Cybersecurity News that Matters

Cybersecurity News that Matters

Quotes from mWISE: Christopher Wray and more

by Dain Oh

Sep. 21, 2023
12:20 PM GMT+9

Washington D.C. ― mWISE ― Below are some of the most significant statements made during the Mandiant Worldwide Information Security Exchange (mWISE). The conference took place in Washington DC from September 18 to 20, gathering 2,000 security experts from around the world in one place, both in person and remotely, to share insights into the latest threat landscape. The event featured over 80 sessions which were presented by more than 90 speakers.

1. Christopher Wray (Director, Federal Bureau of Investigation)

Photo provided by Google Cloud

Remarks from Christopher Wray

“Anytime so many leaders from the private sector and the government and around the world, both managers and frontline defenders, all get together in one room, cyberspace becomes a little bit safer. I firmly believe that the best way to build our collective defense is by having dialogue about the threats that we’re seeing and having creative conversations about the ways that we can work together to stay ahead of it, which I should add is explicitly the FBI’s vision to stay ahead of the threat.”

“China already has a bigger hacking program than that of every other major nation combined. In fact, if I took every single one of the FBI’s cyber agents and intelligence analysts and devoted them exclusively just to China, Chinese hackers would still outnumber our cyber personnel by at least 50 to 1. Just to say that again, 50 to 1. With AI, China is now in a position to close this cycle to use the fruits of their widespread hacking to power with AI, and even more powerful hacking efforts.”

2. Yong Suk Lee (Stanford Fellow and Director of Global Risk Analysis, Google)

Photo by Dain Oh, The Readable

Panel – Cyber Threats in JAPAC: The Growing Danger from China and North Korea

“The North Korea cyber program has a classic characteristic of their weapons program. They have a main enemy, which they are going after South Korea and the United States, and they rely on revenue generation to continue to fund the programs. North Korea has never developed a piece of technology or weapon, including nuclear technology. So, the reason they do that is because North Korean overseas weapons sales fund the domestic party. And it is the same case for cyber, as well.”

“How do you get back? How do you retaliate against that other than adding some more names or sanctions? Look up North Korea night lights on Google search. There really isn’t any more damage the United States or South Korea can do to North Korea that North Koreans have not done to themselves with 80 years of Communism. They can’t even keep their lights on. Are we going to hack their banking system? Are we going to bring their computer systems down? It just really pulls that strategic dilemma. How do you retaliate against it?”

3. Cris Kittner (Chief Analyst, Google Cloud Threat Adversary and Operations)

Cris Kittner, second from the left. Photo by Dain Oh, The Readable

Panel – Cyber Threats in JAPAC: The Growing Danger from China and North Korea

[Answering a question about North Korean social engineering towards security researchers]

“When you think about the level of patience, time, cultural awareness, and willingness to step out from where they sit and think about how we think, to be able to do that very simple but clever social engineering is absolutely amazing.”

4. Kevin Mandia (CEO of Mandiant, Google Cloud)

Photo provided by Google Cloud

Opening Remarks by Kevin Mandia

“Build and defense that assumes breach. I’m going to step you through all the different ways that prevention ultimately fails. You should assume if you’re a defender, it’s the right mindset to have that your employees will fall for a social engineering attack. Just assume it. Unless you hire a bunch of mean people that don’t want to help anybody, you will fall victim to social engineering.”

“I would say if you have not done a tabletop exercise with executives and your board members in the last two years, I would do one. Because that to me is a sign that you do not ordinarily have the right morale and security program. It starts there. Do one. You should absolutely do a scenario based on the worst case scenario. It’s feasible. It’s possible. It could happen to us, and we really hope it doesn’t. It’s the exact scenario you want to do, so that you get to know what communication channels need to be open. Who do you need to tell? What do you need to tell them? And who are the real active combatants in your incident? That’s one way to tell the security mindset.”

5. Sandra Joyce (Vice President, Mandiant Intelligence, Google Cloud)

Sandra Joyce, Vice President of Mandiant Intelligence at Google Cloud, is introducing a topic of an opening keynote at mWISE. The quote below did not come from the speech in the photo. Photo by Dain Oh, The Readable

Threat Intelligence Media Roundtable

[Discussing the most innovative threat actors]

“I will add it to North Korea for being able to create just astounding effects with so little resources, that they can accomplish the amount of money they can steal, crypto, and launder it, so that they can fund their nuclear programs and also their own internal infrastructure for more cyber campaigns. I think that’s the type of innovation that a scrappy, poor country [can accomplish. It] is pretty impressive in a negative way.”


Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Dain Oh
    : Author

    Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expe...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights