 In an age where bites hold more power than bullets and clicks can cause more chaos than clashes, the reality of our digital world is both awe-inspiring and terrifying. Consider this, every 39 seconds a cyber attack strikes. That's right, cyber crime has turned into a trillion-dollar industry, eclipsing even that of the drug trade and profitability. These criminals prey on our digital ignorance, with 90% of attacks originating from our own human error or lack of action. Good morning, good afternoon, and good evening to our virtual global audience. My name is Steve Remi and I will be your moderator for today's webinar entitled, Automated Cyber Risk Management to Achieve Digital Age Resilience. I'm the founder and CEO of Eight Degrees East, a strategic advisory company based in Switzerland. Eight Degrees East is also a UPU consultative committee member and I serve as the co-repertor for the freight and transport thematic chapter alongside Lars Carlson of the Global Shipping Company, MERSC. Today, I'm joined by a diverse panel of experts in this domain. Allow me to please introduce them. Ms. Rasha Al-Abdali. Based in Muscat Oman, Rasha oversees the development of national policies and standards for governing the IT industry in Oman, providing guidance and consultancy services to government agencies, as well as conducting research on new technological trends. Rasha is also a member at the National Task Force for managing national risks of critical infrastructure services. Welcome Rasha, thanks for joining. Hi Steve, hi all. It's a pleasure to be today with you here in this panel and we wish we have a fruitful session of the end discussion. Thanks. Mr. Massimiliano Ascii. Based in Rome, Italy, Massimiliano has been leading research and innovation activities in cybersecurity for post-Italian, the largest infrastructure in Italy, which is active in the areas of post and logistics, as well as financial, telco and insurance services. Massimiliano currently chairs the DotPost Group, DPG, at the Universal Postal Union, which governs, steers and develops the DotPost sponsored top-level domain name. Ciao Massimiliano, great to have you. Thank you very much. Welcome everyone. I'm really happy to be here with you today and the topics we will discuss I think are very interesting and it's our current problems. So I'm very excited and let's start discussing. And Ms. Terry Roberts. Based in Washington DC in the United States, Terry is the former deputy director of Naval Intelligence, Office of the US Chief of Naval Operations and an executive director, Carnegie Mellon Software Engineering Institute. He is a global cyber intelligence, risk and national security executive, and the current founder, president and CEO of White Hawk Inc. As well as an expert advisor for eight degrees East. Welcome Terry and thanks for agreeing to such an early start. I love this international panel. This is wonderful. Great to be here. Our goal today is to be solution oriented. We want to deliver to the individuals and the organizations that are tuning in the following insights into establishing a robust cyber risk baseline. Understand action plans aimed at mitigating key vulnerabilities continuously. And thirdly to strengthen overall cybersecurity posture and ensure operational continuity. We will achieve this through an interactive discussion today, based on predefined topics and questions. We have an hour and a fair amount of topics to cover, but if we can, we will answer some select questions from our viewers time permitting. If we do not have time, we still urge you to pose the questions in the chat. And if we have your email coordinates, we will revert to you and writing with responses and do course following the webinar. That said, let's get started with our first question. The first question or topic is, can next generation technologies effectively address the challenge of cyber threats in the postal sector, considering the complexities faced by both large and small operators. Massimiliano, this was was your topic. If you could give us a couple of points of color that'd be great. Thank you very much Steve for the opportunity to talk of this topic because since few years, the postal sector has been affected by many cyber attacks, which has been led by cyber criminals because probably they found this is profitable. So, as there is an economical motivation, basically behind these attacks, we believe this will not stop and will come again and again and again. So this is a real issue as especially when considering that probably the response of our industry is still not at a weight to the to the threat. And for example, when talking about vulnerability management, that could be particularly effective mitigation measure to this phenomena. This is a particularly challenging, particularly challenging issue, both for large operators and for the smaller ones in less developed countries for different reasons, obviously. The larger ones are facing huge complexities, IT architecture, very extended attack surface. Our services are particularly vulnerable also. This is lacking processes in vulnerability management, especially and the smaller operators have instead to face skill gap issues and the budget issues. So both would need the support of something different. We need to really to react to the situation and we are just trying to understand if we could leverage on next generation technologies really leverage reliable technologies that would be able to tackle this challenge. So this is what we asked to the to the market. No, is there a possibility to face these challenges. What do you think about this very, for example, very. So I've had the luxury of, you know, being at the center of next generation capabilities, you know, for decades, and especially since 2009. There's a possibility to dig in to thousands of software based SAS based, you know, a ML based technologies and services. And 20 years ago, we weren't there. Even 10 years ago, we started to have the capabilities, but they weren't proven at scale. And I can tell you that now, the last five years after billions of dollars in R&D in university startups and spin offs in a global pursuit right of resilience in the digital age that we now have a portfolio of technologies that can and and and this is the difference. They can automate obviously manual processes. Okay. But they can also come at the challenges in a totally different way. Using big data using mathematical algorithms right using software based implementations that can be remote and be updated. So even though your sector is as complex as the energy sector or as any other sector right that is global international interactive cooperative right. This is the only way that you're going to become resilient because you can't throw enough manpower at it. Right. You can't. This is moving at the speed of software and you can't throw enough money at it and we don't have limit limited limitless resources. So it is only by piloting and implementing these next generation capabilities and I'll go into some of the more specifics later about what some of the approaches are. But if you're not using them, you're not resilient and you're wasting your valuable resources. This is very fantastic news Terry and it is very interesting to to learn that there's a way to demonstrate on the field the effectiveness of these technologies and this means probably we exciting times are coming. They're here. They're here. Russia. Any comments there? Well, as they mentioned, like the the technologies are developing and evolving, especially nowadays with the AI and the big data. The learnings of the threats and the database is expandable, you know, and that we could address the issues there. We just need to make sure that these technologies are well configured, you know, to to to align with the organization security policies as well. I think we can we can utilize and optimize the offerings of the next generation solutions. Perfect. Talking of AI and machine learning that brings us to the next topic. Topic two, how close are we to achieving 100% reliable, transparent and cyber attack proof AI ML technologies for affordable automation in the postal value chain. Massimiliano again, you want to sort of set the stage here. Thank you, Steve. This topic is really touching me because I really believe these new technology are so promising as they would enable probably the to automate all a set of operations which are particularly heavy for for the operators. And if this kind of automation would be able to be affordable, you know, so that everyone could be able to to to bring this technology in, I would say, and this would surely help to fill the gaps between the most advanced operators from a technical point of view and the less advanced ones and the gap is huge. And this is a very big problem, because we are working in the same value chain, and we are strictly interconnected, one among the others. So, if these technologies would help to address this issue, this would be fantastic. At the same time, we need to be sure that these technologies are reliable enough as researchers showed up that these technologies can be sometime vulnerable, no, itself. So, how could we be sure now that this is safe enough, secure enough when using it for cyber defense. This is very important. And last but not least, we need these systems to take quick decisions, because they can see things that human beings are not able to see. And of course, we need to be quick and take many decisions at the same time, but at the same time, maybe after a while, we need to verify these decisions, no, and to understand why this decision has been taken. So we need transparency, explainability to be particularly developed. Are these technologies mature enough to grant such that such requests are satisfied? What's your thoughts about that, Terry? Well, I do think it's funny because, of course, in the news over the last year, you know, advanced AI has, you know, taken over. But I took my first course in AI in 1985 in graduate school, you know, AI and machine learning. And at Carnegie Mellon, the first school of machine learning was established in the early 2000s. So, and I saw one of their first major experiments called NEL, Never and Ever Learning. And so we have been working on all of this for a long time. Today's, you know, capabilities are not the result of an overnight, you know, technology advance. But to explain a little bit about where we've been and where we could go. So traditional cybersecurity, right, as Amos said, is based on, you know, the number of controls, the audits, the checklists, the foundations, making sure that the best of breed frameworks. And then it has been very additive. You keep adding technology and you have this complex technology stack. Okay. Well, for 10% of the world who have, who are big companies or big government organizations who have resources, then, you know, they have that. But the other 90% often don't have anything but best practices. Okay. And they don't even have in-house talent. So it's by using these proven AI-based, big data-based cyber risk and threat monitoring, both inside the networks, across your operational technologies, and from a hacker perspective, that you can have a 360 view of your risk and threat continuously and then mitigate the highest priority risks. That's where we want to get to and we have the capabilities and they are affordable. Great. Great. Thank you for that. And we have really high hopes and we are also very excited. At the same time, you can understand that we need to have evidences and when collecting some kind of information like the ones you're giving us today, this is very interesting to us. Thank you very much. I just would like to comment about Steve's question, one he mentioned, how close are we to achieving 100% reliable across the cyber attack pool? Well, I would like to say that there is no 100% guarantee in this program. Anything is hackable. It is only about how much delay we can make for it to happen and how fast can or does it take us to respond to it? Even if you have the best technology solutions in the world, people are the weakest point and in AI cases, if no proper data sets and algorithms are configured, anything could accidentally happen. That's why in the GRC domain we always talk about reasonable assurance and that's something to make it very clear to all people in the postal services that if we would want to embed security and cybersecurity controls, we need to have that kind of percentage where we will be hackable but we need to be ready and we need to be resilient about it. Yes, so Rasha, I would like to build on that. The way I look at it is, if you're doing the monitoring, the prioritization and the key risk mitigation, then when you have an event, you're going to be able to operate through it because the crown jewels are protected, right? And you see it almost immediately as opposed to it happening over a period of time and your operations are brought to their knees. Exactly. Great. Moving on, another fun topic. This should spark some dialogue for sure. What measures should the postal service organizations undertake to combat the growing threats of ransomware, phishing, and social engineering, considering the potential implications of data breaches and financial loss? Rasha, this was your topic, so maybe you want to tee this one up a little bit. Sure. Well, organizations need to take proactive steps to be ready for tackling these security threats. They need to have effective incident handling response process and right resources to conduct and prevent those attacks from happening. They need to have clear escalation metrics for reporting attacks that mark as high severity and have it properly communicated to the respective stakeholders. So when attacks occur, they ensure reporting is done through the right channels and decisions are made for handling attacks can be timely made. This is very important and especially as Terry was mentioning, we cannot focus on everything. We need to focus on the high risk threats and because every organization have scarcity of resources and budget. And I think we need to focus more on the on the high impact and high risks. We need to have clear strategies in place for handling such attacks based on an agreed risk appetite set by the top management, especially when it comes to ransomware. They need to understand, you know, before they get into the attacks, you know, they need to plan ahead that if we have a ransomware, how are we going to handle that they need to have data classification in place, so that if ransomware is not in place and the data that is, you know, controlled by the ransomware is, is really very critical to the organization what decisions can be made. Do they need to pay for that ransomware? Do they not need to pay? How they would react to it? That's needs to be, you know, a pre, you know, planned ahead. A lot of attacks are expected to happen. So an organization needs to be ready, you know, in advance for such attacks and they need to understand what kind of decisions and who are the people in the organization who can make the decisions for that. They need also to have an effective security awareness program for their employees, for the management for the technical teams and end users as well as security, you know, campaigns for their clients to indicate about the several types of threats and what impact can they bring and how to avoid them and what is dealing with them when the attacks take place. They need to have proper data classification. I mentioned that. So this is all is important to do it proactively so that you can ensure, you know, resilience, and you ensure that you can really properly handle such attacks when they really occur. So I think Russia has shown the complexity of the requirements. And with our risk and threat and solution data partners, today, whole industry of risk and threat monitoring and risk assessment capabilities can do a comprehensive assessment on any legal organization in the world within 48 to 72 hours. But what's most important is within that assessment and right this is this is not on premise. This is not intrusive. These are capabilities that banks use today for business clients and insurance groups use today for cyber liability insurance underwriting. And within the assessments, you can dig into the compliance across 80 different frameworks, the maturity of the organization, the key risks that they have and provide a prioritized action plan. And again, it's automated, it's using big data, it's using AI and ML. So what this does is it arms that organization with this information in a very digestible and understandable and actionable way so that they can get at right. Their top vulnerabilities. Okay, so that gets you kind of to here. Okay. For the specific Steve the specific issues that you brought up here, we have found in the thousands of assessments that we have performed globally that often it gets to basics. Okay, automating patch management is like one of the number one issues, right, and it prevents a merry out of all vulnerabilities. And the other one is cybersecurity awareness training, because I think as you mentioned, the statistics are that about 90% of all cyber events are the results of human actions. Okay. So, and here's a technology again, there are a whole portfolio of great online courses companies programs right of all different price point levels to be able to implement effective annual cybersecurity awareness training. That's focused on your industry that's focused on is on what's been happening to your industry, and that combined with the automated risk assessment can help prevent or mitigate the impact of all of these high risk events. That's fantastic. I totally agree with both of you. And I would just stress that still information and training is needed here and technologies have produced particularly good results encountering these these threats also in the past that we still need to switch from reactive to proactive. Absolutely. Yeah. Okay. We're actually making good time here which is great. So, you know, Switzerland would be my adopted country would be proud. Two more questions topics and now we're moving more into the the policy and governance area. So, the next topic is how can postal services ensure consistent security policies and data protection across the supply chain, considering their complexities of integrated and semi integrated systems. Again, Rasha, if you could maybe give a little bit of an intro there. Sure. This is very important because if you're doing a really great job, but you are integrated to, you know, other organizations and, you know, stakeholders across the supply chain and they're not doing a good job. Then it's all compromised. So it is very important that to have third party security policies in place that has to be integrated as part of the outsourcing and middle management process for the for the postal organizations. They need to ensure that the security policies are well reflected in their contracts with the various external stakeholders across the chain to ensure that data is protected and data protection controls are implemented and attacks are well communicated and handled when they occur. It is also very important that they need to set a proper SLAs that guarantees the acceptable levels of availability of their services. They need to conduct regular auditing and security assessments to ensure the vendor compliance to security requirements, especially those set by regulators. Terry mentioned a few minutes ago about the automated risk assessment, you know, and the auditing. It's wonderful. But also when you are integrated with other vendors, suppliers or other clients across the supply chain, you need to ensure that you have the ability to check their compliance as well too. So one of the best practices is that when you sign a contract, you need to make sure that you at least embed as one of the conditions, your ability to audit that vendor or the integrated service at least with a certain external stakeholder. Excellent. So I agree 100%. So one one thing we tell all companies and organizations to do is do an assessment of your crown jewels. Okay. And, and UPU as an organization, right, because you're the same sector, you share a lot of the same crown jewels across yourselves. And what that helps you do is to then prioritize the resilience of the crown jewels so that if someone breaks in, they can't get to those right, you can you can operate through it. And the continuum that we have put in place as a part of our cyber risk program recommendations for every organization is the continuous monitoring the prioritization of the vulnerabilities. You can focus at least once a year pen test to validate those vulnerabilities and again, this now can be done remotely through software based capabilities that are half the price of traditional pen testing. Okay. And then if you're a really large complex organization, you might want to have a red team. Okay. You take all of those findings, and then you make sure that your policies and your programs are focused on what are the issues that you have found. Okay. And then you brief your executive team, excuse me, at least quarterly on how you're doing. Okay. In English, meaning in non cyber language, right. Okay, to make it so that then you can say I need the resources to do this. Okay. And, and you need the whole executive team buying into this that being resilient to online crime fraud and disruption is a core part of your business and your organization. Finally, you can then do once a year. What Russia was talking about which is an exercise it exercise who's in charge. What's your communications plan. Do you have someone on speed dial to come in for response. Right. So it's a continuum, and it's continuous. Okay. And then you base your policies on the results of all of that. Oh, supply chain. Sorry. So the risk assessments that I'm talking about both business risk and cyber risk business risk being financial organizational leadership. Okay. Are are all automated commodities that you can buy today. So if you go to my website, because I don't productize, there's under innovative solutions mapped to the Gartner categories you can see exemplars of the type these types of next generation solutions and they're global. Okay. That can address the different areas to include supply chain risk and by the way, you can just do an annual business risk cyber risk if you can't afford a continuous approach. It's a very, very interesting discussion. I also would like to add to the discussion to stress that the upu at upu we develop standards. We develop proper standards for cybersecurity. In order to guarantee consistent methodologies to be adopted across the sector. At the same time, these standards should have been should not be bureaucracy, but smart, smart standards, adaptable standards, which would be to anyone would like to adopt and according to different budget cultures and needs. In time, I believe that technology also here can support a lot as Tracy told, and we need to push on integration among different systems system integration is very critical in my opinion and interoperability is the key for efficiency. This is a very important information exchange. Last but not least, I would say that also the dot post group as a mission delivers security services for the community. And this is one way we're trying to adopt to support this process, the process you are predicting by delivering a possible services services that are available on the market of course. And rely on when delivering your own digital services. So this could be one way or at least one possibility to improve the situation. Excellent. Russia, did you have a follow. Well, I think we would cover the most points and I think it's very important that you don't work in silos with comes to building effective security, you know, a program for organization or services, especially in the, in the postal services because you are working with so many with the network and you need to make sure that you know there's a harmony between what you do and what others are doing. And the collaboration is very important building a working within a framework and collaboration is very important awareness across the chain is very important. I believe, you know, it's a shared responsibility. If we would want to make sure that we achieve the continuous resilience of our services. You know, one recommendation that I've been making past few years, especially to great organizations such as yourselves and through a mechanism like dot post is providing services of common concern. So, even you were talking about suppliers, especially regionally you may share a lot of the same suppliers. So why should each individual organization do a pay for a risk assessment right. Why not do it once, right, and then share it across the members. So therefore with limited resources, you can have an effective supply chain risk program in place. But, you know, and I'm volunteering you ask me, you know, you can have it in one place and then have benefit same thing with some of these next generation technology solution licenses right. The prices go down exponentially with volume. We expected this so yes, we are very happy to explore these opportunities. Yep. And, and I mean like it goes from $1000 a risk assessment to $200 a risk assessment. Do you see what I'm saying. It's, it's dramatic because take advantage of that it's software based. So, so things like that I think, and you can pilot right so you can one one member or a couple of members can pilot a capability together show the impact across up you and then others can decide. Ah, do I do I want to leverage this capability. Is it the right thing for me. Excellent. Yep. Great. Let's move on to the final topic. Which is how can postal services ensure effective business continuity in the face of digital transformation, especially in critical areas like medical and financial services while mitigating risks and ensuring stakeholder communication and testing mitigation plans. Russia. You want to get a little bit on that please. Sure. This is very important topic, especially nowadays when we talk about in the latest up forums and and conferences they we have entered the the the domains of delivering products not just normal packages but we're talking about medical services we're talking about financial services and these are very critical services. We're delivering life, not just packages, and it's very important to take a business continuity seriously and and put the right measures and how how do we how do we ensure we have effective business continuity, you know, in place. First of all, postal services need to conduct. First of all, there is a homework that needs to be done properly which is conducting business impact analysis to identify critical services that need to be taken good care of. That helps in setting the right priorities for building sufficient mitigation plans and required RTOs RTOs and how much amount of time can we, you know, can we afford to to to get our services, you know, recover how amount of data is data loss is acceptable so if we get to to really what are our actual, you know, critical services, and we prioritize them and then we focus on that that helps us really to to to have accurate plans in place with the right measurement of of what are the acceptable you know, RTOs and RTOs. We need to have proper information assets inventory in place to identify all valuable assets for those critical services such as network devices and systems, which will require active backup implementation plans and tests. This is a very important step, and they need to identify the emergency teams who will be involved in activating the business continuity plans, communicate them well and keep them up to date along with their contact details. Having the right plans in place the right people who are competent to to activate and execute these plans is very important to step, but we need to have them always up to date and we need to have all of the, you know, the details of those people. So that whenever there is a, you know, an incident or there is a disaster happening, you know, we can, you know, put things in timely manner to recover our services. It is very important that we have the process service to have regular tests, you know, conducted and test results need to be reported. This will ensure any failure is addressed and weak points are rectified. So, the right controls are always there and they're effective. It is very important for ensuring business continuity to have redundancy mechanism in place so that availability doesn't get affected. This includes having disaster recovery center ready and equipped to take over running the critical services. I think these are very important steps and points to be considered if we or any, you know, post service organization needs to build a, you know, an effective continuity continuity process in planning in place. Absolutely. So, I would think, because many of your organizations have been, have existed for decades or longer, that what we forget is our architectures have evolved. Right. They weren't designed yesterday and built just yesterday. Right. They've evolved, you've added things, you've changed things, right, but you still have a lot of legacy hardware and software. So, for Rasha's points, I always recommend an architecture review, but mapped to your business functions. Okay. So that you have visibility of this function is reliant on these databases on these business applications on these communications or relay systems or these operational technologies. So with that visibility, then you can make decisions of how you want to migrate to a next generation architecture over time by design. So for instance, sometimes I tell people don't spend money on cybersecurity. If you, if you have software, especially business applications that are more than 10 years old, just buy updated software, because old software, all the windows and doors are open. And you won't have business continuity because they can take down that business function very easily. Okay. Another cloud provisioning. Many older organizations have their databases on premise, right, on old servers. And it can be a lot less expensive and much more resilient with the right next generation cloud provisioning. Okay. And they are doing better security than you're doing on premise. And then Rasha's point on asset management. Because the architectures have evolved, a lot of times you have shadow it that you don't even know exists, because you've forgotten about it, and you don't have visibility into it. And that's another backdoor for criminals. By the way, with these cyber risk outside monitoring, we can discover all the shadow it, and then you can bring it down by design and close that all of these things are central to business continuity. And so the last point is, if you're giving it to your IT people, or your engineers, and the business or the organization's leadership are not involved in these conversations, then it's not being done effectively. Because many times the technical side of the organization that it doesn't understand all of the pieces of the business functions and operations. It's a joint conversation. It's something you have to do as a team. Thank you very, very interesting. Also this topic is critical because why do we need a business continuity in the postal sector, especially when considering the many sizes of the companies operating all over the world. First of all, we have to remember we are not just delivering postal and logistics services, but we are a point of reference for citizens. And we are delivering many kinds of services other than the postal ones, which are considered still considered very important in many countries, but you can imagine some of us are delivering the pensions and are delivering universal income services. So people needs our services because we are also still also not thinking about business only, but to deliver services to the citizens too. That's why business continuity is particularly relevant. At the same time, you should consider different budgets and availability. There are countries which struggle to understand how to, how could they implement. So there's a strong demand for both kind of operators and countries to reduce costs of implementing and operating business continuity solutions. This is one request for the market. It's a very strong need and I believe we can do a lot here. There's a lot of things we could do. Cloud services, platforms and infrastructures are probably one of the best options for low budget solutions because these are particularly costly, but at the same time cost structure is particularly flexible. You can turn on and off the services as needed. So this is one way, one possible approach. I think that's a really good point about the, you can turn it on and off, right? Yeah. And this also came back to what was the saying that you said before we went live that cyber is a team sport. Cyber security is a team sport. So this whole point, and I've seen this many times in the corporate world where the IT don't talk to the executives and vice versa. It's a recipe for disaster in the end. I mean, I mean, in many ways, executives and managers have aggregated the responsibility on this because they see it as technical. And we don't do that with finance, but financial risk everybody owns. Well, cyber risk everyone needs to own. Yeah. Very good point. We are at nine minutes left in the in the webinar, which is perfect because I would like to so we can end on time. This has been a great discussion and I think that a lot of fantastic ideas and and areas to explore for for the people that are listening has been shared and is available following this. And I would invite you all just to give a couple of minutes quickly, final thoughts. And then I will conclude this. So, Rasha, if you would like to go with a few closing remarks from your side, please. Well, I will start from where you ended. Again, I stress on that security is a team sport. It's very important that we identify all of the stakeholders who are very important to our business. And what are the critical services that we are handling what are the valuable assets, you know, that are part of the services and then build a complete strategy in line with the business objectives. This is just to ensure the proper governance of where what we really need to protect is really important to the business and to our services. And we need and all of everything else is just around that, to be honest. We need to to direct our investments toward that. We need to direct all of our security projects toward that as all of the efforts all of the trainings and awareness has to be around that so that we don't invest on the wrong place on the wrong direction that the business is on the other side, and we are on a different side This is very important. If we really want to do security properly to keep the business up and running. Excellent. Thank you very much. Massimiliano, a few words. I believe the time is up for the postal sector is not anymore the time to wait for things to happen. We have to be proactive. We have to do something concrete to counter the cyber threats that we are raising every every day. I would say, we are not sharing ideas, experiences, we are not exploring the market. Seriously, my opinion, we are not. This is based on evidence is the evidence is are the cyber incident, which I could read on. And every time I see the same scheme as for example, being applied to the players or the postal sector. This is terrific. We should share information we should operate as one, we should exchange information we should leverage on high tech in order to fill the gaps and to raise level up the overall cybersecurity level of the entire value chain because we are operating as a one. And these must happen also in the field of digital services so it's time to act and we are here to sustain this process, this maturity process that we need to happen really to happen. Thank you, Massimiliana. Excellent. Terry. Yeah, when I when I meet with sectors like yours that are global and complex and have a combination of it and OT. And their sense and their business functions are sent and continuity are central to our world. Okay. I always get the feeling from everybody that you're overwhelmed and rightly so, right, you're drowning in everything that you have to do, and the importance of doing it right. And the reason that I have focused on cost effective scalable automation and technology solutions is because it's the only way to lift that burden and make each organization effectively identify prioritize and address the risk of digital age risks. And I need everyone who watches this program to have a sense of urgency of getting this done, because when you are hit. It can bring an organization to its knees. It can cost millions of dollars. And we're giving it all to the bad guys. You know, that's, that's the other thing I hate. We're making the bad guys rich. Okay. So, with your limited resources, you want to put them as Sasha said, in the right place. Okay. So I have a recommendation. UPU do a risk based a risk assessment on every entity in UPU share that individual risk assessment only with the individual organization. Remember, these are, you can buy them, right. But then there are portfolio analytics across by sector sub sector region size that can be shared with the whole organization right no names, just the regions the size the sub sector. Okay. And then through dot post you can you can learn, what are the key, the top three issues, right, that we're seeing based on real data. And then what are the services of common concern that you might want to put in place to address those issues. I'm telling you, within 90 days, you will see improvements, because you will arm everybody with a different perspective on themselves and something that is understandable and actionable. And then you can decide what else you may want to do over time. Well, we're almost out of time. A few comments from my first from my side. First of all, I want to thank the three of you for taking the time and really creating I believe a very rich and insightful webinar. I think on the back of this, you know, there are follow ups for anybody that's listening and anybody that we talked to after this, because the, the situation is real. It's increasing. And an action needs to be taken. I've seen this in any different guys is throughout my corporate career as well and I've seen that today at an increasingly high rate. So we wanted to we wanted to come up with solutions today and propose solutions and steps for the for the viewers. I think we've done that. But more importantly, it's now the onus is on on the owners locally and internationally to reach out if they have questions, comments, if they if they need support supports there. And this is this is the goal of the consultative committee is really to bring this public private partnership, the best and breed in different areas to to be able to to raise everybody's game. But more importantly, as we're talking about cyber security to to guard the assets that we work every day to bring a better value to to our constituents, which are the people that we deliver to. So thank you again very much, everybody. I hope that this was as as as joyful for you as it was for me. I wish you a great day. Take action and be safe. Thank you very much. Thank you.