Michael A. Gold

Gold, a Jeffer Mangels partner who has been with the firm for 35 years, focuses on actionable legal advice in privacy law compliance and information security governance matters. His practice comprises global supply chain security issues in large and complex data environments.

Deeply embedded in the cybersecurity milieu, he’ll be presenting virtually at the National Aerospace and Defense Forum in January on the topic “Supply Chain Risk Conundrum: Rethinking the Network You’re Protecting.”

“Over the past year, things have gotten measurably worse for cybersecurity, despite everyone’s best efforts,” Gold said. “The frequency and magnitude of data breaches continue to increase. It’s been a huge challenge that is not likely to get better for a long time.”

The scope becomes clear when Gold observes that a ransomware attack takes place worldwide every 11 seconds. “Yes, firewalls, endpoint detection and response, patches and awareness training are the right things to do in response, but empirical evidence shows it’s not enough.”

Gold represents and advises a diverse roster of clients, including the maritime and logistics giant CMA CGM Group; the Los Angeles-based group of automotive retail, real estate, beverage distribution and insurance companies known as Anderson Holdings; the real estate investment trust Macerich Co.; the defense contractor Ducommun Inc.; bundled utility services provider ENCO Utility Services Inc.; The Tony Robbins Organization; and the Los Angeles Lakers basketball franchise.

In addition, Gold counsels a prominent charitable organization in connection with its data security and privacy matters and policies. He does the same with several defense contractors in connection with compliance with U.S. Department of Defense information security regulations.

“There has been endless dialogue over operational security involving first-level vendor agreements, but how we get to the next levels of information flow, to the vendors’ vendors, is not a problem that can be solved easily,” Gold said. “There are third and fourth degree of separation issues involving an array of players that affect your organization. You realize you have to think beyond the traditional perimeter of your organization to the true size of what turns out to be an extremely large network. You’re not in a castle with a moat around it.”

Gold advises to thinking proactively. “What do I need in place if vendors down the chain are compromised?” Some of the solutions he and his colleagues advise are trade secrets, he said.

Beyond individual companies, entire industries face enormous cybersecurity challenges—such as the defense contractors he’ll be addressing at the January forum. “The world is full of nation-state bad actors, and they’re not going away,” Gold said.

- John Roemer