Kevin Mandia, CEO at Mandiant, stopped by the 2023 FAIR Conference for a wide-ranging “fireside chat” with Saket Modi, CEO of the FAIR Institute’s technical adviser, Safe Security. Mandiant (recently acquired by Google) helps large companies recover from 1,200-plus data breaches and other cyber disasters in a year. Watch this 43-minute video for nonstop insights from Kevin on the state of play in the threat landscape and what CISOs can do to protect against nation-state actors and sophisticated criminal gangs.
Watch the video:
Fireside Chat: Incident Response and Materiality
A free FAIR Institute membership required. Join now!
Mandia’s key points on preparing for ransomware and assessing material cyber risk:
“I like what you are doing, trying to measure [ransomware risk] ahead of time,” he told Saket Modi. “If organizations could simulate the impact of ransomware – really applying their brains for about two hours straight, that’s all it would take.”
“I was a naysayer in quantifying risk in cyber because I can’t tell you who North Korea is going to hack. But then I realized I’m a naysayer on likelihood but I’m not a naysayer on materiality and impact.”
Mandia recommends these steps for ransomware defense:
--Quantify the risk. In his experience, business downtime/interruption is the predominant impact. It’s a good opportunity to game out the loss of a network or business unit. How would parts of the business going off the grid affect operations and then revenue?
--Identify key assets, make sure they are backed up and that the backups are secure. Ask “can we really back up applications in the same configuration they are in?” Often the employee who knows the configuration is long gone from the company.
--Reduce your blast radius both with credentials as well as segmentation. “Everyone is a victim of account access bloat.”
--Review all your systems on a ransomware assessment. “Most companies probably don’t need 10-20% of their architecture,” and could radically reduce their exposure.
--“Red team your network every quarter” with the goal of reaching the CFO’s email. ”Assume breach, assume valid credentials, let a red team have three days. If they can’t do it in three days, feel good.”
Learn more from Kevin Mandia – watch the video of the fireside chat with Saket Modi now.
Fireside Chat: Incident Response and Materiality
A free FAIR Institute membership required. Join now!
