Recap from the Masters Conference Denver | By Right Discovery
In a packed breakout session at the 2025 Masters Conference Denver, cybersecurity leaders from Consilio, CrowdStrike, Taft Law, and PNG Cyber took the stage to unpack the current state of cyber threats—and the harsh reality that most organizations are still vastly underprepared.
Few challenges are evolving as fast—or as dangerously—as cyber threats. For this panel discussion, we brought together top minds in security, legal, and enterprise protection for the panel “Cybersecurity Trends and How to Mitigate.” Led by James Jansen (Consilio), and featuring insights from Shawn Cheadle (Taft Law), Jeff Mastalski (PNG Cyber), and Charlie Groves (CrowdStrike), the session offered a candid, behind-the-scenes look at what companies are really up against—and how they can build smarter, faster, more resilient defenses. The panel tackled escalating threats, evolving adversary tactics, and what modern crisis management must look like in the age of ransomware, AI-generated deepfakes, and nation-state attacks.
The Speed and Sophistication of Threats
The panel opened with a sobering stat: phishing attacks rose 442% in the latter half of 2024. But today’s cyberattacks are more than just emails with bad grammar—thanks to AI, threat actors are now crafting convincing emails, spoofing executives, and even using deepfake technology to impersonate company leaders.
“Click-through rates on phishing attempts used to be around 12%...Now, with AI-generated content, it’s closer to 54%.” In one Lockheed Martin test, over 70% of targeted employees clicked a spoofed executive email—highlighting just how vulnerable even trained teams can be.
Social Engineering Is Evolving
From vishing (voice phishing) calls to SIM swapping and impersonation attacks, the tactics used by threat actors are alarmingly creative. Attackers don’t just want data—they want persistent access, lateral movement across systems, and ultimately, leverage.
The panel discussed recent attacks involving fake IT support calls, invoice scams targeting law firms, and even deepfake Zoom calls impersonating CFOs—one of which cost a company $25 million.
“These criminals operate like companies,” said Charlie Groves. “They have HR departments, help desks, and reputations to uphold in the underground economy. This isn’t someone in a hoodie in a basement—it’s organized cybercrime at scale.”
Incident Response: Early Action Is Everything
The first 24 to 48 hours of a breach are critical, and the speakers stressed the need for a clear, practiced incident response plan. Too many organizations either store their plans on compromised systems or rely on internal IT to manage what is ultimately a legal and operational crisis.
“You need to call two people right away: outside counsel and your cyber insurer,” said Jeff Mostowski. “Delays or missteps in those first hours can cause irreparable damage—financially, legally, and reputationally.”
The panel encouraged tabletop exercises, off-network backups, and even paper copies of key protocols: “Everyone has a plan until they get punched in the mouth.”
Small Suppliers and Big Targets
Shawn Cheadle discussed how supply chain vulnerability is now one of the top concerns in aerospace and defense. “Hackers don’t attack Lockheed Martin directly—they go after its 13,000 suppliers. Many of those suppliers can't meet strict cybersecurity compliance like CMMC level 2 or 3, so they're easier targets.”
Cybersecurity hygiene, even for startups or 10-person companies, must be prioritized early. “You’re not just building a product—you’re building a company. Start with good cyber habits, and you’ll grow into resilience,” Cheadle emphasized.
Global Threats and Nation-State Actors
The panel also explored the international dimension of cybercrime, with nation-states like North Korea funding 50–60% of their GDP through cyberattacks, and China using coordinated supply chain espionage to reverse-engineer aviation technology.
CrowdStrike shared that they track over 250 active threat groups, each specializing in a different piece of the attack lifecycle—from access brokers to ransomware-as-a-service operators. The threat landscape is more fragmented, scalable, and aggressive than ever before.
The AI Factor
AI has transformed the way cybercrime is executed. From phishing scripts to fake resumes, and real-time answers during video interviews, attackers are using generative AI to scale social engineering and enhance credibility.
“We’re seeing fake candidates ace interviews using AI-generated answers and deepfake video…[and] You think you’ve hired one person, but you’ve unknowingly hired a team of 50 [people] working behind the scenes to access your systems.”
Key Takeaways
• Phishing attacks are smarter, faster, and more convincing thanks to AI—click rates have skyrocketed.
• Social engineering now includes deepfakes, spoofed calls, and targeted vishing, not just bad emails.
• Cybercriminals run like businesses, with clear roles, HR departments, and reputations.
• The first 48 hours post-breach are crucial—have your incident response plan off-network and practiced.
• Outside counsel and cyber insurers should be notified immediately, no matter the breach size.
• Cyber insurance is becoming more affordable, but underwriting is stricter—prepare for 150+ security questions.
• Small suppliers must invest in cyber hygiene early to avoid being the weakest link in the supply chain.
• Cybercrime is global and organized—nation-state actors are coordinating long-term economic espionage.
Cybersecurity is no longer an IT-only concern. It’s a business, legal, and strategic issue—and the time to prepare is before you’re attacked. As the panelists reminded us: in a world where breakout times can be measured in seconds, you only need to be wrong once.
If your cyber defenses haven’t evolved since last year, you may already be behind.
Cybersecurity isn’t a one-time fix—it’s an evolving strategy. Follow Right Discovery for the latest on legal tech and cyber resilience, or email us at solutions@rightdiscovery.com to see how we can help your team prepare and respond with confidence.
A special thanks to our panelists for participating at the Masters Conference Denver for the time, sharing their experiences and insights:
• James Jansen, Consilio
• Shawn Cheadle, Taft Law
• Jeff Mastalski, PNG Cyber
• Charlie Groves, Crowdstrike
Right Discovery is a proud sponsor of the Masters Conference & Masters Conference Legal Events.
Topics: cybersecurity, incident response, crisis management, phishing, deepfakes, ransomware, cyber insurance, legal risk, breach notification, tabletop exercises, AI in cybercrime, endpoint detection, SIM swapping, supply chain attacks, CMMC compliance, CrowdStrike threat report, cyber hygiene, vishing tactics, risk mitigation, law enforcement coordination, data exfiltration, encryption, social engineering, cybercriminal organizations, nation-state attacks, cyber readiness, legal technology, Masters Conference Denver, Jeff Mastalski, Charlie Groves, Shawn Cheadle, James Jansen, organized cybercrime, cyber risk strategy