Reads the headline in today’s tech section of the Wall Street Journal. Over the past several months there have been numerous articles published in the Journal – some saying this is real, others denying it…I appreciate one article stating that these attacks are small enough for our government to ignore, so that there is no one single incident demanding a response, but big enough to threaten the long term viability of some of the major companies in the US. In another Journal article I read, “All major US companies have been successfully compromised…” Where is this all headed?
Companies who insist “They’ve got it covered…” are in trouble in my opinion. No company is really impenetrable. In fact, the idea of using a pen-test to show your clients that their data is safe is a false sense of security. A failure to break in simply shows the incompetence of the pen-testing team. It certainly doesn’t mean the company is well secured.
In today’s article the Journal reports – “The Obama administration is considering a raft of options to more aggressively confront China over cyberspying,…, a potentially rapid escalation of a conflict the White House has only recently acknowledged.” The key phrase here is, “Only recently.” Why have government officials denied this for so long? Perhaps for political and economic reasons. The Journal states it like this, “Before now, U.S. government officials and corporate executives had been reluctant to publicly confront China out of fear that stoking tension would harm U.S. national-security or business interests.”
Why are the Chinese on the attack? “China is stealing trade secrets as part of plans to bolster its industry.” It’s simple, the US has a greater capacity for innovation. By invading company’s intellectual capital, other nations can cut thousands of man-days out of the R&D process. Google, EMC, RSA New York Times, Wall Street Journal, and many other well-known companies, along with many federal organizations including the Pentagon, have reported problems traced back to China in recent years. However, things like “dependency on China to underwrite U.S. debt and to provide a market for U.S. businesses,” have allowed these nation-state sponsored attacks to go unchallenged.
Recently our government officials have come out saying, “Cybersecurity threats are the greatest threat to our security—economic security, political security, diplomatic security, military security.” No matter how big your customers are, cybersecurity is something you want to understand and engage them in. We’ll be covering more on this threat in the coming weeks as we approach the May, Making Money w/ Security workshop. I’m looking forward to seeing you there.
© 2013, David Stelzl