Mandiant CEO Kevin Mandia On Security After Uncovering China's Hacking U.S. Businesses

Kevin Mandia made the cover of Fortune Magazine for uncovering major hacks on major U.S. corporations by the Chinese government.

's hacking program is extremely extensive, grounded in attacking America's economy by acquiring trade information. "The thing is, we never know if we know 99 percent or 5 percent at Mandiant. At Mandiant we respond to intrusions, and we learned just what people, you know, the folks who hire us, that's how we learn: from private sector companies. So, we don't have a top-down view," said Mandia. "And that's one of the interesting things. We followed one group out of china, which we believe was Military Unit 61398 in the PLA. And we know they hacked a minimum, the lowest bounds, was 141 companies in the United States over the last seven years. So, we don't know if we know 5 percent or 90 percent, but I'm gonna guess it's more 5 percent." Mandia doesn't believe that the U.S. government would hack another country for economic gain, or any private sector companies, and that any hacking done is in all likelihood in the name of defending the nation.

:

"They won't go on the offensive to help out General Electric

or to help out JPMorgan Chase

. I don't see that happening. What happens out of China, we see government entities hacking the private sector and that's simply an unfair fight," said Mandia. When it comes to security risks with cloud data storage, Mandia said that the cloud is simply better for some companies and worse for others. He said that it's all dependent on how good the company's security is in the first place, and that trade secrets, intellectual properties, and/or weapons systems in their own private cloud. The conversation then moved to general email security, in which Mandia said that he uses Apple's

iPad to check him email, which according to him is much more secure than opening up messages on a non-mobile platform. "I think it's a big step up in security right now to use a mobile platform because they are smaller operating systems. It's less of a target area for the attackers to gain a foot hold," said Mandia. He wrapped up by saying that many incidents of hacking within in the banking system are not incidents, despite fears around security. He said that many compromises are isolated, or without consequence. "But if you have a widespread compromise, you want to get your hands around the totality of things, or get reasonable amounts of information before you go out and about and start telling people, because you might strike up a whole bunch of unneeded fear and doubt when really there was no impact or consequence to the breach," said Mandia.