The heads of the FBI and MI5, Britain’s domestic security service, have warned business executives about threats posed by Chinese digital espionage, the goal of which is often to steal Western companies’ intellectual property.
During the joint appearance on July 6, 2022, Christopher Wray, director of the Federal Bureau of Investigation (FBI), and Ken McCallum, director-general of MI5, reiterated a need for digital caution and ongoing vigilance because of the scale of Beijing’s operation.
“The Chinese government is set on stealing your technology—whatever it is that makes your industry tick—and using it to undercut your business and dominate your market,” Mr. Wray told the audience in attendance. “They’re set on using every tool at their disposal to do it.”
China is engaged in “a coordinated campaign on a grand scale” that represents “a strategic contest across decades,” Mr. McCallum emphasized. “We need to act.”
The Chinese government utilizes state-sponsored hacking to exploit known cybersecurity vulnerabilities in order to establish a more extensive web of compromised infrastructure. Over the last few years, it has exploited several high-severity vulnerabilities that have given these attackers the opportunity to gain entry to many vulnerable devices.
Once the attackers have access to these devices, they assess the critical users and seek to gain further credentials. Utilizing these and other methods, these attackers are continually evolving and adapting their practices to bypass existing defenses, so maintaining a proactive and defensive cybersecurity posture for your business is imperative.
CISA Recommended Best Practices
The US Cybersecurity & Infrastructure Security Agency (CISA) is recommending a variety of best practice actions for combating this threat, including, but not limited to:
- Applying patches as soon as possible
- Disabling unnecessary ports and protocols
- Replacing end-of-life infrastructure
- Implementing a centralized patch management system
Additional recommendations from Coretelligent’s security experts include:
- Implement multifactor authentication
- Think before you click a link or open an email attachment.
- Be wary of new social media requests.
- Limit the attack surface on all Internet-facing infrastructure
Ensure readiness to respond to a cyber incident
- Review policies and procedures around incident response.
How to Protect Your Organization?
If you are concerned that your organization’s current cybersecurity posture is not robust enough to sufficiently handle the growing threat, reach out to learn more about Coretelligent’s multi-layered cybersecurity solutions.