Last week, FireEye, one of the world’s biggest cybersecurity companies, announced that a sophisticated team of cybercriminals hacked into its network and stole attack simulation, or “red team” tools. These testing tools then help “blue team” defenders assess the strength of an organization’s digital protection.
Pointing to the tactics used to break in and steal the information, mainstream media outlets report that the attack was most likely perpetrated by Russia’s intelligence branch. Another breaking news report about a hack that targeted the US Departments of Treasury and Commerce showed a similar pattern. But security experts say it’s unlikely that the compromise will pose a significant risk to private businesses across North America.
So far, no evidence of widespread public problems has appeared since the theft of the FireEye tools, many of which had already been released publicly so that other cybersecurity firms could deploy them. That calmed the worries of some security experts, who were initially concerned that this could be a repeat of the 2017 theft of NSA cybersecurity tools, which included zero-day Windows vulnerabilities that led to the worldwide WannaCry ransomware attack.
“The FireEye tools appear to be mostly incremental improvements to public, already known techniques,” said Tod Beardsley, director of research at Rapid7, a vulnerability and compliance management firm.
Will a Bigger Threat Emerge from the FireEye Breach?
Even if the stolen FireEye tools are eventually deployed publicly, don’t expect major problems to follow. If anything, the hack could serve as an important lesson: any company, big or small, can be attacked, and a proactive approach is critical to staying safe.
Overall cybersecurity could actually be strengthened, too, if FireEye’s tactics, techniques, and behaviors are analyzed and incorporated into common defenses. The company immediately detected and responded to the hack, quickly publishing indicators of compromise (IOCs) and detection signatures that apply to the stolen tools, a move applauded by other security experts.
What Can I Do to Keep My Business Safe?
Use this as an opportunity to analyze your own cybersecurity situation, identifying vulnerabilities, and addressing them before a compromise occurs. The basics of cybersecurity hygiene apply even more today than they did yesterday:
- Work with a trusted IT provider to manage security patch and software update rollouts
- Deploy multi-layered network security tools that scan for intrusions, including publicly known issues like the FireEye theft
- Implement regular, remote, and redundant data backup that protects business information against ransomware and other attacks
- Prepare security incident response protocols that mitigate the impacts of cyberattacks
- Educate and train employees to identify common cybersecurity threats like phishing and business email compromise
The FireEye hack serves as an important reminder that there’s no such thing as bulletproof protection or impenetrable defenses. It’s not so much a matter of if you’ll get hacked but when. That’s why the goal of today’s cybersecurity tools is to control and reduce risk, not eliminate it.
How Can an IT Provider Help?
CMIT Solutions specializes in that kind of approach, protecting thousands of North American businesses. We tackle the problem from every angle: prevention, detection, and response, which enhances the overall resilience of your company in the face of increasingly complex attacks.
We go the extra mile to protect the data, devices, and digital identities of our clients. While hackers devise new tricks to avoid standard network security defenses, our 800 staff members at offices across North America work day and night to deploy new protections and devise new strategies for IT success.
If you need a trusted partner to help you with cybersecurity, contact CMIT Solutions today.