Analysis

Citrix Synergy 2019: Citrix clings to silver linings following data breach disaster

The company says it has learned its lesson and is taking steps to improve password management

password on posit note

For a company that has always put security front-and-centre at its annual Synergy conferences, virtualisation firm Citrix is surely still feeling the sting from the disastrous data breach it disclosed earlier this year.

Hackers made away with 6TB of sensitive data, predominately corporate documentation, after infiltrating the company's internal networks and sticking around for several months before the company caught wind. But the truth is the incident could have been so much worse.

Thankfully, as far as Citrix is concerned, the suspected foreign attackers had no access to Citrix product or customer data, and no access to credential stores.

But that the breach was limited to corporate files hardly dampens its significance and business impact, and for those directly involved in the investigation and rectification, including Citrix's chief digital risk officer Peter Lefkowitz, the news came as a shock.

"I think any incident would shake anybody," he told IT Pro, adding: "There is nobody more focussed on security than a company that has had an incident, and we are using it as an opportunity."

Lefkowitz, who is determined to stay positive about the data breach, is mainly involved in the company's regulatory and compliance side, particularly with regards to legislation such as the EU's General Data Protection Regulation (GDPR). But he also played a key role in managing the aftermath of the data breach, in partnership with the chief security officer, and senior members of staff in cloud operations who deal with security.

The senior Citrix member even wrote to the United States' Attorney General earlier this month to disclose more details around the hack as well as communicate the causes to potential victims. Among the effects were sensitive files being removed from the company's system, including employee data and in some cases data on their financial dependents.

"Certainly the incident that happened, if anything, made us more focused on the topic, and made us look even deeper at everything that we do," he continued.

However, there was no mention of the incident during its main keynote address on the first day of its Synergy conference. Until we were able to put such questions to Lefkowitz, the company appeared reticent to go over old ground, preferring instead to remind visitors that investigations were still ongoing, and that all the information that it could release, had been shared.

Indeed, a day before Synergy kicked off, the company released another update via its blog, which was similarly light on detail. However, the post did reveal that cyber criminals, who are still suspected to have been international, had gained access to the company's internal network through a technique known as 'password spraying'.

This tactic exploits weak and commonly-used passwords to gain access to any one of a large number of user accounts in a guarded system. Criminals that lingered in Citrix's networks for an estimated six months were found to have exploited the company's weak internal password management regime.

For Lefkowitz, he envisages Citrix eventually moving beyond traditional password security, chiming with Microsoft's longstanding ambitions to eradicate the password entirely, as has been proposed vehemently in the past couple of years.

"I think this is going to be an area of really important evolution and an area of experimentation," he continued. "We'd love to get to a place where we don't have to rely on passwords.

"But until we get there, we're going to have to take a layered approach. We're going to have to do passwords and checking for weak passwords, and checking for burnt passwords, and multi-factor, various sorts of multifactor, logging and monitoring, and controls on the inside."

Since then the company has performed a mass-password reset among employees and has improved internal password management, according to its pre-conference blog. Lefkowitz says this includes pushing hard on multifactor authentication (MFA) - something we were surprised to learn wasn't already in place - which the company is "intently focused on", and encouraging its customers too to adopt this as quickly as they can.

But above all, the chief digital risk officer was keen to cling to the positives of experiencing the sort of incident that no company should hope to go through; namely, there is now a far greater awareness among staff and executives of potential cyber threats.

"We feel quite good coming out of that," he added. "Looking at the core security functions that surround our cloud, we were more vigilant, and following the incident, even more vigilant about looking at all of our practices, and examining all of our practices.

"Every single executive, and every single employee at Citrix, probably thinks more about these core, fundamental issues than they did three months ago. And that's a good thing."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021
Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021

Most Popular

SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021