Research Note: Navigating the New Frontlines of Cybersecurity – Insights from mWISE 2024

As the digital world evolves, so too does the battlefield of cybersecurity. The mWISE 2024 conference, hosted by Mandiant, was a convergence of the brightest minds in cybersecurity, revealing the latest challenges and innovations shaping the industry. The event was a testament to the critical role cybersecurity now plays not just in IT, but in the very fabric of business and national security. Here’s what we uncovered in our theCUBE coverage from the experts and why it matters for every business professional.

The Rise of Cybersecurity as a Strategic Business Imperative

In the opening keynote, Kevin Mandia, Strategic Advisor at Google Cloud, underscored a key shift: cybersecurity is no longer just an IT issue—it’s a strategic business concern. “The boardroom now cares about ransomware, data breaches, and the integrity of their supply chains as much as they do about quarterly earnings,” Mandia remarked. This shift has redefined the role of the Chief Information Security Officer (CISO), elevating them from technical guardians to strategic advisors, helping steer the company through a landscape fraught with digital threats.

Keynote Takeaways:

1. Cybersecurity as a Boardroom Priority: Mandia emphasized that cybersecurity has evolved from a technical IT issue to a strategic business concern, with board members increasingly focused on understanding and managing cyber risks. He shared that boards are now asking more sophisticated questions about cybersecurity resilience, the impact of geopolitical events on cyber threats, and the overall risk posture of their organizations. This shift has elevated the role of the CISO, requiring them to communicate complex security issues in business terms and advocate for the resources necessary to secure the organization.
2. The Evolving Role of the CISO: The CISO role is undergoing a transformation as cybersecurity responsibilities expand. Mandia noted the rise of “jump balls” in the security domain—tasks that could fall under various leadership roles, such as AI security, data governance, and supply chain security. He argued that CISOs must proactively define their remit and advocate for clear ownership of these areas to avoid confusion and gaps in security coverage. Mandia also stressed the importance of having a “security mindset,” a proactive approach where CISOs continually identify and address potential weak spots in their organization’s defenses.
3. Challenges of Managing AI and Emerging Technologies: As AI becomes more integrated into business operations, Mandia highlighted the need for robust policies to govern its use. He compared this to the early days of the internet, where companies had to establish rules for acceptable use. Mandia advised organizations to develop clear guidelines for AI, including data input and output monitoring, to ensure security and compliance. He sees AI as both a tool for enhancing security operations and a potential risk if not properly managed.
4. The Importance of Cyber Resilience: Mandia underscored the significance of cyber resilience, which goes beyond traditional disaster recovery to include the ability to quickly restore critical business operations after a cyber incident. He advocated for “red lever events”—practical drills that test an organization’s ability to respond to severe disruptions, such as ransomware attacks or major system failures. This proactive approach, Mandia argued, is essential for preparing organizations to handle worst-case scenarios and minimizing operational downtime.
5. The Role of Public-Private Partnerships in Cyber Defense: Mandia highlighted the importance of collaboration between the private sector and law enforcement in combating cybercrime. He praised the progress made in joint operations to disrupt ransomware groups and emphasized that the best deterrent to cybercriminals is the threat of arrest and prosecution. However, he acknowledged the challenges of international cooperation and the need for stronger legal frameworks to effectively combat cyber threats that originate from safe-harbor countries.
6. Adapting to an Asymmetric Threat Landscape: The cybersecurity landscape is becoming increasingly complex, with attackers adopting more sophisticated techniques and targeting critical infrastructure. Mandia noted that while defensive capabilities are improving, the asymmetry of cyber warfare—where attackers only need to find one weakness to succeed—poses an ongoing challenge. He called for a continued focus on improving identity management, secure software development, and real-time threat intelligence to stay ahead of adversaries.

Keynote Summary: Mandia’s insights at mWISE 2024 provide a clear picture of the current state of cybersecurity, where strategic alignment between security leaders and business executives is crucial. As the role of the CISO continues to evolve, organizations must invest in resilience, proactive governance, and collaboration to defend against an ever-changing threat landscape. Mandia’s call to action for businesses is to elevate cybersecurity to a board-level priority and prepare for the inevitable challenges that lie ahead.

Other Important Insights from mWise

Ransomware: The Ever-Evolving Threat

Ransomware remains a top concern for businesses worldwide, but it’s evolving in ways that many might not expect. Kimberly Goody, Head of Financial Crime at Mandiant, highlighted an alarming trend: while fewer companies are paying ransoms, the amounts demanded have skyrocketed—from $200,000 to a staggering $1.5 million in just a year. Goody explained, “Attackers are getting bolder, using tactics like data exfiltration and personal threats against executives to increase leverage.” The takeaway for businesses is clear: it’s not enough to just have backups and cybersecurity insurance. Companies need comprehensive ransomware resilience plans that include robust incident response and clear communication strategies.

The Double-Edged Sword of AI

Artificial Intelligence (AI) is transforming cybersecurity, but it’s also introducing new risks. Vicente Diaz from VirusTotal shared how they’re using AI to dissect complex malware. “We’re seeing AI not just as a tool for defense but also being used by attackers to automate phishing and refine social engineering techniques,” he said. This dual-use nature of AI means that while it can help SOCs (Security Operations Centers) detect threats faster, it also gives cybercriminals a powerful tool to scale their attacks. The message for businesses: embrace AI, but do so with a robust governance framework to mitigate its risks.

The Cloud Security Paradox

As businesses continue to migrate to the cloud, securing these environments has become a complex challenge. Anton Chuvakin, Security Advisor at Google Cloud, pointed out that many organizations still misunderstand the shared responsibility model. “Cloud providers offer the infrastructure, but securing the applications and data within it is up to the customer,” Chuvakin warned. Misconfigurations remain the most common cause of cloud breaches. To safeguard against this, businesses need to invest in tools that provide visibility and control over their cloud environments, ensuring they’re not leaving the digital doors unlocked.

The Invisible Battle: Securing the Supply Chain

The security of supply chains—whether for software, data, or even hardware—was a recurring theme throughout the conference. Brett Callow of FTI Consulting highlighted that ransomware groups are increasingly targeting supply chains to amplify disruption. “A single compromised vendor can impact hundreds of companies,” Callow said, emphasizing the need for businesses to not only vet their suppliers but also have contingency plans for supply chain disruptions. The solution lies in continuous monitoring and stronger collaboration between companies and their suppliers to ensure a unified defense against potential threats.

Public-Private Partnerships: A Collective Defense Against Cyber Threats

Another critical point raised at mWISE was the importance of collaboration. John Hultquist, Chief Analyst at Mandiant Intelligence, advocated for stronger public-private partnerships. “We’ve seen real progress when companies and law enforcement work together,” he noted, citing recent operations that disrupted ransomware groups. This collective defense model allows for faster response times and a broader reach in combating cyber threats. For business leaders, this means engaging in industry forums, sharing threat intelligence, and building relationships with public agencies before a crisis hits.

The Road Ahead: Autonomous Security Systems

Looking to the future, Chris Boehm from SentinelOne introduced the concept of autonomous security systems. Tools like SentinelOne’s Purple AI are enabling analysts to query their environments in plain language and receive actionable insights. “This is more than just automation; it’s about empowering security teams to focus on strategic threats rather than being bogged down by repetitive tasks,” Boehm explained. For businesses, adopting such technologies could mean the difference between swiftly neutralizing a threat and becoming the next headline.

What It All Means for Business Leaders

The insights from mWISE 2024 paint a vivid picture of the cybersecurity defense landscape—a place where the stakes are higher than ever, and the threats more sophisticated. For business leaders, this means taking an active role in their company’s cybersecurity strategy. Here are some key takeaways:

1. Elevate Cybersecurity to the Boardroom: Ensure that your CISO has a seat at the table and that cybersecurity is a part of every strategic discussion.
2. Prepare for Ransomware: Develop a comprehensive resilience plan that includes more than just technical defenses—think about legal, financial, and reputational impacts.
3. Invest in AI Responsibly: AI can be a powerful ally, but it’s crucial to have strong governance frameworks in place to manage its risks.
4. Secure Your Cloud Environments: Understand your responsibilities and invest in the right tools and training to prevent misconfigurations.
5. Fortify the Supply Chain: Regularly assess the security of your supply chain partners and be prepared with response plans for potential disruptions.
6. Engage in Collective Defense: Participate in public-private partnerships and threat intelligence sharing initiatives to bolster your defense against sophisticated adversaries.

Final Thoughts

The mWISE 2024 conference was a wake-up call for many, illustrating that cybersecurity is not just about technology—it’s about strategy, resilience, and collaboration. As the digital and physical worlds continue to converge, business leaders must be prepared to navigate this complex landscape, armed with the insights and tools to protect their organizations against an ever-evolving array of threats.

My Takeaway: Cybersecurity isn’t just a challenge for IT—it’s a business imperative. And as we’ve seen at mWISE, it’s a battle best fought together.

---

Addendum: Expert Commentary from #mWise

Kevin Mandia, Strategic Advisor at Google Cloud

• On the Role of the CISO: “Today’s CISOs are no longer just technical specialists; they’re strategic advisors who need to translate cyber risks into business impacts. Boards are increasingly relying on CISOs to inform decisions around mergers, acquisitions, and overall business resilience. The ability to communicate in business terms is what sets effective CISOs apart.”
• On Cybersecurity as a Business Imperative: “Cybersecurity is not just a technical issue; it’s a business imperative. We’re seeing more boards recognize that cybersecurity is fundamental to protecting shareholder value and business continuity.”

Kimberly Goody, Head of Financial Crime at Mandiant

• On Ransomware Evolution: “Ransomware is no longer just about encryption and ransom demands. Attackers are now focusing on data exfiltration and extortion, creating more leverage over their victims. We’re seeing a shift towards attacking high-profile targets and threatening personal and corporate reputations, not just financial assets.”
• On the Impact of Ransomware: “The median ransom payment has increased significantly, from $200,000 to $1.5 million, which is indicative of the higher stakes involved. It’s not just about operational disruption anymore; it’s about the potential for long-term damage to a company’s brand and leadership.”

Greg Bell, Co-founder and Chief Strategy Officer, Corelight

• On Network Detection and Response (NDR): “Network telemetry is where the answers lie, but traditionally, it’s been the last area to get attention. Our goal with Corelight is to democratize access to advanced network detection tools that were once the domain of elite defenders in the National Laboratory System, making them available to every organization.”
• On Cloud Security: “The shift to cloud environments has not changed the fundamental principles of network security. Attackers don’t care where the data resides; they’re targeting vulnerabilities regardless of the environment. Effective network security must be consistent across on-premises and cloud infrastructures.”

Anton Chuvakin, Security Advisor at Google Cloud

• On AI in Cybersecurity: “AI can be both a powerful tool and a dangerous weapon. While it’s enhancing our ability to detect and respond to threats, it’s also enabling attackers to automate and scale their operations in unprecedented ways. We need strong AI governance frameworks to manage these risks and ensure ethical use.”
• On Cloud Security Misconfigurations: “Misconfigurations in cloud environments are still a major vulnerability. The shared responsibility model is often misunderstood, leading to gaps that attackers can easily exploit. We need to simplify security controls and make them more user-friendly to reduce these risks.”

Brett Callow, Managing Director at FTI Consulting

• On Supply Chain Attacks: “Ransomware groups are increasingly targeting supply chains to maximize disruption. A single compromised vendor can expose an entire network of organizations. Effective supply chain security requires continuous monitoring and strong partnerships with vendors and law enforcement.”
• On Public-Private Collaboration: “Improved collaboration between the private sector and law enforcement is making a difference, but we need to go further. Sharing threat intelligence and coordinating responses are critical to defending against sophisticated adversaries who are constantly evolving their tactics.”

Vicente Diaz, Threat Intelligence Strategist at Google Cloud’s VirusTotal

• On AI for Malware Analysis: “We’re using large language models to automate the analysis of complex malware, but this is still a developing field. The potential is huge, but there are significant challenges, especially when it comes to understanding and preventing adversarial attacks on these models.”
• On the Future of Malware Analysis: “AI is changing the game for malware analysis, enabling us to dissect and understand threats at a scale and speed that was previously impossible. However, we must remain vigilant against the misuse of these technologies by cybercriminals who are also leveraging AI to refine their attack methods.”

Chris Boehm, Global Field CISO, SentinelOne

• On AI in Security Operations: “SentinelOne’s Purple AI is designed to empower SOC analysts by allowing them to interact with security data through natural language queries. This bridges the gap between technical complexity and operational efficiency, making it easier to derive actionable insights from vast amounts of data.”
• On Autonomous Security: “We’re moving towards a future where autonomous systems play a key role in cybersecurity, but we’re not there yet. AI can assist and augment human analysts, but complex decision-making still requires human oversight. The challenge is to balance automation with the need for expert judgment.”

Nader Zaveri, Senior Manager – Incident Response & Remediation, Mandiant/Google

• On the Abuse of Remote Access Tools: “We’re seeing a growing trend of attackers using legitimate remote access tools (RATs and RMMs) for malicious purposes. These tools are often overlooked in security controls because they’re widely used by IT teams. Organizations need to implement stricter controls and monitoring to prevent abuse.”
• On Effective Incident Response: “Effective incident response is not just about containment but also about learning and improving. We focus on removing attackers from compromised environments and then applying those lessons to enhance our proactive defenses. It’s an ongoing cycle of improvement.”

John Hultquist, Chief Analyst, Mandiant Intelligence, Google Cloud & Charles Carmakal, CTO, Mandiant Consulting

• On Threat Actor Sophistication: “We’re seeing a diversification in threat actor capabilities, with more groups adopting advanced techniques traditionally used by nation-state actors. This is raising the bar for what organizations need to defend against, making it crucial to integrate intelligence into security strategies.”
• On Building Resilient Defenses: “It’s not enough to focus on detection and response. Organizations need to anticipate and prepare for attacks by integrating threat intelligence into their security programs. This means understanding who is targeting them, why, and how to build resilience against these specific threats.”

Allison Wikoff, Director, Global Threat Intelligence – Americas Lead, PwC

• On Geopolitical Impact on Cybersecurity: “Geopolitical conflicts are driving a surge in espionage and sabotage attacks, particularly against critical infrastructure. During election cycles and global tensions, threat actors exploit vulnerabilities to disrupt and gather intelligence. Organizations need to be prepared for these scenarios with robust incident response and crisis management plans.”
• On Adapting to Emerging Threats: “Financially motivated threat actors are shifting their focus as defenses against traditional tactics improve. We’re seeing a rise in the exploitation of vulnerabilities in applications and third-party services. Staying ahead of these threats requires continuous adaptation and a proactive approach to security.”

Charles DeBeck, Cyber Threat Intelligence Expert at Google Cloud

• On Serverless Security Challenges: “Serverless computing introduces unique security risks due to its scalable and dynamic nature. Traditional security models often fall short, leaving misconfigurations and inadequate visibility as common vulnerabilities. It’s crucial to rethink security strategies to address these new paradigms.”
• On the Shift in Threat Actor Tactics: “Rather than encrypting data, attackers are increasingly focused on exfiltration and extortion. This shift is partly due to the complexity and lower profitability of ransomware encryption. Organizations must prioritize data protection and monitoring to mitigate these emerging threats.”
• On the Importance of Data in Threat Intelligence: “Integrating diverse data sources is essential for effective threat intelligence. Accessible and usable data helps us understand and preempt threats. We need a proactive approach, leveraging data to drive intelligence and response strategies.”

Kerry Matre, Head of Product Marketing Management, Mandiant, Google Cloud

• On the Defender’s Advantage Framework: “Organizations should leverage their deep understanding of their environments to strengthen defenses. The Defender’s Advantage framework integrates six critical functions: Intelligence, Detect, Respond, Validate, Hunt, and Mission Control. This comprehensive approach enables proactive defense and resilience.”
• On Crisis Communication and Response: “Effective communication during a breach is crucial. Pre-scripted messages and a centralized communication point can help manage the narrative and reduce damage. Preparing in advance ensures that during a crisis, teams can focus on resolving the incident rather than managing the fallout.”

John Fokker, Head of Threat Intelligence and Principal Engineer at Trellix

• On Ransomware-as-a-Service (RaaS): “The RaaS ecosystem has evolved, with criminal groups refining their operations to include various ‘as-a-service’ models like phishing, access, and credential services. This diversification allows even low-skilled cybercriminals to launch sophisticated attacks.”
• On the Use of Generative AI in Cybercrime: “Cybercriminals are leveraging AI for more effective phishing campaigns and exploiting vulnerabilities with greater precision. We’re also seeing AI being used for extortion, such as voice cloning to target high-profile individuals. This trend underscores the need for organizations to stay ahead of the curve in AI security.”

John Hultquist, Chief Analyst, Mandiant Intelligence, Google Cloud

• On the Sophistication of Threat Actors: “We’re seeing threat actors continuously evolve their tactics, techniques, and procedures. They are now more persistent and resourceful, often blending criminal and espionage activities. Organizations must move beyond traditional defense mechanisms and invest in intelligence-driven security strategies that anticipate and counteract these sophisticated threats.”
• On the Importance of Intelligence Integration: “Integrating threat intelligence into security operations is crucial. It’s not just about detecting and responding to threats but understanding the broader context in which they operate. This intelligence-driven approach helps security teams focus on the most relevant threats to their organization.”

Charles Carmakal, CTO, Mandiant Consulting

• On Building Resilient Defenses: “Organizations need to adopt a multi-layered approach to security that includes robust incident response, threat intelligence, and proactive defense measures. This is not just about technology but about building a culture of resilience that enables teams to respond effectively to incidents.”
• On the Evolving Cyber Threat Landscape: “The threat landscape is becoming increasingly complex, with attackers targeting critical infrastructure and leveraging zero-day vulnerabilities. Organizations must be vigilant and continuously adapt their security strategies to stay ahead of these evolving threats.”

Kimberly Goody, Head of Financial Crime Analysis, Mandiant

• On Ransomware Trends: “We have seen a shift in ransomware strategies. Attackers are moving from broad, opportunistic attacks to more targeted campaigns aimed at high-value organizations. These groups are using sophisticated extortion techniques, such as threatening to leak sensitive information or targeting high-profile individuals. This underscores the need for robust incident response and resilience planning.”

Nader Zaveri, Senior Manager – Incident Response & Remediation, Mandiant/Google Cloud

• On the Misuse of Remote Access Tools: “We’ve observed a significant increase in the abuse of legitimate remote access tools by threat actors. These tools, often used for benign purposes, are now being weaponized to gain unauthorized access and maintain persistence in networks. Organizations need to monitor and restrict the use of these tools and implement robust access controls.”
• On Strengthening Security Measures: “It’s essential for organizations to regularly audit their environment, especially around the use of remote access tools and services. Implementing strong multi-factor authentication and network segmentation can significantly reduce the risk of unauthorized access and lateral movement.”

Vicente Diaz, Threat Intelligence Strategist, VirusTotal, Google Cloud

• On Leveraging Large Language Models (LLMs) for Malware Analysis: “We’re using LLMs to automate and enhance our understanding of complex malware. These models can help disassemble binaries, analyze memory dumps, and identify malicious patterns. While LLMs have significantly improved our analytical capabilities, they also pose new risks, such as adversarial attacks that can mislead the models. Organizations need to be aware of these risks and implement robust governance around their use.”

Chris Boehm, Global Field CISO, SentinelOne

• On the Challenges of AI in Cybersecurity: “There’s a lot of hype around AI in cybersecurity, but we need to focus on real-world applications that genuinely enhance security operations. AI can’t replace human analysts, but it can augment their capabilities by automating repetitive tasks and providing deeper insights into the threat landscape. The key is to integrate AI in a way that enhances, rather than complicates, security workflows.”

---

Thank you for reading.

If you appreciate our research, we encourage you to engage with it—share, comment, direct message us, or tell a colleague. You can also become a part of our growing CUBE Collective, a community of expert contributors dedicated to amplifying innovation and fostering collaboration.

At theCUBE Research, we are committed to providing high-quality, free research content on this site to serve our growing community. Over the past 15 years, we’ve worked to elevate the conversation around technology trends and innovation, and we’re honored to be recognized globally for our dedication. Our goal is to stay humble and aligned with our audience and top innovators, fostering trust through insightful, reliable content.

If you want to be part of our community just engage or if you’re an expert and/or and active technology focused content creator then join our growing Cube Collective.

What is theCUBE Collective

TheCUBE Collective is a unique, open community designed to elevate high quality content creators by collaborating with and amplifying their work. At its core, theCUBE Collective applies open-source principles to content creation, enabling creators to share their work freely while leveraging the reach of a global platform.

For creators, the Collective provides unparalleled visibility across theCUBE’s extensive network of tech coverage, interviews, and research publications. It offers an opportunity to showcase high-quality content and gain exposure to an audience that values expert insight and innovation.

For our audience, theCUBE Collective offers free access to valuable content from thought leaders and experts—no paywalls. This curated collection of expert interviews and research ensures professionals stay connected to cutting-edge developments in technology.

In a nutshell, theCUBE Collective is a win-win platform where creators gain recognition and audiences receive high-quality insights, all within a community-driven environment.