Chris Rogers, Zerto:
There's some stats out there that say the buyer by 2031 is going to be worth $265 billion, the ransomware industry. I think now that people realize that data is pretty much the most important asset a company has, ransomware has absolutely taken off because essentially you're attacking the most valuable asset in that company.

Michael Bird, Host:
You don't need me to tell you that cybersecurity is big business. In fact, it's estimated to be worth around $160 billion, but that is likely to be peanuts compared to the value of cyber crime, which is estimated to cost the global economy is staggering, $600 billion in 2022, nearly 1% of the global economy. And just one corner of that, ransomware, costs the same in damage and paid out fees as the entire cybersecurity industry. That's $160 billion. It's an unfathomably large number, bigger than many countries GDPs. In fact, if ransomware was a country, it would be worth as much as Morocco or Kuwait, which is why it's not entirely surprising that ransomware is no longer the preserve of shady criminal gangs. Actual nation states are getting in on the act as well.
Up to 40% of ransom tax are now believed, though not proven, to originate from groups supported by nation states. By far the largest, 75%, have ties to the Russian government, a statistic brewing long before the war in Ukraine. Those are the headlines stats and they are mind boggling. They left our producer staring at his screen blankly, even without the need for a hacker to lock him out of his files. And that is what we are going to be exploring this week, the shady world of ransomware and what international organizations can do to protect themselves. You are listening to Technology Untangled, a show which looks at the rapid evolution of technology and unravels the way it's changing our world. I'm your host, Michael Bird.
Ransomware is not a new technology, not to give too much away about your host here, but the first attack originated pretty much when I was born, around the late '80s, which I promise is a coincidence. So back in the days of pink and yellow neon, The Simpsons being groundbreaking and mobile phones that needed backpacks, you couldn't just sneakily tap into a business's network via dial up internet. Apart from anything else, it would take about two days. No, back then, you had to be hacked through the mail. The first ransomware attack was the charmingly named AIDS Trojan, or PC Cyborg Virus, which you had to install yourself via an infected floppy disc. Your files were locked and your computer would display instructions which required you to write a cheque. Remember those? For $189, mail it to Panama and wait for the password in the mail once the check had cleared, not exactly speedy.
Then in 2010, Bitcoin arrived. And for cyber criminals, life became a Wolf of Wall Street montage of yachts, champagne, and fast cars, because the problem of collecting the payment had been solved. Now you could theoretically move money anonymously, instantly, all over the world, all via the infected computer. Genius. And that brings us to today and the ludicrous amounts of money that changes hands as our companies are bought to their knees by online gangs, individual hackers, or even nation states. Zerto is a sub security firm which specializes in disaster recovery and providing protection across platforms from cybersecurity attacks, including things like ransomware. Chris Rogers is one of their technology evangelists, which basically means his job is to know a lot and be very enthusiastic about cybersecurity. Well, who wouldn't be?

Chris Rogers, Zerto:
People will spend hundreds of millions of dollars over the years trying to keep data safe, back it up, disaster recovery and things. And normally, they were for things like logical corruptions or power outages or hurricanes, things like that. But ransomware has really changed the game in terms of what we need to think about for backups and disaster recovery now. It really has changed the landscape completely. Geography now doesn't matter, as long as you've got a data center connected by a wire, which obviously they all are, it doesn't matter about where you're located, it attacks everybody and the scale that they can attack at is huge.

Michael Bird, Host:
What sorts of people, companies, individuals are instigating these attacks? Is it a nation state? Is it classic kid in a bedroom?

Chris Rogers, Zerto:
All sorts of people. Honestly, from that, from kids in bedrooms, to playing around, and you can even download ransomware as a service. You can actually get ransomware as a service. You can go and hire someone and they'll try and encrypt some ransomware, and you can even do that. On the dark web, that's available, that happens. You can even download ransomware kits on the web, and you can create your own ransomware and send it off and figure it out. And from little kids in their bedroom, and I won't say little kids, but teenagers and people doing very small things and trying to do things, all the way through to state-sponsored attacks. And I suppose to a degree, part of cyber warfare, in a way, if you can attack critical national infrastructure and take it down, that is something that could be very valuable in cyber warfare.

Michael Bird, Host:
The idea of ransomware being a form of cyber warfare rather than cyber crime is quite an interesting one, especially when we talk about nation state actors. Organizations are finding themselves on the frontline against hostile government-sponsored agencies who either want their cash or want their information, or who just want to cause problems. And when nation states become involved, it becomes an issue of national security with military involvement.

Bobby Ford, HPE:
Hi, I'm Bobby Ford, Chief Security Officer for Hewlett Packard Enterprise. The timing for this conversation could not have been better because this week, I don't know if you read, but this week in Washington, D.C., there are senior government officials from around the world that are taking part in a second summit entitled Counter Ransomware Initiative. So there's a CRI, Counter Ransomware Initiative Summit taking place in D.C., and they're looking at the threat of ransomware and what public private partnerships can do in order to address ransomware.
So the question has to be, why ransomware? Why is it taking off the way that it is? I think that if I'm an adversary, if I'm an attacker, the reason why I'm so attracted to ransomware is because it's an easier way for me to monetize my hack. In prior days or previous times, you would have to steal the data. And then once you steal the data, you would then have to sell the data. And then once you sell the data, you got to collect the money from the individuals that you sell the data to. But it's much easier for me as an adversary to just not even steal your data, but just to disrupt your data and then charge you a fee to no longer disrupt your data or to give you the keys to unencrypt that data that I've encrypted.
There are certain reports that say that companies paid in excess of a billion dollars in 2021, had payments processed in excess of a billion dollars, in order to pay ransomware fees, and that doesn't include the companies that didn't report it. So you can only imagine, there are certain organizations that would never report that because they would have a reputational hit. So it's very attractive for attackers. And then the onus becomes on the organizations to make sure that they've thought about it, that they've scenario planned for it, and that they have the controls in order to detect it and then the resilience in order to recover from it.

Michael Bird, Host:
And Bobby doesn't just talk the talk, he happens to be a former US military cybersecurity and digital defense specialist, so he knows what he's talking about. One thing's for sure, the sums of money involved are large enough and the stakes high enough for the potential victims, that it's worth the hostile players investing a huge amount of time and resource into bombarding or quietly raiding their enemies to whittle down their defenses before attacking in force when a weakness is exposed. I know, I know, that's a lot of military metaphors, but we're not done with them yet, because another acronym that regularly pops up when talking about ransomware, advanced persistent threat, or APT. George Webster is the chief security architect for HSBC, which is probably about as daunting as any job in cybersecurity can be. I don't want to jinx it by saying, "He knows everything there is to know about cybersecurity," but he does know a lot, like a lot. So just what is an APT and why should we care?

George Webster, HSBC:
It's an interesting one because it came from the US military and it actually came from the US Air Force. And it was a way to describe a threat that they were seeing that wasn't your standard criminal like snatch and grab, they were persistent, they were taking their time, it was very methodical. And if it takes them five years, it takes them five years. They were more or less, the attackers who are using the intelligence cycle. And so that's really where that term comes from. People will say, "Oh, it's nation state activity." Well, that's not really true either. It's not necessarily nation state. There are many highly sophisticated criminal actors out there.

Michael Bird, Host:
Perhaps the most famous and sophisticated hacker team in the world is the Lazarus Group, an organized crime unit with tires to the government of North Korea who have been responsible for dozens of multimillion dollar cyber hacks over the years. Whilst the group aren't officially recognized as part of the government in North Korea, they are rumored to have a literal military designation, the 414 Liaison Office, which does kind of sound like they'll write you a nice letter.
But in fact they are more likely to write a letter demanding millions of dollars to release your encrypted files. Among the most famous attacks they've been attributed to are the Sony Pictures attack of 2014, which saw personal details of 4,000 staff and thousands of files, including unreleased films leaked. They were also responsible for the WannaCry attack of 2017, which saw 200,000 computers affected with a self-replicating malware, which demanded $300 in cryptocurrency to unlock the contents. Incredibly, in that case, the virus spread using code rumored to have been stolen from the American NSA and auctioned off by a group called The Shadow Brothers. It's all getting very James Bond, isn't it?
But possibly their most famous attack and the greatest advanced persistent threat attack of all was made legendary by the Lazarus Heist Podcast from the BBC World Service, a personal favorite of mine. In 2016, the group was responsible for the theft of $200 million from the Bangladesh bank using weaknesses in the SWIFT banking system, spirited away in the crypto blockchain. The group tried to steal an extra $800 million but was thwarted in most of its attacks. George Webster wasn't there, but he was close by.

George Webster, HSBC:
It was my friends that were actually even wrote the paper for the Lazarus. It was quite fascinating. We were, even when he was writing the paper, he was visiting me and we were hanging out in Amsterdam right before the release.

Michael Bird, Host:
Can you talk through that a little bit?

George Webster, HSBC:
That's fine. We can talk about nerdy stuff, so I don't want to run afoul because these things are constant and that it's definitely been many years since we've looked at it. But if you think of the nation state, they have issues with sanctions, they have issues with acquiring money and purchasing goods and services all across the world. So what is the intention of that organization? Well, they're definitely advanced persistent threat, and they're trying to capture and receive money because they have to. So that one was interesting, in the sense of you look at what did they end up targeting and how did they actually go against it? Well, they did a bunch of ransomware, and that was challenging because then it's not, "Oh, I take the money and I put it on the blockchain." Blockchain is an immutable ledger, you can trace all activity and it's not that difficult to do. So then you have the challenge of, how do you have mules? How do you move the money? These things are centuries old, these methods. You still have the same problem, whether it's in cyberspace or physical.
But they looked at it and they said, "Well, okay, if we want to get and go into a different direction, maybe we can pop the SWIFT node, this connection." And so it was, again, it was a router or a device or a firewall that was in Bangladesh, and they were able to exploit it, which was able to allow them to achieve their aims. And when you deal with cyber security and people say, "Oh, well it doesn't matter. This is just sitting over there, what's the threat to this?" And you say, "Well, it's on the network, everything is a risk and it's all equal, it's all level playing field." And you know, will have these arguments, "Well, what's the risk to my arm or my region? I control Europe. What is my cyber risk in Europe? Well, if you're part of the corporation, your cyber risk in Europe is the same thing as your cyber risk for your Asia group, which is the same risk as how Bangladesh is functioning."

Michael Bird, Host:
And that highlights the core of the issue. The problem with ransomware isn't that it's particularly high tech, actually, it's not really that high tech at all. It's just driven by smart humans taking advantage of human flaws, and human flaws can't necessarily be factored against. Here's HPE's Bobby Ford again.

Bobby Ford, HPE:
I miss the days of attacks happening via passwords being left on post-it notes, because at least I had physical security controls in place to prevent that from happening. So chances are that some random wasn't walking in off the street, going directly into the office building, getting past the security guards, getting past badge control access, going on the elevator, going up and going to your desk, pull the password down, I missed that date. What we see now is,
Because you have 38 different passwords that you have to remember, you typically use the same ones. And chances are you're using it for some type of application or some type of platform that doesn't have the same investment in security that a large organization can have. And so once I compromise your password there, I just start password spraying. And that's why it's really hard to detect because most of the breaches that are occurring are occurring using some form of credential stuffing. If you do nothing else, you do MFA. And it sounds so simple, but it stops so many attacks. So you can still continue to use the same password everywhere, but if you enable MFA, then there's that second factor and it's hard to compromise that. Anyone that I coach or anyone I give counsel to, I'm like, "Listen, dude, you're in the security profession, you are one click, you're one employee clicking on an email away from being unemployed. Clicking on that email could lead to a ransomware attack."

Michael Bird, Host:
Human working patterns, human psychology, and human weakness are at the core of ransomware's success. After all, even back in the early days of ransomware in the 1980s, we could be relied on to stick any old floppy disk into the mainframe of a major business and just start poking around. And that inability to judge or threat or pay enough attention to our security, unfortunately, hasn't really changed. And nowhere is that more keenly felt than in the world of financial services. You probably won't be surprised to know, FinTech firms have their hands full when it comes to cyber security. After all, there aren't that many companies with that much money and that much personal information, and that many global offices and nodes just waiting to be tapped into given enough time and energy. So I wanted to know what an average day looked like for HSBC's George Webster.

George Webster, HSBC:
Our office is tasked with identifying, how do we build certain capabilities, tools, products and services, and how do we do it securely but also allow it to be done at pace? The FinTech sector or the finance sector is kind of crazy. There's that old saying of, it was a bank robber, and he was asked, "Why did you rob banks?" And his response was, "Well, because that's where the money is." So a lot of the finance and the FinTech sector, it really is everything and everyone. And the larger you are, the more people come your way. It's pretty constant and it's pretty full on. The major threats, it's everything. We come across pretty much everything.

Michael Bird, Host:
So cybersecurity in the FinTech sector, what are the major threats that you're seeing at the moment?

George Webster, HSBC:
I can't really say that we've seen many shifts in the actual threats in a threat landscape, but what you have seen with the pandemic is a lot more people are working from home. So how do you control that risk? For instance, if everyone's remotely at home, you can't just assume that they're safe because they're in the office. So how do you secure that remote connection? Because when you talk about security, it's everything across the stack. So how is something coded in an application, to how is something input into an application, all the way down to that piece of hardware where that application lives or the customer interacts with it.
And then you have your operations teams which are consciously scanning and monitoring and trying to secure the estate and remove threats. Again, a lot of them are now potentially remote or you might have an office where people aren't allowed to go in. So how do you do that when the guy might have a laptop on a box of books with two and three year olds running around crazy? And how do you manage the stress and that pressure? That's what we've really seen. Not so much the threats, it's just the evolution of the ways of working.

Michael Bird, Host:
Okay. So let's just take a quick pause and take a quick step back. We've talked about the ways in which companies can leave themselves vulnerable to attack, but what does a ransomware strike actually look like? Here's Zerto's Chris Rogers.

Chris Rogers, Zerto:
Loads of companies that get hit with ransomware, they're not sat there with their firewalls open, open onto the internet and they... They have security strategies and they've, again, spent a lot of money and a lot of time developing these over time and making sure that they're protected as they can be. There are vulnerabilities in technology, but actually the people are easier to hack, if you will. And so social engineering is a big thing, phishing is a huge thing. I would say a lot of the time it comes down to users downloading files or opening emails or clicking links that they shouldn't do, so that's kind of like the trigger point. But then it depends on... I mean, there's hundreds and thousands of ransomware strains out there. There's not just one ransomware, there's loads of different people doing loads of different ways of doing things.
So some will, immediately when you click whatever you've clicked on, it will automatically encrypt the files there and then they ask for their money straight away. Some sit in the infrastructure for a period of time and wait until they want to trigger it. And some actually are very targeted. So some of the attacks will be actually, we're going to infect, let's say, a company, let's say an Amazon for instance, or someone who sells on Amazon. They're going to wait till Black Friday because that's their busiest trading day, they know it's going to have the biggest impact, therefore, they know that they're more likely to get a payment almost straight away.

Michael Bird, Host:
So payment is quite an interesting one and it does raise an interesting moral dilemma because you're basically having to reward bad behavior and admit defeat. If most of us got our bike stolen from outside our house, we'd be pretty rightly annoyed if we got a letter through the post offering to sell it back to us for twice its value. But that is exactly the moral dilemma that hundreds of thousands of organizations and individuals face every year. Except, well, unlike a bike, the data at stake is worth millions, if not billions of dollars. And unlike a bike, well, you can't just go and buy a new one. It's something that HPE's Bobby Ford has spent a lot of time thinking about, because it literally can be a matter of life or death for an organization and its staff.

Bobby Ford, HPE:
A lot of organizations don't want to talk about whether or not they'll actually pay ransom. I've had some very heated discussions on whether or not you would pay. And I think it's easy, you can go to LinkedIn and see different threads of people talking about it, I think it's easy to say, "We will never pay." That's easy to say. And then the way that I always respond back to that with, "Okay. Then let's say that you are a CISO at some hospital and your network has been taken down by ransomware and you have some six year old boy that's on some life-support system and the system is about to go down because you know have some type of interconnectivity with the internet and you have the real threat of that. And there's an individual that says, 'If you give me 30,000, I'll let you get back online.'"
To me, it's hard to be able to justify that position of, "I'll never pay you ransomware," when you talk about how it could impact someone's safety. I just don't know how you could easily say, "I'll never pay a ransomware." Well, if you have an individual, some diabetic that's trapped in some elevator that has online connectivity and it's going on hour four, it's hard. So I think you got to have that conversation on how you would pay the ransom.

Michael Bird, Host:
So do most people eventually pay? Well, unfortunately, yeah, they do, according to Chris Rogers, because they don't really have a choice.

Chris Rogers, Zerto:
Oh, absolutely. Yeah. It's probably more popular to pay than it is to not pay, because the cost of ransomware is huge. So again, some boring stats, but we've got the average length of disruption for a ransomware attack is 21 days. So if you take your business and if you lost 21 days, almost a month worth of trading in your business and take 10, 12% of your revenue out of your business, suddenly $500,000 or a million dollars for a ransom is pittance compared to what an organization or an enterprise would lose in that. So actually it's better for them just to pay. But yeah, obviously from a Zerto perspective, we want to avoid people from paying. Rather invest your 500,000 or your million dollars, whatever, into recovery technologies and things that's going to actually help your business, rather than paying cyber criminals. Because the more everyone pays, the more profitable it comes for them, therefore the problem gets bigger. So it's that catch-22, that people are going to do it because there's money in it.

Michael Bird, Host:
And it does get worse, because generally speaking, when your files are locked by attackers, they are locked, all in capitals. From what I understand, it's essentially impossible. Once your files are locked, it's essentially impossible to unlock your files, decrypt your files.

Chris Rogers, Zerto:
There are not-for-profit organizations out there and kind of things that try and create decrypters and things like that, but essentially if it takes you two weeks to recover that data, you've got 50,000 employees or whatever it might be that can't work for two weeks, you can't trade for two weeks, critical systems are locked out, that's probably not going to be good enough. It's great if they've managed to help you and great if they've already got something that can help you in place. Maybe they've worked on something from a previous ransomware attack and you get hit by the same one, they might have something already there to help you, but it's not guaranteed.

Michael Bird, Host:
Okay. So you've been attacked, it could be by North Korea or it could be by some kid in North Dakota. Either way, they want your money. So other than being careful what emails you open, what on earth can you actually do to stop ransomware attacks or at least protect from them? Well, there are two options. Number one, you can change the way that you look at cybersecurity. Here's Bobby Ford.

Bobby Ford, HPE:
I've often discovered that there are some organizations that still believe that security is an additional duty, and so they tack it onto someone's job. And I think that in this day and age, you need to have a dedicated, mature leader that's responsible for security. And then once you do that, you then charge that leader with assessing the environment and assembling a team that then develops, implements, maintains the strategy for securing the organization. And it's also critical, too, that they recognize the difference in having a mature security program versus having a mature risk management program. And hopefully we're all growing from security programs to risk management programs.
And the reason why I think that's so important is because I think that fundamentally we have to understand that you can't secure everything, but you can manage the risk. And I'll use an illustration and I've used this illustration before, but for me it speaks to the difference between risk management and security. If I were to invite you into a room, Michael, and I said, "Secure this room," you would say, "Okay," You would kick everyone out of the room, you would lock all the doors, and then you would close all the windows and you'd say, "Okay, Bobby, the room is secure." But then I'd say, "Okay. That's great, Michael, but we actually need to use the room." So there's no purpose, there's no function of the room.
But if I were to invite you into the room and I said, "Hey, Michael, I need you to identify the most significant risk in this room and then deploy a control so that we reduce it." You come into the room, you say, "You know what? Those locks on the doors are pretty old and anyone could kick them in, so we need to deploy better locks on the doors." Then you'd say, "You know what? There are no shutters on the window. So anyone could look into the room and we may be talking about or have discussions in here that we don't want everyone to be aware of. So let me deploy some shutters on the windows so that we can close and open those."
And you methodically walk through this process of identifying what the risks are and then deploying controls to reduce it. I think that's the shift that has to happen between security and risk management. Whether it's ransomware, whether it's credential stuffing, whether it's proper email protection, whatever it is, unpatched servers, whatever it is, you're working through that equation of, what's the most significant risk? And the only way you can get to that equation of, what's the most significant risk, is it has to happen at the intersection of business intelligence and threat intelligence. And what we do mostly in the security world is we focus on threat intelligence and that's only one half of the equation.

Michael Bird, Host:
So the first option is threat analysis. Number two, the second line of defense, is to back up your data, which does, on the face of it, sound pretty obvious. But it's not quite as simple, as Zerto's Chris Rogers explains. What's the strategy to protect your organization from ransom mo attacks? Presumably if it's all connects on the same network, the ransomware could be smart enough to try and hunt it, hunt that thing out and find it, hunt your backups out and find them. So I don't know, do you have to have it disconnected from a network, have it on a tape, use a tape drive somewhere and store the tapes?

Chris Rogers, Zerto:
It's a bit of a difficult one, really, because downtime causes problems for people. So if you have things on a tape and it's stored in an offsite vault somewhere and you do get hit with ransomware, yet that tape won't get hit. But the time it takes you to go get that tape, bring it back on site, restore it, recover it, you could be looking at days to get that data back up and running, which probably causes just as much disruption and just as much downtime as the ransomware does. So you're kind of accepting the fact that using tape, you're going to have these long delays. And I think one of the biggest problems with tape in general is people don't spend the time testing their recovery enough, because it is hard to do. So one thing that we can do is we can can diversify our data portfolio a little bit, so we can store data in different formats in different places.
So for instance, if we've got an on-premise vSphere site or VMware site that we have, is our production site, we can have a secondary site that is also our vSphere traditional two sites set up. But then with Zerto, for instance, we can also replicate out into a public cloud environment as well. And that means if the ransomware goes after those infrastructure components, the ransomware is not going to go and attack the components in a public cloud because they're stored in a different format and they've got different identity as well. So different user names, different passwords, different domains even potentially.
But also immutability is a big one. So it's a word that's come around in the last probably five or six years, realistically. But having something that no one else can touch, no matter, even if you are the king and you have every single access going, there's a time lock on that, that means that no matter what you want to do, no one can delete it. So even if I'm an admin of the Zerto system, that's stored out in a public cloud or in whatever you want to store it, that's got a lock on it for a certain period of time. So that's our, I like to think of it as the break glass copy. If everything else fails, then we've got this break glass copy that no one else can touch. So we can store it in public cloud, in a place where we can get it quicker, easier access, lock it down with immutability and that type of thing.
But actually, for most organizations, [inaudible 00:31:40] meant that the rate of change is massive. So is a day-old backup still suitable for business SLAs now to be able to recover from? If a company of a size of Bank of America or whoever it is, and hundreds of thousands employees, if you said to all of those people, "You've got to work an extra day because we lost your data from a day," everyone's going to be really annoyed. So at Zerto, what we have, we have continuous data protection, which means that we can recover from ransomware attacks 5, 10, 15 seconds before an attack happens and get your environment back up and running in minutes, which that's the level of SLA people want in organizations these days.

Michael Bird, Host:
The best way to defend against ransomware is a multi-pronged approach of making sure everyone is vigilant, multifactor authentication for when they are not, knowing the risks, and preparing for when the worst happens. But there is another facet to protecting yourself against hackers, and that's to know your enemies. As we've already seen, ransomware attackers are innovative, hardworking, professional people. They aren't generally that stereotypical, basement-dwelling hermits, though we're not judging anyone's living arrangements, just their criminal career. Hackers have a community and they have links to the outside world and exist out in the open. They wear suits, travel to work on trains, and like everyone, buys overpriced coffee. So that means if you move in the right circles, you can meet them. And when you get to know them, you might just be able to beat them, as George Webster explains. Have you ever had a conversation with or met anyone who has, I can't think of the best way to phrase this, but attacked an organization?

George Webster, HSBC:
I have done. It's quite fascinating because it's a really hard one. I think there's a level of respect, frankly, you can even see it when you go to these hacker conferences. You'll see people on both sides, having a beer together and enjoying time. In a lot of ways, it is becoming fairly professional, these criminal organizations. It's not the lone wolf, they are skilled, sophisticated individuals, highly-educated, highly-trained. And the same thing on the defenders side. And I think there is definitely a level of mutual trust and just fascination in how it works is the best way to describe it.

Michael Bird, Host:
Do you think, as a cybersecurity professional, you'll ever have a chance to put your feet up, grab a pina colada and relax?

George Webster, HSBC:
I wish. I definitely need what after this week. No, I think it's forever. What are some of the oldest professions? And it's a family-friendly program here, so it won't list out the first one, but the second one were basically spies. And same thing with criminals. How long have been people trying to go after and rob a bank or steal money or conduct a criminal activity? That's as old as time. So I don't think we'll ever stop. The defenders get a little bit better, then the attackers get better. It's constant evolution, which is what actually makes it really, really fun, because you're constantly on your toes, and what you did two years ago may or may not even apply anymore.

Michael Bird, Host:
As Sun Tzu once said in The Art of War, "If you know the enemy and know yourself, you need not fear the results of 100 battles. If you know yourself but not the enemy for every victory gained, you will also suffer defeat. If you know neither the enemy nor yourself, you'll succumb in every battle." I just Googled that. Nice, isn't it?
You have been listening to Technology Untangled. I'm your host, Michael Bird. And a huge thanks to George Webster, Bobby Ford and Chris Rogers. You can find more information on today's episode in the show notes. And this is the seventh episode in the third series of Technology Untangled and it's good to be back. In the next episode, we'll be looking at big data and the importance of insights. So be sure to hit subscribe on your podcast app of choice so you don't miss out, and to catch on the last two and a half series. Today's episode was written and produced by Sam Data and me, Michael Bird. Sound Design and editing was by Alex Bennett, with production support from Harry Morton and Alicia Kempson. Technology Untangled is a Lower Street Production for Hewlett Packard Enterprise.