China continues to understand that American companies are choosing not to harden their networks and, instead, the companies hope that the hackers won’t get them before the executives move on to their next job.
Some execs, like JPMorgan Chase’s CEO Jamie Dimon has said that the company’s cybersecurity is job one and it is the only department that does not have a fixed budget. Wells Fargo’s former CEO doubled that company’s cybersecurity budget in an effort to keep the hackers out.
But the vast majority of companies are only making modest security changes, due to both cost and the fact that the changes would likely require people to operate differently.
The Pentagon is so concerned that they are in the final stages of new regulations for defense contactors that will require many of them to pay for a third party that the Pentagon has approved to audit the contractor’s cybersecurity readiness in order to get new contracts. It will also require that CEOs personally attest to the fact that they understand the company’s security practices and are in compliance with DoD’s requirements – every single year.
But in the meantime, Chinese state-sponsored spies have been spotted inside a global engineering firm’s network, having gained access initially by compromising a “legacy” server.
Remember that just because the server is not critical to you any more, if it is still operating it is fair game for hackers.
Once inside, the Chinese hackers find ways to burrow deeper so that even if their initial access vector is detected and closed, they still have access to your network and your data.
This is in alignment with multiple alerts that the feds have issued this year warning of exactly this problem.
Still many companies have not changed their security practices very much and they will be the first victims of Chinese cyberattacks when Beijing is ready.
At that point it will be too late for those companies and likely some of them will either go bankrupt or close completely due to the depth of the attack.
The (Likely) Israeli supply chain attack on Hezbollah’s pagers and walkie talkies is an example of a nation state actor’s ability to burrow in, undetected and cause major damage and even physical casualties. While some people might be sympathetic to this attack, they will be less welcoming if the attack destroys their company, their job or even, worst case, kills someone they know.
While this may sound like hyperbole, and to an extent it is, the Chinese and others are at war with us, whether we choose to recognize that fact or not. Credit: The Register
If you are concerned about whether your security practices are effective, please contact us for a cybersecurity assessment.