Subscribe
Share
Share
Embed
On Ahead of the Threat, Bryan Vorndran, assistant director of the FBI’s Cyber Division, and Jamil Farshchi—a strategic engagement advisor for the FBI who also works as Equifax’s executive vice president and chief information security officer—discuss emerging cyber threats and the enduring importance of cybersecurity fundamentals.
Featuring distinguished guests from the business world and government, Ahead of the Threat will confront some of the biggest questions in cyber: How will emerging technology impact corporate America? How can corporate boards be structured for cyber resilience? What does the FBI think about generative artificial intelligence?
Assistant Director Brett Leatherman, FBI Cyber Division: Cyberattacks don't start with a bang. They start with something ordinary. A click. A reused password. An unpatched system. A vendor you trusted. These attacks often start with one organization, but increasingly have downstream impact to others.
I'm Brett Leatherman, head of the FBI's Cyber Division. Welcome to season two of Ahead of the Threat.
Most people know the FBI for our work disrupting sophisticated criminal enterprises, bringing violent offenders and corrupt officials to justice, countering terrorism and chasing foreign spies. This podcast is about an equally important front line of that same mission: Defending the homeland in cyberspace.
Here's how we spend our days at FBI Cyber—we pursue the people behind the keyboard, criminals and nation-state actors so we can stop or disrupt attacks, hold adversaries accountable, and help victims recover when it happens. Since 2022, we've provided thousands of decryption keys to ransomware victims, helping them avoid more than $800 million in ransom payments.
We do it with a unique view of the threat, world-class investigative capabilities and partnerships across the government, industry and around the world. And we have an obligation to share what we're seeing with you the insights that help you defend. That's what this podcast is for. And if you're new here, welcome. Let me tell you what we're seeing right now.
Ransomware is targeting the backbone of our economy, and the playbook keeps evolving. Last year, we saw a 17% jump in attacks and more than 30 new groups entered the market. Attackers are increasingly going one to many. They hit software providers, managed service providers and other shared access points so a single intrusion can ripple across hundreds, sometimes thousands, of organizations. We've seen bad actors exploit remote management tooling and reach downstream customers through one weak link. That's the one-to-many problem. One breach cascading impact. Supply chain compromise is now the second most common way in, and these intrusions go undetected for nearly nine months on average.
And it's not just criminals. Nation-state actors are targeting American businesses in critical infrastructure, sometimes directly, sometimes through proxies and contractors looking to steal, to surveil, and to pre-position access they can use later. And we've been public about this in joint advisories. PRC-backed actors work alongside commercial entities that serve China's intelligence apparatus. They use compromised devices and trusted connections to move from one network into another. If adversaries are taking an all-of-society approach to attack us, we need an all-of-society approach to defend against it. That's the environment we're in.
And that's why this podcast exists. If you listen to season one, you'll recognize the mission. Each episode will open with news of the day. What matters, why it matters, and what defenders should do about it. I'll sit down with an expert from government or industry, people who see the threat up close and know what works. And this season, we'll take you inside FBI Cyber, introducing you to the people and capabilities working every day to protect this country.
The goal is simple—help you step back from the day-to-day so you can see the threat more clearly, connect the dots and drive change. Early in season two, you're going to hear a lot about two things. First, the administration's cyber strategy, the FBI's cyber strategy, and the priorities shaping the year ahead.
Here's why it matters. It helps define what “good” looks like and where we need to raise the floor.
It's about critical infrastructure businesses of every size and the balance we all want, where the costs of cyberattacks don't keep landing on American victims. And we'll be clear about where the FBI fits—pursuing adversaries, driving disruption in supporting victims alongside our federal partners.
Second, Operation Winter SHIELD. From mid-January through mid-March, we are running an eight-week campaign focused on one thing: Defending the homeland of cyberspace against cyber threats with real economic and national security implications. Last year alone, nearly 5,000 critical infrastructure organizations reported cyber incidents to the FBI, and we know that number significantly under-represents the true scale.
Each week, we'll share what we're seeing in our law enforcement work, the top ways organizations continue to be compromised. Most of it won't surprise you. You're living it. But we continue to see it across every sector.
Our goal is to give you practical steps to begin moving the needle towards greater resilience. This podcast is for defenders, CISOs, security teams and risk managers. It's also for general counsels, CEOs and boards of directors. Because today, cyber risk is business risk and protecting the country and cyberspace takes all of us. If that's you, this is the conversation to be a part of.
Season two drops in a few weeks. If you want some context for what we're building, season one with Bryan Vorndran and Jamil Farshchi is a strong foundation and still relevant today. There's work ahead, and the adversaries aren't waiting. Together, let's get ahead of the threat.