Mandiant, a leader in dynamic cyber defense and response. Since 2004, Mandiant® has been a trusted partner to security-conscious organizations. Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Balaji Rao, Country Manager – India & SAARC, Mandiant shared his views on the cybersecurity threats, solutions and the future ahead in conversation with team IT-Voice.
Prateek: What is the importance of continuous security validation within companies?
Balaji Rao: Cybersecurity has become an increasing concern amongst organizations, especially with the growing adoption of digitization since the pandemic. However, companies are now catching up to the rise in sophisticated threats and other threat actors, hampering their operations. Continuous security validation provides real data on the organizations’ security control performance and helps in improving their security infrastructure for continued testing and improvements. It also helps to assess the required investment needed to improve security effectiveness in an organization. Intelligence-led Security Validation helps in identifying high-priority threats and generates a strategy based on the data of what is posing a threat to the organization. With Mandiant, security leaders and their teams can perform complete, continuous validation of security controls across technology, processes, and people by testing an organization’s security controls against common attacks and threats to prove your security is protecting critical assets.
Prateek: How are threat hunting and threat intelligence tools or services effective in detecting and stopping cyber-attacks?
Balaji Rao: The evolving threat landscape has compelled enterprises to take preventive measures by adopting a proactive and strategic approach to information security. While organizations are realigning their security measures and approach, threat actors are actively targeting and attacking their technological vulnerabilities. To tackle this, enterprises need to raise their game and consider strategic cyber security approaches enabling security practitioners in organizations to identify threat actors, reduce risk and secure containers, while at the same time, improving governance and compliance.
Threat Intelligence is a crucial component that strengthens every function of an organization by automatically prioritizing and locating threat actors with the security solutions that are deployed. Likewise, Threat hunting tools proactively hunt for attackers across the entire infrastructure allowing an organization to identify malicious activity, detect and respond to compromises and risks. Mandiant’s threat intelligence transformation delivers in-depth information helping enterprises defend and respond to security attacks, improve threat hunting capabilities, and build a sustainable intelligence-led organization.
Prateek: What must be the approach of enterprises while preparing for cyberattacks?
Balaji Rao: Cyber-attacks are increasingly becoming common and companies around the world are trying to prevent or reduce the damage caused by them. It has become essential that every organization has the expertise and intelligence behind finding these malicious threat actors and mitigating the risks. With cyberattacks becoming more complex and creative, understanding the attacks and their different stages with help enterprises defend themselves. Establishing good security practices across the organization and its security infrastructure is the first step to preparing against attacks and threats. Continuously evaluating and identifying the risk exposers relevant to one’s organization and recognizing the potential harms and risk patterns will help to eliminate the attacks. Additionally, companies need to transform their security capabilities to successfully outmanoeuvre the current threat actors and implement processes to provide resilience against future compromise. The Mandiant Advantage platform gives security teams an early knowledge advantage via the Mandiant Intel Grid, which provides platform modules with current and relevant threat data and analysis expertise. The platform ensures that enterprises are secure from cyber threats as they are armed with continuous security validation, detection and response, and confident in their readiness.
Prateek: Why reskilling the employees on technology risks is significant for the risk management framework?
Balaji Rao: With the ever-evolving digital landscape, it is important that organisations instill a culture of skilling and upskilling to bring their employees up to speed with the potential technology risks. With remote working becoming a new norm, its imperative that companies prioritize digital upskilling and plug in the cyber skill gaps. The emphasis should be on conducting sessions that help in boosting awareness amongst the employees about the cyber threats/risks and digital competencies. Employees should at least be equipped with basic skillsets regarding system safety to ensure that there is no data breach, security is not compromised and day-to-day work is carried out in a seamless manner. In the era of a dynamic work environment, companies will have to stress continuous learning and development to make their employees more competent and stronger for the years to come.
Prateek: What trends will dominate the cybersecurity space in the coming time?
Balaji Rao: Although the year 2020 caused disruptions across the world, the cyber security industry came back strong in 2021. Uncertainty is common in the cyber realm. With the rapid adoption of digital mediums, there is a rise in risks pertaining to security. Attackers regularly change their tactics, techniques and procedures (TTPs) to evade detection, leaving defenders struggling to keep up. Mandiant came out with its predictions report this year that outlined the trends that will see an uptake in the cyber security space. Some of them include:
Ransomware and multifaceted extortion: The ransomware threat has grown significantly throughout the past decade and it will continue its upward trend. The business of ransomware is simply too lucrative unless international governments and technology innovations can fundamentally alter the attacker’s cost-benefit calculation. While we have seen efforts to disrupt operations and hold threat actors accountable, cybercriminals simply sign up with another platform as part of the ransomwareas-a-service business model to continue their operations.
Deepfakes: The effectiveness of deepfakes in information operations has been discussed in the security community, but state-sponsored and financially motivated actors have also demonstrated a growing interest in this technology. We anticipate that as deepfake technology becomes more widely available in 2022 and beyond, criminal and espionage actors will increasingly integrate manipulated media into their operations to make social engineering more convincing, easily tailor content to specific targets and defeat some automated identity verification systems.
More use of IoT, More Surface Attacks and Vulnerabilities: In the coming years, we expect to see the continued growth of Internet of Things (IoT) devices, many of which will be inexpensive and created without real consideration given to security. The number of vulnerabilities they introduce in software and hardware will make it hard for bug hunters to keep up. Because all these devices are connected, we’ll see the general attack surface expand with the potential for serious impact. Unfortunately, there hasn’t been enough emphasis on security in fundamental IoT device design to fix these issues, so the situation will only get worse in the years to come.