The intrusion into SolarWinds, FireEye, and multiple U.S. government agencies continues to roil the cybersecurity world. In only a few days, a slew of additional details has emerged about the scope of the intrusions, with more surely to come.
Security vendors spend all their time talking about security but not in a way that’s useful right now. As we wrote in our previous blog, no vendor should turn what happened to these companies into a marketing opportunity. Let us repeat for emphasis: No vendor should turn what happened to these companies into a marketing opportunity. Other security vendors should also understand that this is not a time to throw stones at FireEye — a breach like this could happen to any vendor.
But security vendors do need to have a conversation with customers. Security leaders need answers.
Security vendors are notoriously closemouthed about attempted intrusions against them as a vendor. Despite a series of intrusions on vendors — RSA and Lockheed Martin, MeDoc, SolarWinds, and FireEye — it is virtually impossible to get a vendor to talk about what they deal with. And as the previous examples demonstrate, vendor intrusions are often a mechanism into their customers, as well. Here’s why this matters now:
End users should ask the following of their security vendors:
Some other interesting security vendor questions:
This is an opportunity for vendors to offer transparency — and demonstrate empathy — by sharing that what happens to them also happens to their customers, competitors, and peers. FireEye has largely received community praise for the openness and transparency exhibited when announcing its breach. Sharing lessons learned, anti-patterns, and changes made as a result will help everyone get better.
Other vendors should learn this lesson and recognize that this is a community.
The original Forrester blog can be found here. Jeff Pollard, vice president and principal analyst, and Sandy Carielli, principal analyst, wrote this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Image credit: iStockphoto/wildpixel