Dubai Diaries Cybersecurity Forum: Mandiant Intelligence – Business Decision Makers Must be Aware of How the Current Threat Landscape will Influence their Organization

In part two of our Cybersecurity forum series, Jens Monrad – Director, Head of Mandiant Intelligence, EMEA tell us what business decision makers must be aware of when it comes to investing in cyber security.

Dubai Diaries: How have businesses in the UAE been impacted by the recent cyberattacks? Are they more vulnerable to cyberattacks than other parts of the world?

Jens Monrad: Like many other parts of the world, the UAE is an attractive target to cyber threat actors, especially where the motivation is either political or financially driven. On the geopolitical scene, local or regional conflicts are something we see as a driver for cyberattacks. Here, a few events appear to have impacted the cyber threat landscape of the UAE. In particular, the recent deal with Israel can increase the cyberthreat, especially from countries or activists who disagree with the political line. Additionally, the increased digitalization attracts financially motivated threats with a primary focus on stealing credentials, monetizing unauthorized access or attempt to extort victims via ransomware schemes.

DD: What kind of attacks should businesses be prepared for considering the latest smart development vision for Dubai 2040?

JM: It is essential to understand what influences the cyber threat landscape for future strategic developments and country/region-specific goals. The potential disruption of development or infrastructure communication introduced in nationwide plans often attracts both cybercriminals, trying to monetize intrusions and state-sponsored cyber attacks attempting to conduct espionage.

DD: How much information should decision makers have access to or need in order to oversee the cyber risks? What should this information be and how often should the board have access to this information?

JM: Decision-makers need to be aware of the current cyber threat landscape and how it can potentially influence their organization. For example: 

1. What information is available to help organizations prioritize their resources. 
2. How can they minimize the gap between the discovery and recovery of a cyberthreat?
3. With the current cyber threat landscape in mind, how robust are the existing investment in security controls and can it detect or prevent the present threat? 

DD: How do you protect the sensitive information handled and stored by third party vendors?

JM: Supply Chain cyberthreats are something to be concerned about, and organizations that rely on third-party services need to assess the security controls and programs followed by such a service. While it is good to ensure that any third-party follows best security practices and document how they work with security, every organization needs to understand that the responsibility remains the same, even if you chose to rely on a third-party or outsource part of your infrastructure to a third-party.

DD: Do you encourage businesses to have cyber-insurance? If yes/no then why is it important or not? Does your company offer or assist with it?

JM: Although cyber insurance is not the savior of managing cyber risk, it can play a central role for organizations while they develop and implement a strong IT security strategy. FireEye is not a broker or underwriter, but we provide capabilities that enhance the role of insurance. As a company, our goal is to update and inform the insurance community on how best to address and manage cyber risk, which in turn, informs the underwriting and claims processes. This helps our clients be more resilient in both their operational and financial recovery.

DD: How do you help decision makers determine whether or not they have the right data governance strategy in place to minimize the cyber risk?

JM: One of the critical aspects of improving an organization’s cyber defences is understanding what critical assets the organization needs to protect. Furthermore, quickly moving from a discovery phase to a recovery phase when identifying a compromise or a cyberthreat is crucial and requires the entire organization to operate under the same plan. Such a plan includes:

1. Documented processes for incident response. 
2. How to best prioritize patching vulnerable products and technologies.
3. Educate employees on who to contact if they receive suspicious emails or phone calls. 
4. Understand what the most significant threats are to your industry and how to track them.

DD: What measures do you take to stay current on the cyber threat landscape? How do you share that with the business decision makers?

JM: Today Mandiant Threat Intelligence employs more than 200 researchers and analysts who speak more than 30 languages and are placed in more than 20 locations around the world. The team keeps a constant track of cyberspace developments that can shape new cyber threats and understand industries and locations and the potential threat they face by state-sponsored and financially motivated cyberthreats.

DD: What are the new trends in digital security and what is your outlook for 2021 thereof?

JM: We expect to continue to see a highly-agile cybercriminal ecosystem that will keep adapting to the new defences and increased maturity by organizations. As industries mature their defensive capabilities, the cybercriminals will target new victims or introduce new techniques to monetize their compromises. We have observed a similar shift in late 2019, where Ransomware became much more targeted and relied less on a volume-based approach. Similar techniques are expected to continue into 2021.

On the state-sponsored cyber threat front, I foresee that we will continue to see nations invest and develop their offensive capabilities even further. The increased investment in offensive capabilities does come with a considerable risk for private industries and citizens. Historically, we have seen a bad track record in protecting the tools used by state-sponsored threat actors, which can fall into other states’ hands or be used by cybercriminals. Cyberspace will eventually be a preferable domain for conflicts as there is little repercussion or risk associated with state-sponsored cyberattacks. As nations rely more and more on a digitalized infrastructure, the appetite for compromising the infrastructure will increase from state-sponsored espionage campaigns and cybercriminals.