FireEye Breach: Three Key Lessons

Dec 15, 2020

FireEye, a respected global cybersecurity firm, recently announced that it had been breached by a sophisticated hacking group using novel tools. That makes FireEye the latest cybersecurity company to suffer from an attack, with past victims including Symantec, Kaspersky and RSA, among others.

The FireEye breach is proof that anyone can be a victim of a cyber-attack, even those in the business of safeguarding systems from malicious actors. While investigations are ongoing, and we only have preliminary information based on what FireEye has disclosed, we can glean some key lessons:

Anyone can be hacked, but not everyone will be. As mentioned, this is yet another example of one unfortunate truth of cybersecurity: given enough resources and time, a determined threat actor can find a way in. According to FireEye, they were specifically targeted by very sophisticated threat actors with nation-state capabilities. Not every organization will be targeted by a threat actor, but you should keep your guard up by proactively looking at breach patterns and identifying who is attacking your industry. You also want to know if you are doing enough to protect yourself from those that are targeting you.

Know what is happening in your environment. FireEye has yet to disclose when the breach occurred. But, given that the stolen tools have not been seen in the "wild," one can tentatively assume that they have been swift with their detection and response. Knowing what is happening in your environment is key to responding in an appropriate and timely manner. The longer a threat actor is in your environment the more harm they can do. For this reason, you need to ensure you have the right processes, procedures and technology in place to detect such incidents.

Have an incident response plan. The apparent speed at which FireEye is responding indicates they most likely have a good incident response plan. A response plan identifies all the key players and activities necessary to properly respond to an incident. Having a plan in place beforehand helps speed up the response process and limits the potential damage done by the threat actor. You must ensure that you establish a plan before an incident. You don’t want to be deciding how to respond to an incident while it's happening. In addition to establishing an incident response plan, you should also review and test it periodically to ensure it is still relevant.

As new information comes to light concerning what happened in the case of the FireEye breach, we will learn more about how to implement additional protections. In the meantime, contact a CyZen professional for insight into your current security stance and IT environment.

Message Us 212.842.7005

Sign up for Our Blog!

* All fields are required

By choosing to submit data, you are agreeing to the storage and usage of your contact information to deliver the requested services.