Threat actors are evolving, preying on end users with clever, relevant, and timely phishing attacks, with no signs of slowing down or stopping. Listen in to hear how agencies can bridge the gaps in the prioritization of investments in phishing protection solutions.
Corey Baumgartner 00:14
On behalf of Cofense and Carahsoft, we would like to welcome you to today's podcast focused around bridging the gaps of cybersecurity how high fidelity threat intelligence can help agencies prioritize and combat phishing, where Cofense's Keith Ibarguen and Joseph Gallop, alongside Nikhil Gupta from Carahsoft, discuss how the importance of aligning cybersecurity priorities is even more critical than ever to winning the war against phishing.
Nikhil Gupta 00:40
I want to talk a little bit about the world trends. And that's always a good place to start with any conversation, right? What are some of the things that we're observing today? Right? How are the world events today attributing to some of these phishing threats in the landscape? And of course, how does the Executive Order from President Biden reflect that right, what are you what are you seeing in your experience and expertise?
Keith Ibarguen 00:58
Sure, sure. Thank you for that question. I, you know, one of the things that both Joe and I come to this conversation with is a really strong focus around how best can we take the intelligence that we have, I mean, I've got an intelligence background as Joe and apply that most effectively, to the challenges that we see in the world. And, you know, one of my biggest roles as the chief product officer is to take a look at that external environment, look at what's going on in the world, what's going on in technology, what's going on in threat evolution? And how do we stay on top of that, ahead of that. And so, you know, I started here at Cofense, in 2018, which was, you know, a little bit before COVID hit. But it wasn't too much long after that, that, that we did fall right into COVID. And I think it had a dramatic impact on a lot of things, you know, not just cybersecurity, of course. But you know, one of the big impacts that we saw in both commercial sector, as well as in the public sector is this pivot, strong pivot to the cloud, there was always this sort of effort there that's been going on for quite some time. But the Zoom generation, if you will, really accelerated that we found ourselves at home, we found ourselves, leveraging our own home infrastructures, traffic profiles were different across the globe, you know, the usage of products that we were seeing at home intersected with the stuff we were doing at work. So that changed the landscape. And I think it changed the nature of not the methods necessarily of our tradecraft, per se, but it had a lot to do with the content around threat intelligence. Now, Joe, will get into that. But it combining all of that, along with the even greater emergence and reliance on social media that we've been seeing the myths and disinformation that comes through that those channels, it's very difficult to understand where truth lies, it all sort of has coalesced into this very dynamic environment that we're in today. One of the things that I think the White House was grappling with, when they came out with the Executive Order was how do you get your hands around these things? How do we, how do we sort of mindfully move from where we are today, where a single incident can knock out a big swath of the East Coast power grid, you know, not to revisit painful times or pumping stations for natural gas and fuel and all of those things, you know, that those types of events are, are huge needle movers in the economy, huge needle movers for our whole society. And I think part of the what the White House was trying to do, and it's been quite a while it was May of 21, I think that that federal guideline came out. So it is certainly not a new Executive Order, but they've sent out and they provided a number of principles around where they wanted to place emphasis. And I think we'll dig into that a little bit more as we as we talk through this. So just as a preview, you know, the information sharing, for instance, is one that the administration recognized is really important to stay ahead of all of this dynamicism that we're seeing in the world, and ensuring that we have investments in not only people because you know, we're the ones clicking on things were the ones carrying groceries in throwing laundry and taking zoom calls, putting, you know, making lunches and the like, while we're doing our day to day business, that people element of it is really important. And you marry that up with the technical side, the technology, the threat intelligence, and what the threats are able to do and go after. And it creates a really dynamic ecosystem that we're involved in. And I know Joe, you've seen a lot of this in the evolution of cross your career and you know, certainly in the past couple of years and you're seeing that in the threat intelligence that that Cofense is dealing with as well.
Joseph Gallop 05:00
Yeah, and obviously with us being so focused on phishing. Phishing is what we do, who you're trying to stop phishing. And in order to do that we're providing the intelligence to stop phishing the platform for people to investigate and remediate as well. But even with phishing being so focused on the phishing problem itself, we have to be aware of what's going on, around, you know, around the world being aware of the other events in cybersecurity, but in security and international politics and policy in general. And a lot of these events, it's helpful to know how they impact phishing itself. And specifically, and I think, in the last session, this series, who, Keith and Molly talked a bit about Russia. And I won't go into detail on that. But that's, you know, obviously, that's unfolded over the last several months. And it's interesting to see how it impacts the phishing landscape. And with events like that, you'll see often that major events like that tend to affect the really high end of the phishing landscape. And the really low end of the phishing landscape that really, highly tailored, the spear phishing emails, will take on those events as a sort of theme, as will the really, really low end sort of consumer fraud, 419, scams, things like that, they'll use those events to pull on people's heartstrings and try to scam, you know, everyday consumers. But in, you know, in the middle ground of what's going on with phishing, a lot of times with those with events like that, we'll see that the threat actors have their way of going about things, they're really highly efficient, they're trying to pump out a lot of volume. They know what works and what doesn't. And they often stick with it, even through major events like that they're sticking with their same themes, their invoice themes, their, you know, facts, themes, things like that. Voicemail. And so these are the, you know, the kinds of events, obviously, that are the precursors and the drivers behind some of the some of the efforts that the White House is encouraging. And, you know, we see it in the FBIs IC three report as well, email fraud continuing to dominate, you know, the financial losses in cybersecurity BC up to $43 billion, you know, phishing soaring during the COVID pandemic ransomware blowing up and phishing continuing to be a point of initiation for ransomware up operations. So, all of those worldwide trends, it's really important to look at and apply them specifically to the phishing landscape. And that's what we're trying to do.
Nikhil Gupta 07:48
Thank you so much, Joe, and Keith for that. And you bring up some good points, as you mentioned, right, like the world events affecting, you know, in targeting some of those spear phishing attempts, but at the same time, right, phishing is still going to it's been around, and it's only, you know, increasing more and more, and especially with the public sector, I think a lot of the Executive Order, you know, when it comes to just pushing general security, I think, a lot of the requirements and guidelines and they're also, you know, talking about information sharing, talking about being able to share and human intelligence and threat intelligence, all of that also does relate to phishing. And I know, we'll get into that, obviously, with time. But one thing to comment on your, in your in what you said, Keith, too, is, we definitely live in an age of, you know, hearing dogs barking and of course, the double mute on Zoom. Right, let's definitely the new trend in the new normal that we're seeing a little bit with the zoom and forever zoom. So, but yeah, but exactly, as you guys said, I'm happy that you mentioned those points. So, time to, you know, keep it on topic, obviously going to shift the direction a little bit. Want to talk a little bit about public sector. Right, and why public sector and, you know, I think a lot of the Executive Order, you know, it's, it's tailored towards, you know, for example, civilian and in federal government just meeting a lot of those requirements. And, and I think, of course, it pertains to everyone, but why is the public sector in particular, you know, from the statistics that we see, right, the second most targeted, you know, industry and, and one of the highest proportions of phishing attacks that we're noticing. I'm gonna bring this one to you, Joe, what, you know, what do you think makes the public sector such a big target here? Well, what are the challenges do you think that are posed for the public sector in particular?
Joseph Gallop 09:25
I think I actually pass that over to Keith to start off with.
Keith Ibarguen 09:29
If I can kick it off, if I may. And I think Joe's got some interesting areas to add to this as well. You know, the, the public sector is massive, you know, this particular slide happens to talk about DoD specifically and, and, you know, that is certainly also massive in and of itself, but when you add all of the other agencies, whether it's the DoD or the VA, or other FAA and others that are that are major organizations within the federal government, and then you add on the critical InfraStop Archer elements that keep everything alive, you bleed into the private sector as well. So, you know, this face is absolutely huge. And one of the things that we see here is, and this is from experience from us dealing with some of our DoD customers, they have begun. And I think it is in part result of some of the areas of emphasis that the administration has started to push more around training and awareness on behalf of their employees to really recognize phishing, and the threat that is coming at them, whether it be phishing, or smishing, or phishing, or what have you, any of the social media exploitation kinds of threats, and it really is broad, you know, it's not just email, we do see attacks on occasion in SMS. And another means not as much in the from an industry perspective, as you might think, but it is growing. And so this need to form and position the humans in this ecosystem to be able to recognize and respond is something that I think is, is an important element of the Executive Order is, but it's also a core tenant of what we do at Cofense. Cofense is all about this ecosystem being we focus everything we do actually around either contributing to the intelligence that we can glean from the human set of sensors, to how we can enrich that, and how we can turn that around into something that we can respond in our products with proactively. I think, in the in the public sector, this is exacerbated a little bit, particularly in the DoD, where there's a lot of rotation, you know, you see people that go from one position, and then they'll, you know, a few years later, the administration will change. And there'll be this giant swath of changes that happen across the government and other people get into positions, the DoD sort of has that culturally baked in, they do these rotations on various periods. And what and I think this is an area where, where Joe can probably chime in better than I can, but as people go from one role to the next, it's almost like you're taking someone from an environment that they're very comfortable with, and they're very familiar with the norms of communications and the and the norms of interactions in that role. And you pick them up, and you drop them into a new role, where they aren't familiar with those norms. And all of a sudden, they're more vulnerable. I mean, you can think about this, even from a primal perspective, you know, you take someone from this from a city and you know, San Paolo, or something, and you drop them into, into a rain forest or something like that. And they're like, you know, you can orient yourself very much the same way. And, you know, it may not be that drastic and sort of dramatic effect for that scenario. But, you know, you still end up with a circumstance where the culture that a person exists in creates a set of norms that they're able to recognize when something isn't quite right. Why am I receiving an email from this individual? Why is this email form this way? And I think those types of sort of cultural environments, the cultural circumstances that the public sector has, in it, make it a sort of a juicy opportunity space for threat actors. And Joe, I don't know if that's something that you've you see in the data that you look at, or can comment on that at all?
Joseph Gallop 13:34
You know, I think absolutely. I think you've, you've covered it very well. There's the threat actors, no matter who they're attacking, they have an objective in mind. And, and certainly, when they're targeting the public sector, they do have a strategic objective. And often if it's another nation states, conducting the threat activity, you know, it'll be a, an attempt at some sort of, you know, espionage or sabotage in some way or other. But no matter their end objective, the, the way that they get in with phishing is primarily through assuming that the human is the weakest link. And our objective is to make the human, a critical and actually strong link in the chain, and interacting and this plays in very closely with the second point and the Executive Order, that is modernizing the cyber cybersecurity apparatus. And there's a lot of talk about AI and automation. But in reality, the real successful applications of AI or automation in general, are ones that take into account the need for human injecting a human into that automated process at some point at the critical points. And that's what we try to do. Try to make the humans this strong points in the chain making decisions that only humans can make and leaving the rest that's more conducive to AI and automation up to those systems.
Keith Ibarguen 15:07
I think that's a great point, Joe, you know, it's augmenting human intelligence with automation. And algorithmically like through AI is absolutely in the, in the sweet spot of what we're trying to do, as we deliver threat intelligence out to our customers, one of the principles that we have is minimized false positives as best we can make sure that if, if what we say is bad, if our indicators are hit on something, we say something is bad, that Darnit is bad, full stop. So, you know, it's, it's important because it allows people if you have that confidence in the intelligence, and it's got that consistency to it, that it's that it is consistently accurate in that sense, then you can move more quickly. And so we take great pains to add that analytic component, which Joe and his colleagues do so well in the intelligence team that we have. And I think that's important throughout all of the things that, you know, all of cybersecurity world, you know, the, the pure reliance on technology, the idea of throwing more technology at this problem, which has traditionally been the approach. And it's an unbalanced approach, in the sense that one, the technology tends to be static. So when you put the technology out there, yes, they have signatures that they can update and so forth. But if you don't have a means for it, to be continually refining itself, then that technology alone is really not the solution. It's the combination of rich intelligence that results from the detection capabilities that people in technology have, combined with also human ability to refine that and make sure that it's actionable.
Nikhil Gupta 17:00
And, you know, Joe, and Keith, thanks for mentioning that. And then, you know, just as you guys said, to speak about that intelligence piece, I know, you know, Cofense, in particular, you know, they specialize in this. And another platform, you know, when it comes to email security is not only concerned at the human training aspect, but also that intelligence and that sharing of that intelligence, you know, to make kind of the whole posture around email security, just that much better augmenting or augmenting maybe the existing secure email gateway, right, that's already in place. You know, this, just giving you that extra confidence, and basically extending and removing all those gaps. Before we get into, because I do want to talk about intelligence. And actually, we do have a good slide for that. I did want to obviously bring up really quick the executive guidelines that we saw that all kind of correlate with, you know, the Federal cybersecurity islands with the Executive Order. Right. So obviously, you we mentioned that the threat information sharing, right, that's definitely a key one. I know you've seen that. And, Joe, I know you have some insights on that. We also obviously there's modernizing government, cybersecurity, which we talked about Joe and, and obviously improving the software supply chain security. So Joe, any thoughts on the guidelines? And before we get into the intelligence piece of Cofense platform, any thoughts on like, you know, how, specifically meeting the guidelines of modernizing cybersecurity sharing threat intel improving detection? Right, yeah, some of the ways that Cofense can help with that?
Joseph Gallop 18:19
Absolutely. I think that there's a good reason that the White House puts removing barriers for info sharing first on the list, it is the goal. And it's one of the most important things that we can do. But before you can do that, you have to find a know about something that's worth sharing. And so I think some of the others are kind of precursors in a way to that end goal of being able to improve the information sharing. And I did already mentioned, you know, back a couple and you read it a couple of slides back, I think slightly about modernizing the federal government cybersecurity, and it's important to not think about modernization as just throwing technology at the problem. Modernizing means in many cases, getting that perfect balance of human intelligence and human intuition, along with the technology. And so I think we've talked about that at good length. But in terms of finding and knowing about something that's worth sharing, I do think slide 10 With that goes over improving detection, improving investigation and improving response is really important to leading into that info sharing. And we think that, that the goal should be to in order to be able to share information from a phishing perspective about the threats that are out there. And what we aim to enable our customers to do is to rapidly detect and respond to phishing attacks, which essentially stops phishing. And by rapidly we mean in minutes or hours at most not days or weeks. And you can't do that unless you have an efficient process and a platform that's tailored to phishing response. So you start with a human, basically, you make them your strongest link, do you start the process off with an employee, or a user that, based on their human intuition and training, are able to recognize a potential phish, and they need to be able to easily report that suspected phish with a with a single click. Basically, you have to make it as simple as possible for the user. To get you the basic information that you need to start the analysis to start understanding what the threat actually is, then, the responding sock analysts from an improving investigation perspective has to have at their disposal, a platform that enables them to take that reported suspected phish and conduct the Advanced Email analysis with all the metadata visible, all the URLs, parse, full email headers, just a click away Yarra rule matching your rule writing available on the fly, sandbox integration, clustering of emails that are that are like each other so that you can investigate clusters at once and not just one offs, a host of other capabilities that are particular to this very, very specific task. That is phishing analysis. And if any of the audience work in malware analysis, or have analysts who do you know, that for many, the gold standard in reverse engineering is IDA Pro, because it's purpose built for the task at hand. And we thought the same thing was needed for email analysis. So we built it, then source security orchestration, automation response platform certainly have their place in the processes in general purpose tool for integrating multiple platforms. But if you want to make good on giving your analysts the absolute best opportunity to identify to investigate true phishing attacks, purpose built platform for email analysis is a prerequisite, I think. So. In enabling that investigation, you then also in turn enabled the response, which is to seameo, seamlessly automate the removal of those identified phish. And we think that once a phish is reported by users and confirmed by the analysts, and this is where that that that perfect balance of human and technology goes, once it's been identified and confirmed by the analyst, then the removal of it and every other phish, like it should be as close to automatic as possible. And analysts should be able to pull that email out of other inboxes that they know it's has reached even after it's already arrived, not just you know, you have a lot of things in the process. And on this slide, you'll see, you know, segs, secure email gateways are there. And you've got, you've got other things in the, you know, in the pipeline that are bringing these emails to your doorstep, you've got verifications and controls like SPF and Deacon demark. And those are all good security, email gateways have a purpose as well. But it's really important to recognize that none of those stages is foolproof. And every mechanism has its blind spots and points of failure. So you have to be able to bring it around and have a another purpose built tool to analyze what the threats that are actually reaching you, and to be able to remove them once they've reached you. And that's what we try to do make all of that as easy as possible and provide a platform and the intelligence needed to be able to do that.
Nikhil Gupta 23:47
And, Joe, thanks for that. And I brought up the slide, obviously, as you mentioned, you know, just to show that the limit of that platform that you talked about, and in the platform has purpose built right in terms of being Cofense is kind of, hey, the secure email gateway is going to stop, you know, majority of emails, but it only takes one and then there are ones that will get in and there's not it's not foolproof, right, their emails do get through. Right. And once they do get through, what do you do with it? Right? How do you train your you know, your employees to not click on it right to not be phished? How do they understand that, hey, they're not going to be the one that detonates ransomware in the organization? Right. So, you know, that's kind of the key, you know, the Keith there and Keith, I know, I'm sure you have some thoughts on the threat intelligence on Cofense platform, right. When it comes to email security in talking talk to me about the slide a little bit. I mean, obviously, Joe mentioned a lot about the intelligence and in being able to respond. Do you have any further thoughts on this as well? And what role does some of this play in the Cofense platform here play into email security and, and human training in general?
Keith Ibarguen 24:50
Yeah, got, I could talk for the remainder of the session on this topic. It's basically what we do here. Right. You know, it's, I think one of the things that, you know, Joe alluded to, but I, if I could just maybe refine a little bit is around a term that we use is dwell time. Dwell Time is the amount of time between when something traverses a secure email gateway and lands in an inbox threat, that's time starts, then, and then the period, the amount of time that it takes for you to, to recognize that it's there, if you ever do and to remove it, and effectively remove the threat entirely that period of time, dwell time for the threat. And so it's a combination of detection and response that makes that period of time up. And one of the things that I think is really important about this whole circle is almost every element of it is geared around how to make that time as tight as possible. We're not saying that we'll proactively detect everything that will make it through and secure email gateway, that would be us claiming that technology is the only solution. We live on the fact that humans Plus technology is the solution, what we are saying is that we will detect as much as we possibly can proactively. And then the stuff that doesn't get detected proactively, the human recognizes it reports it, we action it, and then it gets pulled out in as narrow window as possible. And so as we walk around this circle, I'll actually start with phish me and I'll move pretty quickly around the circle, but phish me is the product that we have. And I don't really like talking about products per se, because everybody forgets the name of the product. And it's like, okay, whatever. But the idea is phish me is our training and awareness piece that allows you to recognize the ecosystem, the environment that you're in, it trains you to detect when something is bad. If you see something bad, you want to be able to say, hey, raise your hand, I see something that is bad. That's what reporter does. It is a button in your client and your email client that when you see something that's bad, you select it, you hit report, boom, it disappears, goes off into the ether to be analyzed. Where that goes is traditionally to an abuse box. Most companies that have any size to them at all have an area where they gather up these things that people think are suspicious, we usually call them an abuse box. My former company it was it was literally called suspicious, you know, is this suspicious inbox that you'd send it to, you can name it whatever you want. But the point is, is that you want to get through the emails that all of your employees are reporting as quickly as possible. And that's what Joe was alluding to. And with the analysis and clustering and all of those important technical elements. That's what triage is all about. Once you've identified that something is bad, then you want to action that as fast as possible. So what vision does is allows you to ask the question of your entire ecosystem. Who else got that? Now, one of the things that we know, I think everybody knows, is that every company is different. There is no homogeneous companies, you know, there's no homogenization of corporations. Everyone has unique elements about them. However, there are common things across vast swathes of companies. There's threat actors that distribute threat, you know, that phish across companies, across verticals, within verticals, I mean, there's all sorts of mixing and so forth of attacks. The other piece that vision does is it takes advantage, if you will, of that fact that there is a lot of commonality among a lot of companies. Triage allows you to action things for yourself. It's something that allows you as a company, to recognize the thing coming after you. And vision allows you to action that vision also allows you to take advantage of this community of intelligence that Joe and his team, curate and deliver. So what vision has is a functionality called Auto quarantine, where it consumes indicators from the threat intelligence feed, and it actions those immediately. What's interesting about that, is about half of the time, the indicator when it gets delivered to vision, about half the time it finds threats within vision already. So there's sort of this Oh, it's already been delivered. We delivered an indicator now it's cleaning it up. Right. So it's, it's sort of looking back in time and saying, Oh, you received this threat. The beauty of it is the other half, which is the most important piece actually and something that we spend a lot of time focusing on when Just the pre positioning of the indicator such that sometime in the future when that threat hits it automatically and immediately takes it out, there's no time at all. So that dwell time is non existent in those circumstances. And the more reporters we have, the more opportunity we have to get data. And the more opportunity that we make that really, really tight. So that window closes for every, you know, additional reporter that we that we see data from. So it's a very exciting ecosystem. It's very much a shared crowdsource threat intelligence model that gets better and better and better by the day. And we're adding almost 100,000 people onto this ecosystem every week or so. So it's, it's growing quickly.
Nikhil Gupta 30:49
Thank you, Keith, for them, especially, I'm happy that you mentioned the crowdsource aspect there because exactly as, as we get more and more reports, are being able to just stop that email in its tracks before it even you know, as you said, dwells longer than five seconds. Right, that that's where we want to get in. And, Joe, I know you have to definitely have some thoughts about that, that crowdsource and, you know, what are the what are some of the tactics and techniques from the data that you're observing, right? What are some of the things that the threat actors are using today? And are there any ways that we can address them? You know, obviously, we talked about some of the ways that Cofense can help you address some more proactively. But even outside of that, right, what are some things that SOC analysts need to be looking for? And what are some of the intelligence feeds that they should be kind of considering when improving this proactive response, removing the dwell time on these emails that Keith has mentioning?
Joseph Gallop 31:38
Yeah, the cycle that we just saw on that slide that Keith was going through is obviously very important, it's very close to, you know, the traditional intelligence Cycle, essentially, where you're, you're observing, you're bringing in the information, you're analyzing it, you're taking action based on that information, and then you're applying it and learning from it. And you're trying to collect new information based on what you already know, and have responded to and applied. And it's very important, we think, you know, in phishing in general, to be able to have that cycle operating, where the incidents and responses conducted by one organization can become, you know, the reactions of that organization can become the production of another organization. So, not only are you helping yourself, but then you're also helping others to be able to recognize the phish that are arriving in inboxes, passing everything, you know, all the other controls that you have in place and arriving in the inbox and getting them out. And so once you've got this cycle, established, you can start to glean significant insights from your own cycle and from other cycle. And this is what we were referring to when we say intelligence. And so some just for as an example, here are some insights that we have been gleaning over the last quarter. And this is something that we regularly look into just looking at what are the top, you know, malware families that are that are out there and the phishing landscape, and you know, in general, but for us, particularly what's really important is to compare that to what is actually making its way into inboxes. What's getting past those controls the security email gateways and, and not getting recognized through other controls. And this is an order the top five malware types loader information stealer and you've got the top families also. And you'll see emotet as at the top that surprises no one highest volume in terms of what's actually being pumped out in the in the phishing threat landscape at large but the lowest on the list is crackpot in terms of the overall volume and that's just the lowest out of the top five. Obviously, there are many other malware families that that that aren't on this list because they're not in the top five and but of the top five quack bots, or cat bot or cue bot or pink slip bot or whatever you want to call it is the lowest on the list. But what we've seen and you can move to the next slide is that it actually is the top malware family in terms of what's actually making its way into inboxes. Which means that the threat actors who are conducting these campaigns using crockpot are doing a really good job of getting it past security email gateways. It's the top family malware family reaching email inboxes right now, it's interesting for some other reasons as well. The campaigns delivering crack but quickly figured out how to use the Felina vulnerability, one of the exploits that was published and reacted really quickly and made use of that too, as a delivery mechanism. They were recently He identified in concert with a malware campaign black basta malware campaign, which we haven't observed. But that's very interesting because it's, you know, ransomware, obviously, is a huge threat as well. And phishing continues to be an entry point to start ransomware operations. So the fact that crack bot has those components and new developments, and is also reaching inboxes, it's such a comparatively high rate is really important to understand. And that's the kind of insights that we're looking for, and trying to glean from understanding what's being reported by users is actually reaching inboxes. And those kinds of things are, you know, the most important bits of intelligence that we can look for, and that people should be on the lookout for when they are assessing what is being reported to them by their users.
Nikhil Gupta 35:52
Indefinitely an insight there, Joe, as you mentioned, from you know, not just looking at, as you said, top malware How To Remove but also getting insights, as you said, kind of getting that human intelligence, these are some of the insights that will better help all of our users right to better help public sector in general, right that, hey, it's not as distributed cat bot right but it's reaching and why right and looking at and taking it from that glance is going to help right? All of our public sector customers and every all of our attendees, right, be able to better address and better be concerned with the ones that are making it through not necessarily the email texts that everyone hears. You know, this the story guy leave in the head. The news headlines are because they're sending millions and millions of them every day.
Corey Baumgartner 36:34
Thanks for listening. If you'd like more information on how Carahsoft or Cofense can assist your organization, please visit www.carahsoft.com or email us at cofense@carahsoft.com. Thanks again for listening and have a great day.