This past week’s FireEye breach reminds us once again that no one is truly 100% safe from bad actors. FireEye, despite being one of the largest cybersecurity firms, was still able to be breached along with many other companies. We won’t go into too much detail on the attack since it has already been widely covered by many outlets. It seems like the Solar Winds attack was discovered as part of the FireEye breach so perhaps this could be a god send. If it wasn’t for FireEye’s detection, who knows how long the attackers would have gotten away with ongoing access to the Solar Winds customers. Our CEO, Kris Rides, posted a warning on Linkedin prior to the Solar Winds news, “for all those FireEye, Inc. bashers, just remember you’re not 100% secure.” How accurate that has turned out to be?
Fireye’s response and transparency has been exceptional and this is a good reminder that getting hacked is not the end all, be all. The way you detect, remediate, and handle the fall out of an attack is extremely important.
Now as Kris mentioned no one can be 100% secure and the security community knows this. What’s important is that we communicate this outside of our industry but ensure that this doesn’t become an excuse for companies to neglect security. We often help smaller companies build cost effective security programs, it’s surprising what can be done with a relatively modest budget and how penetration tests and an annual risk assessment can be a great sales tool. We have to remember for many large companies their security team is a major part of the vendor onboarding process and decision makers know this.
With larger companies it’s important that the board see the investment in security as exactly that, an investment. If the quality of your security program is best in class for your industry you’re going to help yourself immensely. Often it’s a battle based on effort, if the effort required to get past your defense isn’t worth the reward, those that are financially motivated tend to move on to an easier target….. so keep spending and hopefully you will never see a return on investment.