21 hours Ago By [email protected] (Rory Bathgate)
The cybersecurity landscape gets more complicated every year, with emerging technologies such as AI and the shifting geopolitical landscape bringing extra chaos to any CISO’s desk.Though automated defense systems are a welcome feather in cap for any company, it’s not just the good guys who have access to the latest tools. Off-the-shelf frameworks to launch attacks are becoming more common and businesses can’t rely on any single service to be a silver bullet.
What are the individual forces at play here? And how can security teams keep up?In this episode, Rory speaks with Kevin Mandia, founder and former CEO at Mandiant and current board member at cybersecurity firm Expel, and Dave ‘Merk’ Merkel, co-founder and CEO at Expel, to learn more about the current global cybersecurity landscape and what the future holds for security teams.Highlights“There was a time where zero days were in the purview of modern nations. That's kind of who used them.
And that's totally changed, now it's probably 50/50. You make so much money now on the financial side that you can afford to pay people to find the exploits. With the growing complexity of software, and software that depends on software that depends on software that depends on software and the shift change with AI coming, the vuln discovery capabilities that may be present in some AI components, the criminal element is operating at a nation state level, almost.
”“Look, I'll always be a proponent for adopting effective multi factor. And if you can adopt, not quite multi factor, but things like passkeys, it is better than passwords, that'd be great. I am still really skeptical face that there's any panacea there, I think you have to kind of keep up with the time so you completely lose ground.
”“Don't expect miracles, because just as you figure those things out, if you get them really humming and scaling, you're now defending in a certain way, the attacker is going to watch you, and then they're going to adapt their their approach to try to figure out how to take away some of your advantage. And so you have that kind of two steps forward, one one step back problem, because the attacker is not static.”FootnotesState-sponsored cyber attacks: The new frontierThe new ransomware groups worrying security researchers in 2025Stopping cyber attackers from targeting the weakest links in securityStealthy malware: The threats hiding in plain sightWhy attacks against critical national infrastructure (CNI) are such a threat – and how governments are respondingWhy vendor breaches still haunt enterprise IT leadersLondon council claims it faces 20,000 cyber attacks per dayI love magic links – why aren’t more services using them?How to create a secure password policyMajority of firms using generative AI experience related security incidents – even as it empowers security teamsSubscribeSubscribe to The ITPro Podcast on Apple PodcastsSubscribe to The ITPro Podcast on SpotifySubscribe to the ITPro newsletterSubscribe to the ITPro Podcast on YouTubeJoin us on LinkedIn.
