Inside Cybersecurity's New Arms Race with Vladimir Krupnov and Blake Darché

Wow, that is a lot to unpack. That sounds really scary for organizations. Basically they create the fake applicant profiles, including fake LinkedIn profiles, fake CVs, and once they get into the company, then they exfiltrate the data. We've worked with Microsoft on several disruption operations this year targeting millions of people trying to steal credentials. There should be a stronger push for more proactive measures, especially in the age of AI. Why can't we be more proactive here? Welcome to the Connectivity Cloud Podcast, the podcast that provides expert insights into the cloud and IT landscape. I'm Marc Dembo and each month we'll explore key topics like scaling secure infrastructure, tackling emerging risks and staying ahead of the latest trends. Whether you're managing multi vendor environments or navigating cloud modernization, this is the show for you delivering practical advice for today's decision makers. Hello and welcome to the Connectivity Cloud Podcast. Your trusted source for insights into the latest trends, strategies and technologies shaping cloud security and infrastructure. I'm your host Mark Dembo and today we have two incredible guests joining us. Vladimir Krupnov, Threat Intelligence lead at Revolut and Blake Dashet, head of Cloud Floors one and Threat Intelligence at Cloudflare. Vladimir leads Revolut's global threat intelligence functions focusing on emerging threats, fraud infrastructure, social engineering and disinformation campaigns. He's a seasoned expert in turning threat signals into actionable intelligence, enabling real time cybercrime disruption. Blake, with nearly 20 years in information security, currently heads Cloudforce One at Cloudflare. He leads a team of dedicated to monitoring, analyzing and responding to global cyber threats. Blake is also an active investor and advisor to several cybersecurity startups. Today we'll dive into the evolving landscape of cyber threat intelligence, the role of AI in cybersecurity and how cloud platforms like Revolut and Cloudflare are leading the way in defending against emerging global threats. Vlad, Blake, welcome to the Connectivity Cloud Podcast. Thank you. Hi Mark, awesome meeting you. I want to get to know you a little bit better and also for our guests listening. Vlad, you built a great career in cybersecurity. From digital risk protection to leading threat intelligence nowadays. What in inspired you to actually go down that career path? Yeah, to be frank, I never wanted to be in threat intelligence. It's not like, yeah, it's like I want, I want to come to UK and be threat intelligence. No, it's not that way. But I think when I just started my career in cybersecurity in my ex company, which I'm always will be very grateful for all the Experience I get, I started, it's kind of broadened my horizons a lot. So I started, I was focusing on the web intelligence collection and automating these things. And I was just looking around like, oh, this does exist. This breach happened. There are some accesses being sold by that guy. And it was kind of clear like how they got it right, because it's vulnerabilities, there are zero days. But I was thinking, why? So why it happens, right? So why particular this person, this region, why there is this supply chain, why it's being, for example, something is being sold for X. So originally in my first education, I'm economist and I was really kind of interested in, okay, what's, what drives this economy, right? What, what is the key drivers here. And I think threat intelligence, that's what was obviously that's kind of the. Was the way to go, right, Because I had to, I had to dig in further and further. And it was absolutely fascinating journey, the start of my career before I just decided to go to banking like some people do. That is super interesting. Really interesting journey. Blake, you've been in this industry now roughly two decades. How are you still passionate? Where's that passion coming from? Just deal with this topic and stay with it. Yeah, sure. So I tend to be engaged on this topic from, you know, just trying to figure out how to help people defeat different attacks that might be happening around the Internet. And so I think I kind of look at it as a kind of a mission to stop different threat actors. I think in the case of like some of the Russian operations on the Ukraine, you know, there's a lot to be excited about there. You know, when you're able to on a daily basis work to stop the Russians from, you know, hacking into the Ukraine military and Ukrainian citizens in their country. You know, a lot of people can get behind that mission. I'm not European, but, you know, on the other hand, I don't think Vladimir Putin should be running tanks throughout Europe. So, you know, I think like, you know, when you look at it like that, it's pretty easy to align, oh, 100%. That sounds like really impactful, really interesting. And understand that you see a broader mission that you can get behind 100% going into a little bit into like what's happening right now. Vlad, what is the most pressing thing that you are concerned about today from a threat intelligence point of view? What is out there and what is for you, like perhaps the main priorities that you're trying to set out there when it comes to different attack vectors? I think this moment in the world is quite. It's a very dynamic place. Right. And same relates to the cyber warfare and it's. There is a geopolitical crisis. There is some, you know some more like scattered spider type of attacks. There is AI which is bootstrapping and scaling the capacities of certain criminal groups. Generally I do prioritize by impact and proximity. Right. The problem is that. But the problem with this framework is that revolut we have a global ambition. We do very globally. So things getting closer every time I can name a few things which can. Which can create my agent for the past several months. So obviously it's biometric security. So KYC bypasses anything related to the deep fake identities. We see a very prominent threat groups international. It's the organized crime which is. Which is actually hiring talent and trying to build some scalable solutions to target the banking industry or anywhere where the KYC is remain important. Also we can see some attempts from this fake North Korean workers. I think it's kind of the industry industry sickness right now it's first starting us in US it's been developed even through that. But now pretty much every single UK bank also observed. Let me stop you there. When like our listeners might not know what is going on there with fake workers from North Korea. Oh yeah, absolutely. So basically with the. The result they do create the fake applicant profiles including fake LinkedIn profiles, fake CV. Sometimes the legend can be very well crafted and again with existing with the AI and with the deepfakes it makes it quite easy easy to make and with a low, low investment. And then they do apply to the companies posing as alleged individuals or sometimes just fake individuals. And normally then they do outsource their interview process to some freelancer by convincing that it's sort of consultancy work or sometimes people do cooperate because it's also they do pay the money and once they get into the company then they exfiltrate the data or they just do the classic espionage or it can be. The options are huge. There are different variations of it. There was a variation where some fake companies were being registered to support the legend. There was a variation where they were giving the fake. They were giving already a fake profile to someone. To someone. To someone like say to a Western Western citizen to actually impersonate someone on their behalf. So there are different variations. Normally they do recruit on Discord and some other kind of decentralized messaging platforms at least from what I see. Wild I think interesting. You know we. We have typically a lot of people are you know Know your customer kyc, but now we're getting to kye, which is know your employee, right? And so it's like, you know, no one's talking about this yet, but that's like, the future of where this is going. It's like, you know, you have an employee who started at work, won't turn on their, like, webcam. You know, what does that say about that individual? Is that the individual you hired and, you know, check their identity, or has that individual changed? And so I think when you start looking at this, you start running into this situation where, you know, you're hiring people often a lot of global organizations around the world, and you don't really know who the people are. And we've seen. We've seen cases where people are passing, you know, background checks successfully, but, you know, they're using a fraudulent identity. And customers around the globe, companies around the globe are being hit by this right now. It's a really complex problem. And they're not all North Korean, right? And so there's like, this. There's some people that are doing, you know, poly employment, trying to just get work, like, five jobs and make like a million dollars a year. Some got some person on Reddit. I don't know if you guys have seen this, but they actually went on Reddit and talked about this, how they had like, five or seven or ten jobs or something, and they were making like a million to $2 million a year, and they weren't doing any of the jobs and they had outsourced all those jobs. So, like, those companies, they think they've hired this person. And honestly, the biggest thing I've seen is if you write generational AI leader as the top of your resume, you will be hired within 24 hours. At most organizations, like, any sort of startup will be like, we have to have this person. They're a generational AI leader. They're going to change our business. And so, like, there are certain keywords. If you put them on the top of your resume, you're going to go right to the top of the queue and they're going to be like, we got to hire this person right now. In the case, we actually had a. We. We saw something where a customer had actually hired a AI leader within 24 hours of them applying, and they had onboarded them rapidly and they were fraud the entire time. Um, and so, you know, I think if it's too good to be true, it is. And people need to, like, wake up and start using a little more common sense. Like, if this Person literally has every skill. If they're both a software engineer, a machine learning expert, an AI engineer, a security expert and a DevOps expert, they are probably a fraud. Okay. Because each one of those is its own career path. And so to be an expert at all of them is very difficult. Wow, that is a lot to unpack. That sounds really scary for organizations. I feel like a lot of things that you try to surface with that intel is scary in general. Right. You get the intel, you're saying, hey, there might be an attack going on or we see in the industry your peers are gay getting attacked through vectors. Xyz. When we talked a little bit previously, it's a few weeks ago, you mentioned a lot like what is important for threat intel that is actually useless if you cannot action on it. Right. So you need like the actionability. I'm curious, like how does that actually work? How do you ensure Vlad and Blake that whatever threat intel you're surfacing is also to some extent actionable? Are there any strategies that you can follow or share? I think what I keep seeing in the industry that threat intelligence is being treated as reporting rather than the workflow. That's. There is a huge difference to that. What I do believe is that you first need to build actionability, even like this, and then start, and then start collating that threat intelligence fitting because otherwise there is a very high risk that it just won't go. And again, in term, as per advice, build actionability, build first get to the stakeholders, build these pipelines in the companies, build liability responsibilities. Not everything should end up as a risk issue, a risk incident. But you need to work closely with the product teams. You need to work closely with, I don't know, with a fincrime, with security operations, with application security, with the jersey where it's relevant and with the legal where it's relevant. But you first need to build these pipelines and then you start channeling the intelligence, your analysis or without it, it's going to be just the reports in the cardboard, as you say. Okay, that makes sense. Okay. So as a third intel operator or team, your job is build the connections and the actionability first and then work on the ingesting and collecting signals. Yeah, it's a full lifecycle. So from collection, specifying the Intel's collection requirements to collecting it, to then correlating it, then dissemination and then ensuring, you know, ensuring that it actually has some impact. And at the end of the day it's all just, it's just information. Right. So it's information arbitrage There is no kind of special flavor of calling it intelligence even. Yeah, I think, you know, these small signals, people often, a lot of people who aren't working on this kind of day to day think that little small signals are not relevant. But it turns out the smallest signal is usually the signal that will tip something over the scale of being fraudulent or malicious or bad. And so when you look at, you know, a IP address as an example, the fact that like, an IP address might have, you know, posted spam on a forum is interesting. It might mean that IP address is under the control of a bot or some sort of actor group. And then if you see that same IP address, send a malicious email to someone. That's interesting. And then if that same IP address, you know, is running a web application firewall attack, that's interesting. If you see the same IP address is running a DOS attack, I think we can pretty well call that IP address malicious. But at the end of the day, it might have started with like, oh, they were using someone who's using it for forum spam first. And people like, no one cares about forum spam. Forum spam is boring. Well, yes, forum spam is boring until the fact that you determine that, in fact, these are all a series of events that demonstrate that an IP address is under the control of an automated set of infrastructure run by one or more actors or actor groups, if that makes sense. 100% does. Yeah. Understood. You need to listen for also the smallest signals and try to stitch a pattern together. Right. Super interesting. If we go into like, it's 2025, guys, AI is the hot topic, has been for the last years. And I feel like at least if you walk around at conferences, if you see ads online, everyone is talking about Gen AI changing the industry. And it might also be weaponized for attackers. Blake, I'm curious, based on what you're seeing, right, you work at Cloudflare, Cloudforce one, you see like a lot of Internet traffic and you talk to a lot of customers left and right. Is Genai already like really shifting the landscape in offensive cyber security operations or is it just hype? So far I would say there are cases where it is. And I think it, I think what Gen AI will do for cybersecurity and in attacks is it will shift the ability to run more complex attacks down to individuals that have less knowledge of the systems they're attacking. And we're starting to see cases of this and it allows them to just move faster and do it more automated than they would otherwise be. Able to run that attack. And so I don't necessarily think that like gen AI is going to change like you know, taking over a Microsoft Windows network with a username and password, but it may change the ability of a threat actor to target an application they're unfamiliar with and make it easier to target those applications. And I think that that's where we'll see kind of the first version of that. I think like the idea that like you know, you can use generative AI to write malware while like interesting. I can just go and down download malware. Like I can go run Cobalt Strike and just send it to someone with my own hash, my own key and stuff inside of it and like it's going to go through anyway. So like why do I need to use AI to write the malware when there's malware I can already launch? And so I think you start, you start seeing AI being used more for like helping the operator if you will target a system that they might be unfamiliar with. And I think that's where the big ramp will be for generative AI in terms of threats. Okay, understood. It's basically allowing individuals to either like be force multipliers, like do more with less resources so to say. Or if you're like unfamiliar with systems, don't need to do the heavy research, but actually have the assistant by your side. Same as like actually encoding, right, where you just basically increase productivity to some extent. You don't need to spend time on stack overflow, reading answers, getting to know stuff. But actually you ask your assistant. Vlad, we talked also before and you mentioned, hey, there's also like maybe value for AI on the defensive side and impact on the industry. I would love to learn more. Is there anything already like happening? Are organizations already using gen AI on the defensive side and if so, what are organizations trying to get out of it? In some way it kind of mirrors what Blake is saying for offensive stuff. So AI is a nitra. It kind of speeds things up, it speeds data analytics or it allows you to hire junior talent and I have them do the job of the senior talent. A recent example from one of the banks in the industry which I saw, I think they reduced socentro cost by 70%. Wow. As with a thing thanks to AI, they just now have the range of juniors charging their lures in like two seniors for their quality, quality control or any sort of assistance. So that's a really good example of how it's being used. Everything related to the data or correlation or data analytics. That's another way of using it especially, I think a good example can be taken from the offensive side, for example, mapping supply chains of the targets. Imagine now with AI, you can take some ransomware dump and just run it through one of the AI models and have the whole supply chain footprinted with all the email addresses, with the types of communication, with the right names, everything. So potentially something you could have done yourself, yourself. But it will take, let's say, I don't know, a month now it can, it can take three days. So it just, it just makes things move really fast. Both on offensive, both on defensive side. But then AI generally in the cyber warfare existed for quite, I mean it's not more than a decade, I think two decades. Right. It just got, it just finally got to the, to the mass market. So scalability, assisted sense making, assisted data analytics, that's where it's applicable both on defensive and offensive sides. Okay, super interesting. I was really like surprised by hearing such like efficiency increases. That, that is, that must be interesting for organizations out there and also like reducing time to process. Really interesting. Blake, you lead team or product or service, I don't even know what it is exactly called Cloud Force One. What is Cloudforce one? And I'm curious, like Cloudflare you mentioned earlier, like collecting signals, right? Cloudflare powers roughly 20% of the Internet. Kind of like that is the stat, I guess. What does your team do? And you see a lot of like data, I guess, or could collect in theory a lot of data. How does that help for you to like get an opinion out there and yeah, protect others. As you said, like which is your mission, right? Yeah, absolutely. So I think our team, you know, looks at threats. We're threat ops teams, so we look at threats in different areas. So our team kind of has kind of four different capabilities. So our first capabilities are predict team. So this is our threat research team, intel analysis. Our job is to, their job is to predict the next attack. What's going to happen next? What's the threat actor going to do next? How do we get ahead of what threat threat actor will do? Then I think our team has a, another group called the interdict team and that team is focused on interdicting threats. So as the threats come through in near real time, we're focused on stopping them, analyzing them and then trying to mitigate them. And then our final team is our react team, which we actually just launched yesterday. So thanks for the tee up there, Mark. And our react team is focused on reacting to threats that have hit the environment and need to be contained, possibly within a network. So our react teams are incident response team, focused on customer incident response, customer security consulting, helping customers understand the threat landscape and understand kind of where their deficiencies are. Every company out there, right, has a deficiency somewhere. It's whether or not they're known. And I think that's kind of like the rub. And then we have an engineering team that's helping kind of power all the different teams together and pull signals, as you kind of highlighted, put those signals together and make them actionable for customers. As we were talking about earlier, I'm curious with everything we talked about so far was like, okay, cool, how can I protect? How can I react and minimize impact? And it's all a bit on the defensive side, so to say, right? It's like the attacker is trying to infiltrate me, is trying to attack me. How can I protect? But at some point, you might also want to get a little bit on the offensive side, saying, hey, cybercrime disruption, basically, right, as a challenge, saying, hey, how can I slow down on an attacker? Or how can I make them ineffective? And all these kind of things. I'm curious, how does that currently work? Are there, like, the legal processes in place to do this effectively? What are really like, challenges that you see in real life to actually disrupt cybercrime? I think from my perspective, some of the most successful disruption operations we've done have been with Microsoft. So we've worked with the DCU team on several different disruption operations this year. We had the Luma operation earlier this year that was targeting, you know, just globally 10 millions of people essentially, and trying to steal credentials for them and then get access to all their different services. So when we look at that operation that was highly effective. It was coordinated amongst a bunch of different partners as part of that, and different people played different roles. So we, Cloudflare, have played a role in shutting down the LUMA operation that we saw on our infrastructure. And then, you know, Microsoft worked to seize a bunch of domain names, a bunch of other service providers worked to contain those domain names and then give them to Microsoft as part of the court order that Microsoft had obtained. A couple of weeks ago, we did a secondary operation with Microsoft on another threat actor called Raccoon O365, which was a phishing, credential targeting kind of cybercrime, targeting just people on the Internet for credentials. And again, you know, working cross collaboratively with Microsoft was super useful. And I think, you know, when we look at the power of each individual organization, they are much more powerful when Working together. And so in the case of like the raccoon365 thing, you know, they, Microsoft actually worked also with like help the health ISAC in the United States, which was being heavily targeted by that as well. And so I think when you, when you put together different partners, sometimes it can be more impactful, sometimes maybe not. It just depends on if the threat is like literally something you can contain yourself or something you need more help with containing. And so I think it just depends. And at the end of the day, yes, there's various, you know, legal consequences for different things obviously that are probably beyond the scope of this podcast. But I would just say, you know, I think at the end of the day, you know, when people are violating, you know, terms of service on different platforms, it's a pretty easy call to try to get those operations shut down. And you know, over the last two, three years we've worked collaboratively with a lot, a lot of different entities outside of even Microsoft would like I think GitHub, Dropbox, just all sorts of different entities where we saw hey, like a threat actor staging material like malware, they're trying to use this to infect, you know, this person. And we're seeing a portion of the operation, we reach out and we're able to get cooperation from other partners that are interested in stopping that operation to a stop, you know, to really stop tax on people like, you know, Vlad's company and things of that nature. Not that they were attacked in this case, but as an example, super interesting. Vlad, how does that look like for you? Are you also collaborating with other financial services, law enforcement agencies? What is your experience there so far? We're generally quite an aggressive company and it comes to disruption as well. So we do, we do collaborate with some, with a range of the partners. I think normally when you see the cross industry collaborations, it relates to botnet and takedown, the botnets and you know, doing the proper data telemetry. There've been some good experiences in just doing some telemetry internally and then sharing it across the other peer organizations. Trying to actually find out was where there's this golden nugget which leads to the actual actors identity. But it feels like the industry is generally kind of tries to keep up with, you know, with the pace. But I do believe there should be a stronger push for more proactive measures, more proactive actions. Especially in the age of AI as we say, right. Where we see you go to any social media, you see these scam advertisements and they're still there and There is not kind of. It still remains a problem. You still see these phishing websites but why don't we, why can't we be more proactive here? Why can't be more punitive? Because there's definitely a need for that and that actually touches an interesting topic of intelligence sharing. So intelligence sharing across the industry and across public private sector it works from my experience works really well say in US it's very well established and it's kind of like a very mature. But if we take the European 1 or UK is a bit better but it's still very, very, you know there is loads of work that can be done. I don't want to start with the DORA regulation but again you need to do intel sharing the best you can do if a sizec and that's probably it, right? While to be properly proactive and properly disruptive you need something. No, you need something different. So yeah, I think it's really positive. Unfortunately it's not the rule of thumb where you talk to some peers and normally some of them even don't have a mature threat intelligence function especially across the fintechs, across the finance. Not even to mention the disruption bits. Disruption still is driven across the industry by some more like I don't want to see enthusiasts right. But more these kind of like initiatives and some companies or again individual people who are just okay, we need to fight the crime. It's really pleasure to see these. I think cloudforce actually is a good example across the, across, across the vendors which is actually doing something active in this field. Super interesting, thanks for sharing. And it's yeah sharing intrail working together increases the effectiveness. I think that's a really important lesson for organizations out there. I have one last question for you guys. We talked a lot about like what's happening right now, what's not working right now, what's going on. I want to look into the future. What kind of trends? Maybe if you can call out one or two really briefly that you see like shaping the threat intel function and landscape in the future over the next like three to five years. I would love to get any guesses and predictions from you guys. Vlad, anything that you that comes to top of mind for you. The more there's geopolitics then I think ddos will remain quite a threat. Right. It's not the advertisement for cloudflare but nevertheless once there's any conflict DDoS is the first thing which starts to happen especially in the emerging regions in the kind of this field because it's very easy to execute. It's quite effective. It's good branding. So you don't need to be really smart to participate in it. It's. So that definitely will remain. It depends on again on the general fluctuations in the world supply chain. I think supply chain, third party risk. I'm not sure how it's going to be resolved because right now the solutions which do exist, it's a bit of a. It's a conversation for another time, I would say. Right. But supply chain will remain the big problem. Especially as you see now some startups scaling up from 1 to 100 using like 5,000 suppliers. So you're building companies by bricks and with AI it's even going to be faster and faster and faster. That's definitely going to be the issue. And social engineering. So human factors, we are also going to remorse. We're going to remain humans and no matter if you have like 1 billion cybersecurity team in your company, but there's someone who just going to trust someone on the phone and just do something stupid that still does exist. So there's need for more, I would say proactive social propaganda to make people more cyber savvy. Because even right now in 2025, when you meet someone or you work in cyber security, person doesn't know even what cyber security means. Right. It's always kind of the understanding, the descending comes only to some, you know, cool movies and those hackers. It's in the 2025 which is a bit ridiculous. So there's. The industry needs to open up a bit I think to actually show that it's present in every part of our life. It's not just some, some specialized bunker ops happening underground. Very interesting. Much appreciate your insight there of that Blake. Anything to add? Anything that you. Yeah. See differently? No, I think, you know, the future is going to be culling. We'll see. You know, there's. The threat's constantly evolving. Right. So like once you figure out, hey, we can contain this, inevitably if you have a determined threat actor, they will figure out I'm going to do this instead in order to try to bypass what you're doing. And I think we've seen that across the spectrum. Right. I've looked at BEC attacks in the past where we figured out how to basically stop 99% of them. And then all of a sudden you see this threat actor just figure out some like alternative path. And you know, those alternative paths might be different delivery mechanisms out of band delivery, text messaging people, LinkedIn messaging people, sending people Facebook messages. You Know, a lot of industrial companies in the past have had a lot of problems with LinkedIn where you know, they would like an attractive person would hit message someone on LinkedIn and say, hey, like I'm interested in grabbing dinner, check out my link. And so they send them a link and the link, you know, is a malware downloader and drops like a bespoke piece of malware on someone in the aviation industry who's working on like a jet engine design as an example. Obviously, you know, the threat actors are no novel and really determined ones. Like someone trying to obtain blueprints for like a next generation jet engine or some next generation missile system is going to use extraordinary measures to target you. And so I think the part of the job of, you know, of a CISO as part of a, a security leader is thinking about what is your risk level and who is most likely to target you and what are they trying to do. Because you know, you. I've seen this before where people will go overboard trying to build defenses around like some threat. And I'm like, that's not even a threat you need to worry about. And I think like generative AI threats are like the best example of this maybe. And so people are like hyper obsessive. Like I'm worried about generative AI threats. I'm like, oh, do you have two factor? And like, no. And I'm like, hold my beer. You know what I mean? Like, I don't need generative AI to take over your network. I'll take it over by dinner time. Because your passwords are all over the Internet. They've already been exposed. And so I think when you look at this, people need to, leaders need to take into account like what the threats are compared to where they're operating and what their defenses are. Because focusing on like a, an extreme example of a threat or building as an example like a purple team or a red team to internally red team your infrastructure when you have no two factor authentication is a waste of time. And so like at the end of the day, you're better off spending your time and resources building two factor authentication because that's how you're going to get hacked. They're not going to. You don't need a bespoke red team. You need to fix your two fa. And I think you know that that's a real issue that plagues the industry and a lot of it's fueled by, I call it fear mon, Fear monger marketing, right? Which is people are like, oh, like look at this threat. It's on the news and you're like, that's cool. But the likelihood of your business, a 50 person company that does painting or property management getting targeted by that threat, it's probably relatively low. On the other hand, that same company may not have two fa. And I had an example this year where the exact same thing happened. Like, someone doesn't have two FA and they're worried about AI and I'm like, you don't have an AI problem. You have a two FA problem. People need to really understand their threat level and they don't. And I think that we as an industry are failing in this area. Like, we're really failing. And so I think that's a real area of focus. Yeah, there was a huge disconnection between the business part of the world and between the technical cyber part of the world. And that's why you get these questions. Okay, we're a cloud based company. What do we do against Windows ransomware or whatever? Like, what if your CEO is going to be like deep faked? Okay, he couldn't join the call. If you have the proper perimeter controls, no one will take the call from WhatsApp. It's about detecting the intake on the call. And it's prevalent. Yeah, it's prevalent. Same with industry. What's happening? I think like Zoom's a great example, right? So like people use like Zoom or Google Meet or something and you know, if they don't have the right control in place on that tenant, to Vlad's point, like some guy joined the call as the CEO because he didn't have to log in. Like, why didn't he have to log in? It should have like alerted someone. Like it should have alerted you that an external party is going to join the call. And it's not Zoom's fault that that happens, right? It's actually the configuration of the tenant environment. So like, you know, you go look at like this, this whole Salesforce debacle that's happened recently where, you know, all these Salesforce tenants have been compromised. You know, the issue there isn't Salesforce, right? And so like, can you believe that someone's actually suing Salesforce now for this, for these breaches? And I'm like, but it's not a Salesforce breach. Like Salesforce didn't get hacked. What ended up happening is people's tenants got hacked for a variety of reasons. And you know, the threat actor was very successful. So if you look at like measure of effectiveness, the threat actors are super successful. Was it super sophisticated? Not necessarily, but Sophistication and effectiveness are not necessarily, don't necessarily need to be in line with each other. Right. And so you look at like a nation state hacking group might be very sophisticated, but you may not need to be very sophisticated to run a very successful cyber attack. And so I think that, you know, when you try to start balancing all of these different things, a lot of people start, their eyes just start glossing over and they start like they don't understand it and it is the problem. Yeah, totally makes sense. What I hear is focus on the simple things first. Do the same things first. Do what basically has been around in the industry for like years and not a trend that might be in the news headlines. And don't worry about that. Make sure that you basically that you close the windows, close the door before you buy like a 4K alarm system or a $20,000 alarm system. So that is super actionable. I think for everyone. It's a good reminder. And guys, I learned so much in the last like 35 minutes with you. Much, much appreciate you coming on the podcast. And again, thank you so much. Vlad. Thank you, thank you, thank you for tuning in to the Connectivity Cloud podcast. If you found today's episode valuable, be sure to subscribe so you won't miss future updates. Updates, stay ahead of the curve, stay connected and stay secure. As always with Cloudflare,