Virtualization Technology News and Information
VMblog Expert Interview: Mark Sangster of eSentire Talks Cybercrime, Cybersecurity and His Recent Book

interview esentire sangster 

Mark Sangster, VP and Industry Security Strategist at eSentire, recently authored a book, "No Safe Harbor: The Inside Truth About Cybercrime, and How to Protect Your Business," the untold story of digital crime.  It delves into how the key to changing the locks isn't in our computers, but in our corporate culture through real life story-telling that shows how organizations need to shift the security discussion away from technology gates alone toward a focus on leadership, team behaviors, and mutual support.

To find out more about this book, and gain a better understanding about cybercrime and cybersecurity in the world we live in today, VMblog reached out to Sangster.

VMblog:  Why do companies fall prey to cybercrime?

Mark Sangster:  Company leaders think: "We are a little business in the Midwest. We don't have anything worth stealing. How would some criminal in Russia or North Korea even know we exist?" But cybercriminals don't discriminate by employee count, revenue, or location in a NFL city. Through a long process of socialization, criminals have learned who pays ransoms and what data is worth stealing. When companies don't see themselves as a target, they don't invest in cyber protection and are exposed to cybercrime. 

VMblog:  Why did you choose to write the book for non-technical executives?

Sangster:  Over the last five years, I've watched the volume of attacks increase and the tools and tactics of cybercriminals evolve and improve faster than the security industry can respond. I've seen too many good companies and good people fall victim to criminal adversaries. And it seemed that many of these attacks could have been prevented, or at least minimized. Companies were repeating the same cycle of false assumptions, check-box mentality towards cybersecurity, resulting in a constant flow of damaging and expensive data breaches.

Worst of all, these companies were all suffering in silence, breaking a valuable chain required to provide vicarious learning and improvement. I realized the best way to get the word out was to tell the stories that never made the headlines is to expose the fundamental causes of cybercrime, to offer new ways of looking at the problem, and to start a conversation to help these organizations protect themselves from the next cyberattack.

VMblog:  In the book, you use stories from outside of IT.  How do these stories relate back to cybercrime?

Sangster:  In the book, I use real world stories from beyond the data breach headlines, including air crashes, oil drilling disasters, and architectural failures. Although they seem unrelated, they draw parallels that offer critical insights we often cannot see from our vantage point, nose deep in the mire of cyber budgets, resource constraints, and press and peers lining up to find a scapegoat. 

These stories provide a neutral forum in which we can elevate the conversation above the trees to see the forest. Unpacking these stories illustrates that major events, including data breaches, occur as the confluence of multiple factors, and not a single point of failure. These stories create a dialog that focuses on what is responsible, not who is to blame. It's about changing the narrative from point-and-blame to seeking 360-degree accountability and continuous improvement.

VMblog:  How is the world of COVID and the increased 'Work From Home' that we live in today affecting cybersecurity?

Sangster:  The Covid-19 pandemic forced companies into support and distributed workforce en masse. This shift was par for the course in firms that had invested in remote security, including endpoint protection, virtual private networks (VPN) or software-defined perimeter (SDP) services that protect and limit remote access to critical business systems. For those companies that followed more of a firewall-encircled perimeter (think the head office), they were caught flat footed and exposed to attacks that could operate on the employees' devices, free of security controls. 

The pandemic also shifted protection from commercial-grade systems to consumer-grade internet routers, supplied through local ISPs. The technology is not as robust (nor would you expect it to be), but configuration vulnerabilities were left in the hands of non-technical employees. For example, many employee internet devices ran with factory default administrative log-ins and unencrypted WIFI networks. It's low hanging fruit for criminals that wish to install collection scripts, snoop traffic and harvest credentials.

Many firms see Covid-19 as a once-in-a-century event. This is not true. We've seen other tectonic events that shifted the way we think about security. For example, the attacks on 9/11 demonstrated the need for off-premises operations to continue business continuity. In 2012, Hurricane Sandy struck the Eastern seaboard of the US, flooding New York and Manhattan. It shut down and defeated the defenses put in place post 9/11. Back-up systems housed across the river in New Jersey were affected, along with the main facilities of banks and financial institutions. We needed to rethink continuity to provide protection of geographic disruption. Covid-19 is the final push into a virtual world. Now we assume data is stored in the cloud, accessed by remote workers, using distributed workloads. It means the perimeter has shifted from the office to the employee and the data assets themselves.

VMblog:  How do you see cybercrime evolving over the coming year?

Sangster:  Cybercrime is evolving in two ways. The first is from nation states or state-sponsored actors. While not declared enemies of the state, these grey zones, seek to challenge the United States using means below the threshold of a hot war. As countries like Russia, China, North Korea, and Iran seek to destabilize the US and its allies, it's a murky world between war and peace. It's our generation's version of the 1950's cold war, poised on the brink of nuclear annihilation. Their tactics are difficult to detect and even harder to attribute. What's worse is we see attacks from these grey zones on small and medium business, like the aftershocks of major geopolitical tectonic events. It means we face a nebulous adversary that does not distinguish between combatant and non-combatant. There is no such thing as collateral damage anymore. It's simply damage.

The second evolution is the growth of a criminal ecosystem that monetizes illicit technology, tools and tactics. Like Fortune 500 companies that buy best-in-breed technology and rely on specialists in their security field to protect their business, criminals are following the same business practices. Their cross-cartel alignments mean they sell malware-as-a-service, and expertise in initial infiltration, insider information, resale of stolen goods, and money (even cryptocurrency) laundering. Malware-as-service increases the efficacy of attacks, their nefarious reputation drives up ransoms, and collaboration reduces operational costs and time to market. As in, they are reducing their costs while increasing their revenue. That's profit by any definition. 

VMblog:  How can companies assess their risk?

Sangster:  The first thing companies need to do is think about cybersecurity in terms of risk, not as an IT problem to solve. To do this, executives should:

  1. Seek expertise to understand threat trends and regulatory requirements
  2. Identify and understand the top risks facing their business through industry groups and government feeds
  3. Participate in incident response simulations and crisis communication training to ensure they are prepared to respond to a material cybersecurity event
  4. Participate in regular security awareness training sessions
  5. Annual risk assessment to identify the most likely cyberattacks, recent litigation or insurance claims to understand liability and coverage limitations, and inventory special conditions or unusual risks associated with specific obligations to clients, partners, investors or employee

VMblog:  Where can executives go for help building a cybersecurity program?

Sangster:  The National Association of Corporate Directors (NACD) Handbook on Cyber-Risk Oversight

The National Cyber Security Centre (NCSC) Board Toolkit

Cybersecurity Infrastructure and Agency (CISA) Cyber Essentials: Leaders

VMblog:  Finally, how can my audience get their hands on your book?

Sangster:  No Safe Harbor is available through leading online print, digital and audio retailers like Amazon and Barnes and Noble. If you'd like to continue the cybersecurity conversation, you can reach me through my website, or at


Published Friday, January 15, 2021 9:07 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2021>