Mandiant Founder Aims to Impose Costs on Hackers in VC Role

(Bloomberg) -- Kevin Mandia is trying to find ways to make life harder for brazen hacking groups.

Most Read from Bloomberg

• Supreme Court Poised to Allow Emergency Abortions in Idaho

• YouTuber Dr Disrespect Was Allegedly Kicked Off Twitch for Messaging Minor

• Bolivia’s President Arce Swears in New Army Chief After Coup Bid

• FedEx Stokes Investors With Hint of a Freight Deal

• Volkswagen Invests $5 Billion in EV Startup Rivian to Form Joint Venture

Mandia announced in May that he’d step down as the chief executive at Mandiant, the cybersecurity firm that he founded in 2004, after it was acquired by Google Cloud in 2022. He’s now moving into the venture capital world as a general partner and co-founder of Ballistic Ventures, an investment firm that’s raised $660 million in funding to invest in a range of emerging security startups.

Amid a spate of devastating ransomware attacks, widespread concerns about social media disinformation and increasing innovation from hacking groups, Ballistic is trying to find companies that will help stop that trend toward escalation, Mandia said. Recent hacking campaigns have crippled North American auto dealerships and caused outages at London hospitals, with hackers asking for ransom payments that have reached new highs in the tens of millions.

“The criminal element in cyber has hit almost an intolerable level,” Mandia said in a recent interview with Bloomberg News. “With Ballistic we’re investing in defense and being faster at closing windows of insecurity.”

Mandia also stressed the importance of imposing “risk” and “pain” on cybercrime groups, including taking a more aggressive stance toward publicly identifying hackers. Flagging active misinformation campaigns, strengthening authentication as a means of safeguarding digital identities and conducting red-team exercises — where security researcher probe a client’s networks in order to proactively find vulnerabilities — all are means of doing that, he said.

“If we just play defense, we’re just playing goalie,” Mandia said. “We’re always going to be reading headlines about people being taken advantage of.”

Early Ballistic investments include the risk management company Aembit and identity security firm AuthMind, among a list of other cybersecurity firms listed on its website. Ballistic also worked with Google Ventures, the investment arm of Alphabet Inc., to raise $34 million for the anti-misinformation startup Alethea.

Investors put over $9.6 billion into information security startups across 693 deals last year, according to PitchBook, even as the value of deals across the industry space gradually decreased from mid-2022 to January of this year. Other cyber-focused firms include Sequoia Capital, which has invested in companies like Chainguard and Okta Inc. Accel also has invested in CrowdStrike Holdings Inc. and the password manager 1Password.

At Ballistic, Mandia said he’ll tap into his Mandiant leadership experience to help founders trying to safeguard the internet.

(Corrects the amount of money raised by Ballistic Ventures in second paragraph.)

Most Read from Bloomberg Businessweek

• The FBI’s Star Cooperator May Have Been Running New Scams All Along

• How Jeff Yass Became One of the Most Influential Billionaires in the 2024 Election

• Musk’s Population Obsession Comes With a Dark History

• Surging Returns Lure Private Equity Giants to India

• How Glossier Turned a Viral Moment for ‘You’ Perfume Into a Lasting Business

©2024 Bloomberg L.P.