Skip to main content
Article

Client alert: Fire Eye cyber attack

What it means for your business

Cyber Risk Management|Financial, Executive and Professional Risks (FINEX)
N/A

By Dominic Keller, CISSP | December 11, 2020

Considerations for your organization in the wake of the Fire Eye cyber event.

Fire Eye, a leading global cybersecurity and threat intelligence firm, announced that they had been the victim of a cyber attack on December 8. Stating that the highly sophisticated nature of the attack suggested a nation state actor with “top tier offensive capabilities”, a number of officials have attributed the attack to Russian linked hackers. Fire Eye stated that initial investigations indicate that some internal systems were accessed however no customer information was exfiltrated. The core information stolen was “Red Team” assessment tools, used by Fire Eye to imitate real attacks to identify and resolve vulnerabilities on their client’s networks. Fire Eye has publicly released countermeasures to detect and block the exploitation of the stolen tools.

It is important to note that investigations are ongoing and many details are not yet public. While the impact of this attack on organizations is still unfolding, below are some initial observations and recommendations for your organization to consider in mitigating the threats posed by this significant event:

Patching and proactive countermeasures

Fire Eye has released countermeasures to assist in proactively preventing the stolen tools being used against organizations. These have also been incorporated into Fire Eye products and we recommend immediately patching and updating relevant systems to prevent bad actors exploiting the stolen tools. This incident underscores the critical importance of an effective organizational patch management framework and regularly deploying patches across your network.

Defense in depth

Early indications suggest that this was a highly sophisticated attack, executed with “discipline and focus” and utilizing hacking techniques not previously observed. Notably, while internal systems were accessed, the “primary systems” containing customer data were apparently not accessed. Early detection, alongside a “defense in depth” approach, appear to have prevented access to customer information (including government agencies) and the “crown jewels” that were the hacker’s primary objective. Organizations are encouraged to segment critical systems and utilize continuous security monitoring to facilitate early detection of potential cyber threats.

Proactive incident response

Fire Eye self reported and publicized this incident, alongside releasing countermeasures to prevent attacks based on the stolen information. Fire Eye’s response has been praised by U.S. Senate members and shows the importance of a proactive communications strategy during a cyber incident to ‘control the narrative.’ Ultimately, it may not be so much that the cyber breach occurred but how Fire Eye responded that will be remembered. Organizations should incorporate communication planning, customer engagement and a brand focused strategy into cyber incident response planning to minimize the impacts during and after a cyber incident.

No organization is completely secure

Fire Eye’s brand is intrinsically linked to providing industry leading cyber threat detection, analysis and response. Nonetheless, hackers were still able to circumvent their defenses, highlighting that no organization is safe from highly sophisticated, persistent and well-resourced cyber criminals. Actively preparing your organization for a cyber incident is an essential part of ensuring cyber risk resiliency and can have a significant impact in minimizing financial loss and brand damage when an incident occurs.

About the FINEX Cyber Risk Solutions Team

The FINEX Cyber Risk Solutions team is a global team of consultants offering tailored services that support insurance goals, align cyber risk management with business objectives and deliver cost effective Cyber Risk Resilience. The CRS team can design solutions to meet client needs in Cyber Risk Assessment and Quantification, Incident Response and Business Continuity Planning, Operational Risk Analysis, Governance and Policy development and many other cyber risk areas.

Disclaimer

Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed subsidiaries of Willis North America Inc., including Willis Towers Watson Northeast Inc. (in the United States) and Willis Canada, Inc.

Author

Dominic Keller, CISSP
Global Team Leader, Senior Consultant, Cyber Risk Solutions Team

Contact Us