Share what you know with millions of people
Focus is the best place to turn what you know into remarkable content
Symantec admits to being hacked directly -- any fallout coming?
So, Symantec finally admits that it was their own network that got hacked, in contrast to what they were willing to suggest last week.
It might be too early to ask this, but will there be any fallout for them?
Will this situation impact their sales of security tools to corporate customers? Or will it simply be brushed off as a minor issue pertaining to older software products.
I'm waiting to see if Symantec produces real information about how the breach occurred. So, far, they've done a poor job with the handling and notification of this issue.
(BTW, if you desire to see irony, do a Google search of "symantec breach" and look at the 2nd or 3rd major link)
Best Answer
Absolutely there will be a loss of customer base, to a degree. But then, who knows? The only people I know that still use Symantec (or Norton for that matter) are uneducated users. Educated consumers haven't used either in years...hell haven't used either for 15 years and I'm no Steve Jobs.
And it looks like they knew/suspected back in 2006, but could not conclusively say that anything had occurred. Now, in 2012, they feel confident enough to assure us that nothing current was impacted. Well, nothing beyond pcAnywhere...
Hmmmm.... The trust level is diminishing rapidly...
http://www.symantec.com/cmp/theme/?cmp_id=enterprise_security&theme_id=one_br...
Anyone who trusts their data security to any single product/manufacturer is just asking for problems. There could be an inherent flaw in the way they produce products that makes them all vulnerable in some way (just hypothesizing). As is widely known, but I suspect less often practiced, security must be applied at every level, so if one part of the "safety net" fails (e.g. RSA), another point should be able to block it (e.g. time-based ACLs).
It is ironic that Symantec are less than honest with the truth of the breach, and I highly doubt we will know exactly what happened, despite all their papers allegedly in the name of transparency and learning from others mistakes/actions over the years. I won't forget how they became "experts" over Stuxnet, despite them not knowing any more about it than anyone else outside of the group responsible. From the start when it was revealed that it was targeting specific hardware, it was clear that the virus was not going to get there via internet propagation. Only an idiot would put hardware systems like that online. The internet distribution was simply a way of covering the tracks of whoever created it, and it worked. Several vendors came out with papers that didn't really say anything that hadn't been in the news previously, though there was some reverse engineering of the virus thrown in to look good.
You can't tell intent from code, and as the obfuscated C contests show, you can't always see what code is really up to if someone really wants to hide something, even when you know they are hiding something.
It is also a fallacy to think these "security companies" are immune from successful attacks being perpetrated against them.
What we need to know is the "how" of this attack, as they report for every other virus outbreak going, but without all the hype. Whether we see that is another question.
Events
- Dos and Don'ts of Small Business Marketing May 29 @ 11 am PT
- Lead Nurturing 202: The Next Generation May 31 @ 11 am PT
- The Tricks to Paid Media June 6 @ 11 am PT
- Display Advertising for Brand Awareness June 20 @ 11 am PT
Related Activity
After the RSA SecurID breach, it seems that very few large customers left for another product.
Time will tell what will happen in this case. But for enterprise customers that have Symantec on thousands and even tens of thousands of devices, going to another vendor is an enormous hassle, both in time and effort. And what is to say that the other vendor won’t be a victim also?