We wanted to hop on the World Economic Forum bandwagon if you will. One really interesting element coming out of their time together was the Global Cybersecurity Outlook for 2023, and we track a lot of different information that comes out of all sorts of different research and reports, and forums, so we just wanted to take a little time to unpack what the World Economic Forum was talking about. A couple of high-level data points that probably reflect the fear and uncertainty that a lot of people have, 98% of those that were surveyed and involved in this were saying that they believed that within the next two years, they’ve got a good degree of certainty or confidence that there will be some sort of bar-reaching catastrophic events cyber events within the next two years and separately but kind of tangential to that where 43 of those folks surveyed believe that something cyber-related would materially affect their operations and so as we look at the world today right not just someone’s organization but the world is really looking at cyber security being very serious and being something that at a global level we really need to pay attention to. Yeah, it’s, as Kirsten was saying, part of what we do. We’re kind of the stewards of our customers security; we have to go out and evaluate tools, technologies, products, processes, methodologies, and approaches to taking best actions in security to help our customers protect their environment but in parallel to that we also have to be aware of what is the uh industrymood tense uh feeling what is the global feeling what is going on in the world what is happening both in terms of threats which are pretty important to our operations but also in terms of the economic factors so we do look at how do we help our customers with their economic uh projecting of tools and Technologies they acquire Implement Services they acquire and implement but we also look at what does the world say from an economic perspective and because of that we look at the World Economic Forum pretty closely every year this is the January report as you can see it’s quite thick and this one was the global cyber security outlook for 23 that came out in January and as Kirsten said there’s a lot of interesting data and we’ll have this as a linkso anybody who’s interested in reading it can go read it there’s a lot of interesting data that came from the executives both on the Cyber and business side of this report uh they uh one of myone of my favorite quotes that came out of it were from Warren Buffettand that was tied to a metric that said it is projected that they uh I remember at the beginning of covet somebody said that the cyber security or the cyber crime uh cost to business was going from 1.2 or 1.3a billion I don’t know 6 billion excuse me 6 billion to 3 trillion and we all shook guards heads and said there’s no way guess what it’s three years later and it’s three trillion right now and now they’re saying in 23 that it will go from 3 trillion to 10.5 trillion so tripling again in terms of where the cost of cyber crime will affect businesses uh in the United States and globally in relation soby 2025 by the way in two years they expect a tripling of cyber crime across but uh Warren Buffett said thathe calls cybercrime the number one problem with Mankind and cyber attacks a bigger threat to humanity than nuclear weapons and in many ways he’s not wrong if we if we go back to all of the events that have happened the pipelines that have been attacked the nuclear facilities that have been attacked uh globally the attacks that are happening in the Ukraine today there’s there’s massive State nation state attacks from a cyber security perspective on other nation states and there’s a lot of both political and military leaders that believe the next Battlefield could be cyberspace and that is you know one of the things that stands out from a cyber security professional perspective is we need to think about how these Global impacts influence the decisions we make about how we protect government secure all that I remember 15-20 years ago our knocks used to have the global map up with uh weather and what was happening globally so that we understood the impact to locationsthat were close to the data centers where we house information it’s a very different map that we have up today in our security operations center it is the global threat map meaning where attacks coming from and where are they going to and where are they most uh Focus so that if we have a customer in a region of the world that is being heavily attacked we can pay more attention to the effects that are coming in so it’sthe the world has certainly shifted from an operational mindset to a security mindset and that comes across in these metricsthere’s uh there’s three things that really stood out for meone of them from a business perspective was that geopolitical issues are harder to respond to and because of that business leaders have decided that they’re going going to weigh that and where they do business globally so geopolitical meaning some of these nations State attacks meaning many things that happen globally from a Geo attack perspective but also is there war is there is their famine is there whatever those things are all going to tie into what is the risk of another Nation taking advantage of this nation and therefore the risk to my business in that Nation well I think what you have with that too is not just who are maybe or where might the Bad actors be more protected but because we have Global Supply chains and you know you might be a very small organization but your supply chain might include people all over the world exactly so it’s kind of global threat and then it’s where are you doing business globally andyou know where might there be opportunities for some of that to be less protected or unprotected exactlythere was a couple of factorsthateffectively were responded to in terms of the top things that both business and cyber leaders would think about doing to address exactly that which is I need to more heavily look at my supply chain some of the items were the top item in uh in response to what changes are leaders making in response to the geopolitical risk strengthen the policies and practices for engaging direct connection with third parties with data access so we we know from a decade ago when the target reach happened that it was one of the supply chain uh four Target that got compromised and the Bad actors came in through that way and stole millions of uh customer information including credit card data and so on and so forth one of the largest PCI outreaches on record and that came through their their HVAC offender which back then most people didn’t think twice about putting better policies and security you sent out your Standard Security checklist out to your vendors and said you guys do this and you know most of them come back yes I do these things or maybe I don’t do this one but no real focus on assessing those policies and risks third-party risk assessment so that sounds like that’s the number one thing that Business Leaders are thinking I need to think about more accurately strengthening the controls with third parties who process data so now it’s not just do you have them but about what controls do I have in place to make sure that you’re actually doing what you’re saying you do and and then re-evaluation of the countries with which the organization does business so those are the top three things that Business Leaders and Security leaders have decided to pull in and context of what is This Global risk and threat mean to our business and how do I defend us against it well we’ve said this so many times right thatyou know the threat landscape become so volatile right and you’ve got the risk side of that but then you’ve got the opportunity cost side of that because the the bad guys their job is to be bad guys right and so they are finding constantly ways to get inthere’s an opportunity cost for those of us on the other side right how long does it take us to develop more protection or to develop the response and and you’ve said this you say this all the time it only takes them once one place one click one you know and so we have to be so deliberate and sowe have to be looking at this so often I think the days of an annual pen testyou know when we hear people talk about oh I need this annual pen test I always think gosh if you’re only looking at this every yearyou know God bless you because they’re you know all those other days 360 days exactly exactly so that volatilityglobally and the volatility created bythe Cyber adversaries has just become so so much more enhanced over the years totally agreethere’s a there’s threeuh things that we pulled away from the World Economic Forum those three things are the 86 of the respondents believe that there will be a catastrophic event in the next two years so by 2025almost 90 percent of the people who responded believe that there’s going to be a major Global catastrophic event from a cyber security perspective and that effect isn’t going to be felt widespread not just in a nation state or a companyand are we are we prepared for that 43said that thatbecause of that fear because of that thought it will have material impact on their business so those are the first two factors we read at the beginning that 27 believe that they’re uh that they are today cyber resilient and cyber resilience is equated to business continuity so it’s no longer that I’m cyber resilient meaning I can defend against an attack but I can keep doing business during an attack uh and I have the ability to continue to operate my business and mock news data that’s only one quarter of the respondents believe that they are cyber resilient that’s that’s pretty scary numbers when you think it’s three out of every four of the people who responded to this don’t believe they are prepared to defend against this type of attack and why is that because we all the answers are pretty common on the back we all build policies we all build procedures we invest in tools we count on those tools doing what they’re supposed to do uh Brian Moody who isuh our Channel chief for cyber security he basically uh had a conversation with a customer or Prospect the other day and my Prospect said we do everything you guys do there’s no reason to talk and by the end of that conversationthey had gone through each of the technologies that that and customer uses and uh uh he talked about his EDR solution and said that product has saved my bacon more times than I can tell you and he talked about his DNS solution he said that product has saved my and you can repeat that statement across every single categorybut then when we showed him the facts uh when we showed him the miter evaluations for that product he’s using compared to other products in the markethe said if you’re the first vendor who sat in front of me and said these are the facts we appreciate that and we used to use that tool too but we no longer do because of the following reasons and your tool set is not one that can go static all it takes is one miss that one miss means your business is down because you’re encryptedand we can tell you that that product has more than one miss uh and do you want to find out that it didn’t save your bacon when it should happen and and that’s the dialogue we have regularly with customers and there was a high level of confidence at the beginning of that call and we’re not trying to spread if you’re uncertainty in doubt we are trying to expose misconceptions in the market we’re trying to get past the marketing pitches of all these great manufacturers because their job is sell their product that’s what they’re supposed to do they make something they got to sell it they got to grow their business just like the rest of us we got to grow our business the difference is you you’ve got to partner with somebody who understands all of the Technologies not just focused on what not just their own especially because they’re incentive to tell you they’re the best because they have to get their product across the line so what what this reportand I like to read between the lines for those of you who company uh what this report tells me is that there’s a lot of concern that there’s that people have enough information to make an informed decision about whether their tools are working their controls are working their relationships are working their risk assessments are working and I would argue that their fear is very well founded because when we go and do risk assessments for customers when we go and do security health checks when we go and onboard a new customer I can tell you that most of them felt much more secure than they ought to have been before we got there and and it’s consistent it’sI would say uh one out of 100 customers has a solid security portfolio when you engage with them well and we’ve we’ve talked about thisbefore I think in our last tech talk we talked about kind of the shelf life of security tools and exactly I I am not the expert here but I would I would imagine that of any technology tool out there security tools have the shortage shelf life it’s the hardestwhen you build a tool that is writing documents you write documents basically the same way you need the same proofing tools you need the same editing tools you need better spell Checkers better dictionaries but at the end of the day the tool can last a long time as evidenced by Microsoft Word that has been holding the king position for decades but when you talk about there is somebody who is attacking that were Editor to make sure that they can use that editor as a way to get into your network to do things that are bad that’s when security tools now have to defend against those things and all of our security tools have been fighting around files that have malicious code in the that are file based attacks the world is no longer as we’ve talked previously a file based attack world there’s some there’s obviously files at some point but it’s the metamorphic attacks that are happening that are really causing the damage because they change they’re they’re like millions they come in your network looking like one thing and innocuous and they do things that look innocuous if not check and then they download the bad file and do that stuff andand so you your tools have to constantly change because they have to understand how to also be metamorphic in the way they defend and that’s why security tools have such a short shelf life and I have said for when it comes to controls the tools that implement the controls for security I’ve never seen a product that has a longer shelf life than five years the longest I’ve seen this five years so if you’ve got tools that you’ve been using for three to four years you’re probably at the edge of your shelf life because that tool was probably already a few years in when you purchased it yeahso and manufacturers no offense or or threat meant towards them but they can’t possibly keep up because they build based on a foundational mindset when they start it and that mindset is stuck in the technical debt of their platform it’s really hard to take that mindset out and put in a whole new mindset it’s like taking and doing brain surgery and it’s very difficult to do put a new brain in well I think that’s why when we talk about our managed Security ServicesI see this issue right here as one of the strongest value propositions for an organization who never got into business to be a data security company right that you’re having to acquire that skill you’re having to spend that money and if you’re able to have someone on the back end evaluating those tools switching them outyou know you’re not tied by your contracts you’re not tied by your renewals then someone else is handling kind of the longevity and efficacy of those tools rightto me if I’m a business leader that would be one part of the business I’d love to get out of because it’s not one tool right it’s from from what we know it’s 10 to 20 to 30 security tools that you are having to try to figure out that efficacy path and what a distraction if you really don’t have theyou know the the team and the budget to put into I uh 100 agree there isI can’t tell you how many times I’ve had conversations with folks and they say what two of you use for that and and we don’t expose what tools we use because there’s no one tool for any of our servicesit’s a it’s a platform it’s a portfolio and that portfolio our portfolio of products is uh about 30 to 40 tools roughly off the top of my head so we the the more of those tools you put in play obviously the more effective they are because you can correlate data you can correlate Telemetry and you can fine tune and narrow in on what’s going on but we there’s no one service that is you know just one tool there’s always multiple components because we believe you can’t have a single tool be effective it’s it’s like saying that when you put together uh when you make a dresser if you just use tacks or nails that thing’s going to come apart with age you’ve got to also glue the wood together before you tack it so you need two binding components to make it find and stay and last and and so those binding components are important and our magic our IP is not building the control tools it is building the glue between them and the correlation of data between them and the policies and procedures and it’s not magic it’s just experience it’s just knowledge it’s knowing how to take it’s doing this for myself for 30 years my team doing it for decades it’s the it’s having that level of experience at your disposal that makes us different than you know a company who’s making a tool the other thing that came to mind the City Chiefs talk through this data and just what the situation is out there for folksis how important the network is and when we think aboutadversaries when we think about kind of The Blocking and tackling that goes into it when we think about these organizations saying that they believe that some things could materially happen that affects their organizationif I am walking around knowing that someone may break into my home that’s a likelihood right I am going to lock down my home in a very different way than if I live out in the country and you know I might put a lock on my front door but I’m not really worried about it and when we think about kind of the certainty we have now that it’s likely that someone’s going to get in right we defend ourselves different and so the network I think has evolved so much and the risk associated with the network is so different nowand I think not everyone is thinking about that when they’re thinking about security yeah it’s the network historically excuse me the network has always been that thing that if it works we leave it alone and we can’t think like that it’s you can’t leave your network status when you deploy a new application it’s time to think about a network redesign when you add a new site it’s time to think about a network redesign when you do an acquisition it’s hard to think about a network redesign when you have a strategy change moving from on-prem to Cloud it’s time to think about a network redesign and a redesign doesn’t mean that you’re going to rip and replace your network and change everything it means you need to make sure the design that you built for your network a decade ago is still the design that’s going to carry you into the next I’m not even going to say decades let’s just say five yearsthe like security the Network Health the network capability and capacity and security are critical components of how long your network will last for you Wi-Fi is changing every year the Wi-Fi standards are continuously updating changing and we rely so heavily on Wi-Fi in the world we don’t think about that it’s the weakest point of security in our Network how do you protect against it those are all factors that people forget and if we go back to that Target breach the reason that breach happened is because of a lack of segmentation not because the vendor had a bad Network or had bad security they got in that way but the reason that that hacker was able to be inside their Network for half a year crawl around and find the crown jewels and take the time to figure out how to grab them and take them out is because they were able to move laterally throughout that entire network and get to the data center get to the crown jewels and then extract the data and all of that with some notification in the tools but the team didn’t catch it in time and stuff it so if you look back at the reports from that attack there there was an outsourced sock and the socks saw it and they escalated and there was no action taken from those escalations so just knowing isn’t enough your tools have to do a great deal of work to help protect and that’s where micro segmentation has to be it has to be over the next few years a primary focus for the for everyone and network assessment and design it needs to be a factor for everyone I’ve got three takeaways from this report perfectthe first one was tied very much to what we just said focus on securing the core technology is now part of the core not just the commodity so we have you know growing up in IT myself at security it has always been commodity and we still think of it’s meant this commodity security is not a commodity security is something that it’s it’s not about even exceeding or being better than or achieving additional technology from your competitors you have to secure your business so you can keep doing what you do even if you’re worse than your competitors if you want to stay in business security is a core requirement so focus on securing the board that’s the network that’s everything that comes up from the network but start at the networkthe second thing is a talent yeah and it hasn’t gone away it’s the the World Economic Forum still believes that that’s an issue and they have two thingsuh with proper technology uh addressing the challenges with proper technology so that humans can focus on specialization so automation is a factor there make sure that you’re implementing the controls the tools like we just discussed that are doing what they need to do so that it’s not requiring every specialized analysts it’s focusing on being able to identify and detect events and then being able to respond to those events specialize your team on things like response specialize in your team on differentiating you from your competitors specialize in your team on securing your time much in your partners or customers networks focus on those things that differentiate you the second part of that addresses the challenge the talent challenge is uh training has become critical but the good news is that you don’t have to do it yourself and part of that is through this massive adoption of the managed services and managed Security Services organizations that are out there that they take on the burden of the talent Gap they take on the burden of training my team goes through training constantly they they have a brutal two-month boot camp before they can even sit in front of a stream and uh and it’s a common joke we call it our hazing Point somebody bumps through that company that you have to go through this awful training before you can even look at your first screenswe we solve that training Gap so our customers don’t have to but it allows you to focus on and specialize on those things that are critical to your business and how your business operates rather than the what most people consider his commodity but should be critical in the business process well quickly an example of that right we had one customer who received I believe it was over 2.7 billion alerts in the course of one year so if you imagine him stacking for that and him trying to have his people sit through all of those right exactly what we were able to give them were the 93 alerts that his specialized team needed action right and so if you can kind of take a look at that funnel and where your people have the most value that’s really what we’re talking about there exactly exactly you can’t possibly without stopping 24×7 be able to comb through that amount of alerts even with technology it still takes a lot of human touch to get through that and then the last takeaway is a shift in mindset and this is at the C-suite that they’re recommending this shift and it’s that cyber resilience is equal to business resilience cyber is the same as financial performance and that’s the mindset shift that the World Economic Forum is recommending that businesses take as they’re looking at security and cyber security so that they can be prepared for this Global catastrophic event then uh 83 of the people think is about to happen yeah well thank you and and we’ll wrap up here the way we usually do isgiving you some hope and some resourcesyou know certainly we don’t share this to you know to to scare peoplebut I guess just to raise the awareness of things probably that you’re already thinking about talking about which is how do we deal with this growing cyber security challenge we’ve gotshe mentioned it earlier we do havea number of different complementary health checks whether it be the network whether it be your security controls we also do have an economic roadmap that we can help do walk through and plan through as you look at the tools that you have and if you’re wondering about their efficacy that we can really help you understandwhere you need to focus and what that timing looks like so you know we really dowant to be a resource for you we want to help you get on top of both the planning execution ofyour cyber issues I don’t know if you can hear this.