so you could pay and still get nothing. 399 00:19:47.880 --> 00:19:52.839 Precisely, plus, paying the ransom directly funds these criminal organizations, 400 00:19:53.319 --> 00:19:56.200 enabling them to launch more attacks against others. It fuels 401 00:19:56.240 --> 00:19:58.400 the whole illicit economy. 402 00:19:58.000 --> 00:20:00.599 And they demand crypto, usually almost a always bitcoin. 403 00:20:00.680 --> 00:20:03.400 Yeah, it offers a degree of anonymity, though it's not 404 00:20:03.599 --> 00:20:07.480 perfectly untraceable. They'll provide instructions on how to buy bitcoin. 405 00:20:07.680 --> 00:20:11.319 Often suggesting methods like using cash at bitcoin ATMs or 406 00:20:11.519 --> 00:20:13.880 peer to peer exchanges to make tracing harder. 407 00:20:14.200 --> 00:20:16.599 If someone does pay, what should they do afterwards? 408 00:20:16.759 --> 00:20:19.680 Definitely report the incident to law enforcement like the FBI 409 00:20:19.720 --> 00:20:23.720 in the US, even if recovery isn't possible. The information 410 00:20:23.799 --> 00:20:27.480 helps authorities track these groups and potentially develop decryption tools later. 411 00:20:27.599 --> 00:20:30.160 Okay, so paying is a massive gamble, a last resort. 412 00:20:31.079 --> 00:20:34.839 What are the alternatives for trying to recover data without paying? 413 00:20:35.160 --> 00:20:38.559 There are possibilities, yes, The very first step is crucial. 414 00:20:39.119 --> 00:20:42.440 Identify the specific ransomware variant you've been hit with. 415 00:20:42.759 --> 00:20:44.640 How do you do that? The ransom note usually. 416 00:20:44.440 --> 00:20:48.799 Says sometimes but not always clearly. There are excellent free 417 00:20:48.839 --> 00:20:52.559 online resources like id ransomware or the No More Ransom 418 00:20:52.559 --> 00:20:55.920 project's crypto sheriff tool. You can often upload the ransom 419 00:20:55.960 --> 00:20:59.160 note file or an example encrypted file and it will 420 00:20:59.160 --> 00:21:00.480 try to identify the strain. 421 00:21:00.880 --> 00:21:05.279 Okay, so step one identify? Why is that so important? 422 00:21:05.400 --> 00:21:09.440 Because identification leads you to step two finding potential removal 423 00:21:09.519 --> 00:21:12.839 and decryption tools. If it's an older or known variant, 424 00:21:13.119 --> 00:21:16.359 security researchers or vendors might have already created a free 425 00:21:16.359 --> 00:21:17.160 decryptor for it. 426 00:21:17.240 --> 00:21:18.039 Where you find those. 427 00:21:18.160 --> 00:21:21.559 The nowar ransom website is a great central repository. Major 428 00:21:21.599 --> 00:21:26.400 antivirus vendors like Kasperski, a Vast, Mcsoft, trend Micro also 429 00:21:26.480 --> 00:21:30.160 offer free decryptors for specific families they've cracked. It's not guaranteed. 430 00:21:30.240 --> 00:21:33.240 Some newer ransomware is still unbreakable, but it's definitely worth. 431 00:21:33.119 --> 00:21:36.039 Checking, so there's some hope of decryption without paying. 432 00:21:36.240 --> 00:21:39.880 Sometimes sometimes yes, it often requires a bit of technical 433 00:21:39.960 --> 00:21:44.440 know how and success isn't guaranteed. Also, remember to attach 434 00:21:44.480 --> 00:21:47.920 any external drives or USBs before running a decryptor so 435 00:21:47.960 --> 00:21:50.920 it can attempt to decrypt files on those two good tip. 436 00:21:51.480 --> 00:21:54.319 What if the ransomware just deleted files? Maybe backups have 437 00:21:54.440 --> 00:21:56.279 found any chance of recovery. 438 00:21:56.319 --> 00:21:59.440 Then possibly if the files were just deleted and the 439 00:21:59.480 --> 00:22:03.000 space on the hasn't been overwritten yet, standard file recovery 440 00:22:03.000 --> 00:22:06.640 tools like recovera test disc PhotoRec might be able to 441 00:22:06.680 --> 00:22:09.519 salvage Some of them always recover them to a separate drive, 442 00:22:09.720 --> 00:22:10.799 not the infected one. 443 00:22:10.960 --> 00:22:14.960 Okay, so identification searching for decryptors, maybe file recovery. It 444 00:22:15.039 --> 00:22:18.000 underlines why having those offline backups is just so much 445 00:22:18.079 --> 00:22:18.960 better absolutely. 446 00:22:19.000 --> 00:22:21.759 Backups are Plan A, B and C. Decryption tools are 447 00:22:21.799 --> 00:22:22.720 more like Plan D or E. 448 00:22:23.000 --> 00:22:25.400 Right now. For businesses facing an attack, dealing with this 449 00:22:25.519 --> 00:22:28.039 is more complex than just running a tool. What's the 450 00:22:28.160 --> 00:22:31.359 organized approach? You mentioned an incident response plan earlier. 451 00:22:31.559 --> 00:22:36.039 Yes, having a formal ransomware incident response plan IRP is 452 00:22:36.119 --> 00:22:40.680 critical for organizations. This is a pre defined procedure for 453 00:22:40.720 --> 00:22:44.200 how to handle an attack, managed by a dedicated computer 454 00:22:44.240 --> 00:22:47.480 security incident response team or CSER. 455 00:22:47.920 --> 00:22:49.839 What does that plan typically involve? 456 00:22:50.160 --> 00:22:53.759 It usually follows a standard incident response life cycle, often 457 00:22:53.799 --> 00:22:56.519 based on frameworks like the one from MIST. It breaks 458 00:22:56.519 --> 00:22:58.720 down into roughly four main phases. 459 00:22:58.960 --> 00:23:00.599 Okay. Phase one preparation. 460 00:23:01.359 --> 00:23:03.839 This is everything we talked about in defense, having the 461 00:23:03.920 --> 00:23:08.039 right tools, policies, backups, and crucially, employee training before an 462 00:23:08.039 --> 00:23:11.480 attack ever happens. Being prepared is half the battle makes sense. 463 00:23:11.519 --> 00:23:15.960 Phase two detection and analysis. This is where you identify 464 00:23:16.039 --> 00:23:18.359 that an attack is happening or has happened. You need 465 00:23:18.400 --> 00:23:21.240 monitoring systems to detect the specious activity, and then you 466 00:23:21.279 --> 00:23:24.240 analyze what type of ransomware is it, how to get in, 467 00:23:24.480 --> 00:23:26.039 which systems are affected. 468 00:23:25.680 --> 00:23:30.079 And what's the immediate action. If you detect encryption and progress, shut. 469 00:23:29.799 --> 00:23:33.440 Down the effective machine, immediately pull the network cable, disconnect 470 00:23:33.440 --> 00:23:36.160 Wi Fi. The goal is to stop the encryption process 471 00:23:36.200 --> 00:23:38.599 and prevent it from spreading further across the network while 472 00:23:38.599 --> 00:23:39.279 you investigate. 473 00:23:39.519 --> 00:23:43.240 Okay, stop the bleeding. Then what Phase three? 474 00:23:43.519 --> 00:23:49.759 Containment, eradication and recovery. First containment isolate all infected systems 475 00:23:49.759 --> 00:23:52.119 from the rest of the network. Don't just shut down 476 00:23:52.319 --> 00:23:56.359 physically or logically disconnect them. Preserve evidence like memory dumps 477 00:23:56.400 --> 00:24:00.359 if possible for forensics, check map drives, network shares, cloud 478 00:24:00.359 --> 00:24:02.920 accounts for spread, and contact law enforcement. 479 00:24:02.920 --> 00:24:05.000 Contain the damage. Then eradication. 480 00:24:05.359 --> 00:24:08.680 Eradication This means actually removing the malicious software from the 481 00:24:08.680 --> 00:24:12.200 affected systems. But just deleting the ransomware isn't enough. You 482 00:24:12.279 --> 00:24:15.079 must also identify and fix the vulnerability that allowed it 483 00:24:15.119 --> 00:24:18.039 in the first place. Patch the software, close the RDP 484 00:24:18.160 --> 00:24:20.839 port whatever it was, and critically change passwords for all 485 00:24:20.880 --> 00:24:23.279 affected user accounts and related system accounts. 486 00:24:23.400 --> 00:24:25.160 Don't forget to close the door behind it and change 487 00:24:25.160 --> 00:24:26.519 the locks exactly. 488 00:24:27.160 --> 00:24:31.160 Then comes recovery. This is where you restore operations. The 489 00:24:31.200 --> 00:24:35.200 best way is always restoring from clean, verified backups. If 490 00:24:35.240 --> 00:24:38.160 backups aren't viable, you explore using a decryptor tool if 491 00:24:38.200 --> 00:24:41.200 one exists. Paying the ransom is usually the option of 492 00:24:41.279 --> 00:24:43.920 last resort here, or you might choose to wipe and 493 00:24:44.000 --> 00:24:47.319 rebuild systems, accepting the data loss, but saving the encrypted 494 00:24:47.400 --> 00:24:49.960 data just in case the decrypter becomes available later. 495 00:24:50.160 --> 00:24:51.920 Right in the final phase. 496 00:24:51.839 --> 00:24:56.279 Post incident activity, this is crucial but often skipped. You 497 00:24:56.359 --> 00:24:59.279 need to conduct a thorough review. What went wrong, what 498 00:24:59.359 --> 00:25:02.359 went right? How can defenses be improved, what lessons were 499 00:25:02.440 --> 00:25:06.000 learned up to your policies. Enhancer technology provide more targeted 500 00:25:06.039 --> 00:25:08.960 training based on how the attack happened. Use the painful 501 00:25:09.000 --> 00:25:10.359 experience to get stronger. 502 00:25:10.480 --> 00:25:14.000 So it's a continuous cycle. Prepare, detect, respond, learn and 503 00:25:14.000 --> 00:25:15.119 prepare better next time. 504 00:25:15.200 --> 00:25:18.680 Precisely having that structured plan and team ready makes a 505 00:25:18.720 --> 00:25:22.480 massive difference in minimizing damage and recovering quickly when inevitably 506 00:25:22.559 --> 00:25:24.960 something gets through hashtags, tag outro. 507 00:25:24.920 --> 00:25:27.599 Well, we've covered a huge amount of ground today. We've 508 00:25:27.680 --> 00:25:32.720 journeyed from the surprisingly long history of digital extortion right 509 00:25:32.799 --> 00:25:36.319 up to the sophisticated threats we face now, and importantly, 510 00:25:36.400 --> 00:25:41.680 we've armed ourselves with a pretty comprehensive arsenal of defense strategies, Yeah. 511 00:25:41.440 --> 00:25:45.200 From basic individual habits to complex enterprise layers. 512 00:25:45.359 --> 00:25:48.400 For me, the biggest takeaway woven through everything we discussed 513 00:25:48.960 --> 00:25:52.680 is just how critical that human error factor remains. It's 514 00:25:52.720 --> 00:25:55.599 still the vulnerability attackers exploit most often. 515 00:25:55.480 --> 00:26:00.000 Absolutely, which really underscores that informed, aware people, whether at 516 00:26:00.039 --> 00:26:03.000 at home or at work, are arguably our strongest and 517 00:26:03.039 --> 00:26:07.119 most adaptable defense against these threats. Technology is vital, but 518 00:26:07.200 --> 00:26:08.359 it's not enough on its own. 519 00:26:08.799 --> 00:26:11.000 It leads to a final thought, doesn't it. Yeah, ransomware 520 00:26:11.039 --> 00:26:13.720 developers are constantly innovating, always trying to find ways around 521 00:26:13.720 --> 00:26:16.400 our latest defenses. So are we just destined to be 522 00:26:16.440 --> 00:26:18.200 in this perpetual game of catchup? 523 00:26:18.319 --> 00:26:19.599 That's the sobering question. 524 00:26:20.200 --> 00:26:24.680 Or can a truly holistic approach, one that seamlessly blends 525 00:26:24.680 --> 00:26:30.200 cutting edge technology with widespread fundamental cybersecurity literacy for everyone. 526 00:26:30.559 --> 00:26:33.359 Can that finally allow us to actually get ahead of 527 00:26:33.359 --> 00:26:36.079 the curve, ahead of the next wave of digital extortion. 528 00:26:36.359 --> 00:26:39.079 It's certainly the goal we should be striving for, combining 529 00:26:39.079 --> 00:26:41.440 the tech with the human element intelligently. 530 00:26:41.720 --> 00:26:45.079 Something for everyone listening to think about, what's the one thing, 531 00:26:45.200 --> 00:26:48.480 maybe one habit or one setting change you'll implement, or 532 00:26:48.519 --> 00:26:49.680 share after hearing. 533 00:26:49.440 --> 00:26:52.880 All this today, every little bit helps build that stronger defense. 534 00:26:53.160 --> 00:26:56.640 We really encourage you to apply these insights, stay vigilant online, 535 00:26:56.680 --> 00:26:59.559 and keep learning. Being well informed is your best shield 536 00:26:59.559 --> 00:27:02.039 in our digit digital world. Thank you for joining us 537 00:27:02.039 --> 00:27:02.799 on the deep dive.