What's the biggest cybersecurity threat for US businesses?
If FBI chief Christopher Wray is to be believed, it's China.
Yes, despite all the headlines about Russian hackers exploiting social media to spread fake news and stealing the Clinton campaign's emails in an apparent attempt to influence the 2016 presidential election, the FBI believes Beijing-backed cyber spies are the ones you should be most worried about.
FBI director Christopher Wray told the RSA Conference in San Francisco this week that he was shocked when he first realised the true scale of China's attacks on US businesses, and the theft of confidential intellectual property.
"There is nothing like it. I am not someone who is prone to hyperbole, but... the thing that shocked me was the breadth, depth and the scale of the Chinese counterintelligence," said Wray. "I would argue for too long that this country (the United States) has actually been under-focused on the counterintelligence threat that China poses."
"We're investigating espionage and criminal investigations in nearly all 56 FBI field offices, almost all of which lead back to China. It covers every sector of the economy. It covers academia," Wray added.
In recent months, the FBI and US Department of Justice has taken action against a number of alleged cyber-espionage operations said to have had the active backing of the Chinese government.
For instance, last October, ten Chinese nationals were indicted for repeatedly hacking into the computer systems of businesses in order to steal intellectual property, including secrets related to a turbofan engine used in commercial airplanes.
Two months later, two Chinese nationals were indicted for allegedly hacking computers in at least a dozen countries and giving sensitive business information to China's intelligence service.
"It is galling that American companies and government agencies spent years of research and countless dollars to develop their intellectual property, while the defendants simply stole it and got it for free," said US Attorney Geoffrey Berman of the Southern District of New York. "As a nation, we cannot, and will not, allow such brazen thievery to go unchecked."
Most recently, Chinese technology giant Huawei has been making the news with accusations that the firm might be a security risk.
In January, the US Department of Justice claimed that Huawei conspired to steal intellectual property related to a robot used to test mobile phones from rival T-Mobile. The Chinese firm was alleged to have attempted to cover up the theft, and even said to have launched a bonus scheme for employees who stole competitors' secrets.
"To the detriment of American ingenuity, Huawei continually disregarded the laws of the United States in the hopes of gaining an unfair economic advantage. As the volume of these charges prove, the FBI will not tolerate corrupt businesses that violate the laws that allow American companies and the United States to thrive," FBI director Wray said at the time.
Of course, some hacked companies may be reluctant to call in the authorities if they believe their systems have been compromised by foreign hackers or uncover evidence of malware, for fear that their normal business operations may be further disrupted.
But the reality is that time is of the essence. Working with the likes of the FBI can help gather evidence and might even protect others.
It's important for the boards of companies to understand that prevention is always better than cure when it comes to security. That means providing the proper support and resources to IT teams to ensure that systems are hardened against attack, staff are appropriately trained, and ensuring that only approved employees and contractors can access the firm's most sensitive intellectual property.
We would be foolish to ignore these threats. And, to be fair, we would be naive to think that only China is engaged in economic espionage and the theft of intellectual property. None of us responsible for the security of businesses can afford to let our guard down.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.
View all postsDon’t miss out on exclusive content and exciting announcements!