U.S. businesses are at huge risk of falling victim to cyberattacks because there are no repercussions for hacking companies in the West, according to Kevin Mandia, CEO of FireEye. "Until we can impose some risk, some deterrence, these intrusions are here to stay," said Mandia, in an interview with Fortune.
Mandia's statements comes just after a grand jury indicted four defendants in connection with the 2014 Yahoo breach. The defendants include two Russian Federal Security Service (FSB) officers, opening the door for a discussion of nation state involvement in domestic cyberattacks.
Mandia said the indictment could serve as a way to open a dialogue with Russia about an anti-hacking agreement. "We've got to figure this out as a sovereign nation, as the United States, what are we going to do to deter — what are we going to do to establish fair game or rules of engagement," he said.
The U.S. has had success establishing international hacking treaties before. In December 2015, the U.S. and China reached an agreement on guidelines for requesting assistance in fighting cybercrime. According to Mandia, this has resulted in a significant drop in Chinese industrial spying against U.S. companies.
Adopting a similar accord with Russia could prove much more difficult, however, because of the tumultuous relationship between the U.S. and Russia. Companies are caught in the middle of international disputes, serving as the proving ground for a country's cyberattack capabilities. But with retaliation largely unavailable to them, corporations are left defending networks as best they can.
Meanwhile, cyberattacks continue at a record pace. Just two to three years ago, about 20,000 cyberattacks were attempted per week, according to Microsoft data. Now, that number is up to between 600,000 and 700,000 attempted cyberattacks each week.