Cyber risk is no longer limited to “data companies.” In this episode of the Cybersecurity Awareness Series, Amy S. Mushahwar and Kathleen A. McGee explore how ransomware and nation-state threats are disrupting manufacturing floors, healthcare systems, telecommunications providers, and government contractors alike. From operational shutdowns to stolen blueprints and defense-related data, today’s threat actors target valuable information regardless of industry.
Speakers:
- Amy S. Mushahwar, Partner, Chair, Data Privacy, Security, Safety & Risk Management
- Kathleen A. McGee, Partner, Data Privacy, Security, Safety & Risk Management, White Collar
READ THE TRANSCRIPT
Amy S. Mushahwar: Manufacturing floors are powered by computers, and with ransomware for example, you could have clients who are unable to book revenue, unable to release product, unable to have their workers come in to work, and they by no means our data company—they’re a widget company.
There are some industries that squarely do get a few more breaches than others. Health care is very much at the top of that list, but also highly regulated industries, like telecommunications as well as government contracting, and we do have new laws regarding federal government defense contractors under the CMMC (Cybersecurity Maturity Model), where we fully expect to see more federal enforcement there if government contractors don't appropriately secure defense secrets.
Kathleen A. McGee: One of the things that we've seen over the course of this last year in particular for Lowenstein clients who were the victims of a security incident was their surprise that they would be considered so valuable by a threat actor. And I would say that's, you know, they may be manufacturer widgets, but they it turns out that they have blueprints or other sources of information that threat actors find very useful on the black market. And it's not just regular threat actors for sale, we're also talking about nation state actors going after clients.
And quite frankly, the ransomware event of it is almost, a byproduct; it's not really a monetary issue. They really just want your data. But they also, in the course of their invasion into your workspace, they interrupt your business for three months. You can't get your product out, your work force is shuttered.
So, I would say the big thing that we would like for people to really get out to their clients is you're not too small, and you're not unimportant to threat actors because everyone has data, and it's really industry agnostic at this point.
Amy S. Mushahwar: Clients need to get enlightened regarding their data, and their data’s value. To the extent, for example, as Kathleen has said, it's not just a widget. It's not just a blueprint. It's a widget or a blueprint that might be in a munitions product, might be in an airplane, might actually power the construction blueprints, you know, for major defense agencies or those who are using those products as other government contractors.
Know your data—it’s very, very hard to do, but it's something you must do.
