It looks like we’re closing out 2020 with significant cybersecurity incidents, with forthcoming implications that have critical importance across the world. For example, reports are coming in about cyber attack operations carried by state-sponsored threat actors against bodies that manufacture, plan to distribute, and validate Covid-19 vaccines, as well as the U.S. Department of the Treasury, U.S. Department of Commerce, the Pentagon, and NASA. As the CIO of Johnson & Johnson, a Covid-19 vaccine research and development company, described it, cyber-attacks against their company are now being registered “every single minute of every single day.”
Around the nation, schools are under continual cyber attacks as well, at a time when classrooms are challenged in remote classroom situations. An entire school district in Baltimore had to shut down due to a ransomware attack the day before Thanksgiving. A ransomware attack was behind a month-long medical records digital system shutdown at the University of Vermont Medical Center. No target is off-limits, and lawbreakers are taking advantage of the vulnerable dependence on virtual technologies due in part to the global pandemic. There are nation-states, cybercriminal groups, and lone wolves in this crazy mix of cyberthreats.
FireEye Hacked, Now What?
One of the well-known global leaders in information security, FireEye, was hacked with the company’s CEO reporting that the attack was launched by “a nation with top-tier offensive capabilities.” If a leader in information security such as FireEye—along with the Pentagon and U.S. Treasury Department—can get hacked, we can all conclude that no one is safe.
The cyberattack on FireEye has special significance since FireEye is in the business of defending and protecting high-profile clients from the very sort of attack they endured. They lost data—a portion of its “red team” tools, which they use to simulate real attacks and seek out vulnerabilities within a company’s digital environment. The successful attack on FireEye is an ominous achievement not simply because of the nature of business they are in, but because they also possess a wealth of knowledge about tactics, industry sources, as well as specific knowledge about their clients.
We would never throw stones from glass houses, however. This is not what this is about. The real lesson here is that anyone can be hacked and the attackers here used a “novel combination of techniques not witnessed” by FireEye before to do it. To their utmost credit, the company has been upfront about the incident, and they have developed and released hundreds of Indicators of Compromise (IoC)s and detection signatures for the community to use. The company joins the ranks of other security companies that were compromised, including Symantec, RSA, Kaspersky, and Trend. So they are not the first, and won’t be the last.
You Are Not Safe
Nobody, not even one of the most trusted cybersecurity companies in the business, is impervious to cyberattacks. You should be worried—we should all be worried—and as an industry, we must do a lot more to promote better cybersecurity.
So what is your plan? If you are running behind clever passwords and a basic firewall, the threats are too great, too fast, and too powerful, and the day you are hacked will arrive much sooner rather than later. Bottom line: basic security is NOT ENOUGH.
Here is What to Do
First, throw out any notion you might have that you will be able to completely eliminate risks. Shift those security goals around minimizing and managing risks. That means keeping the impact of incidents low and the efforts to resolve incidents as efficient as possible. The tools you implement to make those goals possible is what makes it all work, including:
- Complete managed security including all your end points
- Encrypt EVERYTHING – in transit and at rest
- Secure EVERYTHING – with dual factor authentication
- Trust no one and no account (Zero trust!)
- Patch, patch, and keep patching
- Leverage third party specialists for audits and monitoring
Stay on top of patch management, revisit and validate alerting infrastructure at every point of egress/ingress, use defense in depth (layered security measures), and teach users to protect their accounts and report suspicious events.
The Managed Proposition
Although no organization is impervious to cyber threats, two heads are better than one when it comes to protection, detection, response, and recovery when risks turn into realities. Managed security services are booming for the very reasons we are witnessing with all of these threats. New threat adversaries are everywhere, and managed security picks up the tasks of threat detection and response, security technology management, application monitoring, and controls, and almost all security and compliance tasks that require more experience and resources than the average business can provide.