Earlier this week, FireEye announced a breach and theft of Red Team tools. Businesses must act now to mitigate risk and maintain security.
Security, specifically cybersecurity and application security, has made headlines a LOT over the last several months. Attacks have been on the rise and it seems that researchers are finding vulnerabilities and configuration problems left and right. Businesses are taking notice, business leaders are realizing how much security matters and why it’s a good idea to get that review in before the end of the year. Especially now, since U.S. cybersecurity company FireEye announced it suffered a breach earlier this week.
From FireEye’s blog post announcing the breach:
“A highly sophisticated state-sponsored adversary stole FireEye Red Team tools. Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to use the stolen tools themselves or publicly disclose them, FireEye is releasing hundreds of countermeasures with this blog post to enable the broader security community to protect themselves against these tools. We have incorporated the countermeasures in our FireEye products—and shared these countermeasures with partners, government agencies—to significantly limit the ability of the bad actor to exploit the Red Team tools.”
The good news is that FireEye states that no zero-day exploits were stolen, which means that the information that was stolen has well-documented fixes and mitigation for businesses. That also means that businesses MUST make sure that all patching and updating of security measures is taking place as soon as that information is released. In this instance, many of the Red Team tools have already been released to the community and can also be found in FireEye’s CommandoVM.
Combine this incident with the Cloudflare vulnerability, and we now have proof that layers in security matter. You simply cannot rely on one tool to protect your entire business from every attack possible. It’s better to partner solutions and tools together so that they support each other and create multiple barriers around your business and its information. We also mentioned the other day that this is equally important in all areas of coding, not just security. If you are configuring something, creating something, protecting something or manipulating code of any kind, your best bet is to be diligent at every layer. Independent well coded layers within your system will help your systems and security remain stable and functioning, relieving the burden on a single tool or a single layer of your stack to do it all alone.
This breach should be a huge warning sign, a flare in the sky for businesses everywhere. If you haven’t taken notice of security yet, now is the time. FireEye believes they were hit by a nation state, likely Russia or Iran (per Reuters) and while the stolen tools aren’t zero-day exploits, businesses still need to ensure that they have done any patching or updating needed. Just because those have been released for use doesn’t mean they have been implemented. Remember, many business leaders will tell security teams to fix it “later,” as if “later” makes it cheaper or easier to fix. Later is here now, which means security needs to be addressed today.
The number one thing you can do for your business as a leader is handle security, which also means code quality, properly. This means it doesn’t get pushed back or set aside, it means it’s handled nearly immediately. If your team is too busy or you don’t have the right talent on staff, always, always, always consult and/or hire an expert! We say this often, but it is so very true. Experts are specialists, their reputation and therefore their business is staked on their ability to provide quality work. You wouldn’t hire a drywall specialist to build a skyscraper, you need an architect. The same applies with security, it is the foundation of your business.
The era of remote work has strained not just the security community, but the global economy. Security also directly impacts the global economy, every breach has a ripple effect and it takes time to see where that leads. If you’re a business leader, stop pushing security to the backburner and make it a priority. Not only is it vital to the success of the business, but it also directly impacts your livelihood. It’s important, it matters and it should be taken seriously from day one of a business.