FireEye: It Was Only a Matter of Time

The real story is not about just one company

On Tuesday, December 8, 2020, FireEye, one of the world’s premier cybersecurity firms, announced they had suffered from a cyber breach reportedly carried out by Russian Nation State hackers. Although FireEye is in the spotlight today, this story is not really about them.

Any notable cyber companies and others across similarly high profile industries are prime targets for advanced attackers. This story will dominate headlines, and people will race to attribute blame or retrospective analysis.  Cybeta does not believe the real story here should be about Fireye’s unfortunate breach; it is about the predictability of not just this breach but many others.

To measure breach probability, Cybeta uses Threat Beta, which functions like a stock beta that uses 1.0 as the average. Higher Threat Betas indicate exponentially higher breach risk as proven by our extensive testing over more than five years of data and 10,000 companies. Looking at the below Threat Beta chart, you’ll see that a composite of excellent cybersecurity companies such as FireEye, CrowdStrike, BitSight, and many others, have an average Threat Beta of roughly 1.8 over the course of several years. That amounts to an 80% elevated likelihood of suffering a breach as compared to the median company.  The nature of the data that traditional cybersecurity companies hold, the technical prowess of their tools, and the vast reach into customers creates a perfect storm of breach likelihood not just for FireEye but many similar companies. Attackers can gain one-to-many leverage into much more than their initial target. After all, the attackers need only succeed once in their attempts. At the same time, the defenders must bat a perfect 1.000 to avoid being victims.


What does this mean? FireEye is not the only company in danger of a breach; they’re just the latest to hit the news.

Threat Beta scores over 1.40 indicate that a company is 6x more likely than companies with low Threat Betas to experience a cyber breach. Since this composite Threat Beta score hovered around 1.80 for approximately the last two years, it is now only a matter of time before another cybersecurity company reports a major breach.

If a company as technically savvy at cybersecurity can suffer a breach, it only stands to reason that everyone else is at risk too. If companies continue to focus defenses on being able to better detect and respond to threats, they will always be reactive, inefficient, and, sadly, an eventual victim.  There are no fingers to point or blame to be levied; it is the fundamental error the West is making by focusing cybersecurity on reactive network tools against an adversary who is determined, well-funded, and highly skilled.

Threat Beta, Cybeta’s flagship product, answers the important question of “How and when an attack is most likely to occur” with proprietary technologies developed by former US intelligence officers. Instead of incorrect attempts to build a top-down view of cyber risk by company, Cybeta developed Threat Collection Engine™ (TCE) that automates the volume of information and intelligence across the entire global footprint of networks. With applied data science and machine learning mimicking the Cybeta teams’ decades of cyber targeting experience, Threat Beta delivers predictive and contextualized cyber threat analytics for any public, private, or municipal enterprise in near real-time. Stop waiting to defend against attackers and start being predictive and proactive.