What keeps Mandiant EVP Sandra Joyce up at night? • The register


RSA Conference When Sandra Joyce, executive vice president of Mandiant Intelligence, describes the current threat landscape, it sounds like the perfect storm.

The threat intelligence firm, which is being acquired by Google Cloud, has made its annual cybersecurity forecast for the coming year. And this year, they all materialized at the same time.

“We predicted attacks on the supply chain four years ago,” Joyce said, in an interview with The register at the RSA conference. “We predicted the deployment of windshield wipers in wartime. And now we’re watching all of these things happen at the same time, and in greater quantities than ever and at greater frequencies of scale than ever before.”

Mandiant now tracks more threat actors and malware families than ever before, she added. “This problem is growing.”

But, she said, the security industry is also getting better at responding to growing threats, even when they all strike at once. And organizations are more successful in recovering from attacks.

“If there’s anything good about dealing with things like ransomware over the past few years, it’s that it’s instilled a savvy and resilience into our industry that maybe we didn’t have. had for years,” she said.

Mandiant is called in to help with “thousands” of incident responses each year, Joyce said. “And what people forget is this: businesses are recovering,” she added. “The vast majority continue. In fact, I can’t think of one who hasn’t.”

Resilience is a priority, according to Joyce, echoing a theme from her earlier speech.

Backing up data and systems means organizations can recover faster from a ransomware attack or data erasure. Most companies understand this and know what good hygiene looks like and what they are supposed to do to improve their security posture.

Of course, there is sometimes a gap between knowing what should be done and actually do it. But overall, businesses are becoming more resilient because they realize the problem isn’t going away, Joyce said.

Despite the billions of dollars lost to compromised work emails, organizations are also improving security training for their employees, she added.

How to measure effectiveness?

“The evolution from here is getting to the point where we can measure effectiveness,” Joyce said. “More boards are going to ask, what am I getting back from my investment? And how can you measure that? And I think that’s how we ultimately see how we become more effective at Security.”

Mandiant’s answer to this is its security validation service. It uses enterprise threat intelligence to measure the performance of an organization’s security controls against real-world attacks and hacking techniques, and assigns them a score based on their readiness.

“We’re running realistic scenarios through validation of things we’ve seen over the past week,” Joyce said. “And we can say we have these ransomware actions that we saw in an IR last week, so let’s run that against all the security checks we have in place.”

The validation service sends an alert if the organization has detected and blocked the threat. And if the security checks didn’t work, he also explains why. “The technology may work, but it’s misconfigured,” Joyce said. “Validation is kind of a niche offering, but I think we’re going to see it in the next wave of maturity.”

Oh, and the answer to the lack of cybersecurity skills isn’t just to hire more people, according to Joyce. “We don’t have enough people to fix that, so let’s put that aside,” she said. “What we really need is automation of repeatable tasks.”

That doesn’t mean buying the latest shiny security tool that uses AI.

“Everyone is thinking about automating the cyber problem from the outside in,” Joyce added. “It’s within your organization. We need to automate the repeatable tasks of real cybersecurity work.” ®


About Author

Comments are closed.