Washington D.C. ― mWISE ― Below are some of the most significant statements made during the Mandiant Worldwide Information Security Exchange (mWISE). The conference took place in Washington DC from September 18 to 20, gathering 2,000 security experts from around the world in one place, both in person and remotely, to share insights into the latest threat landscape. The event featured over 80 sessions which were presented by more than 90 speakers.
1. Christopher Wray (Director, Federal Bureau of Investigation)
Remarks from Christopher Wray
“Anytime so many leaders from the private sector and the government and around the world, both managers and frontline defenders, all get together in one room, cyberspace becomes a little bit safer. I firmly believe that the best way to build our collective defense is by having dialogue about the threats that we’re seeing and having creative conversations about the ways that we can work together to stay ahead of it, which I should add is explicitly the FBI’s vision to stay ahead of the threat.”
“China already has a bigger hacking program than that of every other major nation combined. In fact, if I took every single one of the FBI’s cyber agents and intelligence analysts and devoted them exclusively just to China, Chinese hackers would still outnumber our cyber personnel by at least 50 to 1. Just to say that again, 50 to 1. With AI, China is now in a position to close this cycle to use the fruits of their widespread hacking to power with AI, and even more powerful hacking efforts.”
2. Yong Suk Lee (Stanford Fellow and Director of Global Risk Analysis, Google)
Panel – Cyber Threats in JAPAC: The Growing Danger from China and North Korea
“The North Korea cyber program has a classic characteristic of their weapons program. They have a main enemy, which they are going after South Korea and the United States, and they rely on revenue generation to continue to fund the programs. North Korea has never developed a piece of technology or weapon, including nuclear technology. So, the reason they do that is because North Korean overseas weapons sales fund the domestic party. And it is the same case for cyber, as well.”
“How do you get back? How do you retaliate against that other than adding some more names or sanctions? Look up North Korea night lights on Google search. There really isn’t any more damage the United States or South Korea can do to North Korea that North Koreans have not done to themselves with 80 years of Communism. They can’t even keep their lights on. Are we going to hack their banking system? Are we going to bring their computer systems down? It just really pulls that strategic dilemma. How do you retaliate against it?”
3. Cris Kittner (Chief Analyst, Google Cloud Threat Adversary and Operations)
Panel – Cyber Threats in JAPAC: The Growing Danger from China and North Korea
[Answering a question about North Korean social engineering towards security researchers]
“When you think about the level of patience, time, cultural awareness, and willingness to step out from where they sit and think about how we think, to be able to do that very simple but clever social engineering is absolutely amazing.”
4. Kevin Mandia (CEO of Mandiant, Google Cloud)
Opening Remarks by Kevin Mandia
“Build and defense that assumes breach. I’m going to step you through all the different ways that prevention ultimately fails. You should assume if you’re a defender, it’s the right mindset to have that your employees will fall for a social engineering attack. Just assume it. Unless you hire a bunch of mean people that don’t want to help anybody, you will fall victim to social engineering.”
“I would say if you have not done a tabletop exercise with executives and your board members in the last two years, I would do one. Because that to me is a sign that you do not ordinarily have the right morale and security program. It starts there. Do one. You should absolutely do a scenario based on the worst case scenario. It’s feasible. It’s possible. It could happen to us, and we really hope it doesn’t. It’s the exact scenario you want to do, so that you get to know what communication channels need to be open. Who do you need to tell? What do you need to tell them? And who are the real active combatants in your incident? That’s one way to tell the security mindset.”
5. Sandra Joyce (Vice President, Mandiant Intelligence, Google Cloud)
Threat Intelligence Media Roundtable
[Discussing the most innovative threat actors]
“I will add it to North Korea for being able to create just astounding effects with so little resources, that they can accomplish the amount of money they can steal, crypto, and launder it, so that they can fund their nuclear programs and also their own internal infrastructure for more cyber campaigns. I think that’s the type of innovation that a scrappy, poor country [can accomplish. It] is pretty impressive in a negative way.”
