Jon Clay with Trend Micro

On this week's Industrial Talk we're talking to Jon Clay, VP of Threat Intelligence with Trend Micro about “5 ‘D's' of Cyber Security”.  Get the answers to your “Cybersecurity” questions along with Jon's unique insight on the “How” on this Industrial Talk interview!

Finally, get your exclusive free access to the Industrial Academy and a series on “Why You Need To Podcast” for Greater Success in 2022. All links designed for keeping you current in this rapidly changing Industrial Market. Learn! Grow! Enjoy!

JON CLAY'S CONTACT INFORMATION:

Personal LinkedIn: https://www.linkedin.com/in/jon-clay-0880512/

Company LinkedIn: https://www.linkedin.com/company/trend-micro/

Company Website: https://www.trendmicro.com/en_us/business.html

PODCAST VIDEO:

THE STRATEGIC REASON “WHY YOU NEED TO PODCAST”:

OTHER GREAT INDUSTRIAL RESOURCES:

NEOMhttps://www.neom.com/en-us

Hitachi Vantara: https://www.hitachivantara.com/en-us/home.html

Industrial Marketing Solutions:  https://industrialtalk.com/industrial-marketing/

Industrial Academy: https://industrialtalk.com/industrial-academy/

Industrial Dojo: https://industrialtalk.com/industrial_dojo/

We the 15: https://www.wethe15.org/

YOUR INDUSTRIAL DIGITAL TOOLBOX:

LifterLMS: Get One Month Free for $1 – https://lifterlms.com/

Active Campaign: Active Campaign Link

Social Jukebox: https://www.socialjukebox.com/

Industrial Academy (One Month Free Access And One Free License For Future Industrial Leader):

Business Beatitude the Book

Do you desire a more joy-filled, deeply-enduring sense of accomplishment and success? Live your business the way you want to live with the BUSINESS BEATITUDES…The Bridge connecting sacrifice to success. YOU NEED THE BUSINESS BEATITUDES!

TAP INTO YOUR INDUSTRIAL SOUL, RESERVE YOUR COPY NOW! BE BOLD. BE BRAVE. DARE GREATLY AND CHANGE THE WORLD. GET THE BUSINESS BEATITUDES!

Reserve My Copy and My 25% Discount

PODCAST TRANSCRIPT:

SUMMARY KEYWORDS

scott, industry, cybersecurity, industrial, people, trend micro, cyber, Jon, conversation, network, target, companies, business, ot, world, digital transformation, educate, area, manufacturer, trend

00:04

Welcome to the industrial talk podcast with Scott Mackenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots,

00:21

and let's get all right. Once again, thank you very much for joining industrial talk in really thank you very much for your support. This platform is completely and fully dedicated to your success. Because you're bold, you're brave, you're daring greatly you solve problems, you collaborate. You're making the world a better place. I say that all the time, but I believe in in my heart. All right in the hot seat, Jon Clay, he is the VP of threat intelligence at Trend Micro, and it is a barnburner conversation. You need to listen to it because it's all around cybersecurity. But Jon never disappoints. Let's get cracking with the conversation. Is we need more conversations around cybersecurity. Yes, we do. That's an important topic. If you're in the world of digitally transforming your business. Yeah, you need to, you need to focus in on cybersecurity, and I can't think of a better company than Trend Micro that will help you along with that journey. And they've been around for a long time they've seen it all. And you need it, you need to really sort of take notes. All right, a couple of points of business. One, you go out to industrial talk, which you'll have all the contact information for Jon and others. We have a series called The industrial revenue growth, I think that's what it's called. I think it is it's a series as you can say on it's hot off the press. So I needed to think more through the topic. However it is out there it is free, and it is the in Yeah, industrial revenue growth series. And we talk about, we provide an overview, just go out there, and it's easy peasy. It's on demand. It's sort of like the Netflix of industry. So we talk an overview of what we're looking at, we're also talking about that corporate strategy, why it's important. We talk about marketing, we talk about the technology. And we talk about sales. And this is all about increasing revenue and is a you know, many in the the the world of manufacturing the world of industry, we are hyper focused, which we need to be hyper focus in how we can gain and extract greater value out of that manufacturing process out of that industry out of that whatever it might be, and have that insights into, you know, your operations, because it's important, we need to take that same.

02:54

Just focus on that whole sales and revenue cycles, there are so many components and tighten that up. So we have a great conversation with Ed Marsh. And again, it's a five part series, it's on demand, you just sort of sign up and you just fire it up. If you are awake at one in the morning, and you're saying, gee, I wish I knew more about the technology that exists out there in sales. Well, you just sort of fire that up and you listen to it. That's, that's that's on demand, baby. And that's what the world we live in, in the Netflix of industry right there, we're going to have a lot more but that that's the first one because I think today more than ever, we've got to be keenly focused in surviving, and increasing revenue, and figuring out ways of doing that, and how to automate it, how to be more efficient at it. And think differently. Think outside the box right here. Industrial talk is all about that also. FABTECH. Yep, we're broadcasting from FABTECH. That is November 8, that's right around the corner, November 8, through the 10th. Atlanta, Georgia, we have a booth, we're going to be doing our industrial speed dating, which that means we just grab a camera, and we go to your booth. And we start chirping about the technology that you have there and why it's so cool, why it's so fantastic. Why it's so needed. And that's about four minutes. And then we of course, we're going to have a broadcast booth and we're going to be talking to people a little bit more extensive on why they're there or what's the technology all important. All insights into why manufacturing so cool. Now about that. But we're going to be at Fabtech so if you are at Fabtech I don't even know what booth I'm at. If you are at Fabtech you gotta you gotta look me up. Let me see. I'll have it out there on industrial talk. I can't remember it starts with an A and I think it's but but look us up and we're gonna be at that booth. We're gonna if you You got your booth there. And if you want to have a conversation, a live broadcast like we did at IMTS, or smrp, or what we're going to be doing over in Barcelona, yeah, you need to look us up and have that conversation. All right, let's get on with with the chat. Jon Clay threat intelligence. And I want to make sure you understand, we got to have more of these conversations. We've got to have that cyber conversation and and help everybody to succeed in this world, especially the digital transformation. And so this is why this conversation is so cool. And Jon, never I mean, he doesn't and we go to the same barber. So, you know, he's got to be cool. And he's good looking just like me, just good looking bald, good looking. But anyway, he doesn't disappoint and he definitely knows what's going on. So enjoy the conversation with Jon. Jon, welcome back to industrial talk. Thank you very much for that. Yeah. time in your schedule. I like having this conversation. We're gonna be Turpin. On no, we're gonna be riffing on I don't like chirping, we're gonna be riffing on cybersecurity, impact on industry, whatever comes to mind, because we can. And that's how we roll. How're you doing?

06:12

I'm great. Scott, always enjoy talking with you. We'd have a great time on these. So I look forward to this one, and maybe future ones for sure.

06:21

Oh, you better got it. And if you're on video, you'll notice that we look the same. I just have a beer, just just look for Scott with the beer. That's me. That day. And there. Yeah.

06:32

It's creepy. Taking off my disguise.

06:35

That is Oh, my gosh, it's Jon J. O N. So anyway, thank you very much again, I really appreciate it. And I think that, given all the conferences that I've been to, and all of the individuals and industries that I've spoken with, there is, again, the topic of cybersecurity, we want to go down this road of digitally transform, automate whatever it is to try to be more efficient. But that that, in essence, is a recipe for, you know, vulnerability from a from a cyber perspective penetration. If you're not, if you're not just sort of thinking about it, you're just like going down the road. So with that said, I think that it would be great to sort of see where we're at today, where it's going, that just sort of do that. So with that said, What do you see in some of the trends that are taking place within industry?

07:33

Yeah, I mean, well, we certainly are moving into industry for Dotto, right, which is a more connected industry more, everything is going to be connected devices connected, your manufacturing lines will be connected, you know whether your ot network is connecting to your IT network these days, because it's makes it a lot easier and more manageable for the organization. Right? If you can do remote monitoring, remote maintenance, all of that makes things much easier for the business to run their, their, their organization or run their their lines. So I think you know, as we move forward, Scott, I was in fact, I was on a talk earlier today, we were talking about 2030. So we're talking future stuff, somebody thinks I'm a futurist for some reason, and got me on this thing. But man, you know, you can see cyber physical coming into play, right? Where you're gonna have stuff embedded in your bodies, and then you're you're automating the plants and everything. So the challenge, obviously, Scott is what that ends up doing, as we've seen in the history is that the attack surface just grows more and more and more, right. So as new technologies come into play, that's a whole new attack surface for these bad guys out there that can take advantage of them and exploit them. So you know, the what we need to do, though, obviously, as as we are building these new devices, building this new technology and capability, we always got to have in the back of our mind, what are the risks associated with it if a bad person or a malicious actor or a nation state actor group gets access to it.

09:20

But outside of the fact that every time I have a conversation with you, I don't want to leave my office and I want to curl up just because you keep pointing out some really interesting, like, new attack surface. That's a new term for me, which makes complete sense. I have a wonderful word picture in my head about that. The other thing is when you start talking about as we become more connected, like you, you spoke about people becoming more connected, right? Ah, and yeah, I don't want to be hacked personally. But what

09:55

really does I mean, if you think also about it, Scott, you know, we're going into a global recession and one of the one of the aspects of a global recession is usually you decrease headcount, unfortunately right for those people, but you know, what we're starting to see is a lot of these businesses are starting to automate, and they're putting in robots, and they're putting, you know, you've been to all these shows, yeah, you're probably seeing these robotics that have improved, obviously, over the years, and they're going to continue to do improve. You know, Elon Musk had his robot on stage and walking and everything. So I think, you know, that's going to be obviously an area that goes, moves forward. But, but the nice thing also is people say, Well, they're going to take our jobs. But the reality is that you're going to have other types of jobs that come into play for the humans, you're always going to have to have technicians, they're going to have to go and fix those robots, when they break, reprogram the, the robots, all of that is going to build. And in fact, I think it actually increases people's ability to grow their themselves and grow their incomes, because these are higher paying jobs. And typically, that you get that that where they're replacing some of the more unskilled labor types. Yeah,

11:10

it was always interesting, when I have those conversations, you're absolutely spot on. I agree with you. 100%. I wish I was younger, because I mean, really, it's it the world is your oyster, if you can, can repair this automation in some way, shape, or form, make it more efficient, whatever and be engaged. Your the, your career is bright, because it's happening. How do you address the vulnerability of all of this connected? You know, machines, like we, we briefly touched upon CNC machines, their every bed is connected, and they're getting more connected? How do we, how do we create a workforce that's constantly learning and educated? Because the majority of us, me included, will always gravitate to the shiny will always gravitate to something, but I don't think about the vulnerability side, how do you sort of bring that into light?

12:08

Yeah, I think the first step Scott is really to understand what could happen, right? So we talked about earlier, I said, you know, you got to understand that these nation, state actors or, or malicious actors will target these ot networks and industrial controls, because there's there the motives, obviously a change. So there's a couple of things that that we hear about, right? Is what are they? What's their goal and game of, of targeting these things. So a couple of areas, we talked about five DS, right? So it's disrupt, disable, deny, deceive, and or destroy.

12:50

So that's

12:51

what you got to start thinking about when when you have an OT network, or ICS devices or robots, whatever it might be, you have to start thinking about what of which one of those DS could potentially target me, right. So if it's disruption, for example, it's probably some kind of a extortion type of attack because I want to disrupt your process. And if I can disrupt that process and bring it down, and you can't run your business, and they ask you, Hey, you know, give us $10 million to get it back and running. You may be interested in paying that deny if I want to deny access to something again it depends on the motive and who's targeting many cases it's you know, nation states for example, you're probably going to see more of that deny and or destroy activities from nation states then you're going to see disrupt disruption and disabling usually is going to be in context with the revenue people you know people that want profit whereas deceived destroy deny are going to be more likely more nation states that are wanting to do more harm.

14:04

Yeah, I'm writing all this down just because I want to get the five days in now in no particular order I was writing hanging on every word disrupt a night destroy, disable, deceive. Whatever

14:19

crazy. Yeah, I mean, and so you know, once they, they decide who they want to target then the next step comes into play is to start collecting intelligence about those different systems and what is at play and there's a couple of things that these actors can do there. There's a lot of open source research I mean, you as you know, Scott, a lot of the vendors of these devices out there they put their, their user guides and everything online so you can learn about you know, how to do things how to change the configuration just by reading the the instruction manuals that are all in open source out there. You also, you know, we're starting to see more insider threats. So you the actors are recruiting insiders, disgruntled employees, malicious employees, they're even hiring people into the business that whose sole purpose is to do malicious activities. So they get a job inside the company. And then the other area that can gather intelligence is from the enterprise network itself. So if I target the IT network, I can go in there and you know, all these companies have, have documentation about their processes about their, what products they're using, all of that is going to be in data inside the corporate network. And so they can go in and steal that information. And then, and then obviously, they do their education at that point and figure out what to do. How do you

15:45

how do you keep ahead of all of this, I know if I was a, just a mom and pop manufacturer, small to mid size, whatever it might be? How does How do I keep ahead of this? What's What's the practical steps because, hey, I want to be more efficient. I want to take advantage of this industry for Dotto digital transformation. Juggernaut, what? What is your recommendation? How do you help? I mean, yeah, start out No, no, yeah,

16:19

yeah, education, obviously, is the first step. The good news is I think Sisa and some of the US government agencies that put out a lot of good information about protecting ICs and OT networks. And you can go to private industry, like Trend Micro, for example, we do a lot of education, we just, we talked CNC, right, we just published a research paper on CNC, which is computer numerical control devices, right? And all the different information, we've got videos on the landing page that you can follow and listen to if you don't want to read the whole report, that we even show attacks targeting a CNC device. So you know, that's so education is probably first and foremost, the second step Scott is

17:04

but I'm gonna interrupt real quick. Yeah. I'm just telling you right now, the education that's available out there. For me, it goes right over my head. That's one, two. I'll fall asleep. So I try I fall asleep. Is there a way of being able to educate on this topic that can be consumed by me, Joe sixpack?

17:31

Yeah, I mean, Scott, that's, that is one of the challenges, obviously. And, you know, you might look at YouTube, because there's a lot of people that do webinars, and they post that stuff on, on YouTube, and you might try to find, you know, OT, attack 101 type content that can give you some of the, you know, somebody will, obviously is probably already put it out there some of the just generalized information that, you know, but then you'd probably at some point, you want to call in experts, you know, consultants or vendors that can help you.

18:08

And then that brings about another thing that just okay, I'm already stressed because you use multi syllable words, in this doc on, you know, cyber world, right. That's one. And a lot of this stuff is, so I'm already stressed there. But I know it's important. I gotta find somebody to trust. I mean, there's a lot of shingle people out there saying, Hey, we're in the cyber sphere. Well, we'll protect that. Yeah. And and I'm not trying to impute anybody, but there's,

18:38

well, one of the things somebody had, yeah, one of the challenges we've had Scott, take an example the cloud, cloud infrastructure, right? So Amazon and Microsoft Azure, AWS Azure, that has come on strong over the last number of years, right. And one of the first things that we found out very early on is that you can't take traditional cybersecurity products and just uplift them into that environment and think they're going to work you we actually had to develop and build native controls for that environment. And I think the same thing we're starting to see happening in the OT ICS you know, area because organizations are they already have some of this cybersecurity stuff and they think, Oh, we can just drop it in to an OT network and it'll be fine. Not a chance. It's a unique environment that requires specialized tools. Just like you know, these these manufacturers there they have to use specialized tools for a lot of what they do. The same is true with software and the same is true with with cybersecurity, you do need some specialized tools. So I think and that's where again, it gets a little challenging especially for a mom and pop who probably don't have the the knowledge nor the the skill set nor the probably been Ajit, to deal with this. And that's where I start talking about more on the MSP managed service provider type of model where you actually hire a company and they manage everything for you, they implement it, they, they monitor it for you, they take the actions for you, and you just your job is to run your business, not run your cybersecurity. And that's, and that's where I think we're going to be seeing in the future, some more growth areas. Because again, these companies just don't have the skills and the knowledge and the budget to to manage it all themselves. And so you bring in the experts, and let them do and

20:41

see I like that, that that approach. And I think that many companies in multiple areas that have to sort of address that managed model, because if I'm a manufacturer, and and I have to maintain my assets, but I don't have people on board, there are companies that can provide that ability to maintain those assets, the same thing can exist within the cyber area. And I think that that, like a specialist like yeah, okay, well go here. You're just, again, it, are there. Are there standards, let's say if I if I'm an MSP whatever, right. And I provide that security capability. But how would I go about evaluating the quality of that? Organization?

21:33

Yeah, that's a good question. Scott, I, you know, unfortunately, there's no like UL rating. Or for these firms, you can, obviously, you can go and look at data from some of the third parties that may, and put out information. So like Gartner, for example, has a lot of their, their, their quadrant, different areas, there might be one for MSPs. And you can see who's in the top quadrant. The challenge with that is a lot of MSPs are small mom and pop shops, they're actually small businesses in supporting the local economy, the local business set, and so you kind of you're probably going to have to go and do some due diligence in terms of finding those, those local ones. But then there are some, definitely some, some bigger vendors in this space that do more of a regional and then maybe even a country level aspect. But those tend to be a little bit pricier and maybe a little bit more challenging, I think to work with. But they also though, are probably more sophisticated in their controls. And they can they can they have the the people and technology that is that is needed to deal with this. But But again, you know, maybe start small and then work your way up if you don't find what you want. Yeah,

22:53

if I was manufacturer, I, I would try. Just, I'm thinking through it, because why not? I might as well put that hat on, I would want to get a baseline, right, as much as I don't want to see it. Right. I would want to get sort of a general overview of that quality of my security layer or whatever it might be, and be able to sort of have that clarity. So then I can sort of think through an avenue to achieve it. But the agree is like whether you like it or not. And I That's a tough one. But you do need to have that insights into your, your network.

23:35

Yeah, yeah. And I mean, we're starting to see regulations coming out, you're starting to see a number of policies that are coming out of the US government, for example, in this space. So a lot of those are tied to US government networks and stuff. And they're not been applied out to the private industry yet. But you'll probably start seeing that happening. So again, educating yourself and looking at some of those controls that that the US government is putting in place might be a good idea to start bringing into your business early. Because if you don't, you might get caught off guard when some law or something comes in or regulations comes into play.

24:14

So I'm out on your website, trend micro.com. Of course, she sent me the link to that CNC, which is

24:23

gathered, and you should see our research button at the top. And if you do that pull down. That's where all of our research is. And we do tons of research on industrial IoT we've had over the years, we've done stuff on cranes, we've done stuff on agriculture, and you know, the the devices used in those places. It's so this is massive amounts. Yeah. And

24:49

so from my perspective, I could go to Trend Micro I can route around, I can do the little drop down on my mind and I could see the resources. It's all there. And I can just begin that journey and or do a little, do a little search and then find maybe some targeted content. Yeah, exactly. You know, exactly. Because I, you know, I don't, we can't make it hard to find the information, we can't make it difficult to understand the information. And if you make it in such a way that people are saying, Oh, I see the picture, I'm painting that picture in my head, I could go the next level, right? It's, it's a, it's a journey in that sense. And then realize that there's gonna be a point where saying, Okay, I'm, I'm educated. Now I gotta find somebody to collaborate with trust, to be able to. But if you're the realities, if you're in the digital transformation, you see the value, you pull in data off of equipment to try to improve the quality, whatever, whatever that strategy is. That's all about being connected. And that is all about how do you protect yourself from nefarious behavior? All right, listeners, we're going to wrap it up, we've got five DS out there. We've got some strategies around who they want to target. And I think, from my perspective, from a simple perspective, I think that file, go to trend micro.com and find out some research, there's a great place to educate. I think that that's, I think the parting shot, is you're not alone. There's some good trusted people out there companies resources, and it's all there. And you have to whether you like it or not, you have to do it, you have to figure it out. Or

26:37

yeah, like, you know, Scott, you know, try Mike are we formed a company called TX one sole purpose is to look into the it ot ICS areas, and figure out how to protect them. And so they're already producing products that are very simple and easy to use, and can help an organization out there. So, you know, we we continually invest in innovation and continually invest in people and technology. So like you said, they're not in it. For themselves, or by themselves. They have trusted partners. Yeah.

27:13

Yeah. Yeah, see, and I do like that. And he, granted, I mean, Trend Micro, you better be in it, you better continue to sort of research because it doesn't stop out there.

27:25

Now, we've been in 34 years, Scott, and will continue for the next 34 years. And one thing we know we dedicate ourselves just on security, cybersecurity, we don't buy other companies that aren't in in cybersecurity, like some of our peers have done, but we'll continue to do and fight the good fight out there and try to keep the attackers out of your networks.

27:48

Like that. That's a noble cause I do I really, I really appreciate what you guys are doing. And, and because I'm, I'm all into the innovation and the technology and how that is going to help us be better manufacturers or industry, whatever it might be. But the reality is, it's it's gotta we got to protect it. We got to we got to make it frustrating to penetrate those. OT

28:12

Exactly. All right, God, it was a joy. I enjoyed the calculation. Let's do it again.

28:18

Pick Yeah, man, Jon. That's Jon. Trend. Micro is a company we're talking about. A lot of cyber stuff, you're gonna have all the contact information for Jon as well as the five days of fear night, it'll be out on industrial talk.com. We're gonna wrap it up on the other side. Thanks very much for joining. We will be right back.

28:35

You're listening to the industrial talk Podcast Network.

28:41

All right. Once again, thank you very much for joining industrial talk. And boy, I'll tell you, I really like talking to Jon. He knows his cyber stuff out there. And again, Trend Micro and teen Trend Micro fingers on the pulse if you're in the digital transformation game, which you should be because everybody else is. And if you're not, you better look into that. You need to secure that network. And I'm telling you right now you need to reach out to Jon or team Trend Micro amp, then you can navigate those waters, get the answers you need. Go out to industrial talk, all the contact information. Don't come chirpin to me and say I can't get a hold of Jon. You can't. And you must and have that conversation. It's painless. Come on. It's painless. All right. We have that sort of Netflix approach to industry education. And we're all about making you succeed or figuring out ways of making you succeed, and giving you the information to to be able to do that. And so we have that industrial revenue growth series, there's going to be more and this is with a great, great professional called Ed Marsh. And we have some handouts out there. We've got stuff that you could just start getting engaged in sort of taking an assessment of your business And then figuring out a roadmap so that you can ensure some some, you know, resiliency in the future. That's right. Go out industrial talk, click on it. Yes, I have to ask for your email. Because if you want to watch it at 235 in the morning, for whatever reason, you can. There you go, I need it. I need to send that email link to you. That's it. Nothing fancy. Nothing. Nothing too big. All right. Go out. Buy more. All right. Hang out with Jon. You know, I always say this. Be bold, be brave, dare greatly. Jon is somebody you need to hang out with, because you're gonna change the world. We need you to change the world. We need you to be successful. Thank you very much for joining industrial talk. And as you know, we're going to have another great conversation of another professional right around the corner so stay tuned. We will be always there for you

Transcript

00:04

Welcome to the industrial talk podcast with Scott Mackenzie. Scott is a passionate industry professional dedicated to transferring cutting edge industry focused innovations and trends while highlighting the men and women who keep the world moving. So put on your hard hat, grab your work boots,

00:21

and let's get all right. Once again, thank you very much for joining industrial talk in really thank you very much for your support. This platform is completely and fully dedicated to your success. Because you're bold, you're brave, you're daring greatly you solve problems, you collaborate. You're making the world a better place. I say that all the time, but I believe in in my heart. All right in the hot seat, Jon Clay, he is the VP of threat intelligence at Trend Micro, and it is a barnburner conversation. You need to listen to it because it's all around cybersecurity. But Jon never disappoints. Let's get cracking with the conversation. Is we need more conversations around cybersecurity. Yes, we do. That's an important topic. If you're in the world of digitally transforming your business. Yeah, you need to, you need to focus in on cybersecurity, and I can't think of a better company than Trend Micro that will help you along with that journey. And they've been around for a long time they've seen it all. And you need it, you need to really sort of take notes. All right, a couple of points of business. One, you go out to industrial talk, which you'll have all the contact information for Jon and others. We have a series called The industrial revenue growth, I think that's what it's called. I think it is it's a series as you can say on it's hot off the press. So I needed to think more through the topic. However it is out there it is free, and it is the in Yeah, industrial revenue growth series. And we talk about, we provide an overview, just go out there, and it's easy peasy. It's on demand. It's sort of like the Netflix of industry. So we talk an overview of what we're looking at, we're also talking about that corporate strategy, why it's important. We talk about marketing, we talk about the technology. And we talk about sales. And this is all about increasing revenue and is a you know, many in the the the world of manufacturing the world of industry, we are hyper focused, which we need to be hyper focus in how we can gain and extract greater value out of that manufacturing process out of that industry out of that whatever it might be, and have that insights into, you know, your operations, because it's important, we need to take that same.

02:54

Just focus on that whole sales and revenue cycles, there are so many components and tighten that up. So we have a great conversation with Ed Marsh. And again, it's a five part series, it's on demand, you just sort of sign up and you just fire it up. If you are awake at one in the morning, and you're saying, gee, I wish I knew more about the technology that exists out there in sales. Well, you just sort of fire that up and you listen to it. That's, that's that's on demand, baby. And that's what the world we live in, in the Netflix of industry right there, we're going to have a lot more but that that's the first one because I think today more than ever, we've got to be keenly focused in surviving, and increasing revenue, and figuring out ways of doing that, and how to automate it, how to be more efficient at it. And think differently. Think outside the box right here. Industrial talk is all about that also. FABTECH. Yep, we're broadcasting from FABTECH. That is November 8, that's right around the corner, November 8, through the 10th. Atlanta, Georgia, we have a booth, we're going to be doing our industrial speed dating, which that means we just grab a camera, and we go to your booth. And we start chirping about the technology that you have there and why it's so cool, why it's so fantastic. Why it's so needed. And that's about four minutes. And then we of course, we're going to have a broadcast booth and we're going to be talking to people a little bit more extensive on why they're there or what's the technology all important. All insights into why manufacturing so cool. Now about that. But we're going to be at Fabtech so if you are at Fabtech I don't even know what booth I'm at. If you are at Fabtech you gotta you gotta look me up. Let me see. I'll have it out there on industrial talk. I can't remember it starts with an A and I think it's but but look us up and we're gonna be at that booth. We're gonna if you You got your booth there. And if you want to have a conversation, a live broadcast like we did at IMTS, or smrp, or what we're going to be doing over in Barcelona, yeah, you need to look us up and have that conversation. All right, let's get on with with the chat. Jon Clay threat intelligence. And I want to make sure you understand, we got to have more of these conversations. We've got to have that cyber conversation and and help everybody to succeed in this world, especially the digital transformation. And so this is why this conversation is so cool. And Jon, never I mean, he doesn't and we go to the same barber. So, you know, he's got to be cool. And he's good looking just like me, just good looking bald, good looking. But anyway, he doesn't disappoint and he definitely knows what's going on. So enjoy the conversation with Jon. Jon, welcome back to industrial talk. Thank you very much for that. Yeah. time in your schedule. I like having this conversation. We're gonna be Turpin. On no, we're gonna be riffing on I don't like chirping, we're gonna be riffing on cybersecurity, impact on industry, whatever comes to mind, because we can. And that's how we roll. How're you doing?

06:12

I'm great. Scott, always enjoy talking with you. We'd have a great time on these. So I look forward to this one, and maybe future ones for sure.

06:21

Oh, you better got it. And if you're on video, you'll notice that we look the same. I just have a beer, just just look for Scott with the beer. That's me. That day. And there. Yeah.

06:32

It's creepy. Taking off my disguise.

06:35

That is Oh, my gosh, it's Jon J. O N. So anyway, thank you very much again, I really appreciate it. And I think that, given all the conferences that I've been to, and all of the individuals and industries that I've spoken with, there is, again, the topic of cybersecurity, we want to go down this road of digitally transform, automate whatever it is to try to be more efficient. But that that, in essence, is a recipe for, you know, vulnerability from a from a cyber perspective penetration. If you're not, if you're not just sort of thinking about it, you're just like going down the road. So with that said, I think that it would be great to sort of see where we're at today, where it's going, that just sort of do that. So with that said, What do you see in some of the trends that are taking place within industry?

07:33

Yeah, I mean, well, we certainly are moving into industry for Dotto, right, which is a more connected industry more, everything is going to be connected devices connected, your manufacturing lines will be connected, you know whether your ot network is connecting to your IT network these days, because it's makes it a lot easier and more manageable for the organization. Right? If you can do remote monitoring, remote maintenance, all of that makes things much easier for the business to run their, their, their organization or run their their lines. So I think you know, as we move forward, Scott, I was in fact, I was on a talk earlier today, we were talking about 2030. So we're talking future stuff, somebody thinks I'm a futurist for some reason, and got me on this thing. But man, you know, you can see cyber physical coming into play, right? Where you're gonna have stuff embedded in your bodies, and then you're you're automating the plants and everything. So the challenge, obviously, Scott is what that ends up doing, as we've seen in the history is that the attack surface just grows more and more and more, right. So as new technologies come into play, that's a whole new attack surface for these bad guys out there that can take advantage of them and exploit them. So you know, the what we need to do, though, obviously, as as we are building these new devices, building this new technology and capability, we always got to have in the back of our mind, what are the risks associated with it if a bad person or a malicious actor or a nation state actor group gets access to it.

09:20

But outside of the fact that every time I have a conversation with you, I don't want to leave my office and I want to curl up just because you keep pointing out some really interesting, like, new attack surface. That's a new term for me, which makes complete sense. I have a wonderful word picture in my head about that. The other thing is when you start talking about as we become more connected, like you, you spoke about people becoming more connected, right? Ah, and yeah, I don't want to be hacked personally. But what

09:55

really does I mean, if you think also about it, Scott, you know, we're going into a global recession and one of the one of the aspects of a global recession is usually you decrease headcount, unfortunately right for those people, but you know, what we're starting to see is a lot of these businesses are starting to automate, and they're putting in robots, and they're putting, you know, you've been to all these shows, yeah, you're probably seeing these robotics that have improved, obviously, over the years, and they're going to continue to do improve. You know, Elon Musk had his robot on stage and walking and everything. So I think, you know, that's going to be obviously an area that goes, moves forward. But, but the nice thing also is people say, Well, they're going to take our jobs. But the reality is that you're going to have other types of jobs that come into play for the humans, you're always going to have to have technicians, they're going to have to go and fix those robots, when they break, reprogram the, the robots, all of that is going to build. And in fact, I think it actually increases people's ability to grow their themselves and grow their incomes, because these are higher paying jobs. And typically, that you get that that where they're replacing some of the more unskilled labor types. Yeah,

11:10

it was always interesting, when I have those conversations, you're absolutely spot on. I agree with you. 100%. I wish I was younger, because I mean, really, it's it the world is your oyster, if you can, can repair this automation in some way, shape, or form, make it more efficient, whatever and be engaged. Your the, your career is bright, because it's happening. How do you address the vulnerability of all of this connected? You know, machines, like we, we briefly touched upon CNC machines, their every bed is connected, and they're getting more connected? How do we, how do we create a workforce that's constantly learning and educated? Because the majority of us, me included, will always gravitate to the shiny will always gravitate to something, but I don't think about the vulnerability side, how do you sort of bring that into light?

12:08

Yeah, I think the first step Scott is really to understand what could happen, right? So we talked about earlier, I said, you know, you got to understand that these nation, state actors or, or malicious actors will target these ot networks and industrial controls, because there's there the motives, obviously a change. So there's a couple of things that that we hear about, right? Is what are they? What's their goal and game of, of targeting these things. So a couple of areas, we talked about five DS, right? So it's disrupt, disable, deny, deceive, and or destroy.

12:50

So that's

12:51

what you got to start thinking about when when you have an OT network, or ICS devices or robots, whatever it might be, you have to start thinking about what of which one of those DS could potentially target me, right. So if it's disruption, for example, it's probably some kind of a extortion type of attack because I want to disrupt your process. And if I can disrupt that process and bring it down, and you can't run your business, and they ask you, Hey, you know, give us $10 million to get it back and running. You may be interested in paying that deny if I want to deny access to something again it depends on the motive and who's targeting many cases it's you know, nation states for example, you're probably going to see more of that deny and or destroy activities from nation states then you're going to see disrupt disruption and disabling usually is going to be in context with the revenue people you know people that want profit whereas deceived destroy deny are going to be more likely more nation states that are wanting to do more harm.

14:04

Yeah, I'm writing all this down just because I want to get the five days in now in no particular order I was writing hanging on every word disrupt a night destroy, disable, deceive. Whatever

14:19

crazy. Yeah, I mean, and so you know, once they, they decide who they want to target then the next step comes into play is to start collecting intelligence about those different systems and what is at play and there's a couple of things that these actors can do there. There's a lot of open source research I mean, you as you know, Scott, a lot of the vendors of these devices out there they put their, their user guides and everything online so you can learn about you know, how to do things how to change the configuration just by reading the the instruction manuals that are all in open source out there. You also, you know, we're starting to see more insider threats. So you the actors are recruiting insiders, disgruntled employees, malicious employees, they're even hiring people into the business that whose sole purpose is to do malicious activities. So they get a job inside the company. And then the other area that can gather intelligence is from the enterprise network itself. So if I target the IT network, I can go in there and you know, all these companies have, have documentation about their processes about their, what products they're using, all of that is going to be in data inside the corporate network. And so they can go in and steal that information. And then, and then obviously, they do their education at that point and figure out what to do. How do you

15:45

how do you keep ahead of all of this, I know if I was a, just a mom and pop manufacturer, small to mid size, whatever it might be? How does How do I keep ahead of this? What's What's the practical steps because, hey, I want to be more efficient. I want to take advantage of this industry for Dotto digital transformation. Juggernaut, what? What is your recommendation? How do you help? I mean, yeah, start out No, no, yeah,

16:19

yeah, education, obviously, is the first step. The good news is I think Sisa and some of the US government agencies that put out a lot of good information about protecting ICs and OT networks. And you can go to private industry, like Trend Micro, for example, we do a lot of education, we just, we talked CNC, right, we just published a research paper on CNC, which is computer numerical control devices, right? And all the different information, we've got videos on the landing page that you can follow and listen to if you don't want to read the whole report, that we even show attacks targeting a CNC device. So you know, that's so education is probably first and foremost, the second step Scott is

17:04

but I'm gonna interrupt real quick. Yeah. I'm just telling you right now, the education that's available out there. For me, it goes right over my head. That's one, two. I'll fall asleep. So I try I fall asleep. Is there a way of being able to educate on this topic that can be consumed by me, Joe sixpack?

17:31

Yeah, I mean, Scott, that's, that is one of the challenges, obviously. And, you know, you might look at YouTube, because there's a lot of people that do webinars, and they post that stuff on, on YouTube, and you might try to find, you know, OT, attack 101 type content that can give you some of the, you know, somebody will, obviously is probably already put it out there some of the just generalized information that, you know, but then you'd probably at some point, you want to call in experts, you know, consultants or vendors that can help you.

18:08

And then that brings about another thing that just okay, I'm already stressed because you use multi syllable words, in this doc on, you know, cyber world, right. That's one. And a lot of this stuff is, so I'm already stressed there. But I know it's important. I gotta find somebody to trust. I mean, there's a lot of shingle people out there saying, Hey, we're in the cyber sphere. Well, we'll protect that. Yeah. And and I'm not trying to impute anybody, but there's,

18:38

well, one of the things somebody had, yeah, one of the challenges we've had Scott, take an example the cloud, cloud infrastructure, right? So Amazon and Microsoft Azure, AWS Azure, that has come on strong over the last number of years, right. And one of the first things that we found out very early on is that you can't take traditional cybersecurity products and just uplift them into that environment and think they're going to work you we actually had to develop and build native controls for that environment. And I think the same thing we're starting to see happening in the OT ICS you know, area because organizations are they already have some of this cybersecurity stuff and they think, Oh, we can just drop it in to an OT network and it'll be fine. Not a chance. It's a unique environment that requires specialized tools. Just like you know, these these manufacturers there they have to use specialized tools for a lot of what they do. The same is true with software and the same is true with with cybersecurity, you do need some specialized tools. So I think and that's where again, it gets a little challenging especially for a mom and pop who probably don't have the the knowledge nor the the skill set nor the probably been Ajit, to deal with this. And that's where I start talking about more on the MSP managed service provider type of model where you actually hire a company and they manage everything for you, they implement it, they, they monitor it for you, they take the actions for you, and you just your job is to run your business, not run your cybersecurity. And that's, and that's where I think we're going to be seeing in the future, some more growth areas. Because again, these companies just don't have the skills and the knowledge and the budget to to manage it all themselves. And so you bring in the experts, and let them do and

20:41

see I like that, that that approach. And I think that many companies in multiple areas that have to sort of address that managed model, because if I'm a manufacturer, and and I have to maintain my assets, but I don't have people on board, there are companies that can provide that ability to maintain those assets, the same thing can exist within the cyber area. And I think that that, like a specialist like yeah, okay, well go here. You're just, again, it, are there. Are there standards, let's say if I if I'm an MSP whatever, right. And I provide that security capability. But how would I go about evaluating the quality of that? Organization?

21:33

Yeah, that's a good question. Scott, I, you know, unfortunately, there's no like UL rating. Or for these firms, you can, obviously, you can go and look at data from some of the third parties that may, and put out information. So like Gartner, for example, has a lot of their, their, their quadrant, different areas, there might be one for MSPs. And you can see who's in the top quadrant. The challenge with that is a lot of MSPs are small mom and pop shops, they're actually small businesses in supporting the local economy, the local business set, and so you kind of you're probably going to have to go and do some due diligence in terms of finding those, those local ones. But then there are some, definitely some, some bigger vendors in this space that do more of a regional and then maybe even a country level aspect. But those tend to be a little bit pricier and maybe a little bit more challenging, I think to work with. But they also though, are probably more sophisticated in their controls. And they can they can they have the the people and technology that is that is needed to deal with this. But But again, you know, maybe start small and then work your way up if you don't find what you want. Yeah,

22:53

if I was manufacturer, I, I would try. Just, I'm thinking through it, because why not? I might as well put that hat on, I would want to get a baseline, right, as much as I don't want to see it. Right. I would want to get sort of a general overview of that quality of my security layer or whatever it might be, and be able to sort of have that clarity. So then I can sort of think through an avenue to achieve it. But the agree is like whether you like it or not. And I That's a tough one. But you do need to have that insights into your, your network.

23:35

Yeah, yeah. And I mean, we're starting to see regulations coming out, you're starting to see a number of policies that are coming out of the US government, for example, in this space. So a lot of those are tied to US government networks and stuff. And they're not been applied out to the private industry yet. But you'll probably start seeing that happening. So again, educating yourself and looking at some of those controls that that the US government is putting in place might be a good idea to start bringing into your business early. Because if you don't, you might get caught off guard when some law or something comes in or regulations comes into play.

24:14

So I'm out on your website, trend micro.com. Of course, she sent me the link to that CNC, which is

24:23

gathered, and you should see our research button at the top. And if you do that pull down. That's where all of our research is. And we do tons of research on industrial IoT we've had over the years, we've done stuff on cranes, we've done stuff on agriculture, and you know, the the devices used in those places. It's so this is massive amounts. Yeah. And

24:49

so from my perspective, I could go to Trend Micro I can route around, I can do the little drop down on my mind and I could see the resources. It's all there. And I can just begin that journey and or do a little, do a little search and then find maybe some targeted content. Yeah, exactly. You know, exactly. Because I, you know, I don't, we can't make it hard to find the information, we can't make it difficult to understand the information. And if you make it in such a way that people are saying, Oh, I see the picture, I'm painting that picture in my head, I could go the next level, right? It's, it's a, it's a journey in that sense. And then realize that there's gonna be a point where saying, Okay, I'm, I'm educated. Now I gotta find somebody to collaborate with trust, to be able to. But if you're the realities, if you're in the digital transformation, you see the value, you pull in data off of equipment to try to improve the quality, whatever, whatever that strategy is. That's all about being connected. And that is all about how do you protect yourself from nefarious behavior? All right, listeners, we're going to wrap it up, we've got five DS out there. We've got some strategies around who they want to target. And I think, from my perspective, from a simple perspective, I think that file, go to trend micro.com and find out some research, there's a great place to educate. I think that that's, I think the parting shot, is you're not alone. There's some good trusted people out there companies resources, and it's all there. And you have to whether you like it or not, you have to do it, you have to figure it out. Or

26:37

yeah, like, you know, Scott, you know, try Mike are we formed a company called TX one sole purpose is to look into the it ot ICS areas, and figure out how to protect them. And so they're already producing products that are very simple and easy to use, and can help an organization out there. So, you know, we we continually invest in innovation and continually invest in people and technology. So like you said, they're not in it. For themselves, or by themselves. They have trusted partners. Yeah.

27:13

Yeah. Yeah, see, and I do like that. And he, granted, I mean, Trend Micro, you better be in it, you better continue to sort of research because it doesn't stop out there.

27:25

Now, we've been in 34 years, Scott, and will continue for the next 34 years. And one thing we know we dedicate ourselves just on security, cybersecurity, we don't buy other companies that aren't in in cybersecurity, like some of our peers have done, but we'll continue to do and fight the good fight out there and try to keep the attackers out of your networks.

27:48

Like that. That's a noble cause I do I really, I really appreciate what you guys are doing. And, and because I'm, I'm all into the innovation and the technology and how that is going to help us be better manufacturers or industry, whatever it might be. But the reality is, it's it's gotta we got to protect it. We got to we got to make it frustrating to penetrate those. OT

28:12

Exactly. All right, God, it was a joy. I enjoyed the calculation. Let's do it again.

28:18

Pick Yeah, man, Jon. That's Jon. Trend. Micro is a company we're talking about. A lot of cyber stuff, you're gonna have all the contact information for Jon as well as the five days of fear night, it'll be out on industrial talk.com. We're gonna wrap it up on the other side. Thanks very much for joining. We will be right back.

28:35

You're listening to the industrial talk Podcast Network.

28:41

All right. Once again, thank you very much for joining industrial talk. And boy, I'll tell you, I really like talking to Jon. He knows his cyber stuff out there. And again, Trend Micro and teen Trend Micro fingers on the pulse if you're in the digital transformation game, which you should be because everybody else is. And if you're not, you better look into that. You need to secure that network. And I'm telling you right now you need to reach out to Jon or team Trend Micro amp, then you can navigate those waters, get the answers you need. Go out to industrial talk, all the contact information. Don't come chirpin to me and say I can't get a hold of Jon. You can't. And you must and have that conversation. It's painless. Come on. It's painless. All right. We have that sort of Netflix approach to industry education. And we're all about making you succeed or figuring out ways of making you succeed, and giving you the information to to be able to do that. And so we have that industrial revenue growth series, there's going to be more and this is with a great, great professional called Ed Marsh. And we have some handouts out there. We've got stuff that you could just start getting engaged in sort of taking an assessment of your business And then figuring out a roadmap so that you can ensure some some, you know, resiliency in the future. That's right. Go out industrial talk, click on it. Yes, I have to ask for your email. Because if you want to watch it at 235 in the morning, for whatever reason, you can. There you go, I need it. I need to send that email link to you. That's it. Nothing fancy. Nothing. Nothing too big. All right. Go out. Buy more. All right. Hang out with Jon. You know, I always say this. Be bold, be brave, dare greatly. Jon is somebody you need to hang out with, because you're gonna change the world. We need you to change the world. We need you to be successful. Thank you very much for joining industrial talk. And as you know, we're going to have another great conversation of another professional right around the corner so stay tuned. We will be always there for you

Scott MacKenzie

About the author, Scott

I am Scott MacKenzie, husband, father, and passionate industry educator. From humble beginnings as a lathing contractor and certified journeyman/lineman to an Undergraduate and Master’s Degree in Business Administration, I have applied every aspect of my education and training to lead and influence. I believe in serving and adding value wherever I am called.

Leave a Comment





This site uses Akismet to reduce spam. Learn how your comment data is processed.