[Trae Johnson]

You described phishing, ransomware, and insider threats very clearly. Your emphasis on employee training for preventing phishing is important; most attacks start with human mistakes. I also agree that strong backups and consistent patching are necessary defenses against ransomware. The way you connected insider threats to access control shows why monitoring user activity is such a vital responsibility.