With my recent coverage of the cybersecurity threat coming out of China, I had a chance to do an e-mail interview with CTO and Co-Founder of Unitas Global Grant Kirkwood. Unitas Global focuses on providing enterprise cloud solutions and deals with security issues on a regular basis.
Grant was able to delve further into the threat coming out of China that was the heated topic of discussion at last month’s RSA Conference. Here is what he had to say about this threat and how both individual users and companies should safeguard their data:
Maciej Duraj: Can you share any recent examples of Chinese hackers attacking U.S. companies? Who is being targeted and are attacks aimed at specific companies or type of businesses operating? What are the main incentives for hacking these types of companies?
Grant Kirkwood: Some of the most high profile attacks include the Sony hack a few years ago and, Hewlett Packard and IBM more recently. In fact, at least 45 US tech companies and government agencies were compromised by Chinese hackers last year. Beyond the tech industry, hackers are targeting a wide range of biotechnology, defense, mining, pharmaceutical, professional services, and transportation firms.
In most cases, like the Sony hack, intellectual property is being targeted and attacked. This is especially true for technology and biopharmaceutical companies because they spend big on research and development — Meaning, there are huge intellectual property implications. That monetary value tends to be the motivation behind most attacks.
Maciej Duraj: Are they being directed by the Chinese government for espionage purposes or regular individuals with other motives like profit or stealing data for personal gain? What is the difference between threats from lonewolf hackers vs. Chinese-backed/funded hackers?
Grant Kirkwood: Generally speaking, there’s a major difference between lone wolf hackers and Chinese-backed hackers. Lone wolf hackers tend to compromise personal information or encrypt data, and demand payment to unlock it for personal monetary gain, known as ransomware. Institutional hacking, on the other hand, tends to be more intrinsic in terms of its value. It is directed at companies that have some kind of intellectual property that another organization wants to use for its own benefit.
There are reported instances of intellectual property theft where Chinese companies have taken that intellectual property and developed their own product off of it, gotten it to market sooner and made a lot of money.
Maciej Duraj: Do you have any insight on the differences in threats from China vs. Russia? How are they different or similar?
Grant Kirkwood: It seems that threats coming from China are primarily motivated by monetary gains whereas threats from Russia tend to be more geopolitical in nature. It certainly seems that Russia is actively involved in the dissemination of information and misinformation, rather than the intellectual property-type hacking that we see from China.
Further, we tend to see more lone wolf and ransom cyberattacks from Russia, while Chinese hacking tends to look more organized in nature. Broadly speaking, the intent is very different between the two.
Maciej Duraj: What can company executives do to safeguard their data and servers? What tips or recommended products would you recommend to U.S. companies as a whole to safeguard their data from foreign cybercriminals?
Grant Kirkwood: Here are three of the best ways companies can guard against foreign cyberattacks:
- Employee training: Employers must educate and re-educate all employees to know how to identify a cyberattack. Given that the most successful hacks happen due to human error, targeting employees is much more common than “penetrate the perimeter”-type hacking. For example, someone at the company could easily click on an email with a link that they shouldn’t have, allowing hackers to gain access to company networks. With the right training, employees can minimize the risk of a breach.
- Design security within systems: Organizations should be living the mantra “security by design and from within.” This refers to the changing model of how threats are propagated. In the old days, security was sort of a ring around the perimeter of your assets — that model is not relevant anymore. Nowadays, threats come from within. Security should be built within the application model itself. Making the elements of an application secure by design as opposed to relying on external threat interceptors will better protect applications.
- Find the right partner – While it can be easy to vow that your enterprise will store data in the appropriate place, executing such a task is a huge challenge. This is where cloud management partners come in as a resource. They can help you set up your international cloud strategy, protect you from a range of risks and equip you to confidently run a compliant cloud strategy.
(This concluded the interview.)
Cybersecurity is a serious topic these days with breeches costing companies millions in damages as well as their reputations. Customers want their data safeguarded and if they cannot trust public cloud providers, they will opt out and store their data locally or rely on a private cloud. Thus, knowing how to prevent as well as respond to cybersecurity threats when they occur should be a priority for any company working with sensitive data or hosing customer data.
Security measures like robust firewalls, VPNs used within an organization, encryption, and relying on multiple authentications or password schemes are a must these days. However, also teaching employees in the age of BYOD the right practices and reminding them or making sure periodically they do not lax or forget to log into that internal VPN for communication rather than sending data over standard messengers, for instance, are things that also companies should be aware of.
It is interesting how Kirkwood said that today’s major threats come from mistakes being done within an organization or system resources rather than from attacks brute forcing their way from the outside across firewalls and other safeguards. It is also interesting the way he compares cyberattacks originating out of Russia vs Chine being more lonewolf and ransom-based out of Russia and more organizational in nature out of China. This shows how different nations and cultures pose their own threats and companies need to keep all of them in mind to prevent breaches.