Entrust confirmed it was hit by a cyberattack on June 18, which resulted in an intrusion of internal operations systems, but in a statement related to the attack the company remained tight-lipped.
The cybersecurity vendor said it has found no indication to date that its dozens of security products for identity and access management, ID and passport issuance, payments, cloud security and data processing were impacted and remain operational.
Entrust has more than 10,000 customers, including federal government agencies, banks, insurance companies, and tech firms such as Microsoft and VMware.
Though it admitted the attack, Entrust remains tight-lipped about how it happened, if ransomware was involved and what it’s doing in response.
Entrust’s transparency is put to the test
Transparency is a key differentiator following a cyberattack, and Entrust’s credibility going forward very much rides on how it responds in accordance with best practices, analysts said.
There’s also the matter of Entrust, a defender, becoming a victim and the extent to which it should be held to a higher standard.
That designation is intuitive for security companies because “they have access basically all the way down to the OS and kernel level on our systems to be able to enact security,” said Frank Dickson, group VP at IDC. The same standard applies to any software vendor or platform that has intimate access to critical data, he said.
“Any time when you’re entrusting someone with your most critical assets that basically involve whether or not your business can continue to exist, we have to have an elevated expectation for what security it operates for them,” Dickson said.
Allie Mellen, senior analyst at Forrester, concurs with that assessment. “Unfortunately, we live in a world where a post-breach mindset is critical. Any organization could be affected by a breach,” she said via email.
“What’s important here is how prepared the organization was to handle the incident, what safeguards were put in place to limit the scope of damage, and how they will prevent the attack from happening again,” Mellen said.
Supply chain attacks can wreak havoc
The 53-year-old company based in Minneapolis isn’t the first cybersecurity vendor, or in this case IAM specialist, to fall victim to a supply chain attack and it won’t be the last.
A breach occurred at Okta in March when one of its third-party vendors was compromised, and in July 2021 remote IT monitoring firm Kaseya was hit with an initial ransomware demand of $70 million in bitcoin following an attack that impacted up to 1,500 downstream customers.
Supply chain attacks are proliferating and of heightened concern because a “vendor’s compromised software can wreak havoc in customers’ environments,” Paul Rabinovich, senior director analyst at Gartner, said via email.
Entrust declined to answer questions about the extent and potential impact of the damage done, the type of data stolen or when customers were notified. It hired a firm to assist with an investigation that’s ongoing.
The company’s products and services “are run in separate, air-gapped environments from our internal systems and are fully operational,” Ken Kadet, VP of public relations and communications at Entrust, said in a statement.
Independent cybersecurity researcher Dominic Alvieri published a letter apparently sent to Entrust customers and signed by CEO Todd Wilkinson dated July 6 to alert them of the June 18 incident, BleepingComputer reported.
The company has yet to otherwise publicly acknowledge the attack. Entrust’s last Twitter post occurred on June 17, the day before the attack, and there’s no mention of the incident on its blog.
That the breach occurred is less important than how Entrust performs during this stressful period, Dickson said. “It creates an event, and you’re either going to have a positive outcome or a negative outcome,” he said. “It will almost never be neutral.”