FireEye attack & immediate risk management action steps

On Dec. 8, FireEye – a leading advanced cybersecurity solutions company – revealed (opens a new window) that it was attacked by a likely state-supported adversary. It reported stolen FireEye tools and the WSJ suggests that signs point to the Russian foreign intelligence service. These tools, it warned, could be used maliciously by cyber attackers. FireEye also stated that it has developed over 300 countermeasures, made publicly available, to broadly help companies and individuals concerned about this release of hacking tools. FireEye’s GitHub repository, Red Team Tool Countermeasures, is located here (opens a new window).

There is a broader concern about what a nation-state attack on a leading U.S. cybersecurity company suggests about how businesses and other entities are supposed to defend themselves. It seems timely to note here that one controversial initiative recently taken by national leaders is to impose duties – and create legal exposure – upon companies suffering ransomware attacks (opens a new window).

Clients should ask their IT and security partners about new risks arising from this attack and how they are incorporating the newly released countermeasures. More will be shared soon about initiatives to build capacity and to make advanced cybersecurity more widely available and affordable. In the meantime, here are immediate actions companies should implement as cyberattack risks continue to rise: 

  • Make cybersecurity an executive level responsibility with a program, meetings, oversight, etc.

  • Implement an Incident Response Plan. This plan should include a legal orchestrator to widely institute privilege and a trusted incident response partner.

  • Establish information sharing as a best practice. Joining a cyber threat information sharing community is a great place to start.

  • Consider advanced cyber threat preventive measures. Considerations include ‘invisibility’ features, encryption, trusted interconnection, and managed detection.

  • Obtain cyber insurance if you don’t already have it. If you do carry cyber insurance, ensure your policy is in line with your organization’s exposures.

Please contact your Lockton Global Cyber & Technology Practice team member or contact (opens a new window) if you have any questions regarding the new risks presented or ways to manage and reduce risk.

FireEye attack & immediate risk management action stepsDownload alert (opens a new window)

Not legal advice: Nothing in this alert should be construed as legal advice. Lockton may not be considered your legal counsel, and communications with Lockton's Cyber & Technology Practice are not privileged under the attorney-client privilege.