Previous Shows
What is the Business Risk of Cybersecurity
What is the Business Risk of Cybersecurity with Special Guest Terry Ziemniak
This week on The Digital Download, we’re addressing a critical concern for every business: the real risks and resilience factors in cybersecurity. Our guest, Terry Ziemniak, is a fractional Chief Information Security Officer (CISO) with decades of experience guiding organizations across industries like healthcare, finance, and manufacturing. From building scalable cybersecurity programs to driving cultural change, Terry offers practical insights into protecting businesses from evolving threats.
As we unpack the business implications of cybersecurity, we’ll explore questions like:
* What level of security is “secure enough” for a business?
* How can cybersecurity gaps impact your organization’s resilience?
* What strategies help businesses survive and recover from cyberattacks?
* How can people, processes, and technology combine to strengthen defenses?
With a proven record of building and implementing robust security frameworks, Terry has collaborated with executives and boards to align cybersecurity with business goals. Join us to hear his insights on reducing risks, fostering resilience, and embedding security as a shared responsibility.
We strive to make The Digital Download an interactive experience. Bring your questions. Bring your insights. Audience participation is highly encouraged!
This week we were joined by our Special Guest -
Terry Ziemniak, a fractional Chief Information Security Officer (CISO)
This week's Host was -
Rob Durant, Founder of Flywheel Results, a proud DLA Ignite partner
Panelists included -
Tim Hughes, CEO & Co-founder of DLA Ignite,
Adam Gray, Co-founder of a DLA Ignite
Bertrand Godillot, Managing Partner, Odysseus & Co, a proud partner of DLA Ignite partner, and
Tracy Borreson, Founder and CEO of TLB Coaching & Events, a proud partner of DLA Ignite partner
Transcript of The Digital Download 2024-12-20
Rob Durant [00:00:02]:
Good morning, good afternoon, and good day wherever you may be joining us from. Welcome to another edition of the digital download, the longest running weekly business talk show on LinkedIn Live. Now globally syndicated on TuneIn Radio through IBGR, the world's number one business talk, news, and strategy radio network. Today, we're asking, what is the business risk of cybersecurity? We have a special guest, Terry Zimniak, to help us with the discussion. A fractional chief information security officer, CISO, with decades of experience guiding organizations across industries like health care, finance, and manufacturing, Terry has collaborated with executives and boards to align cybersecurity with business goals. But before we bring Terry on, let's go around the set and introduce everyone. While we're doing that, why don't you reach out to a friend, ping them, and have them join us? We strive to make the digital download an interactive experience, and audience participation is highly encouraged. Alright.
Rob Durant [00:01:17]:
With that, Tim.
Tim Hughes [00:01:20]:
Rob. Yes. This is the first show, that is being live streamed to TikTok, I believe.
Rob Durant [00:01:30]:
Yes. Yes. It is. We are
Tracy Borreson [00:01:34]:
Maybe. Is anybody looking at TikTok? Supposed to be.
Rob Durant [00:01:39]:
Yeah. And all the 20 year olds are just gobbling up this kind of content.
Tim Hughes [00:01:46]:
I I know my my great niece and great nephew who are, 10 13 will be watching it.
Rob Durant [00:01:55]:
Perfect.
Tracy Borreson [00:01:56]:
Thank you for starting our trend on TikTok.
Tim Hughes [00:02:00]:
Anyway, just to say, welcome, everybody, and, really looking forward to today. Always do on the digital download, and, please put forward your your questions and comments. Great subject. My name is Tim Hughes. I'm the CEO and cofounder of DLA Knight, and, I'm famous for writing the book, social selling techniques to influence buyers and change makers.
Rob Durant [00:02:23]:
Excellent. Thank you. And keeping up the, tradition on the digital download. The show before Christmas, we all wear our, as we say in Britain, Christmas jumpers.
Tracy Borreson [00:02:38]:
Rob says that like he's in Britain.
Rob Durant [00:02:41]:
That's right. That's sweaters for the rest of the world. Bertrand, welcome.
Bertrand Godillot [00:02:52]:
Thank you. Hi, everyone. My name is Bertrand Godillot. I am the, founder and managing partner of Odysseus & Co, a proud DNA Ignite partner based in France, but actually broadcasting today from, Morocco. So, quite exciting. I do have the jumper. Not not not easy to find in France, by the way, but I managed to find one. And I'm very excited by today's topic, of course.
Rob Durant [00:03:21]:
It's funny because ugly sweaters are really easy to find here in the States. Good to have you with us, Bertrand. Tracy.
Tracy Borreson [00:03:31]:
Good morning, everyone. Tracy Borreson from TLB Coaching and Events, also a proud DLA Ignite partner. And this year, when we were bringing out our Christmas stuff, we counted the number of holiday attire pieces that I have, and I have 12. So next time, Bertrand, you just call me. I'll send you one.
Bertrand Godillot [00:03:53]:
I'll do.
Rob Durant [00:03:55]:
Is that one for each of the 12 days of Christmas?
Tracy Borreson [00:03:57]:
Well, that wasn't intentional. But then when I realized I had 12, then, yes, we turned it into a thing.
Rob Durant [00:04:03]:
Awesome. Great to have you with us, Tracy. Thank you. Adam.
Adam Gray [00:04:08]:
Hi, Rob. Hi, everybody. I'm cofounder of DLA Ignite, Tim's business partner. I'm not a big fan of Christmas. Hence, the fact that we have no ho ho on my jumper. It is, however, a Christmas jumper. Not sweater, jumper.
Tracy Borreson [00:04:27]:
I know. I mean, I saw that you weren't wearing you weren't wearing your Baha Humbug hat, and I was like, oh, but you have the the jumper.
Terry Ziemniak [00:04:36]:
So it's good.
Tim Hughes [00:04:37]:
The sweater?
Terry Ziemniak [00:04:39]:
The sweater jumper.
Rob Durant [00:04:42]:
Awesome. Thank you so much for that, Adam. And myself, I am Rob Durant. I am founder of Flywheel Results. We help start ups scale, and I too am a proud DLA Ignite partner. My Christmas sweater says no business like snow business.
Tim Hughes [00:05:00]:
Yes. Yeah.
Rob Durant [00:05:03]:
And I hate snow.
Adam Gray [00:05:05]:
You see, that's exactly why I don't like Christmas, Rob.
Tracy Borreson [00:05:09]:
The snow?
Adam Gray [00:05:10]:
No. Puns.
Tracy Borreson [00:05:12]:
Oh, puns. I'm like,
Rob Durant [00:05:15]:
puns. Be honest. It's not why you
Tracy Borreson [00:05:17]:
hate it. Snow.
Rob Durant [00:05:22]:
Alright.
Tracy Borreson [00:05:22]:
Also, before we start, I want to share my Christmas mug because it's Star Wars Christmas.
Rob Durant [00:05:29]:
And it
Rob Durant [00:05:30]:
makes a great radio.
Tracy Borreson [00:05:32]:
And go and find us on TikTok, people who are listening on this.
Adam Gray [00:05:36]:
So gel.
Rob Durant [00:05:41]:
Alright. We have lost it. Well, let's let's try and bring it back.
Tim Hughes [00:05:46]:
That's Tracy, that's so brat.
Tracy Borreson [00:05:49]:
Okay. You know, like, I'm the youngest one on this panel, and I have no idea about any of the gen z lingo. So just FYI. You probably need more
Adam Gray [00:05:58]:
of that
Rob Durant [00:05:59]:
tick and the talk.
Tracy Borreson [00:06:00]:
Yeah. I'll go watch this on TikTok after.
Rob Durant [00:06:05]:
Alright. As I said, this week on the digital download, we're going to speak with Terry Zimniak. With decades of experience guiding organizations across industries like health care, finance, and manufacturing. Terry has a proven record of building and implementing robust security frameworks and protecting businesses from evolving threats. Let's bring him on. Terry, welcome. Hi, Terry.
Terry Ziemniak [00:06:36]:
To you. Now first off, I wanna apologize. I did not bring my ugly Christmas sweaters. I'm traveling this week, so this is my, I guess, moderately attractive general purpose jumper.
Rob Durant [00:06:49]:
Perfect. You fit right in.
Terry Ziemniak [00:06:51]:
K.
Rob Durant [00:06:52]:
Terry, let's start by having you tell us a little bit more about you, your background, and what led you to where you are today.
Terry Ziemniak [00:06:59]:
Sure. Sure. Absolutely, Rob. So, I've been in cybersecurity, for 20 some years. I like I like to think that I was cyber before cyber was cool. My my career kinda breaks into 3 big parts. The first part of the career was very technical. So I was doing hands and not hands on bits and bytes sorts of stuff, penetration testing and security architecture, building big cool solutions.
Terry Ziemniak [00:07:22]:
1st decade of my career, technology started moving pretty quick back then. So it was about the 2000, so all the wireless and the crypto and all the cool stuff was popping. Frankly, it was getting hard to get on top of all this stuff. And at that point, I had a good inflection point in my career working for a consulting company. 1 of the sales ladies came around and said, hey. We have a client asking about HIPAA. What's HIPAA? And, in the US, that's one of this regulation governing kinda how you protect medical data. And none of the folks in my security company that I work for knew anything about HIPAA.
Terry Ziemniak [00:07:52]:
So I officially raised my hand and, like, I don't know, but I'll go figure out what the company is. So went out and printed out the big regulations and read through that game of HIPAA guy. That that then led me to the second phase of my career, which was the compliance and eventually the executive, part of cybersecurity. So I have a decade of experience as what they call chief information security officer, officer, large large organizations across the US. And then pivoted to the 3rd phase, hopefully not the last phase, but my current phase of my career is working as a fractional CISO. So tying together that executive experience as well as the technical hands on experience. Now I work for small and midsize companies. I kinda help them think through their cybersecurity strategy.
Rob Durant [00:08:36]:
Awesome. Thank you for that. So let's start the conversation with the foundational question. What level of security is secure enough? Yeah.
Terry Ziemniak [00:08:51]:
That that that's an excellent question and probably the big question most businesses really fail to think through. I I kinda came up with that phrase secure enough. I've been using it for a decade now, because as a bit as a if you consider cybersecurity a risk, you've got to think about you can't really solve risks. You you don't close out risk just like businesses have to deal with financial risk, competitive risk, regulatory risk, all the risks that business have to deal with. You need to be aware of them, you need to manage, and you need to deal with the risks. Cybersecurity is the same way. You're never a 100% secure. So I I kinda use that phrase as I talk to business leaders, help them think through those concepts of secure enough.
Terry Ziemniak [00:09:33]:
Do you wanna be Fort Knox? Fort Knox is probably not the right goal. It's not not not the right goal line for you because being Fort Knox is really, really expensive. It could most likely be disruptive to your business. Maybe you wanna go bankrupt trying to be bulletproof in the cybersecurity space. Maybe maybe not, but you gotta think through it. On the other end of the spectrum, do you wanna be irresponsible to cybersecurity? Probably not. So I I kinda use those stories to help business owners think about this is a risk. This is a spectrum we're dealing with.
Terry Ziemniak [00:10:04]:
Where do you wanna be on a cybersecurity scale? And, typically, what that means is is is you need to think through your outside your influences on the outside. Your prospects, your clients, the regulations, cybersecurity, whoever it may be, will help you think through and define that line of of what is secure enough for us for today. Unfortunately, it may change tomorrow. But but those outside influences will help business owners think through what's that right level of security, and and that's usually a good starting point. Because we don't think about your goal and your objective. You're just buying miscellaneous stuff. You know, sales guy can come through and sell you the the latest greatest firewall, maybe buy a new backup solution, which are all good and may may well be necessary. But you gotta tie it together and understand where do you need to go, and and and that's the phrase that I use to to facilitate that conversation.
Adam Gray [00:10:52]:
So you you talk about cybersecurity, and, obviously, we all of us have heard about, even if we haven't directly been exposed to, certain things that have happened in the marketplace. So huge data breaches where a credit card company is hacked, and then they're selling your details online. Or, somebody clicks the wrong thing, and it downloads some well malware, and then, you've you've got a a an executable file running, and you can't access any of your data, and it's ransomware, if you like. But what what other things are there, that people need to be aware of from a cybersecurity perspective? Because those those are like, you know, like breaking into Fort Knox in terms of the the the glamour factor of them. So so what are the things that we're likely to encounter on a more day to day basis from a cyber cybersecurity perspective?
Terry Ziemniak [00:11:54]:
Yeah. Yeah. So, really, what you're asking is kinda what are the typical incidents that are happening? So, absolutely, that's for for individuals or companies. There's a lot out there. And, actually, it's a great question because if you think about if you're if you're trying to identify the goal for your business, you probably don't want to address the very unlikely incident that's out there. You know? If if China decides they wanna target you and break into your business, frankly, you you're in a bad spot, and and that's difficult to address. However, there's a lot of very common, attacks that lead to incidents that happen all the time. Those are the ones you should be focusing on.
Terry Ziemniak [00:12:29]:
So the ones you mentioned are real common ransomware, all sorts of malicious software, what they call malware, so could be a Trojan horse or virus. Collectively, that's just a bucket of bad software. And if you get that bad software out of your computer, it could encrypt stuff, it could steal stuff, it could, you know, snoop on what you're doing on your computer. So, yeah, the general category of malicious software, that that's one bucket we have to deal with. There's a lot of phishing sorts of incidents so that generic email threats are are big problems. So phishing would be, I'm gonna send you an email, pretend to be someone you know, someone you trust. And once you interact with that email, that's where the bad stuff happens. So once I get you, thinking about the email and interacting, maybe you click on a link, maybe you download a file, maybe you send me information you should be sending.
Terry Ziemniak [00:13:19]:
So those sorts of communication based attacks are are real common. It could be email based. It's also more and more we're getting text based. I've got, you know, people get, fake messages that pretend to be the boss. Say, hey. We got a problem. I need you to run to, go buy, I don't know, a new credit card or a gift card for someone. So phone based phishing attacks are very common as well.
Terry Ziemniak [00:13:43]:
So those those are one general category. Malicious communications. Those are probably the big ones aside from that. You saw traditional fraud would hap which happens. So in the old days, you just physically steal stuff. Now you can use cyber technology to steal stuff. You've got outages you have to worry about, so you could be a denial of service. Maybe ransomware brings you down.
Terry Ziemniak [00:14:03]:
It's just through the there's a litany, and and it's kinda hard to think through what are the 1,000 attacks we have to deal with. It's it's really a matter of of, I would think the business owners focus more on the general protections. And as we talk today, I'll we can talk through how do you understand what the best protections are and the necessary protections. But, unfortunately, there's a lot. There's a lot out there, because because the bad guys are making money off this. Think about who we're dealing with. We're not dealing with kids in the basement trying to break into your computer like you may see on the on the that that the hacker movies of the eighties nineties. These are these are criminal enterprises and businesses.
Terry Ziemniak [00:14:41]:
You know, these are people trying to make money. It's purely capitalism at its at its worst, I guess. But but but these companies have things like you can do phishing attacks as a service. You can pay someone to do an email attack on your behalf. You can do ransomware as a service. You can pay someone to do a ransomware attack on your behalf. These bad guys even go so far as to have support rights. Hey.
Terry Ziemniak [00:15:02]:
Your ransomware campaign is not working for you. Give us a call. We'll help you out.
Adam Gray [00:15:08]:
It's it strikes me that there is 2 there are 2 main baskets for for this. There's the the IT basket. So, you know, as the chief information security officer, you have to put in place, structures, like you said, like the firewall, like antivirus software, like keeping all of that stuff up to date. But there's also the the the idiot in the room scenario. You know, you send you send me an email, and I click on it. So there's an education element to this as well, isn't there?
Terry Ziemniak [00:15:37]:
Yeah. And, actually, maybe no a little more broadly, Adam, when you talk about cybersecurity protection, you typically talk about people, process, and technology. So So the technology side is your firewall and your antivirus. Your people is making sure Terry doesn't click on the long long link. You know, Terry knows to notify the help desk when I see an odd pop up on my computer. You know, Adam knows to call the help desk when he loses his laptop, those sorts of things. But, also, there's a third part. It's the process part.
Terry Ziemniak [00:16:05]:
So, you know, maybe today we'll talk a little more about business continuity and business resilience. All your compliance and your contractual protections, your cyber insurance are in that space. So there's kinda 3 big buckets when you think about how do you protect your organization.
Tracy Borreson [00:16:21]:
Terry, I have a question because I I feel like the more and more we get these like global complex problems, the more and more organizations are interacting between each other, and there's like a role of cybersecurity in keeping your organization secure. And also those communications between organizations secure, but there's more and more communication between organizations that really needs to get done in order to solve problems. And so from your experience, what kinda and I mean, I'm sure there isn't one right balance. There's, like, a balance that's right for an individual organization. But, I mean, you mentioned prospects, clients, regulations, goals. Like, how do we make sure that we're having a holistic conversation about what really matters?
Terry Ziemniak [00:17:15]:
Well, the holistic part, Tracy, is, is is a great concept because if you put all your eggs in the technology basket and you buy the world's greatest firewall, that's great. But, again, if if if Bertrand clicks on something you shouldn't click click on, you're in trouble. You know, if you have, if something gets through in your backups don't work correctly, you you guys see you gotta spread your your presumably limited cybersecurity protection budget and and your resources you gotta spread evenly. The way to look through that is there's a great number of high quality frameworks out there. So you may have heard of the NIST CSF frameworks, the popular one in the US. There's there's ISO equivalents. There's HITRUST. There's all sorts of frameworks out there.
Terry Ziemniak [00:18:01]:
The advantage of the framework, and it's important to find the right one for your business, but these frameworks will make sure you look holistically at your program. So a good framework is is better than, you know, hey. We're secure because Terry says we're secure. Probably not a good way to to run your business. But if you're secure because Terry aligns you with a well known broad framework of cybersecurity protections, then you have a good conversation. That's the right place to be. So, again, in the US, NIST cybersecurity framework, CSF, real popular. But that'll walk you through governments.
Terry Ziemniak [00:18:35]:
You know, do you have leadership, support? It'll walk you through your your contracts and your training and your back up procedures and your recovery time and your communication. All that's built in there. But but a great framework will make sure you have that holistic, oversight. And it also add, Tracy, you talked about at the beginning of your question. 3rd party risk is is you're right. It's a big issue. So no companies in Ireland anymore. We all buy and we sell from other companies.
Terry Ziemniak [00:19:03]:
And back to the Fort Knox analogy, you could get closer to Fort Knox if you decide not to sell or buy anything, but you wouldn't be a very good company. So so you have to you have to accept a little bit of cyber risk when you connect with other companies. 3rd party risk says, I before I buy a service or technology from you, I'm gonna make sure you're that you don't impact my cybersecurity. And and maybe for small businesses, they have to turn that conversation around and say, I'm selling my product up to the government, up to the military, to a bank, to a hospital, to even the individuals. Those prospects, those buyers have expectations. So if you're a small business selling out, you've gotta ask yourself, what do your prospects expect? You know, that's kind of the reciprocal side of third party ciders of the cyber risk, 3rd party risk. And, you know, that that that really, again, helps small businesses define what is secure enough. Right.
Rob Durant [00:19:58]:
Terry, what do you say to the organization that thinks they are so small that this really isn't going to impact me, what are the true business risks that a small business might face? Well so if you're a
Terry Ziemniak [00:20:14]:
real small business and maybe you're making donuts someplace, you you may, in fact, have a very small cyber footprint for your business. But keep in mind, there's kinda 2 parts. 1 is you're you're as a business, you're producing stuff, whether it's donuts or maybe you're making, I don't know, smartphones, whatever. So you gotta protect your business, your intellectual property, your processes, your people, all that stuff has to work. If you're really small, maybe that's a really small cyber footprint. Maybe it's big, but you gotta think about that. But I'm leading to the second part is don't forget you have business processes as well. So even if your your donuts don't have any cyber risk, your your your bank account, your email account, your HR system, your payroll.
Terry Ziemniak [00:20:59]:
There there's risks on the business side, the back end processes. You gotta make sure you pay attention to those as well. Now typically, a small business, you're not running your own payroll. You obviously don't have your own bank. But you have to look at those services and make sure you properly manage that risk. At your bank, are you doing multifactor authentication? Do you have a backup administrator? Same thing for emails. Your email properly secured? Are are you validating your payroll services, whatever it may be? So we got back end processes, and then you got your kind of business operations. Small business may only have to deal with the back end, but most likely, they do have to deal with something.
Bertrand Godillot [00:21:37]:
Terry, yeah, I I'd like to come back to something you said, initially about cost. The discussion we're having today sounds to me very close to discussions we had 15, maybe 20 years ago around availability. There was always a big fantasy of 100% availability and a lack of understanding of what this would mean from a cost perspective. It sounds to me like, you know, cybersecurity is a little bit of the same nature, in other words. And and and I'd like to understand as a business, and I understand also that there might be ranges, But what is the average cost that you should do you have benchmarks, in other words? So if, you know, what is the cost of doing business linked to cybersecurity?
Terry Ziemniak [00:22:37]:
Well, it it it that's the $1,000,000 question I've been as I mentioned, I I've been in corporate America, a good part of my career, and it's always, you know, what are the numbers should it be? Back when I was in corporate 10 years ago, it's 3 to 5% of IT spending in cybersecurity kind of in the health care space. What what was a working number? It's it's really hard because some companies consider cybersecurity an IT function, and they will then measure it based on a subset of the IT budget. If you have, I don't know, $1,000,000 IT budget, maybe 5% or 10%. The other complexity we're having in IT is there's so much overlap. If you pay someone to manage your laptops, and that person's responsible for encrypting and backing up and patching your laptops, is that a security cost or is that an IT cost? You you you gotta love those mixed numbers in that bag. And then also don't forget beyond IT, there's a lot of nontechnical stuff. People process technology. Where do the people cost people costs fall? Where do the process costs fall? Unfortunately, I there there really is no set number.
Terry Ziemniak [00:23:45]:
It's like, what's the cost of making sure you're compliant with, your HR regulations and and and your whatever other regulations are out there. It's it's it's really difficult to measure. I will tell you in general, most people should be spending more. On the other hand, there's really you don't necessarily need to spend a lot of money in cybersecurity. Adam was asking about what are the things we should be worried about? Ransomware, bad emails, viruses. Those are particularly expensive to to block these days. If you have a good antivirus antivirus tech solutions are not expensive, cybersecurity training solutions aren't expensive, your backups aren't particularly expensive. So it it's not generally a huge capital outlay to be secure.
Terry Ziemniak [00:24:31]:
You gotta be thoughtful of how you're spending your money, though. So, unfortunately, I don't have a good easy number for you, but I tell you, you don't need to spend a a huge amount of money and you gotta spend it broadly.
Bertrand Godillot [00:24:41]:
But I think what's interesting is what you're saying is that as a c I IS CISO Yeah. You you run your own budget, and that is across, I suspect, IT processes and people.
Terry Ziemniak [00:24:55]:
Well, you know, it's interesting in my career for training. I I have been a CISO at $1,000,000,000 company where I reported the CIO. Similar size company I was working where I reported to the chief counsel. So I was on the legal side of the organization. And the I I tell you as a cybersecurity guys, life is much easier on legal side because you just write policies and you talk to people, and you don't get calls at 2 in the morning saying you have a virus because it's the IT guys that have to deal with that guy guys and gals. But I effectively had little to no budget when I was on legal side because there was dotted line to IT director of security, director of technology security. In this case, he had a big budget to pay for firewalls and penetration testers
Bertrand Godillot [00:25:39]:
and, you
Terry Ziemniak [00:25:39]:
know, whatever the technology. So kind of the point, the technology is the big part of the spend in cybersecurity. Absolutely.
Adam Gray [00:25:49]:
Am I right in assuming that for many organizations, the belief is that this is not gonna happen to us because we're small or we're not important or whatever. And, the vast majority of organizations implement something after the fact because then it becomes very apparent, like a burglar alarm. Nobody ever has a burglar alarm fitted until they've been burgled. And is it a similar kind of situation here?
Terry Ziemniak [00:26:15]:
You know, it used to be. And and, Adam, I do see a shift in the fact that, again, small businesses, if you're selling to somebody, the the 3rd party risk concept, if you're selling to someone, the buyers are getting more and more diligent of verifying that you are secure before they do business with you. So, again, no matter who you're selling to, unless it's maybe a a big individual consumer, most most businesses before they sign contracts are gonna have some kind of validation. Do you have cyber insurance? If nothing else, they'll make sure you have the insurance in place. Many, many buyers of the US have regulations. Again, medical, financial, military, government, all those big players. They they've got requirements to verify your senior. So they they these contracts and the procurement processes, Adam, are really driving clarity to these smaller businesses saying, hey.
Terry Ziemniak [00:27:06]:
My buyers are expecting multi me to have multifactor. My buyers are expecting me to have cyber insurance. My buyers are expecting this and this and this. So that that's a good thing because it's driving these small businesses to think about the things that typically they wouldn't think about because we all understand small business only have so much money to spend. If you don't have to spend money in in a space, why would you? Now we're getting clarity and we're getting derived and and and they they really have to just to sell their products.
Tracy Borreson [00:27:38]:
Terry, I have a oh, I have a question, Rob, if that's okay about AI. Oh, okay. AI is is playing into to stuff nowadays. So, has that increased the cybersecurity risk? Has it changed it in terms of how people experience it? I know everybody here has about things like deep fakes. And, how is AI playing in this playground?
Terry Ziemniak [00:28:03]:
It's it's playing roughly right now. There there's really 2 parts maybe to think about it. AI as the tool being used by the bad guys and then AI being used internally in business. So I'll I'll do the first part. I'll start with that. So the bad guys are using AI because, again, these are capitalists. These these are business men and women trying to make money off us. It's just a new tool in their toolbox.
Terry Ziemniak [00:28:26]:
So, yeah, the the the the social engineering sorts of attacks, which can be emails, it can be voice mails. There's even a famous story. I think it was early this year. There was a Chinese company, I believe, that where they they they paid they they they inappropriately paid, like, a multimillion dollar invoice. And the way the bad guys pulled it off is they sent a effectively a Zoom link to someone in finance. Said, hey. This is the president of the company. You need to jump on the Zoom call.
Terry Ziemniak [00:28:54]:
The the the person in accounting jumped on the call. It was a video call. It had the CEO and the CFO, and they were having a conversation. And the conversation was around the the the payment, and then the accounting guy heard what you need to hear. He dropped off, paid the paid the invoice. The whole video was faked. It was a deep fake conversation where they faked the video and the audio. The accountant was convinced it was legit, paid the invoice based on the interaction of the video.
Terry Ziemniak [00:29:21]:
So the the the social engineering, the, you know, the hard part we have really, Tracy, is that you need to authenticate people. And in the old days, you would authenticate people by seeing face to face. Well, I I I know who who Rob is. I shake his hand and and and and he's a good guy and I know that. Then it became phone calls and it became signatures and it became emails and now it's video. A lot of that all can be fake with artificial intelligence, and that's the big risk of it. You you you need to go through your processes as a business and say, hey. We do not pay invoices unless whatever.
Terry Ziemniak [00:29:55]:
You know, video calls no longer are reasonable proof that the invoice is legitimate. You should already have a rule in your organization saying email is no longer adequate for us to change bank routing information because the bad guy has been doing that for 10 years. So they're using AI to make this social engineer much more effective. And they're gonna get to the point pretty soon where, in addition, the the the messaging is gonna get better. So So if you think of all the information in the world about Tracy, you know, Tracy has has has young kids, Tracy loves Lego, whatever it may be, they'll be able to pull all this stuff and have a great message just for Tracy. Hey, Tracy. Your kid just used your credit card to order a Lego link. Click here to cancel the order.
Terry Ziemniak [00:30:39]:
Well, that seems pretty legitimate. So the bad guys are using AI in that space, and they're gonna get better and better. So as a business owner, your protection is to look at your processes. You know, we don't accept this. We don't accept. You you gotta start building processes and training people not to accept those sorts of, those sorts of communications anymore. On the other half, business side, business using AI. It's an excellent tool, does some neat things, but businesses are getting in trouble, because they don't really understand AI and and and it's AI is finding a lot of risks that maybe businesses weren't aware of.
Terry Ziemniak [00:31:15]:
A real common problem is businesses are turning on Microsoft Soft Copilot, which is kinda AI embedded into the 365 suite. They're turning on Microsoft Copilot, and they're asking Copilot questions. Copilot then says, okay. Tracy's got a question. It skims through everything Tracy has and tries to respond. Unfortunately, unbeknownst to everybody, Tracy has access to some confidential information. So Copilot spits out a response that has this confidential information. So businesses are seeing that AI and Copilot in particular are finding things that shouldn't be finding.
Terry Ziemniak [00:31:49]:
So, you know, businesses are gonna have a period of adjustment in there because, again, AI is great. It's doing some some whizbang stuff. But as a business, it's got some special protections and considerations.
Tim Hughes [00:32:00]:
So so, Terry, how how much of this is is also I mean, you said earlier on about the people process and the technology. How much of this is about education, like not clicking on links? And, I know Adam doesn't like puns, but he doesn't like irony. I was sent a, an email from a cybersecurity company that basically had a brochure, and it said all you have to do is click on this link. And and and I I've I have my own podcast, and I've, interviewed cybersecurity people, and they say never ever click on links. It doesn't matter who it's from. You never click on links. So how much is this is do you think this is down to education?
Terry Ziemniak [00:32:38]:
Oh, certainly, a lot of it's about education, whether it's clicking on links or attachments or accepting a Zoom call as as a proof that you should be paying an invoice. You should be educating people. The bad news is people are never gonna be a 100%. They're never gonna be 100%. So you you you wanna drive people education up. Really, I I the goal of it of training people should be, 1, to make them cynical. You know? Should I click on a link? I don't really know. Number 2 is is to raise the red flag.
Terry Ziemniak [00:33:06]:
You know, best case is you're building a culture in your business where someone says, well, that's an odd email. I don't know about that. I'm gonna send that to Terry. You know, I'm not sure about things. So it's it's that cynicism and just kind of that in the US, you'd say maybe your Spidey sense, your spider your Spiderman senses are tingling saying, this looks a little odd stopping and putting on the brakes. So, absolutely. And, again, cost wise, training people is not particularly expensive. It it really is a you gotta do it and you gotta build it and make sure it runs, but you're not spending $50 on training people.
Terry Ziemniak [00:33:37]:
It it's relatively inexpensive to train people. Realizing your objective is to get users up to the 95% awareness level, but, it's certainly not a foolproof fan because all of us click on things, my myself included.
Rob Durant [00:33:52]:
To my left when you shared that story, because I still get emails from my bank and my credit card companies with links in them. And and I'm thinking to myself, what are they thinking? You know, that is so easy to to replicate. A responsible bank would say for your own protection, we don't link to your account here. You know how to find us. So that leads me to my question, Terry. What are the legal and compliance implications of inadequate cybersecurity. How responsible is my bank for a link I click on in an email that looks just like theirs?
Terry Ziemniak [00:34:36]:
Yeah. That that that's interesting. The the legal, liability, contractual issues, even your cyber insurance, there's some, there's a case a few months ago where a company reached out to their cyber insurance company and said, hey. You know, we had a phishing campaign. We we mispaid something. 25 20 it was $25,000. We wanna submit this insurance claim. The insurance company looks through the company's application for cyber insurance.
Terry Ziemniak [00:35:04]:
And in the application, they said that they do some special email filtering, which in fact they weren't doing. So the cyber insurance company says, hey. You said you're doing this, but you're not. We're not gonna pay we're not gonna pay out the this claim. So, yeah, there there there's a lot of question of liability in the particular case that you talked about, Rob, where Terry receives an email that looks like Bank of America and they click on it. Bank of America Bank of America really can't do anything about that. You know, it's it's just you know, it's like an old someone buying the Golden Gate Bridge. It's really not San Francisco's problem that someone bought the Golden Gate Bridge.
Terry Ziemniak [00:35:42]:
But, you know, maybe think about it as an individual and as a small business. I'll tell you the one tip I tell everyone as an individual, make sure you have a password manager. So they're built into the computers these days. If not that, go get 1 pass or LastPass. The password management, excellent tool for individuals because, a, it makes sure you have good passwords. B, it makes sure your passwords are unique. You never wanna use the same password at 2 different sites because if the second site's hacked, the bad guys will get into site 1. So unique passwords.
Terry Ziemniak [00:36:13]:
It also protects you from what they call farming. So if you click on a link that looks like Bank of America but isn't really Bank of America, your password manager will say, I'm not gonna give this credentials to this fake Bank of America website. So, again, tip for everyone at home, go get a password manager. Make sure you use it.
Tim Hughes [00:36:33]:
And and you you talked about cyber, insurance. What can what can people do about cyber, insurance? Because, again, it's like one of those things where you think, well, I'm a small business. I don't need to insure myself about it.
Terry Ziemniak [00:36:47]:
Well, I all businesses should have cyber insurance because just as a if nothing else, it's a business rest. Just like you've got, again, fire insurance, you've got slip of all and e and o insurance. It just it it's you have to have it these days. It's the costs are getting higher in the insurance space. But, unfortunately, Nate, it the the costs are going up because incidents are going up. It it it just and frankly, it happens all the time. And even if you're the securest company in the world, if you have, you know, Bob and accounting clicking on a bad link and he pays an invoice he should be paying, who's collecting that money? In that particular scenario, you know, it's one of the tops FBI does a great job, releasing reports. I think it's called IC IICS.
Terry Ziemniak [00:37:33]:
They they they have an annual report on on the top cyber incidents across the US. Email fraud is always up there, number 1 or 2. Point being, this does happen to small businesses all the time. So, absolutely, you you do need that. Frankly, your insurance provider should be talking about that all the time, but it's it's just business risk. You have to deal with it.
Tim Hughes [00:37:56]:
And what about backups?
Terry Ziemniak [00:37:59]:
Oh, absolutely. So backups are kinda your your your last protection. So, you know, if your email filtering lets the bad email through, and if we train the Bertrand not to click on a link that he clicked anyway, and if our, workstations antivirus didn't work correctly and our security alerts didn't detect it and we got ransomware anywhere, if everything else fails and ransomware comes in, backup is your saving grace. So, yeah, you must have backup. But I'll warn you, not all backups are equal. You know? Do you back up everything, or do you only back up, like, 80%? Do your backups work correctly? You know? Can you restore? Can you restore with dependencies? Because, typically, you're not restoring 1 piece. It it's in with other pieces, so your pieces all work correctly. So, absolutely, backup is critical, but equal critical is you gotta make sure it works correctly.
Terry Ziemniak [00:38:51]:
You know, just saying every backup isn't enough.
Tim Hughes [00:38:53]:
And, surely, phishing, applications or whatever nowadays are clever enough to basically, infect the backup, aren't they?
Terry Ziemniak [00:39:04]:
They they they do attack. So, you know, the malicious software that cut that can come through phishing attacks. Once you get bad software in your network, then you're really in a trouble spot because the bad guys can get there. The bad guys, typically, once they're inside your network, they'll do a little bit of reconnaissance. So I'm inside your network. What do you have? You have a database. You have email server. You have backups, whatever it may be.
Terry Ziemniak [00:39:25]:
It'll start targeting and figure out what it wants to hit. Realizing as we described here that backups can help you recover as a business. The bad guys will take your back try to get your backup system offline because if you have backups, maybe you're less inclined to pay ransomware to to to pay the ransom. If your backup work correctly, maybe you've got a business decision. I wanna go to backups, so am I willing to pay the ransomware? So, again, these are businessmen, businesswomen we're dealing with. They they know how businesses respond, so they're going after the backups.
Tim Hughes [00:39:55]:
Yeah. And and what about, one of our clients, that we sell the company now, did, we're doing, pen testing, so penetration testing on on cybersecurity. What what would you what first of all, what is pen testing? And and do you recommend it's something that they that people do?
Terry Ziemniak [00:40:15]:
So a penetration testing is you you you you you pay someone or a service to come in and act like a bad guy trying to get in. So there there's different ways you can go. It can be a big big or small. There's automated ways to do it as well. But, effectively, you're having someone pretend like they're attacking you, and then you hit them. Penetration testing is good. It's a value and, frankly, may be required. Again, if you're if you're signing a contract with a business, the business may say, you know, question 14 may be, do you do an annual pen test? You may be required to do a penetration test.
Terry Ziemniak [00:40:46]:
But but I'll tell you, penetration test really may be step 2 or 3 along the the the process of which call vulnerability management. Looking for your issues and dealing with it. That testing is good, but I think most companies miss the earlier step of just simple vulnerability scanning. There's easy inexpensive tools that will just crawl your network and say, we're transmissing a patch. You know, administrator has a blank password. You're using an unencrypted whatever. So there there's very simple tools that do what's called vulnerability scanning. From And and that would that'll find 90% of what a penetration tester is gonna find anyway.
Terry Ziemniak [00:41:20]:
Much cheaper, much easier to resolve. So vulnerability testing before you get up to pen testing.
Rob Durant [00:41:26]:
So how do businesses measure the effectiveness of their cybersecurity programs?
Terry Ziemniak [00:41:33]:
Well, that that that's hard because that that's a risk. If your measurement is 0 cybersecurity incidents, you probably have the wrong measurement. Because, frankly, cybersecurity incidents and you gotta ask yourself what's the definition of an incident. You're gonna have incidents. Incidents happen. You know? Maybe Cherry clicks on a link, and your computer kicks into action, says, hey. I see a virus, and it stops on Terry's computer. Everything's good.
Terry Ziemniak [00:41:59]:
That will be an incident, but it's not a bad thing. We've got more training to do, but our technology worked fine. So it and on the other hand, you get a really bad incident where ransomware comes through and just destroys your your whole company. There there there's different ways to define, an incident. Your metrics really shouldn't be that. Your metrics really again, I go back to the idea of a framework and maybe KPI. So your framework is how well do we align with, NIST cybersecurity framework, structure. And within that, they even have things like, maturity.
Terry Ziemniak [00:42:31]:
So the framework may say, make sure you do use your education. And we know we have new education, but what's education? Do we, spend 5 minutes in onboarding Terry and tell him about not clicking things? Well, it's training, but maybe it's not mature training. Do we do quarterly testing? Do we verify all the testings done? You know, do we have skills based testing? So there there even something as simple as training, there there's good training and there's great training. Okay. So, your metrics should be we know where we wanna go based on a framework, and we're maturing along the process. Those really are the right metrics because, again, incidents are gonna happen. So you have framework alignment. Maybe a second thing to look at, Rob, would be your metrics.
Terry Ziemniak [00:43:12]:
So you wanna mature your program. Maybe your metrics are, how many clicks did we have? So this year, we had 5 bad clicks. That means we need to improve our cybersecurity training. You know, this year, we had, I don't know, viruses come through. We we had 0 viruses. KPI is great. Maybe we don't need to focus on that at 2025. So I like metrics for helping you focus on the hot spots.
Terry Ziemniak [00:43:39]:
So decide what your key metrics are, 5, 6, 7 of them. And then, again, pick a framework which which is really your structure and keep working and maturing through those frameworks.
Rob Durant [00:43:51]:
Alright. Now, Terry, bring out your crystal ball. What are we looking at for the next 5 years in terms of preparing against cybersecurity attacks? Boy,
Terry Ziemniak [00:44:04]:
I forgot to bring my crystal ball today along with my, Christmas sweater. So let's see what we can do. You know, looking forward, I I I again, I I I don't wanna focus so much on the technology. I think about more along the business, view of cybersecurity because, again, we're talking about business risks. So as businesses move forward, you know, more and more consolidation we we if you're a company a and buying company b, you're inheriting all of the cybersecurity risks as company b. So, you know, think about the business trends consolidation. As Tracy said, there's a lot of more integration between the companies, and that's impacting us on a business perspective. Because if you rely on company b to do your, I I don't know, your your accounts payable or your payroll or whatever, if these companies go offline, that impacts you even though you have no control over their cybersecurity.
Terry Ziemniak [00:44:55]:
So those dependencies are becoming more and more of an issue. You know, in the next 5 years, our business is gonna offshore more. Are they gonna start onshoring again? That's gonna impact cybersecurity. There is gonna be a lot of focus on artificial intelligence, over the 5 years, undoubtedly, and the businesses are gonna focus on that. So in the AI space, we know the bad guys are using it. But even as a business tool, things like, are we you know, is an AI done securely and appropriately within the business? So, in in the actually, I talked about the cybersecurity framework for NIST. NIST actually has an AI framework as well. They don't they only have, like, 3 or 4 big frameworks.
Terry Ziemniak [00:45:36]:
They have an artificial intelligence risk framework. And I did work through that with with a company. And and in the AI space, you know, bias and and and transparency, and can we validate what is producing? Can we protect the data? So the cybersecurity around the AI solutions are certainly gonna be focused over the next several years. And maybe the last thing I'd say is that these social engineering attacks are gonna get better and better and better. So me pretending to be your bank, me pretending to be your kid, your grandma, whatever it may be, these attacks over multiple channels. Actually, I my, I know someone, a a a young woman who was convinced to send money because someone got in their Slack channel at work. Someone hacked into her friend's Slack account, got into Slack, and then they're saying, hey. I've got a problem.
Terry Ziemniak [00:46:26]:
Can you send me $200? So the the the ability to pretend to be someone else is gonna be, much more risky because AI is gonna do a a a very good job at that over the next several years. So, again, the protection of that, business owners set your processes in place. We don't change bank routing information based on email. We don't change the information based on, phone calls and Zoom calls and text messages, wherever it may be.
Bertrand Godillot [00:46:54]:
So And and on and on that and on that sorry.
Tim Hughes [00:46:57]:
No. Go ahead.
Bertrand Godillot [00:47:00]:
So what what I would now call the mission impossible risk, so the deep fake one. You said the the answer to that is processes, and maybe maybe it's just because I'm French, but how much, flexibility are we gonna lose? Because that's sometime the the the the the the, how do you say, the the, the the counterbalance of, of a process.
Terry Ziemniak [00:47:29]:
Well yeah. Because end of the day, again, humans are fallible. Humans are social. We wanna trust people. So that's exactly what social engineering is designed to do is is to play off the way people interact with each other just like frauds have been happening for 100 of years. You know? You interact. You trust people. But, again, you you everything can be fake these days.
Terry Ziemniak [00:47:49]:
The communications, the videos, the audio. Again, we talk about Tracy, the example of Legos and our and our young kids. All this information is gone. They should really can't trust anything. So you train people to detect these issues. But at the end of the day, if your business process says you the only way we accept changes to bank routing information is blank, whatever it may be. Maybe it's an email and maybe the company calls a known person and and validates that. So, yeah, these deepfakes are gonna get better and better, and there's no stopping them.
Tracy Borreson [00:48:24]:
Terry, I just wanted to, like, quickly ask on that because my brain is saying this is the point of 2 factor authentic authentication. Right? Is that I do this, and then it's like and you also need to do this in order to prove that you are who you are. And so there's I mean, there's a lot of fairly quick processes that are possible in order to do this. Right? Like, if you have someone's text number phone number, you can call them. So, like, hey. I saw you on this video chat, but we have this rule that you have to 2 factor authenticate any payment, anything. So, like, I'm gonna call you and confirm that that was you doing that. And I mean, like, at some point, I'm sure the fraudsters are going to get to the point where they've hacked multiple channels and then can do that too, then we have 3 factor authentication in all of these things.
Tracy Borreson [00:49:15]:
But, like, I mean, I I feel just also to comment on Bertrand's question is that if we're being intentional about these things, probably don't have to spend too much time or lose too much flexibility on that, and maybe even kinda gain some flexibility because we have that knowledge of, like, this is what we do. I don't have to spend my time worrying about what do I do because I know what I do. I 2 factor authenticate everything, and it takes one more minute, but, like, it's way more secure.
Terry Ziemniak [00:49:47]:
And I think
Tracy Borreson [00:49:48]:
from a business perspective, a lot of times, we think we don't have one minute. But unless you're in the hospital saving babies, like, you probably have a minute. So let's take it.
Terry Ziemniak [00:50:01]:
Yeah. Yeah. It goes back to the original statement of secure enough. You know, if you're a bank and you're doing a $100,000,000 transaction, I'm guessing there's a whole lot of processes in place to make sure that's a legitimate transaction. If you're a small business owner and it's $200 Venmo payment, maybe a care, maybe a don't. So you gotta think through those thresholds. To your point, Chris, you don't wanna stop business. You could be Fort Knox, and you could triple authenticate everything, and you could drive to your house and look at them and shake them and make sure they're a real person before you make a change.
Terry Ziemniak [00:50:32]:
That that's, you know, nothing wrong with that per se, but it's not the right way to run your business. So, yeah, think about those risks. And don't forget, there's a lot of smart people out there to help you. So your bank can help you with conversations like this. Your cyber insurance company, your IT service provider, their cybersecurity folks, yours, people like me. To help you think through and and figure out what the logical the the right level of security is for you.
Adam Gray [00:50:55]:
You well, you say that, but I when Rob said about he got an email from his bank with a link on it, oddly, this morning, I had an email from my bank as well, and it had 9 links on it. Now some of those links were contact us, whatever. Some of those link so none of them were links that were necessarily not legitimate, and not all of them were links to the bank. So some of them were links to their social properties. Some of them were links to the contact us page. But I guess that the point is that and Rob's point that they should be an exemplar of good behavior here. They're sending an email to you that says, you need to be careful that you don't click any links. Read how you don't click links by clicking this link is kind of is is madness, isn't it?
Terry Ziemniak [00:51:51]:
It is, but it's not frankly not the biz not the bank's job to make sure you don't click on links. The banks of business like anyone else, they've accepted the risk of doing sending you links because they know you have to multiple factor authenticate before you can get to account, so their stuff is safe. In in different places.
Adam Gray [00:52:11]:
Yeah. But my my my point was so I I create a Bank of America website that looks just like a Bank of America website and actually reads bank of America.com at the top, but the bank has the different a in it and stuff like that. So it's a completely cloned site, and I land on it, and it says, you need to log in. Yep. So instantly, I'm gonna give them my username and password. Now, yes, I need all a 2 step authenticate we're gonna send a text to your phone. But at that point, they've already got my username and password, so who knows what that might open up. And it reduces one of those, so it then effectively becomes one factor authentication for them to get through to the next stage.
Adam Gray [00:52:53]:
And I just think that that it's becoming, particularly with with the advent of AI and the ability to be able to to process lots of these simple transactions and and randomized thinking for password checking and stuff like that, we do need to become incredibly cynical, don't we? We do need to be extremely careful about how we interact with the things that are sent to us even if they claim to be legitimate.
Tim Hughes [00:53:20]:
We have to assume everything that's sent to us is is is is wrong.
Adam Gray [00:53:26]:
Yeah. And, you know, I remember it's not that many years ago Right. Right. We had the, I love you virus. And, you know
Tim Hughes [00:53:35]:
About 20 years ago, Adam. Yeah.
Adam Gray [00:53:37]:
But but for me but
Terry Ziemniak [00:53:39]:
for me he was born.
Adam Gray [00:53:41]:
Yeah. But but the point is, you know, a friend of yours sends you something that says, I love you. Here's a little message just to to show how much you mean to me. And it's it's come from you. So, of course, I'm gonna believe it.
Tim Hughes [00:53:54]:
I was at Oracle Corporation when that came out, and it took the whole of the email of Oracle Corporation's email down. And I probably wasn't supposed to tell you that. So it's our secret. Alright?
Terry Ziemniak [00:54:07]:
We all knew it. Right?
Tim Hughes [00:54:09]:
The suggestion of limitations is passed on
Terry Ziemniak [00:54:11]:
that one. Sorry.
Rob Durant [00:54:16]:
I find
Tracy Borreson [00:54:16]:
it interesting, though, because, like, I used to work in automated voice notifications, and we did a lot of work in claim status updates, bank notifications, like when your account has been flagged for fraud. And one of the things that we would always say is that this is a notification notifying you of this, but we will never call you and ask for account information. Okay? So, like, if someone calls you and asks for account information, do not like, don't do that. But it was interesting even to think about it now is that, like, we did that on the calls because we thought it was really important, but I don't know how well the, like the user was informed of that in other channels outside of the call. So if like, this is the first call you've gotten, then we've told you. But if it's not the first call you've gotten, then you might not know that. So it is interesting, I think. And like you said all along, Terry, it's a balance.
Tracy Borreson [00:55:14]:
Right? Like, what as a business, there's there's the security part, but it there's also the customer service part. Like, how do we service our customers? How do we take care of our customers? We know these types of things are happening in the market. Are we going to take the onus of that to help our customers, or are we not? Business decision.
Rob Durant [00:55:34]:
Agree. Terry, this has been great.
Tim Hughes [00:55:37]:
Thank you. How can people
Rob Durant [00:55:38]:
learn more? How can they get in touch with you?
Terry Ziemniak [00:55:42]:
Yeah. Thank you, Rob. It's been a pleasure to talk with the panel. I I work with a company called Tech CXO, and we're a collection of fractional executives. So if you're interested in more information, reach out to me at Tech CXO, and, well, just look on the cybersecurity page. Fantastic.
Tim Hughes [00:55:59]:
Thanks, son.
Rob Durant [00:56:00]:
We now have a newsletter. Don't miss an episode. Get show highlights beyond the show insights and reminders of upcoming episodes. You can scan the QR code on screen or visit us at digital download dot live forward slash newsletter. This is our last broadcast of the year. We are going into the holidays and taking a short hiatus. To everyone that has been an active participant in today's show and this whole season, I want to take a moment to thank everyone for being an active part of the digital download, and we'll see you next year.
Tim Hughes [00:56:40]:
Thanks, Kyle. Thanks, Gary.
Adam Gray [00:56:42]:
Thanks, Kyle.
Terry Ziemniak [00:56:42]:
Thanks, Kyle. For that.
Bertrand Godillot [00:56:43]:
Thanks, Gary. Thanks.
#Cybersecurity #BusinessResilience #DataProtection #SocialSelling #DigitalSelling #SocialEnablement #LinkedInLive #Podcast
