.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: FireEye
Oct 18, 2019 11:48:34 AM
The target: FireEye, a publicly traded cybersecurity company in California.
The take: Corporate documents, details on client contracts and licenses, and personal login credentials.
The attack vector: Attackers used credentials exposed in public data breaches to access the personal accounts of a security analyst employed by FireEye. Once his accounts had been compromised, they were able to exploit his business use of those personal accounts to obtain sensitive information belonging to his employer.
On an individual level – this attacks highlights the importance of changing passwords and rotating credentials, particularly in the wake of a publicized credential breach. At the firm level - once confidential and sensitive information leaves a firm’s information systems, it’s completely outside of their control. Security policies must reflect zero tolerance for use of personal accounts to communicate on behalf of the firm or store/transfer sensitive and proprietary information.
