DailyPost 2909
IF CYBER SECURITY MAJORS ARE BREACHED…
If a daredevil robbery takes place in a police establishment, the credibility of the security provider is in tatters. As we move into the cyber security domain, the police do not have an overarching role to play more so in peacetime. There are cyber security companies who provide the services so that the cyber world functions in a safe and secure manner. Fortinet is one of the major players globally, being just behind Palo Alto and CrowdStrike, is the third largest cyber security firm, with a valuation of US $60 billion. We have just experienced Microsoft Outage with CrowdStrike at the backend and now bad news is from the Fortinet stables.
Fortinet provides endpoint security, firewalls, and more to organisations globally. Cyber Daily reported that a threat actor gained unauthorised access to a third party it used. Only recently in the Status of Threat Landscape Report 2024, produced by CrowdStrike, third party relationship exploitation is one of the major threat methodologies and rightly so. If we can find an easier way to target the main adversary, then why not. It is reported that throughout 2023, targeted intrusion actors attempted to exploit trusted relationships to gain initial access to organisations across multiple verticals and regions.
One would expect the cyber security companies to be in better shape in a world where the operational adage is; getting hacked is the new normal. A Fortinet company spokesperson said “an individual gained unauthorised access to a limited number of files stored on Fortinet’s instance of a third-party cloud based shared file drive”. The company claims that this had limited data related to a small number of Fortinet customers. As per their official and legal obligation, Fortinet has communicated directly with the affected customers as deemed appropriate.
This incident as per the current indications has not resulted in malicious activity affecting any customers. The company consistently claims that its operations, products, and services have not been impacted. On the contrary there are reports that customers within the Asia-Pacific region were affected. While speaking with Cyber Daily, Home Affairs confirmed that it was aware of the incident. They have also stated that they are ready to assist. Strangely enough the nature of the incident is currently unknown. This does not augur well for the nature of cyber security services they offer to their customers, which as a logical corollary would also be generally shrouded in non-transparency.
IF CYBER SECURITY COMPANIES LACK CLARITY, THERE IS A SERIOUS ISSUE AT HAND.
Sanjay Sahay
Have a nice evening