- "Cybersecurity has never been more important" and it is not going to go the way of "Blockbuster video," said Kevin Mandia, CEO of FireEye Inc., speaking during a keynote address Wednesday at Interop ITX in Las Vegas. As consumers, enterprise tech and the government converge, breaches and cyberattacks have become more high stakes, creating further demand for security.
- As the market has evolved, cyberattacks have begun to fall into two categories: targeted attacks and "drive-by shootings," where organizations pick targets at random as a type of "spray and prey," according to Mandia. "If people can hack with impunity, and there's great anonymity on the internet, these attacks are just going to happen all the time."
- But with the stakes of breaches higher than ever, "I think you're going to see international norms emerge. They have to," Mandia said, making room for optimism in the industry.
Blockbuster is a cheeky example of a company that was wiped out by digital innovation, but many technologies have to assess whether they will be around long term. It is unlikely with the rapid rise of cyberthreats and nation state actors targeting businesses that the security industry will find itself out of work.
Take WannaCry, for example. Mandia's presentation came on the heels of the WannaCry ransomware attack, which spread globally Friday and into this week. No one has yet taken credit for the attack, which was widely propagated in part because of anonymity on the internet. Lack of accountability means it is unlikely that the malicious actors spreading the ransomware will face repercussions.
The WannaCry attack highlights the importance of the cybersecurity sector. With new threats rapidly spreading, companies need to quickly figure out how to respond and defend. That's where the vendors come into play.
Part of the job of cybersecurity vendors is to be able to quickly respond to cyberattacks, remediating damage when necessary and limiting an attacks' scope when possible. The cybersecurity industry is maturing, but demand is constant as reports of widespread cyberattacks leave companies across sectors racing to adopt expertise and solutions.
But cybersecurity vendors alone cannot defend a company. A large aspect of cyber defense is the adoption of standards internally in the enterprise, working with vendors to reduce risk throughout an organization. To adequately do that, chief information security officers and other security stakeholders need to look internally to understand the environment and the risks present, according to Mandia.