Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Security Vendor Breaches: Fallout Justified

Kaspersky Lab and F-Secure were up-front in acknowledging recent hacks against them, but the negative fallout is still justified

Attendees at last week's ShmooCon security conference were transfixed when news broke that a hacker breached part of Kaspersky Lab's US support site by exploiting a flaw in the site's programming.

Looking around the conference hall in Washington DC, I could see large groups of people staring at the news on their mobile phones and expressing a variety of opinions.

The incident was small compared to security breaches suffered by the likes of TJX and Heartland Payment Systems. But it was a big deal to the security practitioners at the conference because Kaspersky is a security vendor, entrusted by its customers to keep this sort of thing from happening to them.

Confidence in security vendors was shaken further when F-Secure admitted days later that its site had been the victim of an SQL injection attack.

Both vendors deserve credit for their candor.

Kaspersky Senior Research Engineer Roel Schouwenberg put it bluntly: "This is not good for any company, and especially a company dealing with security," he said. "This should not have happened, and we are now doing everything within our power to do the forensics on this case and to prevent this from ever happening again."

David Frazer, director of technology services for F-Secure's North American division, admitted it's embarrassing when a security company suffers a breach, no matter the size.

The honesty is appreciated, but they should be embarrassed.

When security is your company's business, even the smallest breach is worthy of scorn. If you can't keep the bad guys out of your own database, how can customers reasonably expect that you'll keep theirs safe?

Of course, no company is 100 percent immune from attack, even the security vendors. The key is for the vendor to be up front about that reality when the customer signs on from the outset.

Kaspersky and F-Secure have solid reputations in the industry and will get through this. The hope is that other security vendors take careful study of what happened and plan accordingly.

That means doing a double take at their own internal security, and being honest with customers that like everyone else, they too are at risk.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: F-Secure, Kaspersky, Kaspersky Lab
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Breach Security, f-secure, kaspersky labs
Latest Blog Posts
Whitepapers
  • IDC MarketScape: Worldwide Business Process Platforms 2011 Vendor Analysis
    Enterprises adopting business process management (BPM) software have wide-ranging needs, from highly dynamic task management to complex, high-volume processing with a focus on straight-through automation and the ability to rapidly detect exceptions. This IDC MarketScape focuses on what we call business process (BP) platforms, which are optimized to support midrange to more complex use cases. Read on.
    Learn more »
  • Improving Productivity in the Connected Enterprise Through Collaboration
    In the market for collaborative applications, a large convergence is beginning to take hold, and the consumerization of IT is central to this movement. The technologies that people use as consumers are impacting the way employees, customers, and partners want to interact and collaborate at work. People want to take the same technology experiences that are available at home and plug them into their daily work lives. This movement is setting worker expectations as both employees and corporate consumers. Workers need to have the choice and flexibility to consume the applications they want, where they want, and on their preferred device. Read on.
    Learn more »
  • Risk management: ensuring the security of your hosted information
    Organisations of all sizes are becoming victims to cybercriminals, data breaches, information theft and security risks. But before you go out and spend a fortune on security software, solutions and consultants, the starting point is to identify and measure your business’s exposure to those risks. In this whitepaper, “Exploring, Identifying and Measuring” risk, we examine how to identify risk and share an approach for identifying and measuring risk in your organisation.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments