Alphabet subsidiary Google has announced it’s buying prominent cybersecurity firm Mandiant in an all-cash transaction that values the business at $5.4 billion. The deal, which is slated to close later this year, sees Google snap up a coveted prize at a time when Russia’s war in Ukraine is fueling widespread concern about rising cyberthreats.
Google’s bid for Mandiant comes a few weeks after rumors that Microsoft, a major rival in security and cloud computing, had been eyeing the business to further strengthen its own security offerings. At $23 a share, Google’s offer represents a 57% premium to Mandiant’s share price when news of Microsoft’s purported interest began spreading in February.
Mandiant will bolster Google Cloud’s security offerings as it seeks to compete more aggressively with Microsoft, AWS and other cloud giants. In a statement announcing the transaction, Thomas Kurian, the CEO of Google Cloud, called the Mandiant brand “synonymous with unmatched insights for organizations seeking to keep themselves secure in a constantly changing environment.”
That environment could start changing faster than ever because of Russia’s invasion of Ukraine, which has triggered fears that cyberattacks within Ukraine could spillover into other countries. CIOs and chief information security officers (CISOs) at companies are looking to their ecosystem of security providers to alert them to—and help defend them against—escalating digital threats.
Mandiant, which was spun out of cybersecurity company FireEye in 2013 and sold to private-equity investors for $1.2 billion, has built up a reputation for smart analysis of hackers’ activities, including those of groups from Russia and China. It has also played a prominent role in unmasking several high-profile cyberattacks, including one on SolarWinds in 2020.
The business, which is led by CEO Kevin Mandia, a highly respected security leader, has 600 consultants who help businesses deal with many thousands of crises a year. It also has more than 300 analysts who track hackers’ activities and flag emerging risks. Mandiant has developed a software-as-a-service platform that will integrate with Google Cloud’s online offerings and which helped the security company grow revenue last year by 21%, to $483 million.
Technology leaders say intelligence from all kinds of third-party suppliers is more important than ever given the heightened uncertainty triggered by the conflict in Ukraine. “Step number one is to be really plugged into your information network, says Brad Arkin, the chief security and trust officer of tech giant Cisco, which boasts one of the largest cyber threat intelligence teams in the world in the form of its Cisco Talos Intelligence Group.
While hackers may have targeted computer systems at liquid natural gas providers just before the invasion of Ukraine began, tech leaders say they generally haven’t seen any increase in specific threats. Still, they’re on the lookout for things such as distributed denial-of-service attacks, which flood websites with traffic to knock them offline, and wiper malware, which erases the hard drives of computers it infects. Both these and other tactics have already been used against Ukranian targets.
Lou Steinberg, a former CTO of TD Ameritrade who is the founder and managing partner of cybersecurity firm CTM Insights, thinks the risk of cyber activity spreading beyond Ukraine and Russia will partly depend on how far economic sanctions go in terms of damaging the Russian economy. The harder these measures bite, the more Russia could be tempted to loosen the restraints on cyber hacking groups in the country. Steinberg recommends CIOs and chief information security officers keep a close eye on the Baltic states, which are likely to be the first to experience any spillover cyber events.
Like other security professionals Forbes spoke with, Dawn Cappelli, who recently retired as the chief information security officer of Rockwell Automation, stressed that getting security basics right, such as bolstering defenses against phishing attacks that try to trick employees into handing over login credentials, is now more important than ever. Hackers, she says, could try to exploit feelings running high over the invasion to fool employees into clicking on phishing links.
Cappelli also recommends that companies step up scrutiny of their software supply chains, including code that controls key machinery and safety systems in factories and other critical infrastructure, such as power grids. Mandiant’s CTO, Charles Carmakal, who Forbes interviewed before news of Google’s bid emerged, says that where possible companies should try to separate the networks that run software controlling key industrial processes from those handling general IT needs in order to stop cyber attackers from using corporate networks to access more sensitive systems.
Cisco’s Arkin recommends businesses step up scrutiny of their network environments more generally in order to detect any intrusions. “Now is not the time to look past things that are a little bit off,” he says. The key is to be able to tackle any intrusions before they can cause chaos. “I’m really, really focused upstream. How do I prevent those early steps of the attack chain.”
Events in Ukraine mean that experts at businesses such as Mandiant and Cisco Talos are going to be especially busy this year. Chief executives and boards are also likely to be questioning CIOs and CISOs about the state of their preparations for scenarios in which cyberattacks spread. But one security expert cautions that placing too much pressure on tech and security teams now could ultimately backfire.
Johannes Ullrich of the SANS Institute, which specializes in cybersecurity training and research, says there’s a real risk of companies overloading cyber defenders with preparations for threats that may or may not become reality when they’re only just recovering from dealing with the Log4j security crisis in open source software at the end of last year. Warns Ullrich: “Exhausting your people with busywork [now] will hurt you later more than it helps.”