Q: After a year and a half of a pandemic that put IT departments under enormous pressure due to the new conditions in the organization of business, can we say that the storm in cybersecurity has passed or the clouds will still thicken?
M.H. The pandemic has diverted the focus away from scaling out new defenses and the evolution of security controls towards capabilities for more remote working employees. The ongoing duration of the pandemic has enabled many organizations to address these issues but efforts have been primarily around providing consistency in the controls that were already in place for some employees.
With budgets reducing due to the resources and effort required here, new projects have frequently been put on hold until budget and resources become available again. The new ‘normal’ for many workers means that priorities will shift into the future as well so the storm has certainly not passed and its effects will be felt for several years to come.
Q. Probably both customers and providers of cybersecurity solutions “got wiser” in the new Covid reality. What did you learn during this period to better protect your customers, and is there anything customers still don’t want to understand?
M.H. The first principle has been to get the basics rights – providing such things as multi-factor authentication, ensuring technology for remote working are patched to current levels inside an organization and continuing to drive awareness of the threats. In many instances employees feel secure in a work environment because they know they are protected and controls are in place.
When they move to working from home the controls required may be different and a home environment is often not perceived as needing to be as secure. This can and is being exploited by attackers who search for weaknesses and the easiest point of entry into an organization.
With the increase in attacks, especially from ransomware, many organizations still do not believe they are a possible target (‘we are too small to be interesting, we do not have a well-known visible brand’). The biggest concern is that attackers do not discriminate and once the ransomware is deployed organizations, especially small and medium businesses do not have tried and tested crisis management plans in place in order to limit the scope and respond quickly.
Q. The motto of InfoSec SEE 2021 is “Cybersecurity Resilience And Adaptation”? What is your understanding of each of these concepts? It seems a serious challenge to combine them into a stable working mechanism.
M.H. At Mandiant we view cybersecurity resilience as the ability to quickly recognize and contain attacks enabling either continuity of business or at least the ability to return as quickly as possible to a normal, secure working environment.
Working on the premise that it is not if but when, being resilient will enable organizations to dramatically reduce the impact of an successful attack. Assessing security programs which include external parties such as supply chains and outside counsels help increase the resilience of an organization to existing and emerging threats.
The threat landscape is constantly evolving as attackers become more sophisticated and specialized. Forums where malware and access to organizations are commonplace and different, specialized groups often collaborate to achieve a common goal, either sharing the rewards or defining prices for access and usage of malware before targets are breached.
Being able to adapt to the ever increasing sophistication using for example and intelligence-led approach helps organizations to reduce the attack surface, better anticipate attacks and respond faster when they do happen.
Q. Where do you see more serious cybersecurity problems – in the public or in the private sector?
M.H. Both the public and private sectors are heavily targeted nowadays. The media focus has switched in the last couple of years towards ransomware but geo-politically motivated attacks have not stopped.
Examples such as influence campaigns funded by nation states to alter public perception, often prior to national elections have increased. In addition we have observed attackers that are nation state sponsored following politically motivated agendas during normal working hours and financially motivated attacks outside their regular hours.
Collaboration between public and private sectors is possibly the most significant aspect of fighting these threats. For as longs as there are no consequences for attackers they will continue.
Q. Both last year and now the conference is held in a hybrid format – with physical presence and online, as many of the technology businesses are already working. Do you think that the pandemic has acted as a catalyst for this way of working and the hybrid model will remain permanent in the future?
M.H. Perhaps an overused moniker but the ‘new normal’ has now become normal. Notwithstanding the desire to meet face to face again and engage with others, budget constraints and priorities have led organizations to adapt to a hybrid model. I do not see this model reverting to a pre-pandemic state in the future.
Q. If you had to identify three top security threats right now and in the near future, what would they be?
M.H. Undoubtedly ransomware, an ever-present threat to organizations of all sizes. The rewards, the emergence of cryptocurrencies as a payment medium and lack of consequences for threat actors continue to make this a lucrative business model.
Espionage, as nations such as Russia seek to maintain or gain a strategic role in regional and world affairs, attacks on governments, critical national infrastructure and economic powerhouses will continue apace. Campaigns to influence public opinion have grown exponentially in recent years and will continue to increase.
IP theft continues as the world grows ever smaller. Gaining strategic advantage in a market leads to outcomes that have long term effects and shape economies for years to come.
Q. Mandiant is now a separate company. What are your plans for the emerging Eastern European markets, especially for our region?
M.H. Eastern Europe remains a key marketplace for Mandiant in the future. With strong ties and cooperation between national governments and the United States, Mandiant as an American company is committed to supporting the ongoing efforts to protect against and counter the threats from state sponsored actors targeting governments and businesses across Eastern Europe.
Our investment and commitment to supporting countries there is renewed and we believe the insights Mandiant provides with our cyber threat intelligence and the ability for organizations to automate recognition and response to real world threat actors will continue to benefit the local economies.
Our local partnerships are a fundamental part of our commitment to Eastern Europe and will also continue unaffected by the separation of FireEye and Mandiant.
Join us at InfoSec 2021 and meet Directors and Managers “Information Security”; Managers of Risk Management; Infrastructure managers; System architects; Security engineers; IT managers; Information security auditors; IT companies with focus Cybersecurity.
InfoSec SEE 2021 will be a hybrid event (2 in 1), in order to answer the requirements and preferences of the huge range of participants.
InfoSec SEE 2021 offers a mix of traditional and digital opportunities. Some participants may choose to attend the conference online, due to their agenda at the moment, but others will benefit from the live participation and the opportunity of networking.
According to your preferences, please select the suitable form of attendance during your registration.
After the unprecedented success of the event in 2020, the hotel Riu Pravets Golf & Spa was again chosen as the location for the InfoSec 2021 conference, and the organizers again took care to secure free transport from Sofia to the hotel for both days of the conference.
Follow us to learn more
Let’s walk through the journey of digital transformation together.