Really.

Really.

It started relatively innocently. You have an engineer who's looking at the server and looking at files on the server.

It started relatively innocently. You have an engineer who's looking at the server and looking at files on the server.

This is a story about a cyber attack on a video game studio. As a software engineer was hard at work on the company's next big game. He saw one of his files had been moved by an impostor in their network.

This is a story about a cyber attack on a video game studio. As a software engineer was hard at work on the company's next big game. He saw one of his files had been moved by an impostor in their network.

So immediately reaches out to the head of it, the main IT guy, and says, who is this? Who owns this account?

So immediately reaches out to the head of it, the main IT guy, and says, who is this? Who owns this account?

The main IT guy was the super admin, so he knew right away that something was wrong and this wasn't a normal account.

The main IT guy was the super admin, so he knew right away that something was wrong and this wasn't a normal account.

So actually what he did just shut down all the accounts, killed all sessions, locked everybody out, required a password change while he could dig into this because he immediately was pretty freaked out about what was happening. And what they realized was someone had come in and made a number of accounts as super admin and had been poking around and looking at everything and even exfltrading information.

So actually what he did just shut down all the accounts, killed all sessions, locked everybody out, required a password change while he could dig into this because he immediately was pretty freaked out about what was happening. And what they realized was someone had come in and made a number of accounts as super admin and had been poking around and looking at everything and even exfltrading information.

They had no idea how long it's had been going on, how much data had been extracted, or what else was looking in their network.

They had no idea how long it's had been going on, how much data had been extracted, or what else was looking in their network.

They started digging into it, and they found locker software, so ransomware software that would encrypt, and it was on the server and it was ready to be deployed, but it hadn't been deployed.

They started digging into it, and they found locker software, so ransomware software that would encrypt, and it was on the server and it was ready to be deployed, but it hadn't been deployed.

Catching the ransomware didn't mean the company was safe. They still had to investigate all of their files and their accounts searching for any other signs of attack. And worst of all, they had to stop working on the new game.

Catching the ransomware didn't mean the company was safe. They still had to investigate all of their files and their accounts searching for any other signs of attack. And worst of all, they had to stop working on the new game.

Those minutes count and those days count. So every day you can't have your employees behind keyboard is our days that are going to be delayed. This is making it even worse. And this Iiquy kind of becomes a hero of the story because it was a really a courageous call that he made to do this, knowing what it was going to cost the company. They probably would have had to be a huge.

Those minutes count and those days count. So every day you can't have your employees behind keyboard is our days that are going to be delayed. This is making it even worse. And this Iiquy kind of becomes a hero of the story because it was a really a courageous call that he made to do this, knowing what it was going to cost the company. They probably would have had to be a huge.

Ransom from Bloomberg Media Studios and Chrome Enterprise. This is Security Bookmarked. I'm your host, Kate Fazzini. I've been a cybersecurity professional and journalist for more than twenty years, and on this podcast, I'm talking with leaders in gaming, finance, and manufacturing about what security looks like in a workplace that's moved to the cloud. The video game industry is a massive business, bringing in over three hundred billion dollars per year. That's nearly ten times the size of Hollywood's global box office revenue. But as the gaming business keeps growing, more and more teams are accessing key systems and data so they can do their jobs, and that means we've seen a rise in account takeovers. So today I'm speaking with Adam Murray.

Ransom from Bloomberg Media Studios and Chrome Enterprise. This is Security Bookmarked. I'm your host, Kate Fazzini. I've been a cybersecurity professional and journalist for more than twenty years, and on this podcast, I'm talking with leaders in gaming, finance, and manufacturing about what security looks like in a workplace that's moved to the cloud. The video game industry is a massive business, bringing in over three hundred billion dollars per year. That's nearly ten times the size of Hollywood's global box office revenue. But as the gaming business keeps growing, more and more teams are accessing key systems and data so they can do their jobs, and that means we've seen a rise in account takeovers. So today I'm speaking with Adam Murray.

I am the chief Information security officer at Arctic Wolf. We are a managed detection and response company SAC as a service and a concierge model, so that we make sure that we're not only providing them security today, but also make sure that we take them on a security journey to improve their security over time.

I am the chief Information security officer at Arctic Wolf. We are a managed detection and response company SAC as a service and a concierge model, so that we make sure that we're not only providing them security today, but also make sure that we take them on a security journey to improve their security over time.

I'm going to unpack add a story about helping a game studio survive a ransomware attack to understand the account security risks that all companies need to get control of. Then I'll chat with David Adrian, security product manager for Chrome, about why phishing attacks are so difficult to stop and why this doesn't have to be the case. In twenty twenty three, ransomware attacks in the gaming industry were up more than thirty percent year over year, and they can freeze at game studio's entire operation causing major delays. In this story from Adam, the game studio caught the ransomware threat early, but then they realized the attacker had also stolen their intellectual property, including details about new releases, videos and images that they weren't ready to share with the world.

I'm going to unpack add a story about helping a game studio survive a ransomware attack to understand the account security risks that all companies need to get control of. Then I'll chat with David Adrian, security product manager for Chrome, about why phishing attacks are so difficult to stop and why this doesn't have to be the case. In twenty twenty three, ransomware attacks in the gaming industry were up more than thirty percent year over year, and they can freeze at game studio's entire operation causing major delays. In this story from Adam, the game studio caught the ransomware threat early, but then they realized the attacker had also stolen their intellectual property, including details about new releases, videos and images that they weren't ready to share with the world.

We call it double extortion, where I've sealed up your code, right, and then not only am I saying pay me the ransom where you don't have access to it, I'm saying I will release this to the world unless you pay me. So I would say video game companies are likely to be targeted by these ransomware groups mainly because video games are likely to pay the ransom if you're able to successfully lock up their code and get their backups and lock up their backups as well.

We call it double extortion, where I've sealed up your code, right, and then not only am I saying pay me the ransom where you don't have access to it, I'm saying I will release this to the world unless you pay me. So I would say video game companies are likely to be targeted by these ransomware groups mainly because video games are likely to pay the ransom if you're able to successfully lock up their code and get their backups and lock up their backups as well.

And then finally, once they put out all the fires, they could figure out how did this attacker get access in the first place.

And then finally, once they put out all the fires, they could figure out how did this attacker get access in the first place.

There was actually a phishing message as at all you know, very often is it was. It was a phishing message to this it individual, to this person, the.

There was actually a phishing message as at all you know, very often is it was. It was a phishing message to this it individual, to this person, the.

Very person who had caught the intruder and pulled the alarm, and.

Very person who had caught the intruder and pulled the alarm, and.

You know, he clicked on the link and it take him to a web page, then a log and prompt to come up. He put in his credentials. They did not have MFA, so the attacker was able to get those credentials, then log in and quickly make other accounts and get off of that it person's account so they wouldn't notice. Social engineering works and it worked really well and it's why attackers use it so often. There are lots of other protections they could have had in place, but yeah, that was how the attackers got in, and then we're using the other accounts to worm their way through all of the servers and the whole environment.

You know, he clicked on the link and it take him to a web page, then a log and prompt to come up. He put in his credentials. They did not have MFA, so the attacker was able to get those credentials, then log in and quickly make other accounts and get off of that it person's account so they wouldn't notice. Social engineering works and it worked really well and it's why attackers use it so often. There are lots of other protections they could have had in place, but yeah, that was how the attackers got in, and then we're using the other accounts to worm their way through all of the servers and the whole environment.

Later in the episode, i'll share my conversation with David Adrian at Chrome about how leaders can defend their companies against phishing. But first Adam and I are going to unpack what this one breach shows about the cybersecurity risks that gaming companies face and what they can do to be more resilient to attacks.

Later in the episode, i'll share my conversation with David Adrian at Chrome about how leaders can defend their companies against phishing. But first Adam and I are going to unpack what this one breach shows about the cybersecurity risks that gaming companies face and what they can do to be more resilient to attacks.

Video games is a large industry and so they're all kinds of companies involved, and depending on the size and the type of game, you'll have very different levels of security, and that security will be leveraged at these different problems at different levels. Let me give you an example, with the rise of online gaming, so massive multiplayer online games, there is a huge incentive for these companies to prevent cheating. So you have these video game companies and they're spending millions of dollars and using the latest cutting edge technology AI to detect and defeat cheating on their games and their online games. They're leveraging all of this great technology to do that, and then on their corporate side, they don't have MFA to protect their main accounts. It is understandable that they focus on the anti cheating because that directly goes to their bottom line because if they're cheating, then players are going to go elsewhere, and there are other game companies that would love for that to happen. So it makes sense while they do this, But you have to understand you could have a breach that costs you millions, tens of millions of dollars.

Video games is a large industry and so they're all kinds of companies involved, and depending on the size and the type of game, you'll have very different levels of security, and that security will be leveraged at these different problems at different levels. Let me give you an example, with the rise of online gaming, so massive multiplayer online games, there is a huge incentive for these companies to prevent cheating. So you have these video game companies and they're spending millions of dollars and using the latest cutting edge technology AI to detect and defeat cheating on their games and their online games. They're leveraging all of this great technology to do that, and then on their corporate side, they don't have MFA to protect their main accounts. It is understandable that they focus on the anti cheating because that directly goes to their bottom line because if they're cheating, then players are going to go elsewhere, and there are other game companies that would love for that to happen. So it makes sense while they do this, But you have to understand you could have a breach that costs you millions, tens of millions of dollars.

You've said that companies shouldn't treat data breaches or ransomware attacks as part of the cost of doing business. Tell me a little bit more about that.

You've said that companies shouldn't treat data breaches or ransomware attacks as part of the cost of doing business. Tell me a little bit more about that.

I mean, I guess if you're a business, everything is the cost of doing business, right Like, everything is going to your bottom line. But what I mean, is there are things you can do today that will greatly lower the likelihood that you will have a breach. And you know, my whole job is to prevent breaches, So I think they're terrible. We should all leverage security against them. But it might be seen as you know, a risk worth taking or a cost of doing business, or maybe we won't get hit with an attack, and you know, maybe I want to spend money on making my render look that much better and the graphics look that much better, And I just don't see how security is hitting that. It's the similar thing many companies do, and then when they get breached, they really regret it. Because if you've been developing a game for three years, an attacker comes in and they're able to deny you access to all of your information, your source code, your art assets, all of that, and get your backups. You are in a world of hurt. That is a very bad position to be in, and the likelihood that you're going to pay the ransom is very high. I don't recommend that, obviously, my stance is not to pay ransoms, but.

I mean, I guess if you're a business, everything is the cost of doing business, right Like, everything is going to your bottom line. But what I mean, is there are things you can do today that will greatly lower the likelihood that you will have a breach. And you know, my whole job is to prevent breaches, So I think they're terrible. We should all leverage security against them. But it might be seen as you know, a risk worth taking or a cost of doing business, or maybe we won't get hit with an attack, and you know, maybe I want to spend money on making my render look that much better and the graphics look that much better, And I just don't see how security is hitting that. It's the similar thing many companies do, and then when they get breached, they really regret it. Because if you've been developing a game for three years, an attacker comes in and they're able to deny you access to all of your information, your source code, your art assets, all of that, and get your backups. You are in a world of hurt. That is a very bad position to be in, and the likelihood that you're going to pay the ransom is very high. I don't recommend that, obviously, my stance is not to pay ransoms, but.

Yeah, it's almost I can't imagine not paying it in that because if your whole entire company is at stake. It's the entire lifeblood of your company, the reason for its existence basically exactly.

Yeah, it's almost I can't imagine not paying it in that because if your whole entire company is at stake. It's the entire lifeblood of your company, the reason for its existence basically exactly.

It is literally your entire business. And so then you're going to want to start thinking as an organization and you try to say where are attackers being successful.

It is literally your entire business. And so then you're going to want to start thinking as an organization and you try to say where are attackers being successful.

So when you think of enterprise security for game studios, what are the most critical threats that you're watching out for.

So when you think of enterprise security for game studios, what are the most critical threats that you're watching out for.

You know, there are many threat or attack reports that come out or data breach reports that come out each year, artic Wolf as one as well, and if you look at these, you'll see the primarily attackers are success full in doing basically one of two things. Either attacking accounts so you can think user name, password, MFA, attacking that and getting access through that, or attacking vulnerabilities, so looking at the code, looking at the configuration of cloud software, SaaS software, whatever it is, and being able to exploit those vulnerabilities and get in. So if you can really look at this and say, how do I protect identities at my company and how do I make sure that we're patching and updating and not introducing vulnerabilities and misconfigurations. If you can do those things to the right level, you're going to protect your company and you certainly won't be the low hanging fruit where attackers will try to attack you.

You know, there are many threat or attack reports that come out or data breach reports that come out each year, artic Wolf as one as well, and if you look at these, you'll see the primarily attackers are success full in doing basically one of two things. Either attacking accounts so you can think user name, password, MFA, attacking that and getting access through that, or attacking vulnerabilities, so looking at the code, looking at the configuration of cloud software, SaaS software, whatever it is, and being able to exploit those vulnerabilities and get in. So if you can really look at this and say, how do I protect identities at my company and how do I make sure that we're patching and updating and not introducing vulnerabilities and misconfigurations. If you can do those things to the right level, you're going to protect your company and you certainly won't be the low hanging fruit where attackers will try to attack you.

What are some other ways that the companies can be resilient.

What are some other ways that the companies can be resilient.

If you want to get really technical, we can talk about shift left. In other words, you want to create games and systems that are secure, so you want to make sure you're baking security in from the very beginning, so when you're still like whiteboarding the design of what you're trying to do in the game, add a threat model to that process from the very beginning, thinking about how could somebody take advantage of this, how could it go wrong? And by the way, you can also add anti cheat in there at the beginning too and help solve that problem at the very beginning, so you're not trying to tack it on at the end. And then when you have your detection and prevention methodologies out there, they're going to be much more effective because the underlying system itself is resistant to attack and resistant to cheating.

If you want to get really technical, we can talk about shift left. In other words, you want to create games and systems that are secure, so you want to make sure you're baking security in from the very beginning, so when you're still like whiteboarding the design of what you're trying to do in the game, add a threat model to that process from the very beginning, thinking about how could somebody take advantage of this, how could it go wrong? And by the way, you can also add anti cheat in there at the beginning too and help solve that problem at the very beginning, so you're not trying to tack it on at the end. And then when you have your detection and prevention methodologies out there, they're going to be much more effective because the underlying system itself is resistant to attack and resistant to cheating.

Game developers are obviously digital first. When you think about the day to day work and collaboration that goes on behind the scenes at the enterprise level, I'm interested in how do workers collaborate. You're in an industry where you're working with people who are specialists and extraordinarily talented, but maybe like at one thing, and that guy lives in Aspen, and then you know the other guy lives in the forests of Oregon, and you've got to connect all of these teams in different areas. How do you handle collaboration across environments like that.

Game developers are obviously digital first. When you think about the day to day work and collaboration that goes on behind the scenes at the enterprise level, I'm interested in how do workers collaborate. You're in an industry where you're working with people who are specialists and extraordinarily talented, but maybe like at one thing, and that guy lives in Aspen, and then you know the other guy lives in the forests of Oregon, and you've got to connect all of these teams in different areas. How do you handle collaboration across environments like that.

Yeah, so it's an interesting question in security. We've been doing this for a long time, collaborating across time zones, using various tools, different SaaS, apps or other applications to collaborate and communicate. That means a lot of very sensitive information as being passed through these suites of software. And so if you can think of one thing, like the browser, so much work happens right in the browser, and many companies just don't think of the security of that particular piece of software. If we dig into that a little bit, you know, are you hardening that piece of software. Are you making sure that everyone's using the same browser so you can have the same type of security across the entire organization. Are you making sure they're not sinking personal accounts that can bring in different extensions that they're using at home that do backups or copy and now you have information going places you weren't thinking of. So really making sure that each one of those pieces of software is secured, especially the browser, is a really important consideration, especially if we're talking about companies that are collaborating, you know, with lots of remote employees and using software to do that. There is one third aspect to this, and it's actually illustrated by the story I told, and that is you've got to have a good security culture. You've got to train your people to be wary of social engineering attacks like phishing and be resistant to those. You know, you can have technologies to protect against it. But there's a reason why so many attackers use social engineering is because it's very very successful, because it's pretty easy to trick human beings.

Yeah, so it's an interesting question in security. We've been doing this for a long time, collaborating across time zones, using various tools, different SaaS, apps or other applications to collaborate and communicate. That means a lot of very sensitive information as being passed through these suites of software. And so if you can think of one thing, like the browser, so much work happens right in the browser, and many companies just don't think of the security of that particular piece of software. If we dig into that a little bit, you know, are you hardening that piece of software. Are you making sure that everyone's using the same browser so you can have the same type of security across the entire organization. Are you making sure they're not sinking personal accounts that can bring in different extensions that they're using at home that do backups or copy and now you have information going places you weren't thinking of. So really making sure that each one of those pieces of software is secured, especially the browser, is a really important consideration, especially if we're talking about companies that are collaborating, you know, with lots of remote employees and using software to do that. There is one third aspect to this, and it's actually illustrated by the story I told, and that is you've got to have a good security culture. You've got to train your people to be wary of social engineering attacks like phishing and be resistant to those. You know, you can have technologies to protect against it. But there's a reason why so many attackers use social engineering is because it's very very successful, because it's pretty easy to trick human beings.

If you're leading a gaming company, your entire product is software, and that product is constantly being accessed, tested and updated by your teams. The same goes for your IP designs, assets, code, marketing trailers showing new characters, new content, and it all lives online. So how do you keep your own accounts from being used against you?

If you're leading a gaming company, your entire product is software, and that product is constantly being accessed, tested and updated by your teams. The same goes for your IP designs, assets, code, marketing trailers showing new characters, new content, and it all lives online. So how do you keep your own accounts from being used against you?

So, if I'm a CSO or I'm in charge of security an organization. The number one thing that I would be focusing on is deploying strong, unfishable authentication to all of my employees.

So, if I'm a CSO or I'm in charge of security an organization. The number one thing that I would be focusing on is deploying strong, unfishable authentication to all of my employees.

That's David Adrian, a security product manager for Chrome.

That's David Adrian, a security product manager for Chrome.

I focus mostly on network security, but I help everything up and down the stack to make sure that we're building Chrome to be as secure as possible, from the application through the network to the cloud.

I focus mostly on network security, but I help everything up and down the stack to make sure that we're building Chrome to be as secure as possible, from the application through the network to the cloud.

When I brought up ransomware attacks and gaming, he picked up on account security and how important it is to plan for what happens when an employee account is compromised.

When I brought up ransomware attacks and gaming, he picked up on account security and how important it is to plan for what happens when an employee account is compromised.

Game assets or designs are I think the crown jewels that gaming companies are trying to protect, and so I feel for them in the situation and that they need to figure out like how do we make this run fast, how do we get access to everyone that needs it? But also how do we, you know, make sure that if someone bad gets in, they don't get everything. When things go wrong, they go wrong bad and you risk all of you your game assets getting encrypted and ransomwared. And in many industries, the high value accounts are sort of the administrators of the organization who might have access to create new users in the gaming industry, there might be a broader set of targets because any developer who can build the game likely has access to all of the assets for the game and able to get in and they get access, let's say, as anybody who has access to the underlying game assets, there might not even need to be a lot of escalation of privileges. Sure, if they get an administrator, they could create their own account, but if they get a game developer, they might just be able to walk away with all of the assets for the game by default, because the developers already have access to it.

Game assets or designs are I think the crown jewels that gaming companies are trying to protect, and so I feel for them in the situation and that they need to figure out like how do we make this run fast, how do we get access to everyone that needs it? But also how do we, you know, make sure that if someone bad gets in, they don't get everything. When things go wrong, they go wrong bad and you risk all of you your game assets getting encrypted and ransomwared. And in many industries, the high value accounts are sort of the administrators of the organization who might have access to create new users in the gaming industry, there might be a broader set of targets because any developer who can build the game likely has access to all of the assets for the game and able to get in and they get access, let's say, as anybody who has access to the underlying game assets, there might not even need to be a lot of escalation of privileges. Sure, if they get an administrator, they could create their own account, but if they get a game developer, they might just be able to walk away with all of the assets for the game by default, because the developers already have access to it.

And so we zeroed in on the moment when an attacker breaks into a company account through a phishing link.

And so we zeroed in on the moment when an attacker breaks into a company account through a phishing link.

The most common sort of attack factor is still phishing. It's not too hard to find who's working for some company and then try and figure out what their email is, and once you know their email, you can try and start phishing them.

The most common sort of attack factor is still phishing. It's not too hard to find who's working for some company and then try and figure out what their email is, and once you know their email, you can try and start phishing them.

I think I had somebody tell me once that teaching people to not get fish is like teaching them not to fall in love. It's never going to happen.

I think I had somebody tell me once that teaching people to not get fish is like teaching them not to fall in love. It's never going to happen.

I would flip it around a little bit and say that trying to solve phishing with like phishing training fake phishing emails. That type of thing. Even if it works ninety nine point nine nine percent of the time, the point zero one percent that it doesn't is enough for everything to go wrong. Right, We've seen one phishing attempt that succeed have impacts on everything ranging from gaming companies to elections, and so, sure, you can try and like get your employees to hide their emails, you can append random digits to their emails, but at the end of the day, eventually something's going to leak and someone's going to get fished.

I would flip it around a little bit and say that trying to solve phishing with like phishing training fake phishing emails. That type of thing. Even if it works ninety nine point nine nine percent of the time, the point zero one percent that it doesn't is enough for everything to go wrong. Right, We've seen one phishing attempt that succeed have impacts on everything ranging from gaming companies to elections, and so, sure, you can try and like get your employees to hide their emails, you can append random digits to their emails, but at the end of the day, eventually something's going to leak and someone's going to get fished.

So let's talk about phishing protection. Obviously, these people are going to get spearfished. It will happen, So what are some of the protections available to them.

So let's talk about phishing protection. Obviously, these people are going to get spearfished. It will happen, So what are some of the protections available to them.

So the good news is that we have effective solutions against fishing. I think if I were a CSO or a CIO, like, the number one thing that I would be doing is deploying strong, unfishable authentication. And while that seems kind of straightforward, like let's just authenticate the people that work for me and make sure they work for me, that is probably most of the challenge for a lot of security engineering teams is making sure that that can happen. The easiest context to deploy them is web browsers for enterprise users, where you have this source of truth where you can say, hey, I know what all my employees are. I'm going to ship them all some sort of token to plug into their computers, making sure that every work application that every employee goes through has to use one of these authentication methods and does it from a managed browser. And so if you can deploy those authentication methods and you can make all logins only go through a web browser and only use those authentication methods, you solve phishing. With Chrome, enterprise premium organizations can access a centralized enforcement point for all of their endpoint security in controls. This allows for endpoint visibility across the entire enterprise network. IT and security teams can deploy advanced security capabilities like advanced DLP, like context A wear access controls, and then you can get in depth reporting for all of those features and so deploying stronger authentication that can actually be more user friendly when done right, in the sense that it lets people act how they would naturally and not have to try to treat every email adversarially like it might be a phishing email. Because with the right authentication, they'll actually be protected by default, so if you send them a fishing link and they get tricked by it, it doesn't matter and the login won't work for the attacker.

So the good news is that we have effective solutions against fishing. I think if I were a CSO or a CIO, like, the number one thing that I would be doing is deploying strong, unfishable authentication. And while that seems kind of straightforward, like let's just authenticate the people that work for me and make sure they work for me, that is probably most of the challenge for a lot of security engineering teams is making sure that that can happen. The easiest context to deploy them is web browsers for enterprise users, where you have this source of truth where you can say, hey, I know what all my employees are. I'm going to ship them all some sort of token to plug into their computers, making sure that every work application that every employee goes through has to use one of these authentication methods and does it from a managed browser. And so if you can deploy those authentication methods and you can make all logins only go through a web browser and only use those authentication methods, you solve phishing. With Chrome, enterprise premium organizations can access a centralized enforcement point for all of their endpoint security in controls. This allows for endpoint visibility across the entire enterprise network. IT and security teams can deploy advanced security capabilities like advanced DLP, like context A wear access controls, and then you can get in depth reporting for all of those features and so deploying stronger authentication that can actually be more user friendly when done right, in the sense that it lets people act how they would naturally and not have to try to treat every email adversarially like it might be a phishing email. Because with the right authentication, they'll actually be protected by default, so if you send them a fishing link and they get tricked by it, it doesn't matter and the login won't work for the attacker.

To learn more about how the most trusted enterprise browser can help protect your organization, visit Chrome Enterprise dot Google. Next time on Security Bookmarked, i'll talk strategy with jf Lego, Deputy Chief Information Security Officer at JP Morgan Chase.

To learn more about how the most trusted enterprise browser can help protect your organization, visit Chrome Enterprise dot Google. Next time on Security Bookmarked, i'll talk strategy with jf Lego, Deputy Chief Information Security Officer at JP Morgan Chase.

So it's really how do you think through the awareness for people with the most common types of attacks, but also how do you turn your entire workforce into early detection sensors.

So it's really how do you think through the awareness for people with the most common types of attacks, but also how do you turn your entire workforce into early detection sensors.

Security Bookmark is a podcast from Bloomberg Media Studios and Chrome Enterprise. Subscribe in your podcast app so you don't miss our newest episode. Kate Fazzini, thanks for listening.

Security Bookmark is a podcast from Bloomberg Media Studios and Chrome Enterprise. Subscribe in your podcast app so you don't miss our newest episode. Kate Fazzini, thanks for listening.