Professional Documents
Culture Documents
Ed.20
Chief
More Tools, Larger Budgets,
Greater Threats
Cybersecurity 2023:
Reinforcing Defenses
Cyber
Ed. 20
Chief Magazine
This edition of Cyber Chief Magazine dives into the key trends that will
affect organizations of all sizes in 2023 and shares strategies that will help
cybersecurity leaders prepare for the challenges and seize the opportunities.
Cybersecurity:
Facts and Figures Extra Security
41%
20 EISA: The Core Principles of
Strengthening the Enterprise
Cybersecurity
of workloads are already
in the cloud. Organizations 24 Your Business Will Face
expect this number to increase Cybersecurity Attacks: Here’s
by 13% by the end of 2023. How to Prepare and Respond
Cloud Usage
41% 80%
of workloads are already in the cloud. of organizations store sensitive data in the cloud.
Organizations expect this number to The most common types are the PII of employees
increase by 13% by the end of 2023. and the PII of customers.
Source: Netwrix 2022 Cloud Data Security Report 41% Best of breed cloud
services and applications
Cloud Architecture
34% Reducing cloud services costs
34%
Business resilience and
82% 92% disaster recovery
of organizations have of organizations use
adopted a hybrid cloud two or more public
architecture. cloud providers.
Source: Cisco 2022 Hybrid Cloud Trends Report Source: Cisco 2022 Hybrid Cloud Trends Report
Evolution of Security Incidents in the Cloud 2022 2020
73%
Phishing
40%
31%
Account compromise
16%
29%
Ransomware or other malware attack
24%
29%
Targeted attacks on cloud infrastructure
16%
Five Cybersecurity
Trends that Will
Affect Organizations
in 2023
Dirk Schrader
VP of Security Research at Netwrix
Michael Paye
VP of Research and Development at Netwrix
Cybercrime has evolved into a booming Vital defense strategies include timely
business in recent years, so it’s critical for patching and updating of software, as well
organizations to stay on top of trends that are as locking down network access with best
likely to affect their security. To help, this article practices like multifactor authentication (MFA)
details five key IT security trends to be aware and privileged access management (PAM). In
of in 2023. The analysis is based on Netwrix’s addition, organizations should provide frequent
global experience across a wide range of cybersecurity awareness training to all users.
verticals, including technology, finance,
manufacturing, government and healthcare.
Supply chain
The business attacks will
of cybercrime intensify
will be further Modern organizations rely on complex supply
professionalized
chains, which often include small and medium
businesses (SMBs), managed service providers
(MSPs), and managed security service providers
The return of malware strains like Emotet, (MSSPs). In the coming year, adversaries will
Conti and Trickbot indicates an expansion of increasingly target these suppliers rather than
cybercrime for hire. In particular, the growth the larger enterprises. The reason is simple:
of ransomware as a service (RaaS) is enabling They know that suppliers provide a path into
criminals without deep technical skills to multiple partners and customers — and that they
make money, either by extorting a ransom for often have smaller IT budgets and less robust
decryption keys or by selling stolen data on the cybersecurity defenses.
dark web or to the victim’s competitors. Phishing
To address this threat, organizations of all sizes
attacks are a top vector for gaining access to a
need to make sure that their risk assessment
corporate network in order to plant ransomware
process takes into account the vulnerabilities
or launch other attacks.
of all third-party software and firmware. (If you
Accordingly, in 2023, organizations should don’t have a regular risk assessment process
expect an increase in phishing campaigns. yet, make creating one a top priority!)
7
Understaffing will and easy-to-use deep fake technology are
enabling attackers to trick more users into
security partners
Accordingly, comprehensive auditing of user
activity will become even more crucial for
spotting abnormal behavior in time to prevent
Demand for cybersecurity professionals is serious incidents. In addition, implementing
far outpacing supply. This global shortage a zero standing privilege (ZSP) approach will
of cybersecurity talent will increase risks for help organizations prevent abuse of their most
businesses, especially with attacks becoming powerful accounts, whether by a disgruntled
even more sophisticated and frequent. admin or an adversary who compromise their
account.
To overcome this challenge, organizations will
rely more on their security partners, such as
system integrators, channel partners, MSPs and
Vendor
MSSPs. Be sure to vet your partners carefully,
and not just once but regularly — as we just saw,
consolidation will
supply chain attacks are only going to increase
in the coming months.
continue gaining
The human factor momentum
will become a top To combat cybercrime, organizations continue
to invest in IT security. But having more tools
8
complexity, organizations are now looking to
build a security architecture with a selected set
of trusted vendors. This approach offers the
additional benefit of reduced costs from loyalty
pricing, which in turn leads to a faster return
on investment (ROI), an increasingly important
factor in the current economic climate.
Evolution of Cloud
Security: More
Tools, Larger
Budgets, Greater
Threats
Martin Cannard
VP of Product Strategy at Netwrix
Organizations around the world have already moved vital data and workloads to the cloud, and cloud
adoption is continuing. To better understand the challenges that organizations are facing in this area,
Netwrix surveyed 720 IT professionals all over the globe via an online questionnaire and compiled the
results into its 2022 Cloud Data Security Report.
Here are the key findings and our analysis to help organizations understand the main obstacles on
their way to safe cloud computing.
Other 5%
11
Cloud Adoption and Security Budgets
Cloud adoption is in full swing: Organizations report that 41% of their workloads are already in the
cloud, and they expect that share to increase to 54% by the end of 2023. And organizations clearly
want to protect these cloud investments, with nearly half (49%) of respondents confirming that their
cloud security budget increased in 2022.
Data loss
23%
13%
12
Speed of Detection Cost of Breaches
In addition, the average detection time for most Breaches are also getting costlier. This year,
types of attacks has increased since 2020. The 49% of respondents said that an attack led
most significant slowdown was for supply chain to unplanned expenses to fix security gaps,
compromise: In 2020, 76% of respondents up from 28% in 2020. The share who faced
spotted this type of attack within minutes or compliance fines more than doubled (from
hours, but in 2022, only 47% found it that quickly. 11% to 25%), as did the number who saw their
company valuation drop (from 7% to 17%).
SUPPLY CHAIN COMPROMISE
WEEKS 0% 12%
No impact
MONTHS
6% 10% 32%
AND MORE
49%
Compliance fines
25%
Ransomware has become harder to uncover as 11%
13
Data Security Challenges
Still, the top 3 data security challenges named by survey respondents stayed the same from 2020:
lack of IT staff, lack of expertise in cloud environments and lack of budget. Money is still an issue for
many organizations, but the share of those who struggle with this problem dropped from 47% in 2020
to 34% in 2022.
2022 2020
34%
Lack of budget
47%
Analysis
Attacks are maturing faster than the expertise, tools and processes for defending against them. Indeed,
increased budgets and more tools doesn’t always mean more security. Indeed, relying on multiple point
solutions from different vendors means complexity — overlapping or even conflicting functionality, as
well as multiple support teams — and complexity leads to security gaps.
One way to solve this problem is to build a security architecture with a select group of trusted vendors
that offer and support an extensive portfolio of integrated solutions. Another vital strategy is to focus
on the most effective security controls first. These include data classification and auditing of user
activity: Respondents who classify their data were often able to detect an attack within minutes while
those who don’t usually needed hours or even days, and auditing of user activity reduced detection
time for phishing, ransomware and account compromise attacks from hours to minutes. More broadly,
it is time to pay closer attention to security measures that reduce both the likelihood and impact of
security breaches by improving the ability to protect against, detect and respond to threats.
14
ON-DEMAND WEBINAR
15
Extra Security
16
As the sophistication of malware attacks advances follow the same basic principles when attempting
each year, organisations must be especially to compromise a target’s digital assets. To simply
vigilant and prepared for any suspicious activity. put it, when deploying any form of malware
Cyber criminals’ tactics are continuing to evolve extortion attackers generally follow five steps to
and nearly every aspect of a digital environment achieve their objectives: get there, get into, get
can be exploited. Akin to a digital parasite, threat ready, get more, and get money.
actors are often armed with the ability to live “off
the land” of their targets, which allows them to stay To ‘get there’ cybercriminals have figured out
hidden while inside a target’s digital environment numerous ways to gain access into a target’s
and to steal critical data and assets. digital systems such as, for example, distributing
targeted phishing using malicious websites and
Once an attacker infiltrates the victim’s system, ads. In another level of sophistication cyber
they can then deploy different forms of malware crooks buy the access from so-called ‘Initial
to collect as many assets as possible to later Access Brokers’. Once attackers ‘get into’ the
blackmail their target and demand a ransom. environment – via exploiting local vulnerabilities
System hardening processes are one of the best or using weak login credentials – they can then
and most effective measures an organisation ‘get ready’ to reinforce their LOL techniques to
can take to decrease a chance of success of stay invisible and escalate their privileges while
such attacks. Aligned with the National Institute inside.
of Standards and Technology (NIST) guidelines,
system hardening allows organisations to take In order to ‘get more’ assets, attackers will laterally
their cybersecurity into their own hands. move through the target’s digital infrastructure to
extract, collect, and own the valuable information
either needed for a later extortion attempt or to
use for a bigger target connected with the victim.
Common malware and Ultimately, should the end goal for the attack be to
‘get money’, the attackers will encrypt the critical
living-off-the-land data and demand a ransom for a decryption key
17
How attack surface System hardening
grows and how to guidelines aligned with
control it the National Institute
To launch a malware attack, cybercriminals will
of Standards and
manoeuvre throughout the organisation’s existing Technology
security layers to locate any vulnerabilities or
weak points for later exploitation. Security gaps
In the myriad of system hardening guidelines
within a target’s data, identity credentials, and
available online, guidelines provided by the
digital infrastructure are the three key aspects
NIST come as the most recommended and most
needed for a successful launch of a malware
trusted source – as well as free of cost. Ultimately,
attack. Any existing weak points become even
as recommended by the NIST, prevention and
more vulnerable during any significant changes
detection are the best first steps to undertake in
or events, such as modifying internal password
order to successfully disrupt the path of malware.
policies or in preparation for a major software
update. Due to this, it is important for organisations
Protection is the first step to achieving the most
to maintain full visibility of their software and files
effective state of system hardening. To do so,
when undergoing such events.
IT security teams must change their traditional
approaches and take on a ‘think like an attacker’
To mitigate any subsequent risks, IT security
mentality. A change of perspective in this way can
teams should strongly consider reinforcing
make it easier to identify normally overlooked
their digital infrastructures in line with system
security gaps and categorise the levels of risk,
hardening guidelines. System hardening is
ways to improve the overall security strategy,
the process of reducing the vulnerabilities and
and establish which assets are of most value to
security risks within a system, application, or
the organisation. As a result, this will reduce the
infrastructure with the overall goal to reduce
attack surface and make it especially difficult for
the attack surfaces and withstand emerging
an attacker to apply their LOL techniques.
attack vectors. When executed correctly, these
measures offer ways for organisations to get
Second to this is the detection of malicious
ahead of, and how to best defend against, these
activity before it can escalate any further. It is
potentially devastating malware threats.
18
vital to correctly determine between what is
suspicious behaviour versus what is normal
within an IT environment that is already constantly
changing. This can be done by checking for any
indicators of compromise (IOC’s) via monitoring
unplanned or abnormal file changes and noticing
any configuration drifts which may occur within a
digital environment.
19
Extra secutity
The core components of EISA development starts with examining the existing
level of cybersecurity. What security standards and
EISA processes the organization is currently following
and what security gaps do they leave? Identifying
Ahead of the development process, it is vital these points can make it easier to later analyze
to recognize the key layers of an effective and cybersecurity weaknesses and determine how they
successful EISA. Firstly, the business context is can be resolved. After assessing the organization’s
necessary to define the enterprise informational current cybersecurity status, the next step is to set
use cases and how this specific data affects new security goals – taking business priorities into
the achievement of organizational goals. This account. Both the technical and strategical contexts
conceptual layer is the element which can help narrow down the areas of future focus.
provide information regarding risk attributes
and the enterprise profile. As soon as all the preliminary work is done, it is
time to consult with a verified framework that can
21
guide an organization to the actual improvement of
the foundational cybersecurity layers such as data,
Communication is the
identities, and infrastructure. The Open Group main challenge when
Architecture Framework (TOGAF), the Sherwood
Applied Business Security Architecture (SABSA),
developing an EISA
the Federal Enterprise Architecture Framework
There is no one size fits all approach when it
(FEAF), the Zachman Framework, and the COBIT 5
comes to developing a successful EISA, however,
framework have proven to be trustworthy sources
there are several common challenges to lookout
of current best practices, so there is no need to
for throughout the integration process.
start from scratch.
22
Therefore, an effective EISA plan must address
these concerns at a comprehensive level.
The benefits of an
effective EISA
Having a well thought out EISA development plan
serves as an invaluable tool for planning new
cybersecurity measures throughout all levels of the
organization. A thoroughly planned EISA can also
provide the information – which could otherwise
be unavailable – needed to help make the best
choices when it comes to managing the technology
lifecycle and solutions to utilize throughout the IT
environment. Equally as important, it is a critical tool
for organizations needing to follow compliance
regulations enforced by current industry standards
and legal requirements.
23
Extra secutity
24
With the constant evolution of the cybersecurity feeds and read threat monitoring websites to
landscape, security attacks are constantly ensure you have full awareness of any new
occurring, whether they’re fully automated or vulnerabilities.
human-operated attacks. Even though companies
are spending billions of dollars to shore up their
2. Document your environment
security defenses, vulnerabilities still exist for most
companies. Often overlooked, the documentation of your
digital environment is of utmost importance.
So, what is to be done? What steps need to be taken Be sure you know where your sensitive data
to react to a critical vulnerability announcement to lives, and what software and applications your
help prevent devastating damage? The answer business relies on.
is, “It depends.” That is, it depends on what the
company has done to prepare for cybersecurity
3. Back up your data
attacks and what its plan is to respond when the
attack occurs. If you have ever lost important data, or even felt
a moment of panic where you thought you did,
The saying goes, “If you fail to prepare, you are you know how critical it is to back up your data.
prepared to fail.” This is especially true as it relates Data losses can occur in many forms, from hard
to cybersecurity. The following are a few steps to drive failures to ransomware attacks, and even
help you prepare and respond. human error or physical theft.
25
5. Map your emergency process 7. Harden systems
An emergency management process will Systems hardening is a collection of tools,
ensure you are ready to respond in the event techniques, and best practices to reduce
of an emergency. But beyond this major benefit, vulnerability in technology systems and
you may discover unrecognized hazards in environments. Systems hardening can be
your environment that could aggravate an completed proactively to reduce security risks
emergency and you can work to eliminate them by eliminating potential cybersecurity attack
proactively. You may also uncover deficiencies, vectors and condensing the system’s attack
such as lack of equipment and personnel. surface.
A clear, simple, and coordinated process could However, for certain systems, when a new critical
save you millions of dollars, so spend the time vulnerability is released, it may be possible
to carefully document your internal process for to work further to reduce the risk of being
emergencies, including roles, responsibilities, compromised. This may include activities such
and timing. as limiting network connectivity, segregating
access, or even turning off the system until
Responding to a cybersecurity attack patches are made available.
26
9. Mitigate the damage
Planning ahead is the
In the case of high-profile vulnerabilities, it is
best to stay up to date by following researchers,
best preparation for
security updates, and other trusted sources cybersecurity attacks
such as the company whose product or system
may be affected. In many cases, these sources These steps are all geared toward helping
of information will update you on any temporary aid you in what to start thinking about when
mitigation techniques found when no official a critical severity vulnerability or zero day is
mitigation is possible. The best-known example released. Taking some time to think through this
of this is the kill switch for the WannaCry list should help you and your organization jump
ransomware attack which was to sinkhole a into action when such a situation arises.
certain DNS domain.
27
Extra secutity
Bouncing Back
After a Cyberattack:
A Cyber Resilience
Checklist
Dirk Schrader
VP of Security Research at Netwrix
The term “resilience” comes from physics: It’s With these aspects in mind, cyber resilience
the ability of a substance to return to its usual is more than just a new way of talking about
shape after being bent, stretched, or pressed. disaster recovery and business continuity.
Tennis balls are often cited as examples of Evolving your organization to be resilient
resilience: Toss a ball and it will bounce back towards cyberattacks will embed digital security
without its shape being changed. This stands into all your critical business processes that
in stark contrast to tomatoes: Throw a tomato deliver the value of your business.
and you'll probably need to jump away avoiding
splashes on your clothes. The questions listed below can help your
organization identify the blind spots and
The resilience term has been adopted by the IT security gaps you should address to improve
community, particularly as it relates to security. cyber resilience across these three dimensions.
Cyber resilience is the ability to keep IT systems
up and running while under attack. Indeed,
one definition states: “Cyber resilience refers Organizational Capabilities
to an entity's ability to continuously deliver
▪ Are we able to swiftly alert the organization
the intended outcome, despite adverse cyber
about an increased likelihood of a
events.” The goal is to avoid business downtime
cyberattack?
and all associated costs, including the loss of
▪ Are we able to identify all critical business
revenue, productivity and customer loyalty.
processes that could be impacted by a
cyberattack?
Given today’s relentless barrage of
▪ Are we aware of each critical IT asset in each
cyberattacks, it’s vital to develop cyber
of those business processes?
resilience to ensure your organization can
stay productive and secure. Cyber resilience
Quite often department heads are not aware of
involves three key aspects:
the cyber risks their digital assets face or how
▪ Making it hard for an adversary to successfully an outage would impact their abilities. Check
complete an attack out these questions to improve the visibility
▪ Being ready to operate while under attack of relevant processes and communication
▪ Using experience to bounce back better in between non-security and security people.
the future
29
Risk Detection Capabilities These questions might sound familiar
(technically thinking of vulnerability
▪ Can we detect technical and organizational
assessment), however, they cover a lot more.
gaps that make the organization vulnerable
If you have developed ways to continue to
to cyberattacks?
deliver your value-add during an attack, and
▪ Do we anticipate attacks affecting our
to improve any short comings here, you have
business processes using simulations or
made some good way into cyber resilience.
what-if scenarios?
Mitigation Capabilities
▪ Can we effectively mitigate or remediate the
risks and vulnerabilities we identify?
▪ Are our business processes aligned with our
cybersecurity operations and architecture?
▪ Are we able to quickly respond to the
emergence of new threats or cyberattacks?
▪ Can we efficiently alleviate the impact of a
cyberattack on critical business processes?
▪ Do we use the lessons learned during
cyberattacks to improve our cyber resilience?
30
ON-DEMAND WEBINAR
Achieving Resilience
Watch Now
31
Extra secutity
Six Ways to
Minimize Damage
from a Cyber
Infiltration
Joe Dibley
Security Researcher at Netwrix
Ensuring your business is resilient against to regularly remove unnecessary privileges
today’s rapidly evolving cyber threat landscape and accounts. Third-party access should be
without standing in the way of business automatically revoked after the contract expires,
priorities can be a delicate balance. But as as an example. Analytics can be used to identify
we’ve all heard, this risk of a cyberattack it’s unnecessary privileges and tighten access.
not a matter of if, but when. Cyberattacks have
▪ Reduce the quantity of inbound network
become a persistent and permanent threat to
connections. The goal of most organizations
organizations across all industries. The degree
is to optimize the network their employees
of damage from a cyber infiltration can be costly.
rely on to do their jobs. To ensure this
However, before you actually get hit, you can
optimization, identify the sources of
have a clear process to minimize the damage.
unwanted or unnecessary network
To begin with, you need to ask yourself, “Are we connections and traffic and take steps to
sufficiently prepared to defend a cyberattack?” correct or eliminate the root causes in order
And if your answer is no, the next question is, to enhance network performance and help
“What are we actively doing to avoid, or at least avoid future problems.
minimize, any damage a cyber infiltration might
Removing inbound network connections
cause?” If your organization is not fully prepared,
minimizes the risk of a network being exposed
consider the following tips to help you reduce
to cyber infiltration and the damage that can
any harm so that you can get back to business
result. By removing these connections, the
as quickly, and reliably, as possible:
attack surface of the network will be reduced,
▪ Restrict access and remove unnecessary and the overall safety of the network will
privileges. Providing appropriate levels of increase.
access to the right resources can minimize
▪ Ensure antivirus and endpoint detection
the impact of any cyber infiltration by giving
response (EDR) solutions are up to date.
the attacker a smaller footprint in which to
It is more common than you might think to
operate. You need to minimize the number
ignore software updates, particularly if you
of accounts, users with access to accounts,
leave it up to the user, rather than through
and their privileges. Less access is easier to
an automated central control solution.
protect, restrict, and review.
You should also make it a priority to know Antivirus and EDR solutions provide signature
who has access to what. Once that has been files that contain the latest lists of known threats.
determined, you can establish processes These files are released daily, and sometimes
33
even more often than that, so it is recommended an admin account for them and later delete it
to configure them to automatically check for when they have completed their job. However,
updates at least once a day. sometimes you may forget that you added
someone with network privileges, leaving your
▪ Log all events in a central location.
network open to possible security threats and
Centralized network log records play an
data safety issues. A temporary account in this
extremely important role in any well-thought-
example would help reduce this risk.
out security program. They can help in the
detection of anomalous activity both in real- ▪ Restore and rebuild from reliable backups.
time, as well as reactively during a cyberattack. Backup and restore refers to the practice of
making periodic copies of data and applications
Centralized logging provides two key benefits.
to a separate, secondary device and then
First, it places all log records in a single location,
using the copies to restore and rebuild.
making it easier for you to do log analysis and
correlation tasks anytime you need. Second, it The key to reliable backups is to find the best
provides you with a secure storage area for your option for your organization that will allow you
log data. This is important because in the event to restore and rebuild if the original data and
when an endpoint becomes compromised, the applications are held hostage or damaged due
attacker will not be able to tamper with the logs to a cyber infiltration, or even a power outage, a
stored in the central log repository, unless the human error, a disaster, or some other unplanned
endpoint is also corrupted. event. Keep in mind that while a backup copy
can help you recover from a cyber threat, it
▪ Use temporary accounts to log in to
cannot prevent data leakage if the cyber criminal
servers. Another way to minimize exposure
decides to publish your valuable data.
is to create temporary logins for different
accounts on the server. These logins Minimizing damage from a cyberattack is
can be created easily and set to expire possible, but it requires constant diligence and
automatically after a given time. Privileged effort. The amount of damage and required
Access Management (PAM) tools help to work to overcome an attack can be reduced
automate the whole process. significantly if you take the necessary steps
and precautions to provide protection. Before
For example, some organizations often hire
your organization gets breached, and it will,
sub-contractors to perform small adjustments
implement the steps above and you’ll be better
on their networks, which may require access to
prepared to defend against an attack should
the admin area of the network. You could create
you need to.
34
GUIDE
Learn More
35
Extra Security
37
▪ Encryption of bots’ actions is not possible — by both humans and machines to ensure
Since bots are operating on the users’ screen security and compliance.
on behalf of the user, any activity done by bots ▪ Second, organizations should perform regular
can be easily recorded and replicated. This audits to assess the level of security and
makes RPA activity easy to “steal” or use by ensure that applicable mandates are being
threat actors seeking to use the user’s account. complied with.
▪ Finally, if RPA bots are deployed through a
These insecurities make companies that use service provider, they must ensure that the
RPA technology particularly vulnerable. Knowing project is properly secured.
RPAs are implemented in a company, a hacker
can target a privileged bot instead of trying to RPA is increasingly the go-to technology for
compromise the privileged credentials of an automating processes and making life easier for
employee. Infiltrating the RPA solution makes employees. But organizations must be aware of
it possible to look for credentials used, or even the security concerns inherent in RPA and take
to modify the bot’s actions to arrange a money steps to mitigate them to protect their critical
transfer, for example, while remaining discreet systems and data.
within the IT infrastructure.
38
GUIDE
39
First-Hand Experience
41
About Netwrix®
Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of
security professionals by enabling them to identify and protect sensitive data to reduce the risk of a
breach, and to detect, respond to and recover from attacks, limiting their impact. More than 13,000
organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture
across all three primary attack vectors: data, identity and infrastructure.
6160 Warren Parkway, Suite 100 1-949-407-5125 Spain: +34 911 982608
Frisco, TX, US 75034 Toll-free (USA): 888-638-9749 Netherlands: +31 858 887 804
Sweden: +46 8 525 03487
Switzerland: +41 43 508 3472
5 New Street Square +44 (0) 203 588 3023 netwrix.com/social
France: +33 9 75 18 11 19
London EC4A 3TW
Germany: +49 711 899 89 187
Hong Kong: +852 5808 1306
Italy: +39 02 947 53539
Copyright © Netwrix Corporation. All rights reserved. Netwrix is trademark of Netwrix Corporation and/or one or more of its subsidiaries and may be registered in
the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners.
42