00:00We took an early decision that nobody at M&S would deal with the threat actor directly.
00:06We felt the right thing was to leave this to the professionals who have experience in the matter.
00:14Part is also, I don't know, because we don't know who they are or how they were,
00:22but part is, these are people who quite probably enjoy what they do.
00:27It's believed that this group were former computer gamers who graduated into cyber.
00:34That may not be true. I'm relying entirely on hearsay.
00:39I think that's a business decision and it's a principle decision.
00:46The question you have to ask, and I think all businesses should ask, is when they look at the demand,
00:54what are they getting for it? Because once your systems are compromised and you're going to have to rebuild anyway,
01:01maybe they've exfiltrated data that you don't want to publish, maybe there's something there,
01:08but in our case, substantially the damage has been done.
01:16They're not supporting awareness. They're not supporting them.
01:18They're not working with them at the other end.
01:19They say, what is their job a lot more than they do?
01:20You have to show up at the end of the day.
01:21They're not working with them. They're not working with them.
01:23They used to be new and they were not working with them.
01:25They used to be super beta if they are.
01:26And I think that they are working with them.
01:28But if they were doing that, they were not working with their own tips.
01:29And so that they didn't deliver an understanding of how they can be.
Comments