Last week cybersecurity firm FireEye not only fell short of investor expectations when their earnings were released, but the company also laid part of the blame for its disappointing results on the fact China is now playing nice, therefore causing “a reduction in the threat landscape.”
“The frontal assault the Chinese military had on commercial operations in America was in pretty high gear for a few years here… but the pivot of China policy is causing some differences,” FireEye CEO Dave DeWalt said in a recent interview with MarketWatch.
That policy change refers to Memorandum of Understanding the U.S. and China signed back in September to establish an agreement on trade and information security, which FireEye is claiming has impacted its sales.
But is that really an acceptable explanation?
It’s hard to go a day or two without hearing about a new country, company or industry that is dealing with the remnants of increased cyber threats. In a world where data breaches and cyber extortions have sadly become the norm, how can a cybersecurity company essentially say there isn’t enough work to go around?
While the “common understanding” reached between the U.S. and China during Chinese President Xi Jinping’s visit shows progress, many have cast doubts on the impact it will really have in protecting the U.S. in the ever-changing cyberspace landscape.
Industry players are also questioning FireEye’s logic when it comes to its financial shortfall in its third quarter and subsequently lowered revenue expectations for the year.
Just last month CrowdStrike, a cybersecurity startup that recently completed a $100 million Series C funding round led by Google Capital, published evidence that showed China has already violated the agreement which state neither the U.S. or China will “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
CrowdStrike detected several hacking attempts into their customers' networks in the weeks following the announcement of the cyber agreement that it has traced back to the Chinese government, Fortune reported in October.
“We detected and stopped the actors, so no exfiltration of customer data actually took place, but the very fact that these attempts occurred highlights the need to remain vigilant despite the newly minted cyber agreement,” CrowdStrike stated.
In a Senate intelligence meeting in September, Adm. Michael Rogers, commander of U.S. Cyber Command and head of the NSA, warned that more still needs to be done to slow down the growing number of cyber spying threats and theft of America’s intellectual property and Rogers warned that agreements between nation states will not deter cyber espionage activities.
U.S. authorities and businesses alike have continued to express concerns over the level and frequency of attacks believed to be originating in China. The country has been linked to some massive cybersecurity breaches recently, making it no stranger to cyberfraud accusations.
From the attack on health care provider Anthem, which comprised the data of as many as 78.8 million customer records, to the more recent data breach at the U.S. Office of Personnel Management that led to cybercriminals accessing more than 21 million Social Security numbers, 19.7 million forms with data and 5.6 million fingerprint records, Chinese hackers seem to always be on the list of likely suspects.
While FireEye may believe an improvement in U.S.-China relations may have impacted the general the demand for cybersecurity solutions and services, if the past is any indication of the future there is still plenty of work to be done.