Even Cybersecurity Firms Aren't Safe from Hackers

It's unfortunate but true: A cyberattack can happen in the blink of an eye. At least, it seems that way because victims are usually the last to find out they've suffered a breach. One day you're reading about an unfortunate breach online; the next day you're the victim.

Contrary to popular belief, it can happen to anyone--even those entities you'd least expect, like major cybersecurity firms. It just goes to show that everyone, from small businesses up through seasoned cybersecurity companies, can beef up their online defenses against a data breach and safeguard their finances with cyberattack insurance.

Mandiant Experiences a Breach
A hacker (or group) going by the moniker "31337" managed to breach the personal laptop of a senior threat intelligence analyst at U.S. cybersecurity firm Mandiant in July. Stolen information (allegedly including information on company licenses, contracts, clients and login credentials for the targeted employee) went up online for a period of time after the breach.

As Q13 FOX News reports, the hacker responsible made their motivations clear: "Let's go after everything they've got, let's go after their countries, let's trash their reputation in the field." They implored other hackers to join in, even starting a #LeakTheAnalyst hashtag. Some of the analyst's social media pages also became targets during the hack. For example, the anonymous hackers defaced the victim's LinkedIn page (which has since been deleted).

Despite the fact hackers claimed to have gained access to private company information for 2016 and 2017, FireEye--who owns Mandiant--said they'd launched an investigation but found no evidence either company's systems were compromised. According to CNN, Mandiant works with important clients like:

  • Financial firms
  • Government agencies (like Saudi Arabia's energy ministry)
  • Universities
  • Medical centers (like Texas Children's Hospital)
  • Major retailers

The takeaway from this incident is really that anyone can experience a cyberattack--even professionals who work in the cybersecurity industry! Denying this fact would be like believing firefighters' own homes are immune to going up in flames.

Developing Prevention and Response Plans
The hacking situation with Mandiant is also a good reminder of how employees' personal devices can act as gateways to professional information. Especially with the rise of Bring-Your-Own-Device (BYOD) culture, employees tend to accomplish work and sync accounts on their personal devices.

Savvy businesses should invest in employee training to teach anyone with access to company information (files, correspondence, accounts, etc.) how to prioritize cybersecurity with strong passwords, secure Wi-Fi connections and more. Since it takes only one employee account to compromise private company information, it's also important to train employees to spot phishing scams so they can report it rather than accidentally pass credentials into the wrong hands.

Remember: Your employees are the gatekeepers to your company's confidential information. Are you doing everything you can to prevent a hacker from finding and exploiting "the weakest link"?

If someone does slip through your defenses, cyberattack insurance can protect your business from the staggering financial burden associated with hacks and data breaches. Find a fitting policy with help from CyberPolicy today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375