Brian Krebs explores corners of the internet most people don't even know exist. A former Washington Post reporter who now runs the cybersecurity news website KrebsOnSecurity.com, he has chronicled the web's underbelly and occasionally suffered for it. In 2016, his website became the target of possibly the largest Distributed Denial of Service (DDoS) attack the web had ever seen; Krebs later uncovered who was behind the attack—which was enabled by thousands of unsecured IoT devices—and two men subsequently pled guilty to related charges.

In this conversation with Law.com tech and law reporter Ben Hancock on the sidelines of Legalweek 2018, Krebs talks about how the cybersecurity landscape has evolved for IoT since the “Mirai” botnet attacks. He also talks what law firms—a “perennial target”—should be doing to make themselves less vulnerable to malicious hackers, especially those that are state-backed.

“Most of us in cybersecurity tend to think of things as, 'OK, is this locked down, is this secure? What threats are we facing today?'” he says. “But these state-sponsored hackers have a much longer view, and they're looking for information that may not help their country, or companies that are located in their country, today; it might help them put their competitors out of business five years down the road.”

Listen to the full interview below.