Kip Boyle: Hi, everyone. Before we get started, Jake and I have a small request. You see, we're coming up on our 50th episode and that got us thinking about the next 50 episodes. And to do a great job with them, we need your help. So please go over to b.link/survey50, that's B-dot-L-I-N-K /survey50, and tell us what you want to hear. Thank you. Okay, here's the next episode.

Speaker 2: Welcome to the Cyber Risk Management Podcast. Our mission is to help you thrive as a cyber risk manager. On today's episode, your virtual chief information security officer is Kip Boyle and your virtual cybersecurity counsel is Jake Bernstein. Visit them at cyberriskopportunities.com and focallaw.com.

Jake Bernstein: So Kip, what are we going to talk about today?

Kip Boyle: Hey, Jake. Today we're going to talk about our recent experiences working with law enforcement on cybercrime cases. Thought the audience would like to know about that.

Jake Bernstein: I think that's a good idea. I've done that before and happy to share the experience with our audience.

Kip Boyle: Fantastic. So I've worked with the FBI most recently, and if I remember right, you worked with the Secret Service, right?

Jake Bernstein: I have. And actually, I also worked with the FBI back when I was at the State of Washington. So I have some experience with that as well.

Kip Boyle: Oh, if you want to roll way back, I've actually worked with FBI and the Office of Special Investigation with the Air Force. But that was a long, long time ago. So I'm not going to dredge that up.

Jake Bernstein: Yeah, for me, it would've been a ransomware case from mid-2019.

Kip Boyle: And my most recent interaction with FBI was over a business email compromise, and that was from earlier in 2019 as well. And I think it's important for us to really focus on our most recent interactions because law enforcement is getting better every day. And so I think it's helpful to let our audience know about current capabilities and what it's like. So great. All right, let's start with your ransomware case. So what happened to the victim? And of course, you're going to be very... You're going to be very thoughtful about what we share and what we don't share and I'll do the same.

Jake Bernstein: Oh, of course. Yes. I'll be very vague by necessity. But it was a company with kind of a factory line of some kind, to be extraordinarily vague about it. And basically, one early Saturday morning, in like two o'clock in the morning, this factory basically was shut down by a ransomware attack that popped up these text files on their terminals saying, "Hey, your system has been encrypted. Please contact us to get this repaired; undone." And the really interesting thing about it was that unlike many ransom attacks, they didn't make a demand right away. And so, in fact, we never actually got a demand and we never paid a ransom. So what happened is, the victim in this case was able to restore most of what they needed from backup systems. That said, they did lose about 10, maybe 15% of their overall data, which hurt, but was deemed acceptable given the situation.

And even with the, I would say, mostly very successful recovery, there was a substantial out-of-pocket expense. And I think one thing that people often forget about is, yes, you have to pay the forensic team to figure out what happened and kind of help see if you can restore anything. Yes, you are paying lawyers, and yes, you are paying overtime and whatnot to your IT department. But what are you left with when a ransomware attack rips through your network, Kip? What happens to the network itself, even assuming that it's cleaned up?

Kip Boyle: Yeah. Well, a few things. I mean, first of all, tangibly, it's different. The machines are just... They're not the same. And then in my way of thinking, I no longer have assurance. I no longer trust this stuff.

Jake Bernstein: Right. So it becomes a no-trust network. And so you can't really do business on a no-trust network that is supposed to be your own.

Kip Boyle: You shouldn't.

Jake Bernstein: So the biggest out-of-pocket expense here was deploying an entirely new network based on out-of-the-box hardware. And what the client basically decided was that if it didn't come out of a box, it's not going on the new network.

Kip Boyle: That's wise and expensive.

Jake Bernstein: It was wise. I mean, you're correct. It was wise, but also very expensive.

Kip Boyle: The IT people must've worked like-

Jake Bernstein: A lot.

Kip Boyle: ... Hebrew slaves, to coin a term that I heard somebody say recently. crosstalk.

Jake Bernstein: That is an odd term.

Kip Boyle: It is an odd term, right?

Jake Bernstein: Yeah. We may want to edit that out, Kip.

Kip Boyle: Okay. Apologies to everybody if you found that to be off-putting. Okay. So roughly how big was the company? Was this like a large enterprise? Was it a mom and pop shop?

Jake Bernstein: Oh, somewhere in between.

Kip Boyle: What could you tell us?

Jake Bernstein: It was about a $100 million-a-year company.

Kip Boyle: All right. All right. So not a small operation. So, all right. All right. Great. So how did the Secret Service get involved in this case?

Jake Bernstein: Well, quite simply, we called them and requested permission from the client to share the information with the Secret Service. It was clear that we needed to have some level of law enforcement involved. Permitting me to fast forward to the end, it turns out we actually needed law enforcement to be involved in order to make an insurance claim. But I'll get to that.

Kip Boyle: Oh, interesting. Now, why did you guys choose, or what led you, to involve Secret Service? I don't think of them as the first place to turn. I think of the FBI, myself, as the first place to turn. So what was driving you guys there?

Jake Bernstein: So the people that I was working with on the forensic side recommended someone in the Secret Service and... It's funny, I ended up needing to go to the FBI at the end, anyway. And so what I learned here is, the Secret Service does get involved, and they can, but you probably really should go with the FBI from the get-go, if you have to choose. And it's very difficult for me to say the differences. When you work with a federal law enforcement agency, as I'm sure you know, it's a very one-way street. They can't really help that much. There's just not that much they can tell you. But the Secret Service did help out; primarily, I would say, with giving us their experience, kind of letting us know what the patterns were, even providing a recommendation on people that we could talk to if we needed to interact directly with the ransomers. One thing I learned is that just because the ransom attack provides an email address for you to contact doesn't mean that you should actually use that email and contact them.

Kip Boyle: Oh, interesting. Why? I would imagine people immediately downstream of having their manufacturing line seize up would be grateful to have somebody to talk to.

Jake Bernstein: Well, so that's the thing, is that the people who perpetrate these attacks, they're not like you and me. They're not like our clients. They're either straight-up pure criminals, or they are, almost worse, foreign operatives. And in either event, you don't really want to be interacting with that type of person untrained. And there are companies out there, many of... staffed largely by former intelligence. And yes, I do mean spy agency-type people. And they are much more equipped to kind of start up a successful dialogue without further endangering you. Because think about this: Let's say you start a conversation with the ransom people and... The ransom people here asked us to send us a couple files and we'll send those files back to prove that we can decrypt them.

Kip Boyle: All right.

Jake Bernstein: Which... It makes sense. There's definitely a type of ransom attack where not even the ransomer is actually able to decrypt, so crosstalk-

Kip Boyle: Right. That absolutely has been the case. I mean, NotPetya was a good example of that.

Jake Bernstein: Right. So why pay them, right?

Kip Boyle: Right.

Jake Bernstein: There's no reason. So these guys were like, "Hey, you know what? We are so confident and we are so legitimate when it comes to being criminals that we're going to kind of give you a proof-of-life type thing here. We're going to go ahead and ask you for some files that we'll send back to you decrypted." Now, Kip-

Kip Boyle: What superior customer service.

Jake Bernstein: Yes. Now, but wait a second. Most people are going to just email this email address and send some files from their main crosstalk account.

Kip Boyle: Sure. I mean, this is like working with tech support, right?

Jake Bernstein: It is. But stop for a moment. Do you really want to use your corporate email account and then send files back and forth with someone who just encrypted it and is demanding payment to fix your network? The answer is, hell no. And so what these other companies out there will do is, they will serve as a go-between, kind of the negotiator crosstalk the criminals. crosstalk-

Kip Boyle: So this is really like Hollywood, right? With hostage negotiation and weeping mothers because their babies have been kidnapped-

Jake Bernstein: It is.

Kip Boyle: ... and you've got a hard-boiled cop that's putting pressure on the kidnapper, kind of thing.

Jake Bernstein: Yeah. Except in this case, it's a bunch of nerdy tech operator-type guys. But same idea. But the point that I... The thing that the Secret Service did the most, I think, for me, was to alert us to this reality of, you really shouldn't be interacting directly with them. Go through someone who knows what they're doing.

Kip Boyle: Does the Secret Service offer that?

Jake Bernstein: No, they cannot directly do that. They can be involved, but it's very difficult. The Secret Service, the FBI, the law enforcement agencies, these are not citizen service agencies. They have a job to do and that job, unfortunately for us, but I think importantly for us to understand, is not to fix our problems. They're out to catch a criminal. And catching a criminal is a very different goal than helping a company get back on its feet. So there is value in working with them. I would do it again. I think that they are very limited in what they can pass along to us. But I think it's important to do that. One of the things that was so striking on this particular case is that when I did eventually talk to the FBI, I learned that my client was one of over 400 victims of this same strain of ransomware that the FBI was investigating.

Kip Boyle: I mean, criminals conduct campaigns, right?

Jake Bernstein: They do.

Kip Boyle: Just like private businesses conduct campaigns to get new customers or what have you, launch new products. So your client ended up just being one among... what, you said 400 who were swept up in this...

Jake Bernstein: Over 400, yep.

Kip Boyle: Yeah. Okay. Okay, so the Secret Service, so what I'm hearing as far as, what did they actually do... I heard that they gave a lot of sage advice and-

Jake Bernstein: They took information. I should say that.

Kip Boyle: And they took information. Okay.

Jake Bernstein: Yeah. They definitely took information. They were definitely interested. And they even came out and interviewed people. They sent a field agent out to interview people. They were happy to take copies of our reports that we got from our forensics people. And they're definitely using this information. And I do want to say, too, that it's not a negative that they're not out there to help us directly, because in fact, they rely on us to contact them and give them information so that they can conduct their investigations. And ultimately, that is helping us because that... The more they can figure out who these people are and try to arrest them, the better it is.

Kip Boyle: Yeah, absolutely. And so that's really why we have things like incident response plans, chief information security officers, insurance companies with data breach coaches and legal counsel... I mean, those are the people who are helping us put our companies back together again when we get attacked.

Jake Bernstein: Yep. crosstalk.

Kip Boyle: Got it. Okay. So what was it like working with Secret Service? I mean, was it kind of awkward and uncomfortable or was it easy?

Jake Bernstein: Not at all. No, I mean, it was easy. I think my colleague and I, who worked on the case, both of us have government experience. So working with government was not awkward for us. I could see how it can be. And in fact, the Secret Service guys, they were pretty friendly with us. I think they could tell that we were comfortable. But they definitely had experiences they told us about where... particularly outside counsel... it is awkward. And oftentimes the outside counsel doesn't want to say anything. They don't want to give government anything for fear of what might happen to their client. And I think that is definitely a legitimate concern, but you have to understand the structure of the government and really who's doing what. The Secret Service-

Kip Boyle: So you're saying it's a legitimate concern because there's actually the possibility that law enforcement will share information with another part of the government that could then show up and say, "Oh, we want to speak to you about this bad practice of yours."

Jake Bernstein: So I say it's a legitimate concern because you never know... A lawyer needs to always be on the lookout for their client's best interest, obviously. But where I was going with that was that I think as a practical matter, the Secret Service and the FBI don't really share information with the FTC, necessarily. There are different goals. So I wouldn't be too worried about it. I think it's something that is... It's a question. And I can't guarantee one way or the other. So I think crosstalk-

Kip Boyle: Right. So you're saying it's completely normal for somebody running a business to be concerned about the possibility of law enforcement giving information over to a regulator. But at the same time, you're also saying that that's highly unlikely because there's really no incentive for that to go on.

Jake Bernstein: Exactly.

Kip Boyle: Well, I would even go further and I would say that I've spoken with multiple FBI agents about what it's like to work with FBI on a cybercrime case. And I've been very pointed about this question because I've heard it come up amongst my customers. And so I just wanted the FBI to tell me flat out, is this a legitimate concern? Would you do this? And would you share this kind of information? And to a person, every agent I've spoken with says, "No, we don't do that. We don't do it because it's not in our charter. We don't do it because it doesn't help us get our job done. And we don't do it because we know what a chilling effect it would have on citizens if we did do that." So...

Jake Bernstein: Yeah. And that's kind of what I heard from the Secret Service guys as well. I think that the outside counsel kind of mentality is, "If I don't completely understand the internal process, I'm just not comfortable doing it."

Kip Boyle: Sure.

Jake Bernstein: And like I said, it's not crazy, but I don't personally have that concern.

Kip Boyle: Okay. So you wouldn't allow that to get in the way of doing the work, but at the same time, you wouldn't be oversharing.

Jake Bernstein: I would not be oversharing. And here's the thing: For lawyers in particular, it's more about control of information. And once you give it up, it's gone; it's out there. Right?

Kip Boyle: Right. Mm-hmm (affirmative).

Jake Bernstein: You cannot shove things back in the bag.

Kip Boyle: Can't put the toothpaste back in the tube. That's my favorite line.

Jake Bernstein: Right. You can't put the toothpaste back in the tube. And so that, I think, is where a lot of that kind of paranoia comes from.

Kip Boyle: Hmm. Okay. Any final words on your experience working with Secret Service?

Jake Bernstein: I would say that were I to do it over again, I would probably work with both the FBI and the Secret Service. And I think it's because the FBI is a much larger organization with a focus on this. And it's interesting. I think that the Secret Service has... their charter includes kind of the bank fraud thing and the size of the financial damage. And so that's kind of their hook, whereas the FBI is just simply able to do more on a broader scale. So I think I would probably go with the FBI next time. Which is not a knock on the Secret Service, in case any of our Secret Service colleagues end up listening to this. But I just think that all things being equal, the FBI handles many, many more cases like that.

Kip Boyle: Yeah. And they'll bring in Secret Service if it's necessary, right?

Jake Bernstein: And they will.

Kip Boyle: Yeah. Okay. So cool. And that's consistent with what I tell my customers, too, is: don't call local law enforcement unless you know for a fact that they have a cybercrime squad and they're very good at what they do. Most PDs are not. That could change over time, but today, that certainly is the case. So you really want to first turn to FBI. And by the way, if you haven't already established a relationship with your local FBI cybercrimes task force, you should do that. And it's very, very easy to do that because when you reach out to FBI, they'll tell you who it is and they will make an appointment for you to talk with them. And I've just found that when you have a relationship with somebody on that task force before something horrible happens, it just makes everything easier. They're more likely to listen to you.

Jake Bernstein: It totally does. And I'll point out, too, that it's important to also know... I mean, if you're in a smaller city, then the chance of your local department being able to do anything is... it approaches zero.

Kip Boyle: Right. Yeah. Local PD. Yeah.

Jake Bernstein: But if you're in a big city like Seattle, what I learned, too, is that there are Seattle police officers who are part of these kind of inter-agency task forces that span the FBI and the Secret Service and local PDs. And those officers can be tremendous resources.

Kip Boyle: Yeah, absolutely.

Jake Bernstein: It really depends on where you are.

Kip Boyle: But I'd go to FBI first and let them direct me back to PD if that was the way to go.

Jake Bernstein: Yes. I would do that as well. Just wanted to say that this does exist where there's these local police officers who are crosstalk.

Kip Boyle: Yeah. Yeah. And I think we'll see more of that in other American cities as time goes on. Okay. So let me tell you about my recent experience working with FBI. First of all, let me just give you a little thumbnail sketch about the crime: So unlike your client, my customer was a smaller company. It was less than $25 million of annual revenue. It was not in the manufacturing space, but rather high tech. The financial fraud in question was a business email compromise, and the actual financial loss was under $25,000. And for the size of that company, that's a good amount of money. And the attack was an outsider impersonating the CEO to the accountant. So the accountant-

Jake Bernstein: Classic CEO fraud-style.

Kip Boyle: Yeah. Yeah. So the accountant gets emails that looks like it's coming from the CEO. Sounds like the CEO, is very... But is also tersely worded and... "Hurry, hurry, hurry, get this done, get this done." And so the accountant totally fell for it. And I interviewed the accountant afterwards and listened and I just thought, "Well, I mean, I would probably have fallen for it." I mean, it was pretty good. This had never happened before. The accountant kind of just immediately fell for it. It was just very, very good.

Now, the way that the outsider impersonated the CEO is, the CEO's email account got compromised, first of all. And then this is pretty interesting: So when we did the forensics, we found out that... And I don't totally understand this, so forgive me... But somehow, there was a fake mobile device that was attached to the CEO's email account. And so to the email server, it looked like just a mobile device with an email app on it. And, but it was programmed in such a way that it was a private channel for the attacker. So anything the attacker sent out through that channel, the real CEO would never see it; would never see the back-and-forth. So it was very clever, the way this was done. And obviously, they spent some time monitoring the CEO's communications so that their fraudulent emails would sound very real, and they did. So there were two attempts to steal money: The first one succeeded, the second one was actually stopped by the bank. And as of over six months later, the money's never going to come back, so it's gone. So that's what happened. Yep.

Jake Bernstein: So, okay. In this case, how did the FBI get involved?

Kip Boyle: Well, so the first thing we did is, we filed an online report with ic3.org. And that's kind of why I said that working with Secret Service might have been... Or, sorry, that responding to a ransomware threat may have felt like that the victim was working with a tech support crew; as if they were having trouble starting their email client or something like that. Because that's kind of the feeling that I had when I went to ic3.org and started filling out the online report. It really felt like I was opening up a ticket for just, "My mouse doesn't work; can I have a new one?" But that's kind of how we started. And it took me about an hour to fill out that online report. And I had to gather a bunch of supporting information to make sure that it was complete report. And so it took me about an hour to get ready to file it. It took me about an hour to file it. So just so you know, this is about a two-hour thing; not that bad.

And after I filed the report, I then reached out to the local cybercrime task force and then spoke with the local agent. And the agent was super helpful. And the first thing he said was, "Well, did you file the report with ic3.org?" And I said yes. And he kind of got a puzzled look on his face and he goes, "What was the company name again?" And I told him and he goes, "I didn't see that come by my desk; let me go check." And then he went, he checked, and he found the record and he looked at it. And we had a really great initial conversation about it. So I felt really good that I was talking to somebody who was genuinely interested. Now, there were some problems that emerged later on, but we invited FBI in and it started with an online report.

Jake Bernstein: Interesting. Okay. So that works as well. Yeah. Mine was kind of a more relationship-based recommendation; or a referral, really.

Kip Boyle: Right. Yeah. From people who do post-breach forensics all the time, right?

Jake Bernstein: Yep.

Kip Boyle: Yeah. So they probably had a working relationship with Secret Service and it was just the first place that they thought to go to. Well, so I already knew somebody in the local cybercrime task force for FBI, and I knew that they were going to ask me to file that report. So I just figured, "Let's do that first." So, yeah. So that's how the FBI got involved.

Jake Bernstein: Very cool. So what did the FBI actually end up doing here?

Kip Boyle: Well, they schooled us a little bit. So they're very supportive. They offered a ton of advice. So one thing that I was really impressed with by the agent that I worked with... I wasn't sure how technically savvy, how computer savvy the FBI agents were. And it turns out, this one was super, super savvy and he was giving me good advice; things we'd already done, made total sense, like change all the passwords involved, scan the computer that the CEO was using to make sure that there's no malware on it. Do a log review to see if you can discover what IP addresses were accessing the CEO's email account. Check other email accounts to see if a similar access can be observed, and so on and so on.

And so I thought the advice that he offered was good. So if I wasn't a cyber risk practitioner, and if I was just, let's say, the director of IT or something like that, I think this would be helpful. This really would've steered me in the right direction. So that was the first thing that FBI did, was just said, "Hey, look, here's what you need to do to kind of recover technologically from this and try to make sure that the bad guys no longer have access." And then the agent requested additional information.

So, and he was really interested in four things. The first thing he asked for was the EML files for all the communications that we eventually uncovered from the fake CEO. And EML files are Microsoft Outlook formats that preserve all of the header information and all of the technical details about how mail was routed around. That's really important for FBI, for their investigation, to actually try to map out: How were these messages sent? Where did they come from? Were they deliberately routed through some sort of anonymity network, Tor? I mean, whatever, right? They needed to see the actual mail-routing information.

The second thing he asked for was, any log files showing IP addresses that were accessing the account for the real CEO. And then the third thing he asked for was, the routing and the account numbers for both of the financial transactions, the successful one and the failed one. And then finally asked for any details we could give them regarding this Python script that imitated the mobile device and allowed the fake CEO to do what they were doing. And so just based on that additional information, I thought, "This is pretty sophisticated investigation."

Jake Bernstein: That is, yes. That is definitely what you want to see out of your national law enforcement agency.

Kip Boyle: Yeah. And so in my mind, I had like a picture of a room where they might have a giant whiteboard on one wall where they were just aggregating these reports and putting IP addresses up and trying to see, "Okay, so here's a company that got hit with this VEC. What do we know about other reports that we've gotten? Do these IP addresses cross-match in any way?" And it kind of made me think about your point that you discovered that over 400 companies were part of that campaign of ransomware where your client was just one involved. And I thought to myself, "Yeah, if I was law enforcement, I would want to know, how many victims are there in this latest wave of ransomware?" And the same thing with this business email compromise. I would want to try to piece it all back together to understand just how many targets were affected by this latest attempt.

Jake Bernstein: Yep. Exactly. And that's the only way they can ultimately get their investigation off the ground and to potentially find a perpetrator.

Kip Boyle: Right. And it really maps to what you were saying before about, don't expect law enforcement is going to help you actually sweep up the debris from the break-in. They're going to show up, they're going to ask for information. They might offer some advice, but really, what they want to do is get back to their investigation.

Jake Bernstein: Yep. And that's what they're there for. So it sounds like you had a good experience. Do you look forward to working with the FBI again?

Kip Boyle: Yeah, absolutely. I will definitely work with them again. And lessons learned here, for me and for my customer, is we didn't contact FBI soon enough. And this was my fault, in a way, because I didn't realize that FBI has a capability that the agent explained to me, which is: If you have a financial fraud and you wire money out of your company, if you can contact FBI within 48 hours of the event, the FBI has additional capabilities beyond what the banks have. So of course, you're going to notify your bank and your bank's going to attempt to squash the transaction. But FBI has even more capability to squash transactions. They have the potential, for example, to involve law enforcement in other countries. They've got some cooperative agreements. They can also involve other banking officials in our banking networks that your local bank may not have access to.

So this was all really good information that I got from the agent that made me feel like, "Okay, next time, we're definitely going back to FBI and we're definitely going to go back sooner." Before I file the online report, anyway, so that we can get as much help as possible recovering the money as soon as we can.

Jake Bernstein: And I think that's a really important point to remember, is... and I've heard that before as well... that the federal law enforcement in particular has certain powers to stop money transfers that nobody else has. And they can't use those on your behalf unless you call right away. And 48 hours is really short. So you have crosstalk-

Kip Boyle: It is. Yeah. Because it probably takes you... It took this company 24 hours just to realize that the first transaction was fraudulent.

Jake Bernstein: Exactly.

Kip Boyle: So a day was burnt just in the discovery. So that left 24 hours. And so this goes back to the value of an incident-response checklist that everybody's familiar with.

Jake Bernstein: Absolutely. And contacting... Particularly if you have some kind of, what do you call them? Count-up tables...

Kip Boyle: Yeah. Yeah.

Jake Bernstein: If a money transfer is involved, you got to have "contact the FBI" right up there.

Kip Boyle: Yeah. There's immediate actions that you need to take between... A count-up table is sort of like, "What do you do in the first two hours of an incident? Okay. Now what do you do in the first two to eight hours in an incident?" So this is all very time-sensitive. And so you want to be clear in your procedure about what's first, what's second, what's third. So yeah, that's how I think about it.

Jake Bernstein: Yeah. And one of the things, too, with the Secret Service, just to hit back on that, is that their mandate, their charter, actually is... they have thresholds of dollar amounts. If you have a particularly impactful... and by that, I mean high-value or a lot of zeroes... the Secret Service may actually be able to act faster than the FBI in certain situations. So that's why there's a potential value to really keep in mind your options there when you're thinking about who to talk to and who to get help from.

Kip Boyle: Yeah. Okay. So if you've got... So I guess a rule of thumb is, if you've got a big bank fraud or you have a financial fraud on your hands, call FBI first, but prompt the agent, "Hey, should we get Secret Service involved?"

Jake Bernstein: I would definitely recommend that.

Kip Boyle: Yeah. Okay. Cool. All right. So anyway, so that was my most recent experience with FBI and... Yeah, I don't have anything more to say about that. Do you have any other final thoughts before we wrap?

Jake Bernstein: I do not. I think that if you're unfortunate enough to get hit with one of these attacks, then just remember that in this situation, you do want to call the police. And when we're dealing with cybercrime like this, that almost always means federal law enforcement.

Kip Boyle: It does these days. Yep. Okay. That's this episode of the Cyber Risk Management Podcast. And today we talked about our recent experiences working with law enforcement on cybercrime cases. We'll see you next time.

Jake Bernstein: See you next time.

Speaker 2: Thanks for joining us today on the Cyber Risk Management podcast. Remember that cyber risk management is a team sport, so include your senior decision makers, legal department, HR, and IT for full effectiveness. So if you want to manage cyber as the dynamic business risk it has become, we can help. Find out more by visiting us at cyberriskopportunities.com and focallaw.com. Thanks for tuning in. See you next time.