Forrester’s Rick Holland makes a great point in the epic Target Breach: Vendors, You’re Not Wrestlers, And This Isn’t The WWE post. Epic mostly because he figured out how to work the WWE and a picture of The Rock into a security blog post.
Rick’s irritation with competitors trying to get a leg up on FireEye based on their presence in Target’s network is right on the money.
Vendors who live in glass houses shouldn’t throw stones. It didn’t take long; I’ve already started hearing FireEye competitors speaking out against their competitor’s role in the Target breach. As I mentioned above, this wasn’t a technology failure: FireEye detected the malware. This was a people/process/oversight failure.
We all live in glass houses and karma is a bitch. But more to the point, if you think I take as fact anything written about a security attack in the mainstream business press, you’re nuts. If Krebs writes something I believe it because he knows what he’s doing. Not that no other reporters have enough technical credibility to get it right, there are. But without the full and complete picture of an attack, trying to assign blame is silly. Clearly in Target’s case there were many opportunities to detect the malware and perhaps stop the breach. They didn’t, and they are suffering now. Their glass house is shattered.
But this could happen to any organization at any time. And to think otherwise is idiotic. So think twice before thinking that would never happen to you. Never is a long time.
Photo credit: “Going into the Glass House” originally uploaded by Melody Joy Kramer