ce Martin Hinton (00:03.308)
Recording, all's good. All right.

Martin Hinton (00:12.546)
Welcome to the Cyber Insurance News and Information Podcast. I'm your host and the executive editor of Cyber Insurance News, Martin Hinton. And today we're joined by Michael Crean, Senior Vice President at SonicWall. And we'll get into what they do. And Michael, first we're gonna get into your background. Michael, first of all, thanks so much for joining us. How's your day been so far?

Michael E Crean (00:32.526)
You know what, it's been pretty good day. yeah. It's actually been a good day, good week. My daughter graduated from high school last week and so I'm kinda riding the euphoric eye still.

Martin Hinton (00:42.412)
congratulations to her and you and and everyone else for that matter. yeah, it's a it's a good time of year. You're you're one of a few people who I've I've I've spoken to lately who've been in that situation in college and and high school. So yeah, it's it's something to take a pause and and to cherish. I think we we don't do that enough. So congratulations. Michael, you joined the United States Army in nineteen eighty nine and you served for a decade.

And then you went into cybersecurity. Now those may seem like non sequiturs, but they're not. And I wonder whether you might tell me a little about your military background and how it informs and morphed into your, you know, fairly senior role in the cybersecurity world.

Michael E Crean (01:29.07)
You know, I think one of the things and you know, I attributed some of my leadership qualities based solely on what the military taught me, which helped me out a lot when I got out of the military and getting into IT and you know, in a data center security s security are a data center role as an operations manager and starting my own company, realizing that leadership has a much younger foundation.

And it probably wasn't until much later in life, and I kind of missed the boat with it that, you know, seeing what my parents were showing me silently. my mom and dad both worked for General Motors. My mom worked a factory line, you know, and she started there in 1967. So could you imagine what working in a factory was like in 1967 in northeast Ohio? There was no air conditioning. There was definitely heat because it gets really cold up there, but there certainly was no air conditioning when she's standing on that line building electrical harnesses.

and what I realized is I never saw her complain about her job. I never heard my dad complaining about his job. Now, they probably did it, you know, but they never did it in a way that my brother and I heard it. And it's something that I think has really influenced me in my ability as a leader here at SonicWall, as a former CEO and founder, and just generally transitioning from, you know, we'll call

The wearing of the green to maybe a little bit more wearing of the blue. no reference to IBM, but you know I think you know where we're going with this coming out of the crawling in the dirt a little bit to sitting behind a keyboard and doing certain things. And, you know, I I so now I give a lot more credit to my parents about what I've transformed into and the military as well, because I think it just enhanced my abilities to understand what a really bad day looks like.

there was a common saying that I used quite frequently when I would have an employee that was having a rough time or just got off a a terrible call with somebody just handing it to him is like here's what I'll remind you is that nobody's gonna die today. Nobody's dropping a bomb on you, nobody's shooting at you, and you're gonna get out in your car and turn on your air conditioning and it's gonna be fine and you're gonna sit in this really comfortable environment and then you're gonna spend your thirty to forty-five seconds walking into your house that's climate controlled, and when you go to bed tonight.

Michael E Crean (03:53.185)
It's going to be a nice, soft, squishy environment that's going to feel great. And that reality, because I've experienced those things, can certainly change how you feel, the words that you're using, and when you start to feel what a bad day can really be, that it's just not as bad as it could be.

Martin Hinton (04:15.966)
I I I I second that. The very few things are as bad as they seem in the moment. and it is maybe the tattoo I I need to get because y it's hard to remember, isn't it? w before we move on to SonicWall and the other broader topics we're gonna discuss today, I have spent much of my journalism career in the military space. I spent six years doing military history documentaries and I've done volunteer work with veterans transitioning out of the military. One of the things I'm

Michael E Crean (04:26.893)
It is.

Martin Hinton (04:45.506)
Familiar with is just how many post-9-11 veterans there are and are going to be. And one of the other things I know is that the world of cybersecurity has a talent glut. So I wonder whether you might have a pitch for maybe it's a recent veteran or someone who's still looking for their post-military career path, or someone who's, you know, eye on their DD 214 and come into that day, whether there's a pitch for this business and how.

It's maybe a natural fit or a good transition or maybe something entirely different. That's a another challenge that that you know, if you've gone through certain things in certain environments, you can meet.

Michael E Crean (05:23.648)
I think that's one thing that the military teaches you. There's probably nothing that you can't do if you're just willing to try. And when I say try, I mean really try. I once had this opportunity to testify on at the Senate, and it was a Senate subcommittee around small to medium businesses and how cybersecurity was affecting them and what was happening. And the gentleman that was on the Senate subcommittee, and like wish I could remember his name, but you know.

My my memory for names isn't what it once used to be. But he

Martin Hinton (05:56.493)
You you make no make make no apologies to me. I was about to call you Bob, so you know we're we're good.

Michael E Crean (06:01.832)
There you go. Well, that would be I I might answer just in case. If you it, we'll be fine. he made the comment to me is that you traded one battlefield for the next. And the reality is it's true. It's not the battlefield, like again, nobody's shooting at you, nobody's dropping bombs on you. and we may not necessarily be saving lives with every one of our actions, but we are saving something that's incredibly important to someone. And so lots of people that join the military have this higher calling.

Of purpose that they want to be of service. They want to give back. They want to take care of those that can't take care of themselves. They want to be a protector to someone. That's what, in my role, on the defensive side of what we do in cybersecurity, that's everything that we're about. We're about taking care of those that can't take care of themselves. We're about stopping a threat actor. We're about stopping sometimes a state-sponsored threat actor, some nation state.

That's trying to take advantage of something that they shouldn't be. And who's that line of defense between that end user, that customer, that organization, that business? It has to be people like me. And I think that military members transitioned into that role easily. And sometimes there's this, well, nobody's gonna give me a chance because that's not the skill that I have. You know, I was an infantry guy, I was an army ranger, I was a navy SEAL, I was a

paramedic, I was a whatever, whatever you did in the military, it does not matter what you did. You don't have those cyber skills. But there's lots of skills that you have that people may not have anything like you. Your ability to think creatively, you know, your ability to take a high stress situation. Some of those things you can't teach. Those are learned behaviors and

you know, somebody that maybe went into the military when they were 18 and spent 10 years and came out at 28, and somebody else who went to college and got their master's degree that's starting their career in IT, whatever it may be, cyber, like there's so many life lessons that we have to give ourselves credit for, I think, as military members that are incredibly valuable that sometimes we sell ourselves short.

Martin Hinton (08:16.768)
I I I I second that and I I I'd like to add that there's a perhaps there's a more practical benefit. Most of America exists in a corporate environment and coming from a complex corporate style bureaucracy like a lot of the military can be, you learn how to s sort of navigate and survive in a place where maybe the rules don't entirely make sense right away and that you're you've got a you know, boss who's not particularly good and your subordinates who are, you know, annoying. Like there is it's a dynamic environment where the

the pressure and the the the the purpose and the goal are incredibly important and complicated. And so you know, again, like I said, the the th there are a lot of skill sets that may not be literal on paper that translate well. And you know, I I to to broadly to civilian life and I think that gets lost on a lot of people 'cause of s how few people serve in the military now. I mean what is it? One or two percent of the nation has has that that exposure and and I think for a lot of us who who aren't exposed to it, not myself included, but

that there is an idea that, you know, it's just running around with a gun and it's so much more than than than that. There is there is that. But but yeah. So

Michael E Crean (09:21.964)
It is. I mean there's I mean, you know, every deployment has an incredible amount of logistics behind it of how you're gonna get there, how you're gonna get the supplies you need, how you're gonna get the food that you need, how you're gonna move through whatever it is to the objective of wherever you're trying to go. Like there's a lot more to it than just carrying a gun.

Martin Hinton (09:42.253)
I I y you you touch on one of my favorite things. I I I did carpool once with a retired arm Navy captain who ran logistics during the Ful First Gulf War, and he was the first guy I had a really great conversation with about how everyone hears about the tip of the spear, but it's not there without all the other parts that no one puts on television or writes movies about. Or you know, you don't you don't get a lot a lot of books about why the ship is packed the way it is as it arrives in a port, you know, halfway around the world. so yeah, that that idea about why things happen the way they do and ha

having purpose it's not always clear and the the unseen is as important as the scene is another part of it that that I I think is is a a lesson that you I like you said, it's an experience, not a not a not something you can teach. so I wanna I wanna transition now. Just just tell me quickly, what does SonicWall do?

Michael E Crean (10:31.246)
So historically, what everybody knows us for is making firewalls, because that's what we've been doing for three plus decades. You know, we've been making really great firewalls that service the small and medium business, large enterprise, government, just about anywhere you can think of, we have firewalls in those locations, those businesses, those ways of life. but a lot has changed. You know, firewall isn't the only thing anymore.

You know, we have security operations centers now. We have MXDR offerings so that manage detection and response capabilities where we can pull in telemetry from just about anything. You know, and it isn't even just about SonicWall anymore because so many people have opportunities to buy lots of different vendors technology. And sometimes they're looking up for the best of breed. And why shouldn't somebody be able to pull all of that telemetry, get all of that?

data out of these great tools and bring it back to somebody so that they could watch it 24 hours a day, seven days a week, 365 days a year. So we have those. We have our own switching. We have our own wireless access points. We have so much more than just being a firewall company that most people don't even know that we do anymore.

Martin Hinton (11:52.089)
So in that context, let's pivot to sort of the the topic of of of the day is Iran and the threat they possess, not in a traditional military point of view. We we all hear about the Strait of Hormuz and and drones and exchanges of fire in in the Gulf. This is really more about their greater reach. So what does the data actually show us about Iran's capacity in the cyber warfare realm? And I I want to take you back to sort of early September when

You guys shared some information about what you were seeing and that sort of thing. So walk me through that.

Michael E Crean (12:29.102)
So, I mean, kinetic warfare doesn't stay. It reaches, it goes. I mean, look, one of the things about kinetic warfare, if you go back multiple decades, like what do you want to do? You want to take out infrastructure. So you want to knock down communications, you want to take out power, you want to take out those things that make it hard to work and do your job, whether it's, you know, military or government or whatever. You need these things. Well, now it's easy.

To reach 10,000 miles away and take that kinetic action that used to be contained, localized to where the bombs are being dropped and the bullets are being fired, to it no longer stays. I mean, we've already seen it. We saw a large breach of a medical manufacturer company. And that was done by an Iranian backstage sponsored threat actor. And they went in and they shut it down and they

encrypted and they took advantage of this organization. And most people think, okay, well what's the harm? How could that affect me? Yeah, they're a global organization, but there is an interesting number of the amount of procedures that they participate in on an annual basis by the devices that they manufacture. I think and and I could be off on the numbers and I apologize if I'm wrong, but I think it's almost 30,000 procedures a day is what I think the number was. You know

Martin Hinton (13:53.805)
I think the number the number of my notes is thirty six thousand. But w what we're talking about is an enormous number of lives, both the patients.

Michael E Crean (14:01.292)
Yeah. And if you shut down manufacturing just for ten days, you know, that's three hundred and sixty thousand procedures that somewhere along the way are going to get delayed. So how do I feel if my mom needs a procedure and this device is no longer available for a period of time until they get manufacturing back up because the supplies have run out? You know, what about the people that they've had to send home? You know, they had to send their entire workforce home.

From Ireland for days. You know, so this is a huge impact and it was done with purpose. Like this wasn't some Sunday drive-by that they were hoping to just catch something. They knew what they were looking for and they took direct action against a company that is US based, that has a global reach, that now caused harm to lots of people and people that would think this could never be about them, but now it is.

Martin Hinton (14:58.476)
You you know, obviously the scale of it, th thirty six thousand procedures a day, multiply that by however many days that that they were unable to to operate. Do you view that as a low end or a medium h where does that fit in the scale of what's possible? you know, obviously you the the you know, we the movies come to mind, but but was this a warning shot or a hey, don't forget we've got this weapon, we're not just gonna be able to

you know, close the Strait of Hormuz, we're gonna be able to reach you anywhere in the world. Because the truth is these these cyber attacks are, you know, they don't need to respect borders, geography. I mean, I I think it's fair to say that the belief, and you could tell me w how how confident you are of this, that this is a state backed attack, the Iranian state backed attack, but it's very easy to hide that reality and then make it hard for the ceasefire negotiations to be disrupted by a cyber attack that you can't reliably attribute to the other party. Am I wrong to say any of that?

Start with the beginning. Start w I think I d I made the mistake I often do of asking three questions in one. How on the scale of of of cyber attacks, th this is the striker attack we're talking about, where does this fall in in in the sort of scale of of, you know, one to ten, one being okay and ten being horrific?

Michael E Crean (16:16.598)
You know, I don't think we are I in just personal opinion, I don't think we see this as horrific. I think the people at Stryker probably see this as horrific. I think the employees feel the pain of this being horrific. an individual that maybe doesn't get the medical procedure that they need that gets impacted by this could see this as horrific. I mean, on a scale of one to ten, I'm probably putting this at a seven or eight. You know, it's significant enough.

The unfortunate part about this is that our news cycle moves on to the next thing and moves on to the next thing and moves on to the next thing. And now we're a society that consumes information 30 to 45 seconds at a time. And you know, it's the squirrel. there's a ball, there's a dog. I'm going on to I mean, whatever it is, we're just moving so fast onto the next piece of information.

You know, it would be one of those ones that would be interesting that if you went out on the streets of New York or Washington DC or San Francisco and said, Hey, what do you know about Stryker? Most people probably wouldn't even be able to correlate that there was a cyber attack. And and it wasn't a little attack, it was big.

Martin Hinton (17:28.472)
Yeah, I I I wanna just layer on top, having been in this field of journalism for a couple of years now, the other challenge is it's not visual. And the example I've been using lately is if the Jaguar Land Rover hack were a were not a hack, but someone had, you know, burned a factory down, it would have been on the cover of the paper. It would have been it's visual, it's easy to show, you know, and and the di the digital stuff is vapory and we know how much information w is perve

Michael E Crean (17:39.15)
Correct.

Martin Hinton (17:58.305)
attained through video now. And if it's not visual, it becomes extremely hard to gain people's attention. And that's another layer in the complexity of both this story or any others in this space where, you know, to illustrate the the vapor of the internet that's around us all and we rely on and and and are desperately in need of to do most of what we do professionally and maybe even personally, it's it's something that is a real challenge in presenting the danger to this. Because

the the striker attack is is just one example. I mean this sort of thing I think when we s planned this call we we discussed the two men who the last I looked were indicted in Sudan for im attacking the early warning system prior to the October seventh attacks in Israel. And this early warning system was designed to alert people that they needed to seek shelter or go somewhere secure. You know, there's a danger out there. And the the allegation in the indictment is that

Because of what they did, more people died and suffered. And th so instead of prepping the beach, if you will, with a you know naval bombardment from a battleship, you turn off the lights, to put it very simply. And it has the same effect of disrupting the lives of the people that you're looking then to attack in the follow on mission. I mean, are there w what other examples are there out there? I mean, what do you have to say about that one?

Michael E Crean (19:22.316)
No, I hundred percent agree with you. It is it the unfortunate part is I think we live in this bubble. And maybe not you and I, because you know, this is this is a part of your job. This is what you know, you're hearing about it every day. Obviously, it is an absolute part of my job, and I'm on the defensive side of this with my teams behind me. And so we are technically seeing it every day, big and small, you know, well prepared organizations, ill prepared organizations. the unfortunate part is is that

Most people, you know, and and there's some good statistics out there, numbers around this today, that most organizations that get hit with ransomware have business email compromise. They actually find themselves getting hit a second and a third time because they don't think that they're a target again. And it really makes like these two guys out of Sudan, it takes what you know the Iranian state sponsored threat actors are doing. It takes just about any organization out there, whether it's Russia, North Korea.

some homegrown, you know, radicalized US citizen that's taking these type of actions. And to your point earlier, it is really hard to prove. Like with confidence, we can absolutely say the striker attack was backed by the Iranians. We can say that with confidence. But you how do you prove it? How do you put something tangible to it that it gets people's y you almost need an emotional response?

for people to take it serious to then say, well, what do I do? Because I think that is the challenge right now for me that I find with most of these attacks is that people don't see that they have any responsibility. They don't see that they have any means of making a difference. And they can, you know, it's that six degrees of separation from Kevin Bacon theory. I mean, look, I have access to things

My brother has access to my mom, my mom has access to me. And if my brother falls for something and then it creeps through to my mom and I'm not paying attention to it, and she sends me an email of like, hey, look at a picture of my dogs. And I'm like, okay, I want to see the picture of mom's dogs. And then I click on it and then there's something that gets dropped into my systems. Like, that's three people. That's all it took. So, you know, there's

Michael E Crean (21:43.822)
There's a much bigger responsibility that we have to participate in safeguarding ourselves, which in turn safeguards our nation.

Martin Hinton (21:53.983)
I I mean you make a very good point and I I mean I one of the things that I've had conversations recently with people about is the and the the the phrase I use is almost a a childhood era digital version of look both ways before you cross the street. And I I don't know if I mentioned this when we spoke originally, but my niece who's eleven or twelve and in the public school system here in New York was telling me about her cybersecurity class or seminar or part of her curriculum.

And I thought it was gonna be all the traditional, you know, online predator type stuff. And no, she she laid into MFA, complex passwords, and then really, really interestingly, she s sort of spoke in a in a almost philosophical terms about remembering that we've put all these things we value into a digital space and we should protect them like they're anywhere, like they're in a physical space. You know, you lock doors, you d lock the second lock on your apartment door if you've got two and you turn the alarm on.

that that we don't have that attitude about our digital well being. Maybe it's because it's abstract, or maybe it's because we didn't realize how vulnerable we are or the value that these things create for other people. The other thing you just said, and it's it's interesting, the network of we hear about computer networks all the time. Well, those networks connect people and whether it's a company or a family, you you know, the idea I mean, I I recently did a podcast where the cybersecurity

CEO I was interviewing talked about how a woman wanted her family to get super fit for her wedding. So she was looking for a gym membership for the family. And she posted it on our Facebook page. And her dad worked at some company that has, you know, a ripe target, had value. And so the hackers targeted her with a fake family gym discount membership. And that was how they got in to her Facebook page or perhaps it was an Instagram, but some social media posts that that became their back door. And that that is, you know.

it it is it's not easy, but it's it's it's it happens all the time. y you know, I I guess I y you described the sort of the slow and low energy thing, that the there's this sort of, you know, the the persistence, particularly now with AI able to send a well written and that you know, we don't get the misspellings we used to from the Nigerian princes. And the volume is significant, that it becomes like a numbing kind of thing. Like you so much email, so many texts

Martin Hinton (24:17.624)
phone calls to your phone that we we sort of, you know tell me about that sort of psychological reality of that sort of slow and low energy kind of assault on us.

Michael E Crean (24:28.16)
I call it the goldfish theory. You know, my daughter says to her brother, he's fifteen, she's called him a goldfish a bunch of times because she feels like he can't remember anything from second to second. And I think that's what this low and slow is. It's a little bit of that idea like if you had a goldfish, they're one of the hardest creatures to keep alive. I mean look, if you've ever gone to a fair and played the ping pong ball in the bowl and you come home with the goldfish, like

How hard is it to keep this stupid little thing alive? but if you were to just put a goldfish in a bowl of water, and if every day you just turned up the temperature a half a degree, like the goldfish just swims around, living its best life ever until one day that water has gotten so hot and they didn't even know that it was hot and they're dead. I mean, that's what this low and slow is desensitizing us.

Because it's this constant numbing. I think that, you know, you you said it, and I think that's a great way of putting at it. It's just this constant numbing and barrage. And if you're forced to deal with, you know, a hundred bad things a day, eventually you're gonna drop your guard. Not intentionally, but you've just got so much you're trying to do so fast. And if you have to get those hundred things right to never click on them, never to answer them, to never anything, you're eventually gonna make

Mistake. I mean, nobody's that good. but I love what your niece is learning. Like that is powerful information. And whoever put that program in place and whatever they're doing, I hope that that gets replicated in lots of places. Cause, you know, I think about my mom. You know, she's in her 70s. She didn't grow up with computers. There was no such thing when she was a child. You know, this is new to her. And shame on me if I don't impart enough knowledge to her.

that gets her in trouble. but you know, there isn't a lot of people out there that have a particular set of skills like I have that are can educate their moms and their dads that are in that seventies, eighties today.

Martin Hinton (26:34.614)
Yeah. I mean you y you you touch on something that I'm still trying to wrap my head around is that, you know, passwords are really not secure and they never really were. Like the whole the the whole idea that that that you know the th it wasn't like a combination on a you know, a a lock on your locker in high school or even a key to the door. There is th there there is a a placebo effect to the password that that seems to be lingering. Like the idea that that that you could use the same one in multiple places, you know, that that sort of thing is is

I the I'ca what I'm getting to is I was at a conference last week in Columbus, Ohio, and a gentleman in one of the panels I talked to is like he said he said, you know, we kind of need to introduce a little more friction at points. We've made everything so efficient. We need some moments where this you know, friction is and it creates a moment to think, wait a second, should I wire this money to that person? Or wait a second, I gotta double check that that act that new bank account is actually legitimate as opposed to just sending the money off in a in a  business email compromise scenario.

I mean, d what do you think about that idea that there is you know, we've embraced the the the frictionless reality of of internet commerce and the the the speed and efficiency it's brought to our economy to great benefit, mind you. but there is maybe a a price come t to to be paid here for for the next, you know, ten years where we kinda get things sorted and get right, particularly with things like quantum computing coming online. What do you think about that?

Michael E Crean (27:59.747)
I absolutely think we've made things too easy. I mean, and there's some really great things that have come from it. Like, look, who doesn't love a car that will tell you you're about to rear end somebody? And it starts applying the brakes for you. One of the best things that I mean I appreciate that lane assist, but where I appreciated it the most is when my youngest daughters my youngest daughter started driving. And she was commuting every day to school.

And driving about 30 to 35 minutes. And she was getting on, I live in the Washington, DC area. So she was getting on 495 every day, driving around the Beltway, getting on 66, heading into Arlington. And as a young, inexperienced driver, I loved the fact that lane assist is available to keep her in the straight and narrow. But does that make her a good driver? Probably not, because it makes her so dependent on what that technology is doing for her.

so yeah, we need some friction points in our life. There was a really cool statement that I heard the other day, and I I don't know who said it, I can't remember, and I'll probably get some of it wrong, but there was something about hard times, no, there was something about hard times make hard men. Hard men make easier times. Easy times make weak men, and weak men, you know, make hard times.

And so there's this cycle that we go through and you know I think that kind of applies here is that we've made it too easy. and that causes some of its own issues and challenges.

Martin Hinton (29:36.877)
Yeah, I mean you you make a good point. I mean you you know, putting it into the the threat actor mindset, in addition to that reality and the the the function of us feeling like we need to do everything immediately and respond to emails very quickly and that sort of thing, there is the added benefit for them. They know everything about behavioral psychology and manipulating people through colors and fonts and, you know, timing of the day and, you know, get people at four o'clock on a Friday with an urgent email and they're gonna want to

deal with it fast so they can get off w off for the weekend and that kind of thing. We know this all happens. So there are in some ways we've supplied the adversary with a a pretty, pretty good tool shed worth of things to use against us that at least broadly we're not defending against. And I say that both on the personal and professional level. You see even large companies where they, you know, they don't quite seem to have appreciated the vulnerability and the

the the damage done when it you can't do business for 72 hours or even longer. you you you you you know one of the things that w setting aside the business part of it, we talked about you you touched on healthcare in the striker case, but in the wake of the Iran, there is a lot more attention played to critical infrastructure, energy, water, we obviously mentioned healthcare, but even financial services and then government facilities and that sort of thing, like water treatment plants and that kind of thing. I wonder whether you might talk about

What you're seeing in that space with regard to I know that it was April seventh there was an advisory from the FBI, CISA, and the NSA specifically naming water and energy. But but that part of it, the idea that and the premise I that I've read about, and you can correct me if this is wrong, is that a lot of these systems may have already be been infiltrated. Not unlike prior to the Normandy landings on June sixth in World War Two. We dropped, you know, spies

behind the lines or commandos behind the lines to link up with the French resistance to prepare the defense. That that there is more than the landing of the invasion force that goes into us, that there are these things that may be happening, sleeper cells in the digital sense, lying in wait to turn off the power on the West Coast should China ever want to actually invade Taiwan or some other variation. You know, I you could imagine if the power went out we know what happens when the power goes out, right? Like that's the the it's

Martin Hinton (31:51.427)
Like the holy grail. And we're we're seeing that pressure naturally now on the electrical grid in America and talk of maybe we didn't develop it fast enough or, you know, whether or not this reason or that reason, doesn't matter. Here we are. So what about critical infrastructure in this space and and and where it stands in relation to Iran specifically?

Michael E Crean (32:10.382)
You know, I think that it's a smart target. You know, if you really if you really believe in your country and you're at war with some other country and you can't physically get to them, take down their infrastructure. Make their people hurt. You know, we we quote unquote are hurting their people by dropping our bombs and firing our bullets and doing those type of things. you know, who really knows why the internet was shut down in Iran? Like

It came back on recently, you know, but was that because we took it offline? Is that because they took it offline? You know, they will probably claim that they took it offline. But who knows if that's true or if it's not true? But if you really want to hurt somebody, and this goes back to kind of, you know, war fighting one one, take out their power, take out their infrastructure, take out their communications, and taking out the power in this country.

has a devastating effect. I mean, think about the problems, and Amazon doesn't have very many outages, but they've had a couple outages where you've seen like AWS, you've seen Amazon East take a hit, you know, a couple years ago from a bad line of code put into a router. And the things that you couldn't do in your life, like you couldn't place an online order with Starbucks. Like

That's a big deal to some people. How inconvenient I have to get out of my car and go in the store and talk to somebody and actually converse and tell them what I want. My who knows what ridiculous you know you want in your drink because it's not just a black coffee. I mean, all of these things we're so dependent on because again, it's easy, it's nice, but yeah, I mean, we are definitely at risk. And I do believe when you just look at the facts of where most compromises

When they bring in those digital forensics and in incident response team, they find out that they had been in those environments for months and months and sometimes years prior to executing. I mean, to your point, no differently than D Day. We were in those countries long before we hit those beaches.

Martin Hinton (34:26.734)
W in the context of what organiz I mean, so i it's fair to say within the public sector you have a lot of you know, what's the what w like legacy technology where you've got old bits coupled onto new bits and you've got protocols where people aren't changing the default passwords on things that they don't quite appreciate have you know, a an entry point into their network. W what are some things that that, you know, civilians should be looking for

I mean again, if this were ever to become a campaign issue for someone, what w what should be people looking to do? What what are these operators, you know, what what kinds of things sh could they be doing now to to to make themselves more resilient?

Michael E Crean (35:06.254)
I mean, for me it's always about the fundamentals. You know, the fundamentals are always the fundamentals, no matter what AI you have in place, no matter what G Wiz, go fast, high speed, low drag technology you put in place, the fundamentals matter, just like in any sport, just like a race car driver. Like there are certain things that they started learning young in their career that they're still practicing, even being the best F one driver.

That's, you know, won the last four or five races in a row now. Same thing with a hockey player. Like some of those skating drills are still the skating drills that they're doing today, even though they've been playing for two decades. It'd be the same thing. Making sure that you have MFA in place and not just in place because you say it's in place, but truly audited and looked and cared for and making sure that it's on everything. You know, the colonial pipeline. You know, that was one that.

You actually saw a physical effect on the East Coast. And because I live in Virginia, just outside of Washington, DC, I can remember that day that it was happening. Me and a couple of the guys that I work with, we went to a Washington Capitals game and everything was good and everything was normal. We came home from the Washington Capitals game back to our office and there's a sheets across the street. There was a line out of the sheets, down the road, up the next road of people waiting to get in there to get gas because they were panicking.

And all of that because of an account of somebody that didn't work there anymore that didn't have MFA in place. So good hygiene, MFA, patch management. I understand that it's hard remembering, you know, the 27 different passwords that you need for the 27. Use a good password manager tool. Don't store them in your browser because that's an easy one to take advantage of and hack. and if it doesn't feel right at work.

Ask the question, hey, why do we not have security awareness training here? Why is it that I'm allowed to VPN in and there's no MFA? Like, I don't want to be the person that takes the company down. I don't want to be the risk. Hey, I was looking at my computer and it looks like it hasn't been restarted in 784 days. Isn't that a little bit strange? Like, doesn't don't computers need to restart to have a patch applied? I mean, these are really simple things that we can all participate in to make a difference.

Michael E Crean (37:32.619)
If you're an employee at a company and maybe you don't work in the IT department or the cybersecurity department, you can still be a part of the success. I mean, there's simple, easy things that we can all do. And I think just like your niece, when we start talking about it and we start having conversations with people, then we all become a lot more aware and it doesn't become some dark, dirty conversation of fear of like, you know, man, well, am I gonna get in trouble if I didn't do this?

Martin Hinton (38:02.06)
You you touch on a I wouldn't say pet peeve, but a a mantra of mine is that so much of what you do, particularly as biological creatures, is the mundane and boring, right? You have to eat every day, you sleep every day, exercise routinely, you know, bathe, brush your teeth. And if you don't do these sort of dull, kind of chore-like things, you diminish your quality of life. And that same attitude i

it seems to me applies in this space. You know, when you you have to change your password every so often, or I've been slowly absorbing every time I get a pass key offer, I'm like, well yeah, I'll take that. Thank you very much. You know, the the that idea that that there is like you said, it can feel a bit overwhelming, but if you're it's a bit like if you're getting back into shape and you need to lose 50 pounds. You don't lose it in a day. You don't lose it 'cause you had one salad. You don't lose it 'cause you joined the gym. It takes time and that that persistence and that routine and then creating perhaps a schedule.

Take advantage of the tech and put a calendar reminder in. it is it's important. Like and I think that's where I think that again in a go fast kind of world, it it's not glamorous, it's not exciting, but it's really, really important. And I think that that gets lost on a lot of people. Do you mean do you think that that's true both in the sort of business world and the personal world with regard to cybersecurity? That we sort of sh we we shrug our shoulders and we see your teen driver analogy think, it won't happen to me.

You know, I can drive however I like.

Michael E Crean (39:31.833)
100%. I I believe that, you know, and and probably more importantly, like we don't even see it as our responsibility. Like, hey, you know, I work in the finance department at companyacme.com. It's not my job about the cybersecurity of this company. That's somebody else's job. What do I have to do? You know, I it's one of those like ask not what you can do for or ask not what your country can do for you, but what you can do for your country type statements. Like

Yeah, I mean, I'm not asking you to become a cyber whiz overnight, but I am saying participate. Like, if it looks odd, I was having this conversation with somebody the other day, and they were the CEO and founder of a company, and we were talking about that kind of that email that comes in from your boss that says, Hey, I need you to go down and get X number of gift cards, and I can't talk to you right now because I'm busy and I just really need this done. Appreciate your help. You know, as a former CEO and founder, and in speaking with her as well, it's like,

I want my employees to question that. I would probably want to give them a bonus if they actually stopped, didn't take the action, came to me and said, Hey boss, did you really do this? Is this what you really wanted? And not just sending another email, but literally picking up the phone, coming to see me, talking to me, interrupting me. It is important that we participate at this level and we become a team at this, because if we're not a team, which

We don't seem like we are very well as a society today when it comes to cyber. We are going to continue to lose and as we continue to lose the losses are going to get bigger.

Martin Hinton (41:08.27)
Yeah, I I mean and the losses are astronomical. I mean I I I know it's the the Moby Dick number and y you know, I think the the number that gets tossed around is that the global economy lost ten and a half trillion dollars last year to cybercrime. That that may be an exaggeration. I I'm not a hundred percent sure right off the top of my head how that got accounted for. But let's take sixty percent off that. You know? I mean it's it's I would bend over to pick it up if I passed it on the street, I I dare say, you know.

Michael E Crean (41:27.884)
Right. It's a lot of money.

Michael E Crean (41:33.398)
I will tell you I Martin, I like you, but I'm gonna tell you I'm gonna push you out of my way so that I can pick it up.

Martin Hinton (41:37.583)
Well we could split it. We could split it. It's enough. It's enough to go around. Yeah, I mean, do you again like the AI has created this scale now where you can you know, I I was having a conversation the other day with somebody. Could imagine if someone encrypted your iCloud account and you couldn't see any photos you've taken for twenty five years? Would would you would you would you, you know, revolute someone f a thousand dollars or, you know, figure out how to buy fifteen hundred dollars worth of Bitcoin with the help of their help test, mind you. Again, to the point of how organized they are. You

Michael E Crean (41:41.484)
Okay, okay, we'll we'll split it. Well it'll be a team effort.

Martin Hinton (42:07.542)
I think a lot of people would do this and then they would never tell anybody. Do you think a part of the problem here is that so much of this goes unreported? I mean, outside healthcare par pardon me, go ahead. I just just the just the public awareness because of the visibility issue.

Michael E Crean (42:15.617)
Absolutely.

Michael E Crean (42:22.454)
No, a hundred percent. I think people feel embarrassed. They feel like, hey, I'm smart. I should have never fallen for this. And we continue to give power to this action and allowing other people to get hurt and harmed by it because we don't stand up and say, Yeah, they got me. And hey, I want you to know my story because I do see that I'm smart. I do think that I'm intelligent. I do think, but man, their story was so compelling. It looked so real.

And their customer service was the best thing that I've ever experienced in my life. And they made it so easy for me to pay them to get my stuff back that they took from me and they have stolen my data. but they just made it a pleasure. If you can even say that, it's a pleasure to pay for my stuff that you stole from me. But that's their job. And it's big business. And to your point, you know, 60% of that big gigantic number, yes, you and I can split it, but if somebody else gets in the mix, I'm pushing them out of the

Martin Hinton (43:22.114)
No, I mean I you and again like I think that the I you know, the the volume, the the capacity to steal and the ability to move the money around the world, all these things, it is it is it's the scale of it is is kind of hard to comprehend. And you that you're throwing the nation state back, we've talked about Iran, but we know that North Korea is heavily involved in it for f financial gain, but then the Russians are are maybe their motivation and then the Chinese are maybe a more intellectual property long game sort of player in this.

But there are very, very powerful nations that we worry about in a practical sense from a sort of old school combat, warfare, conflict perspective. But this concern, it escapes the headlines that it deserves, in my opinion. Do you think that's overstating it?

Michael E Crean (44:08.086)
No, it's not overstating it at all. I think it is escaping. I think that, you know, look I think for even you and I, and for our parents, the only way that we ever believed that conflict would affect our lives if somehow this country got invaded. Obviously a little bit different for me and my family because I joined the military and anybody that has ever done a deployment, it does affect your lives differently. But then when you think about if we were worried about

physical penetration to this company, we've believed that, you know, we're untouchable. Well, 911 proved that to not be true. We're not untouchable. And we've seen lots of other actions that have taken place from radicalized people and their attacks and things that have gone on. So we are far from untouchable. But at the same time, this is really hard because it's not tangible. You know, and the more we hide from it,

more we don't share our story and get up in front of people and tell them, because it's a little bit humbling when you have to admit that somebody took advantage of you. It's easier to say somebody broke into my house. It's far easier to say, they broke my windows, they kicked in my door, they came in, they stole my jewelry, they stole my whatever. And everybody feels desperately sorry for you.

But how often do people look at somebody that had a cyber attack and say, Man, I'm really sorry that that happened to you? You know, what can I learn from you so that I can pass that on to somebody else so that they don't have that same thing happen to them? I don't think we do it.

Martin Hinton (45:47.961)
But no, you you make a very good point. And and i I've I've read a few studies by firms like yours and firms in your field where they look at the psychological impact on the team that maybe had the employee that click the link or th the the broad idea that there are a few crimes where the victim still gets blamed, then this is one of them where, you know, if you even the training where, you know, and I I I I I haven't had the corporate style training in a while where you get the fake email with the fake phishing link.

Michael E Crean (46:09.763)
Mm-hmm.

Martin Hinton (46:17.43)
And if you click it, you're in trouble. Like that that that that's not that shouldn't be the point. The point should be like, well, so what what should I have looked for? And you know, how c how could I notice this or wh whatever it might be. But again, the sophistication around sort of making a website look like it's, you know, a bank or a healthcare provider, or the URL is, you know, a slightly you're a reversed character, and and these are very, very hard things to pick up. The example I've I've often used is imagine if you were at a David Blaine show or some other

you know, high-end magician and you got brought up onto the stage and they played a trick and they were able to guess your card or pull a a coin out of your ear. Thinking you could figure it out in that situation is like thinking you could figure out that you were being the subject of a comprehensive cyber attack as a corporation or as an individual. If they want you, they're gonna get you. And that mindset is one where that's why you look both ways when you cross the street. You wear your seatbelt when you drive.

It doesn't make it perfectly safe, but it sure increases the the the likelihood of you surviving something bad happening that's beyond your control, whether in the case of cyber it's a malicious event, like a drunk driver hitting you, or a traffic light suddenly stops working and everyone gets a green light and no one stops. Right? So the tech side versus the human human reality side. And I think that that idea that it needs to become, you know, in the same way we've all embraced these things and carry them around like they're appendages now, we're all basically becoming cyborgs.

Well, there's a consequence to that that isn't all positive, as we've seen now with things like mental health and children and the young adults, but it's more than just that. so yeah, I it's it's it's a you know, that education part of it is comprehensive. I mean, do you think that, you know, there is the need for some sort of and again, it's a bit it's a bit like yeah, I remember in the nineteen seventies when there was a drought in New York City and Ed Koch was the mayor, in the public school system in New York they introduced the idea of to children

that, you know, when your dad shaves, don't run the water the whole time. Fill the sink and rinse your razor and then, you know, rinse the sink and don't have the water running the whole time you shave, for example. And the idea was you take that information home as a child and you, I guess, scold your dad for shaving the way that wastes water. And it was a sort of do I mean that's a sort of microscopic example, but that more comprehensive idea that the idea that there is

Martin Hinton (48:39.712)
a need to educate people in a very grassroots way about the value of being secure. I mean the the I I think I've mentioned you when we spoke originally that I spent several years doing military history documentaries and you you see during particularly large scale wars, World War Two being the the great modern example, where loose lips lips excuse me, loose lips sink ships and that you know, you d y y you you worry that the the the the person next to you in a line may be actually a spy for the

Nazis. And so you don't talk about what you were doing at the base yesterday or what ship came into the harbor, how many supplies you offloaded if you're a dock worker in Liverpool. That mentality that there needs to be a sort of broader resilience for all of us, because as you noted with your example with your family, there is this connective tissue where if, as Archie Norman, the then chairman of Marks and Spencer said in his parliamentary testimony about their hack, I've got 50,000 employees.

I don't I don't think I quite appreciated that if one clicks the wrong thing, whether they were my tech side in India or my retail side in a store in Manchester, you're in. And that is that reality is one that that and that applies also to the technical side, right? So the router in your office. If you haven't reset the password on that, half the audience is going, What you routers have passwords? But but but but that, you know, like we everything gets sold as easy and working well in tech. And when it doesn't, we scratch our heads and we we

Michael E Crean (49:56.734)
Yeah.

Martin Hinton (50:04.376)
click to the next video on YouTube and we move on. That that we need to add that friction and then embrace the reality that friction's protecting us is kind of what I'm getting at. What do you think about that?

Michael E Crean (50:14.626)
No, I 100% agree. The other thing that I found interesting, and this just happened, I just saw this on Sixty Minutes the other day. You're talking about the loose lips sync ships. Did you see the case that the United States government has brought against, and I can't remember the g the gentleman's name, but he works in the army and he was betting on polymarket. And he was betting, and and this is becoming a really big deal. And there was an organization that went out there and started studying this, and they started seeing

bubbles of individuals that were winning their bets far more than statistically possible. And I think that what I say, the average, like when you go to Vegas, 3% to 7% is about the average win rate. But they are starting to see on polymarket that there's a these win rates are hitting the 80th and 90th percentile. And so that's where we go from this whole low slip sync ships.

To if people are betting on poly market and people start to see these win rates, well, how long is it before China, Russia, Iran, North Korea, whatever starts doing the same analysis that this other company did? And they can start predicting, you know, what that next attack is going to be, when it's going to be, what it might look like, and all because it looks like it might be fun to make some money and it might be cool to get engaged and

have but it's people that's using information in ways that they shouldn't be using it. And so, you know, we think it's all cool, we think it's all fun, but it can truly have life and death implications to it.

Martin Hinton (51:53.795)
Well, I mean, you touched on life and death and the the example that the the polymark example, the a precursor to that was when suddenly, I forget which news organization it was, they realized that there were US special operations units positioned all over the world and it was because they were broadcasting their location via some version of a fitness tracker. You know, they were registering their runs on Strava or whatever it might be, and and suddenly there was a guy doing, you know, f two mile loops in the middle of the desert in Mali where, you know, no one realized they were there. So that like

Operational security isn't just the the fence. It isn't just the guard of the gate. The the and that and I say operational security, it might sound like we're talking about military things. No, th this security exists. You think about the IP and the amount of money companies spend to to generate new ideas, to turn into new products, that turns into new revenue and to new profit. This is the the unguarded reality of this, it it crosses the spectrum of companies of of all size. So I say that because if you're a small business owner, you might think, No, it'll never happen to me. It will. And

Michael E Crean (52:32.862)
Yeah.

Martin Hinton (52:52.95)
you're not alone in thinking it won't, right? The there there there are massive corporations that that are sort of, you know, maybe in denial about this reality. But I as we move toward the end, I I want to shift this because obviously we're you we we're cyber insurance focused. One of the things we talked about is that, you know, the the the reality of cyber insurance and we've sort of gone through this now is the dynamic nature of this threat is extreme. it's complicated, it's nation state backed. You know, you talked about being able to see past behaviors and then predict new behavior and

Michael E Crean (53:14.712)
Mm-hmm.

Martin Hinton (53:21.686)
And one of the things I didn't chime in there was that well, that's that's you want to see how AI gets used in cybercrime. That's one of the ways, right? If they know the last twenty-five passwords you use for Netflix, they're gonna be able to figure out based on the pattern there that the likely next ten and take Netflix and make it your bank or your retirement fund or your your healthcare log on app and that kind of thing. Tell me about the sort of the the the way that cyber insurance is changing. We know that that the

Tradition would have been very classic insurance sort of process where you do a questionnaire and you check some boxes and you say I've got MFA, and that's sort of going away now for a more constant, more more regular confirmation that, you know, hey, I've got an alarm system. Does it work? Is the lock on your door the right kind of lock? You know, the to put it in physical terms. Well what are you seeing with regard to how this is all affecting the cyber insurance market?

Michael E Crean (54:14.03)
So I think if we go back 10 or 15 years, the actuaries had no idea what they were insuring. You know, I'm an insurance company. I'm gonna go ahead and insure it because people are asking me for it. And what they started to realize is that, you know, they didn't know the right questions. They didn't know what they didn't know, and they didn't know that they should have MFA in place. They didn't know that there should be password management in place. They didn't know that there should be some sort of backups. They didn't know that these things, these again, we're gonna go right back to the fundamentals.

Well, the insurance industry, just like the house, it's meant to win. It's meant to cover you, but it's also meant to win, is what it's meant to do. And so now, like you said, there was the questionnaire face that we went through it. But they found out that people were lying. And now, you know, they're getting to the point where they're getting really smart. And I think it's time. I think it's time that the insurance companies have more I don't know if I want to say

It's not skin in the game, it's teeth in the game, where there's more bite to these policies. Because if you're going to attest that you have done all of these things, then they should be allowed to audit you. They should be allowed to make sure that their business relationship and the investment that you're making in them because of the money that you're paying is well worth it because the risk is extreme. You know, in some of these cases, you start looking at millions of dollars.

that they're looking to be compensated for. And the insurance company should know that they're investing in the right customers that are truly participating in the journey and making this a team effort and not just looking for the easy payment that they gave up the credentials or they didn't do the things that they were supposed to do. I mean, there's two things. Like if if anybody listening to this would just do these two things. And I'm not saying it's the end all be all, I'm saying it's just the start to the journey.

That if you would just start forcing MFA on every single account, and if you would really keep up with your patches, like there is a 70-some odd percent decrease in the likelihood of you being compromised. Again, no silver bullets, no way to get there to you can have the guarantee that it'll never be compromised, but that's a huge victory. And it's two really simple things. I mean,

Michael E Crean (56:34.722)
Basic fundamentals, the amount of people that I know that don't use MFA on their Gmail accounts, and then they wonder why it gets taken over, or, you know, or whatever. I mean, I will tell you it's like the one that has always frustrated me, and I don't know if they do it today. I haven't really checked, but it was Disney. My Disney account got hacked about five years ago. And the only reason I found on is because I go to log on to it one day, or my son goes, he's like, I don't know what this language is.

I had no idea what the language is, but whoever had taken it over had changed the default language out of English to French. And here I am with me and my Google trying to figure out what it is so that I could get into the account to change it back to English so that I could start resetting things. and I will say 100% attributed to strong password, no MFA, but there was no MFA to be had because they weren't supporting it. So, you know, if the insurance industry will say that you're 70 something percent.

Better by doing these two things. It's mundane. It's simple. It's easy. But it actually works and it makes sense. So why not do it?

Martin Hinton (57:42.031)
Yeah, I I mean I you you touch on a a a a key reality for all we talk about tech and digital and cybersecurity. I think that it's fair to say roughly ninety percent of cyber attacks come down to human error of some kind. And that's not just like any risk can't be entirely r remediated. You're not gonna make everything safe. You're never gonna be able to get in your car and think no and nothing will ever happen.

Michael E Crean (57:57.731)
Does

Martin Hinton (58:07.522)
We do have that expectation with tech that we should be able to make it perfect and everything should work exactly the way it should. That doesn't happen. I I I just want to remind everyone how many OS updates their iPhone has had in the last two years, right? It like they're constantly improving. Bug fix is a the greatest euphemism ever, in my opinion, right? but do embrace the update, for the record. so yeah, no, I think I think that you make a really good point. I mean, we we've been talking about an hour, so I just wanted to put one question to you and we've sort of touched on this, but I wonder whether now that we've had a chance to sort of go through some of the topics

we've got. If you to your point about testifying before a Senate subcommittee, if you were to put yourself in in a chair or or have the the privilege of addressing people who are in a position to to pass a law or create a regulation that helps improve the situation, w what are one or two things that you'd think were the the highlights? I mean maybe you just touched on it but but maybe you didn't.

Michael E Crean (59:00.478)
man, that's tough. I mean, you know, I think that there's and I don't know how you put a law around this, but it comes down to personal responsibility. You know, it nobody's responsible for me but me. And, you know, I I believe that I'm the leader that leads from the front. I'm never gonna ask somebody to do something that I'm either one, not willing to do myself, or two, I haven't done eight hundred and forty-two times already and showed you that I'm willing to participate in this.

If you think it's going to affect you, then, you know, go out there and do something about it. it was as my daughter has turned eighteen and these opportunities to vote and having some of these times to educate her, it's like, hey, here's where I'm gonna respect you more than anything when we're talking about this. If you want to make a difference, then take the time to show up and cast your vote. Because one vote matters, because one becomes two, two becomes four, four becomes eight.

And that's how change starts to take place. So, you know, stop looking for somebody to do it for you. And I mean, look, between Chat GPT and Co-Pilot and Claude, if you went into any of them and you said, help me be more cybersecurity aware, help me secure my life, can you give me three easy things to do? Or even just put it in Google for all that matters, because it'll pull out some AI engine and it'll give you the probably the same things.

These are things that we can do. And I think once we as a society are doing some of these things, then it becomes easier maybe to demand or ask our state, local, and federal governments to do more to help secure us because we're doing our part first. And now it's easier for us to meet in the middle.

Martin Hinton (01:00:50.552)
Well, I mean, you w what you said just now reminds me of the famous line, we get the the leaders we deserve. And if we prove that we we deserve better leaders because we're behaving properly and and in whatever respect, then it would stand to reason that we'd we'd get the leaders we deserve. So I I I agr I agree with you. And I think that's the thing. You know, there's a lot you can do on a company level, on a small business level, on a personal level, to make yourself more secure. The the tools are there, they're free, and you just have to avail yourself of them.

And maybe depending on where you are password-wise, you've got some remediation to do, you know, like there's that feature in the iPhone now where it tells you these passwords are repeated and that kind of thing. Knock off two tonight as you're sitting on the couch. Just two of them, you know, like that's it. You know, like just two a day. And and again, to your point, the slow, steady creep of greater security comes like getting back into shape or learning a new skill, right? Nothing happens overnight. Slow, steady pressure leads to a better circumstance. So yeah, I think I think that's really sound, sound advice.

Michael E Crean (01:01:27.406)
Mm-hmm.

Martin Hinton (01:01:49.132)
So is there anything else we didn't get?

Michael E Crean (01:01:49.528)
And those actions just become muscle memory at the end of the day. If you start doing it today, you know, by the time you get a couple months down the road, you won't be thinking about it anymore because it'll just be a part of your everyday life.

Martin Hinton (01:01:52.866)
Yeah, and it

Martin Hinton (01:02:01.806)
Yeah. Make it routine. Yeah. No, you make a good point. So is there anything we didn't get to that that you'd like to to discuss or anything else you'd like to say?

Michael E Crean (01:02:11.51)
You I think this is something that we can change. This is something that we can make positive impact on if it's important to us. And rely on your subject matter experts. I mean, look, I think anybody that hears this that probably is an IT, probably has had the experience at Christmas time where somebody got a new piece of tech and the first thing your mom, your aunt, your uncle, your kid, whomever is calling and saying, Hey, can you help me get this set up?

Well, if you're in a position of having that much knowledge and experience, then proactively have the conversation with your mom, your dad, your sister, your cousin, your kid, your niece, your ne well, whoever it may be, your friend at work, the guy you get your hair cut by, the lady who does your hair at the salon, whomever it may be, share that information so that we can all work better to keep one another safe. Because this is a this is a team effort. This is not an individual sport.

Martin Hinton (01:03:07.064)
Yeah, I I I agree, I agree. Well, Michael Crean, Senior Vice President with SonicWall , thank you so very much for the time today. Really, really enjoyed the conversation. and if you don't have anything else to say, I will say thank you again. everyone else, thank you so much for watching. We've mentioned a few things. There'll be some links in the show notes as well as a way to find Michael and SonicWall down there. And with that, I'm Martin Hinton, the executive editor of Cyber Insurance News and Information.

Michael E Crean (01:03:20.984)
Thank you, sir.

Martin Hinton (01:03:35.096)
Thank you so much for watching and taking the time out of your day. Enjoy the rest of it.