Big news rocked the cybersecurity world this week with the announcement of the FireEye breach. It poses the question – what happens when the organization with the tools to protect others’ cybersecurity systems finds itself as the victim of a cybersecurity attack? While the response may still be unfolding, there is one key component to the response that has already taken place. That component is transparency. As other industries: aviation, telecommunications, to name a few, have learned industry sectors in crisis need to work together because if it happens to FireEye it can happen to others.
The FireEye Cybersecurity Breach – What Happened?
FireEye is a leading cybersecurity firm known for cyberattack detection and prevention services as well as its research on hacking groups. On December 8th, the firm announced that it had been targeted by what is believed to be a “nation state” attack possibly coming from Russia. CNN reported that according to FireEye representatives, the attack was different than anything the firm has seen before and may have been focused on compromising FireEye’s specific systems. In the statement from the firm, it was outlined that the “Red Team assessment tools” used to examine FireEye clients’ cybersecurity infrastructures were the object of the attack. As Kevin Mandia, the Chief Executive Officer, explained, the firm has worked to create and share more than 300 “countermeasures” for customers and others that could potentially be impacted to implement if any activity is suspected.
Aftermath and Response
The Washington Post reports that one of the main sectors making up FireEye’s clientele are government customers. The firm has worked with government groups on tasks such as research on Russian organizations associated with election hacking. In addition to developing methods for such customers to respond if affected by the Red Team tools attack, FireEye has partnered with the FBI and Microsoft to further investigate the incident. According to the authors of the Washington Post article, “U.S. Sen. Mark Warner, a Virginia Democrat on the Senate’s intelligence committee, applauded FireEye for quickly disclosing the intrusion.”
The Need For Transparency Following Data Breaches
Despite what seems to be a quick and open response, Markets Insider reported that FireEye’s stock market share dropped 13% following its announcement of the cyberattack. Although the firm has spent the last few years establishing itself as a leader in cybersecurity with its government portfolio and its work with companies such as Sony and Equifax, Markets Insider suggests that the decline in price could boil down to a new-found lack of trust in the firm’s abilities, a concern over FireEye remaining as a target for future attacks or the impact that the stolen tools could have on other cyberattacks. While that quick and open response may have led to the drop, it does reflect an important ethical question in the field of cybersecurity. An organization may never be 100% protected from a cyberattack, especially as systems are always evolving, and that goes for cybersecurity organizations themselves. But a dedication to being as transparent about the issue and response as possible is always an option.
Key Takeaways:
“A firm that helps protect businesses and cities from cyberattacks just got hit by one” – Brian Fung, CNN
https://www.cnn.com/2020/12/08/tech/fireeye-cyberattack/index.html
- FireEye, a cybersecurity firm that provides cyberattack prevention and detection to its clients, revealed that it had been targeted by a cyberattack likely stemming from a nation state.
- According to FireEye representatives, the attack was unlike any they have seen before.
- The attack was conducted to access the firm’s “Red Team assessment tools” used to examine FireEye clients’ cybersecurity infrastructures.
“Cybersecurity firm FireEye says was hacked by nation state” – Frank Bajak and Matt O’Brien, The Washington Post
https://www.washingtonpost.com/technology/2021/02/09/fireeye-hack-russia-microsoft/
- The firm gained recognition for its research into Russian hacking groups associated with elections.
- According to FireEye CEO Kevin Mandia, the hackers appeared to focus on gaining information related to some of the firm’s government customers.
- FireEye has partnered with the FBI and Microsoft to investigate the attack and has developed 300 countermeasures for customers to implement if they detect any suspicious activity related to the compromised Red Team tools.
“FireEye stock tumbles 13% after the cybersecurity group reveals hackers breached its defenses and stole diagnostic tools” – Theron Mohamed, Markets Insider
- FireEye’s stock price dropped by 13% following the announcement that the firm had experienced a cyberattack.
- Prior to the decline in stock price and cyberattack, the firm had built a reputation as a cybersecurity leader after working with large companies such as Sony and Equifax.
- Possible reasons for the fall in price include a new-found lack of trust in the firm’s abilities, a concern over FireEye remaining as a target for future attacks or the impact that the stolen tools could have on other cyberattacks.