Legal and Manufacturing Firms Must Manage Risk in the Age of Cyber threats: Cybercrime Magazine Speaks with eSentire’s Mark Sangster

Mark Sangster, VP Industry Security Strategy at eSentire, recently joined host Hillarie McClure in an episode of Cybercrime Radio: MDR & Reducing Risk. Navigating Digital Disruption.

Listen to the entire conversation on Cybercrime Radio:

As Mark states, “Information is the new currency,” and that means companies that never before considered themselves attractive targets for threat actors are now coming to terms with the very inconvenient truth. Along with accepting that they are, in reality, targets—with much to lose to a cybercrime disruption—companies are also beginning to recognize that, “Security is not an IT problem to solve, it’s a business risk to manage.” And with that recognition comes a necessary change in the vocabulary used to discuss cybersecurity, from ones and zeroes to dollars and cents. Companies need to address risks by taking steps to put in place management, detection and response capabilities that help them meet compliance frameworks that most industries are developing for cybersecurity.

Within this wider context, Mark and Hillarie focus on two industries in particular which now find themselves under siege by threat actors: Legal Services and Manufacturing.

Legal Services

Law firms and other legal services organizations have unique privilege when it comes to information: they deal with mergers and acquisitions, patents, personally identifiable information, financial data, regulatory filings, and much more—all of which hold tremendous value for cybercriminals.

Plus, much of the legal process plays out in public through court filings and other documentation. A consequence of this transparency is that threat actors can easily find and weaponize information to use to try to victimize law firms.

Add in the facts that law firms are very susceptible to reputational damage and that most are undergoing a digital transformation (more connected systems handling more data), and it’s clear why cybercriminals look at the legal industry as a veritable buffet.

This last point is made all-too-clear when Mark quickly runs through a number of incidents—including one that might have come straight from the pages of a cybercrime thriller, in which eSentire’s security experts defeated a nation state in cybercombat!

To learn more about how eSentire has successfully protected legal firms from ransomware gangs and state-sponsored actors, download our Legal Solution Brief.

Manufacturing

The manufacturing industry is undergoing a digital transformation of its own, one aspect of which is increased interconnectivity and interdependence between operational technology (OT) and information technology (IT).

This “blending,” as Mark puts it, offers enormous benefits for manufacturers, but also introduces risks that the industry never had to deal with before.

In particular, factories of all sizes are massively vulnerable to ransomware outages, as downtime equals lost production; plus, the IP theft that is often part of today’s ransomware attacks has the potential to severely diminish enterprise value.

Mark explains why manufacturers are so vulnerable to cyberattacks and touches on the work that eSentire is doing with the National Association of Manufacturers (NAM) to help small and medium manufacturers to manage these new risks. He also explains why the Cybersecurity Maturity Model Certification program is a great step towards helping manufacturers “right size” their security investments.

To learn more about how eSentire has successfully protected manufacturing firms and their supply chains, download our Manufacturing Solution Brief.

Something for everyone

While much of the discussion focuses on the Legal Services and Manufacturing industries, the general cyberthreats Mark and Hillarie explore apply to every organization, as do the lessons and advice Mark offers.