Security Vendor Breaches: Fallout Justified

Kaspersky Lab and F-Secure were up-front in acknowledging recent hacks against them, but the negative fallout is still justified

Bill Brenner (CSO Online)
19 February, 2009 09:53
Comments

Attendees at last week's ShmooCon security conference were transfixed when news broke that a hacker breached part of Kaspersky Lab's US support site by exploiting a flaw in the site's programming.

Looking around the conference hall in Washington DC, I could see large groups of people staring at the news on their mobile phones and expressing a variety of opinions.

The incident was small compared to security breaches suffered by the likes of TJX and Heartland Payment Systems. But it was a big deal to the security practitioners at the conference because Kaspersky is a security vendor, entrusted by its customers to keep this sort of thing from happening to them.

Confidence in security vendors was shaken further when F-Secure admitted days later that its site had been the victim of an SQL injection attack.

Both vendors deserve credit for their candor.

Kaspersky Senior Research Engineer Roel Schouwenberg put it bluntly: "This is not good for any company, and especially a company dealing with security," he said. "This should not have happened, and we are now doing everything within our power to do the forensics on this case and to prevent this from ever happening again."

David Frazer, director of technology services for F-Secure's North American division, admitted it's embarrassing when a security company suffers a breach, no matter the size.

The honesty is appreciated, but they should be embarrassed.

When security is your company's business, even the smallest breach is worthy of scorn. If you can't keep the bad guys out of your own database, how can customers reasonably expect that you'll keep theirs safe?

Of course, no company is 100 percent immune from attack, even the security vendors. The key is for the vendor to be up front about that reality when the customer signs on from the outset.

Kaspersky and F-Secure have solid reputations in the industry and will get through this. The hope is that other security vendors take careful study of what happened and plan accordingly.

That means doing a double take at their own internal security, and being honest with customers that like everyone else, they too are at risk.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email CIO
Follow CIO on twitter

More about: F-Secure, Kaspersky, Kaspersky Lab

References show all

Kaspersky says Web hack 'should not have happened'

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"{A friend linked me to this resource."

The 30 best Safari extensions -- so far
"Isn't it surprising that Google, with all the resources it has at ..."

Apple and Google disagree over licensing of essential patents
"As are ours."

Monash Uni reduces IT teams after consolidation project
"QR code is a great invention people made. I'm making mobile apps ..."

FTC warns makers of background checking apps
"It hasn't cost the government, its cost the people -'The bungle has ..."

QLD govt demands answers after pay glitch

Tags: Breach Security, f-secure, kaspersky labs

Latest Blog Posts

Whitepapers

How progressive companies are using social technologies
Social networks and collaborative technologies are now commonplace in many workplaces. Having first been used “on the quiet” by highly-networked employees, in increasing numbers they are now being proactively used by businesses keen to connect more effectively with their internal and external audiences. Web collaboration is now viewed as critical to company success and as having multiple benefits and applications to the business. Read on.

Learn more »
Security Threat Report 2012
This threat report shares the latest research on hacktivism, online threats, mobile malware, cloud computing, and social network security looking ahead to the coming year.

Learn more »
Beyond Dropbox: Requirements for Enterprise Secure File Sharing
Consumer file sharing and synchronization apps like Dropbox have caught on with business users. But these apps lack the security, centralized administration and management of enterprise solutions. Learn about the requirements you should look for in an enterprise-class mobile file sharing solution.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

Zones

Featured Whitepapers

Collaborative software delivery: Managing today’s complex environment to improve software quality

IBM Rational Team Concert software can help simplify, automate and govern the delivery process. Based on the open standards Jazz platform, it offers a lean collaborative application life cycle management ...

Recent comments

"{A friend linked me to this resource."
The 30 best Safari extensions -- so far
"Isn't it surprising that Google, with all the resources it has at ..."
Apple and Google disagree over licensing of essential patents
"As are ours."
Monash Uni reduces IT teams after consolidation project
"QR code is a great invention people made. I'm making mobile apps ..."
FTC warns makers of background checking apps
"It hasn't cost the government, its cost the people -'The bungle has ..."
QLD govt demands answers after pay glitch

HP and IDG news, product videos and resources

Follow CIO

Market Place

Application Lifecycle Management Zone - Whitepapers | Videos | Events | e-books | Case Studies and more. Visit the Zone

How does Gartner rank ALM providers? Download the analysis report

Improving Storage Efficiencies with Data Deduplication and Compression - Download free resource

Latest Jobs

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

Download OPML file for import with all IDG RSS feeds

CSO Online Data Security Briefing

Security Vendor Breaches: Fallout Justified

Comments

Post new comment

The hierarchy of wisdom

ERP reload

Tourism sector bites the bullet

iPad 3 rumour rollup for the week of February 7

Internode, iiNet improve results in customer satisfaction survey

How to create a clear project plan

Preview: Prada Phone by LG 3.0

5 open source help desk apps to watch

Monash Uni reduces IT teams after consolidation project

iPad initiative for pupils in WA

QLD govt demands answers after pay glitch

FTC warns makers of background checking apps

Apple and Google disagree over licensing of essential patents

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Collaborative software delivery: Managing today’s complex environment to improve software quality

Top Ten Considerations when Deploying IT Operations Management in the Cloud

Unified Storage Strategy guide

2011 Pathways Advanced ICT Leadership Development Program

Enabling Agile and Intelligent Businesses