Mandiant CTO: Data breaches inevitable, but impact can be variable (video)

15 Nov 2013

Mandiant chief technology officer Dave Merkel

Data breaches are inevitable but the cost to the business in terms of finance and reputation can vary depending on how rapidly firms respond, the CTO of Mandiant told today’s IIEA Cybersecurity Conference in Dublin.

Mandiant CTO Dave Merkel told the IIEA Cybersecurity Conference that while businesses may invest heavily in making themselves perfect 100pc of the time, an attacker only needs to get it right once.

“You are now facing nation-grade technical problems caused by common people.”

Mandiant provides security products and services that find and stop advanced attackers who bypass IT security controls and is one of only four companies certified to respond to cybersecurity attacks in the United Kingdom via the Cyber Incident Response programme that is administered by CESG, the Information Assurance arm of the UK’s Government Communications Headquarters (GCHQ).

Last year, the company announced plans to create 100 new jobs in Dublin with the establishment of an engineering and security operations centre in the city.

Facing the reality of data breaches

The timing of the IIEA Cybersecurity Conference at the Mansion House in Dublin coincided with the revelations that personal and financial details of more than1m people across Europe are said to have been compromised, including thousands of customers of SuperValu, AXA and ESB.

Merkel said firms need to realise that while compliance and meeting standards is important, they are no guarantee that data can be protected and the key is how quickly firms grasp they are under attack and how rapidly they respond to the threat.

“Compliance is important but if you are lulled into the idea that 100pc of your systems can’t be breached, then you’re lying to yourself.”

Merkel said that 243 days is the median amount of time that hackers can be present inside a company network before they are detected.

“We are entering a new security paradigm – you have to be able to operate through compromise.

“Think about threat-centric security – know you are vulnerable somewhere, so be ready to act once they get into your environment.

“Breaches are inevitable, but the impact is variable depending on how you react. Threat-centric security is required – you do have to keep an eye on vulnerability, and there are actions you can take knowing the threat is out there, but then there is still a gap in your programme.

“Learn how to successfully operate and continue to defend despite failures,” Merkel said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years