This past week a leading cybersecurity firm announced that their data had been compromised by a highly sophisticated state-sponsored adversary. Many cybersecurity firms establish groups that attempt to infiltrate customer networks under controlled conditions, mimicking a potential adversary’s attack.
This type of work, called penetration testing or “pen testing,” is common within the industry. To conduct these operations, cybersecurity businesses have developed many tools for the identification and exploitation of vulnerabilities within client networks. However, in the aforementioned data breach, these tools were stolen.
Even though this breach did not release new exploits, it still creates new risk. Most breaches are caused by lapses in basic security controls: exactly the thing that these tools are designed to detect and exploit. Pen tests help reveal new vulnerabilities to customers, even those who conduct regular vulnerability scans. Unfortunately, there are freely available toolkits online that permit threat actors to conduct these operations.
What should you do?
All organizations should review their security programs to ensure that they have a strong security posture, wherein patches are updated regularly. They should also review their contracts with vendors to determine what, if any, warranties are made in regards to cybersecurity, incident response, etc. Finally, organizations should also ensure that their incident response plans address and contemplate data breaches, since even the most sophisticated cybersecurity companies can fall victim to a security breach.
One thing to take away from this news is that if this breach can happen to a major cybersecurity firm, it can happen to anyone. Last week, NSA even released a cybersecurity advisory regarding a major data breach where state-sponsored hackers used compromised credentials. Other organizations should use this as an opportunity to review their security posture and take immediate steps to protect themselves. If businesses prioritize security and employ best practices from the beginning, the likelihood of a breach will be minimized and recovery from a breach less frenzied.
If you have any questions or concerns about how a data security breach could affect you, please feel free to contact us.
(C) Rémi Frédéric Keusseyan, Global Head of Training, ISEC7 Group