As digital transformation redefines the business landscape, cybersecurity is becoming increasingly complex and urgent. So it was timely that the mWISE 2024 conference, hosted by Google LLC’s Mandiant, brought together industry leaders last week to explore the latest challenges, innovations and strategic priorities in the field.
No longer confined to information technology departments, cybersecurity has emerged as a cornerstone of business strategy and national security. TheCUBE, SiliconANGLE’s video studio, was on the ground, engaging with top experts to uncover the key themes and insights that matter most to business leaders grappling with these evolving threats.
Here’s what you need to know:
Cybersecurity as a boardroom priority
“Cybersecurity is no longer just an IT issue — it’s a strategic business concern,” Kevin Mandia (pictured), founder of Mandiant and now a strategic adviser at Google Cloud, declared during his keynote address. This shift has catapulted the role of the chief information security officer or CISO into the spotlight, transforming it from a technical function into a critical strategic advisory role within the boardroom.
Mandia emphasized that boards of directors are increasingly asking sophisticated questions about cybersecurity resilience and risk management. They are concerned not only with the immediate implications of data breaches but also with the long-term impact on shareholder value and business continuity. This has forced CISOs to adopt a dual role as both security guardians and business strategists, able to communicate complex technical risks in clear, actionable business terms.
The stakes are high. Mandia recounted numerous instances where boards sought his counsel post-breach, asking tough questions such as “What could we have done differently?” His advice to CISOs is to be proactive and transparent, ensuring they are not just reporting on the status quo but actively shaping the organization’s strategic response to evolving threats. “It’s about translating cyber risks into business impacts,” Mandia explained. “That’s what sets effective CISOs apart.”
The evolving role of the CISO
The role of the CISO is expanding, absorbing responsibilities that go beyond traditional IT security. Mandia described these expanding duties as “jump balls” — areas of ambiguity that could fall under various leadership roles, such as AI security, data governance and supply chain security. With cybersecurity intersecting more areas of business, CISOs must now advocate for clear ownership of these responsibilities to avoid confusion and gaps in security coverage.
“Security is almost a calling,” Mandia stated. “You just have it or you don’t.” He argued that a true security mindset is essential for CISOs, characterized by a relentless focus on identifying and mitigating risks. This mindset is not something that can be easily taught or acquired; it’s a fundamental aspect of an effective CISO’s approach to leadership. The ability to anticipate threats and think strategically about defense positions CISOs as indispensable allies to CEOs and board members.
Mandia highlighted the growing complexity of the CISO role by pointing out the blurred lines between digital and physical security. “It’s not just about securing the network anymore,” he noted. “Someone has to do supply chain security, physical security, and manage data flowing in and out of AI models. The CISO is often the best person for these tasks, but they need the authority and support to manage them effectively.”
Ransomware: an escalating threat
Ransomware continues to be one of the most formidable threats facing businesses today. Kimberly Goody, head of financial crime at Mandiant, noted a disturbing trend: While the number of companies paying ransoms is decreasing, the amounts being demanded have skyrocketed — from an average of $200,000 to more than $1.5 million in just a year. Attackers are using increasingly sophisticated tactics, such as data exfiltration and personal threats against executives, to coerce companies into paying.
“Ransomware is no longer just about encryption and ransom demands,” Goody explained. “Attackers are now focusing on data exfiltration and extortion, creating more leverage over their victims. The goal is to inflict maximum pain to compel payment, often threatening to release sensitive information if demands are not met.”
The message for businesses is clear: It’s not enough to simply have backups and cybersecurity insurance. Companies need comprehensive ransomware resilience plans that include robust incident response and clear communication strategies. Preparing for these scenarios in advance can mean the difference between a controlled response and a public relations disaster.
The dual-edged sword of AI
Artificial intelligence is rapidly transforming the cybersecurity landscape, offering both opportunities and new risks. Vicente Diaz from VirusTotal highlighted how AI is being used to dissect complex malware and automate threat detection. However, he also warned that AI is a double-edged sword, with attackers increasingly using it to refine social engineering techniques and automate phishing campaigns.
“We’re seeing AI not just as a tool for defense, but also being used by attackers to scale their operations,” Diaz noted. This dual-use nature of AI means that while it can help security operations centers detect threats faster, it also gives cybercriminals a powerful tool to enhance their attacks. The key for businesses is to embrace AI cautiously, ensuring robust governance frameworks are in place to manage its risks.
Chris Boehm from SentinelOne echoed these concerns, stressing that AI should be used to augment, not replace, human analysts. “The goal is not to create a fully autonomous security system but to empower security teams to focus on strategic threats rather than being bogged down by repetitive tasks,” Boehm explained. He advocated for integrating AI into security workflows in a way that enhances operational efficiency without sacrificing human judgment and oversight.
Navigating the cloud security paradox
As more businesses migrate to the cloud, securing these environments has become a complex challenge. Anton Chuvakin, security adviser at Google Cloud, pointed out that many organizations still misunderstand the shared responsibility model. “Cloud providers offer the infrastructure, but securing the applications and data within it is up to the customer,” Chuvakin warned.
Misconfigurations are the most common cause of cloud breaches, and the consequences can be severe. To safeguard against these vulnerabilities, businesses must invest in tools that provide visibility and control over their cloud environments. This includes implementing automated compliance checks and continuous monitoring to ensure that security settings are not inadvertently altered or bypassed.
“Security in the cloud is fundamentally different from on-premises security,” Chuvakin said. “You can’t just lift and shift your existing security practices to the cloud and expect them to work. You need a cloud-native approach that’s designed to address the unique challenges of these environments.”
Securing the supply chain: an invisible battle
The security of supply chains — whether for software, data or even hardware — was a recurring theme throughout the conference. Brett Callow of FTI Consulting emphasized that ransomware groups are increasingly targeting supply chains to amplify disruption. “A single compromised vendor can impact hundreds of companies,” Callow said, underscoring the need for businesses to not only vet their suppliers but also have contingency plans for supply chain disruptions.
The solution, according to Callow, lies in continuous monitoring and stronger collaboration between companies and their suppliers to ensure a unified defense against potential threats. “It’s not enough to just trust your partners,” he noted. “You need to verify and continuously assess their security posture as rigorously as you do your own.”
Public-private partnerships: a collective defense against cyberthreats
One of the most encouraging trends discussed at mWISE 2024 was the growing collaboration between the private sector and government agencies. John Hultquist, chief analyst at Mandiant Intelligence, advocated for stronger public-private partnerships, citing recent operations that disrupted ransomware groups as examples of what can be achieved through collective action.
“We’ve seen real progress when companies and law enforcement work together,” Hultquist noted. “This collective defense model allows for faster response times and a broader reach in combating cyber threats. For business leaders, this means engaging in industry forums, sharing threat intelligence, and building relationships with public agencies before a crisis hits.”