I will start, Mr. Chair.
In terms of the nature of attacks, we were describing ransomware. Ransomware is a threat where a threat actor will gain access to your network and then encrypt your valuable data and hold it hostage until a ransom is paid. This threat has evolved to the point where the ransomware threat actors will actually take your data as well as encrypt it sometimes, and actually threaten to extort you in terms of threatening leakage of the information to cause further pain and to further incite you to pay the ransom.
Obviously, they're financially motivated. They will do whatever it takes to get that money. As we've seen, with targeting against various sectors, including health care and others, there is definitely a significant impact on lives and whatnot. These threat actors are interested in money and that's pretty much it.
There are different types of threats, obviously. There are DDoS attacks that do happen and sometimes those are linked to ransomware as well. Someone will basically try to overwhelm an organization with traffic and say that they won't turn it off until you pay a ransom. Those are less common than the traditional ransomware that I described.
Then of course there is traditional espionage and theft of intellectual property or sensitive company data as well, which results in data breaches because this is also worth money on the dark web in terms of selling health information, tax information or credit information and financial information, which can all be sold on these markets for money, and of course—