We depend on security companies for several things. First and foremost, to provide the software and tools that help keep our own networks and data secure. Second, to be the front line of the latest security issues; while we may only know some companies by their AV software, most are also involved in research and detection of new vulnerabilities and malware. Third, we expect them to be the shining example of how good security is done.
So what happens when the security companies are the victim?
In July, the announcement came that Bitdefender suffered a data breach, in which a small number of customer usernames and passwords were compromised. According to eSecurity Planet, the breach was caused by human error and outdated software. The article also pointed out that those responsible for the hack are using blackmail – wanting a ransom for the customer data or it gets released (which was done a day or two after the threat).
This news comes just a month after it was announced that Kaspersky Lab was also the victim of an attack. In a blog post, CEO and founder Eugene Kaspersky wrote:
The bad news is that we discovered an advanced attack on our own internal networks. It was complex, stealthy, it exploited several zero-day vulnerabilities, and we’re quite confident that there’s a nation state behind it. We’ve called it Duqu 2.0.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Incidentally, Kaspersky did say that they were able to use this attack to their advantage – they get to learn more about a very serious attack method and come up with a solution – and, also importantly, customer data are safe.
Still, these attacks on the very companies we trust to protect our networks are concerning. What does it mean for us if security companies are suffering cyberattacks and data breaches?
For one, it means that they are just like any other company. They are susceptible to human error and insider attacks. Secondly, I think we have to remember that many of these organizations are set up to discover new attacks, so perhaps it isn’t too surprising when something slips through. But it also shows just how difficult attaining real security is. No company is immune to a data breach or cybersecurity event. So while you want to do as much as possible to prevent an event, the more important thing is to have a plan in place on how to react and mitigate the problem as quickly as possible.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba