Last month, MI5 Director General Ken McCallum and FBI Director Christopher Wray made a first ever joint appearance in London. The two respective heads of the UK and US security services were there primarily to raise awareness of the cybersecurity threat posed by China. Despite tit-for-tat commentary from the UK, US and China, and the use of some fairly robust language (superlatives included breath-taking, immense and game-changing), the core of the argument came down to a coordinated effort to steal valuable intellectual property.
Wray claimed that the Chinese government was “set on stealing our technology” and that China employed cyber-espionage to “cheat and steal on a massive scale”. In response to the perceived threat, the UK stated it had more than doubled its counter espionage work against China in the past three years, and it would need to double it again to keep up with the growing threats.
Regardless of who is targeting your networks, intellectual property is one of the most valuable assets an organisation owns. Billions of dollars and years of research and development go into bringing innovative technologies to market and it’s not difficult to see why some bad actors would want to short-cut this by stealing other peoples’ ideas. Tactics can vary widely, from old fashioned bribery to social engineering, hacking, malware and even physical breaches.
Securing commercially sensitive and confidential data
The remote working revolution helped organisations to remain productive, and collaborative, despite geographical barriers. However, it also represented a significant expansion of the threat landscape. User owned devices, wireless access and a dependence upon public file-sharing applications for collaboration exposes sensitive or confidential information to myriad threats, including data breaches, network ingress and malware attacks.
Securing teams in a hybrid working environment is challenging. Endpoint security and multi-factor authentication is essential, but so is the protection of data, both at rest and in motion. Workgroups need to be able to trust the security of the file-sharing platforms they use, so they can collaborate with confidence. This confidence should come from both the inherent security of the platform itself and the knowledge that content is protected against persistent malware attacks, including undisclosed, zero-day exploits.
When it comes to securing data in motion, the best way to ensure the confidentiality, authenticity and integrity of data is with encryption. Cryptographically agile solutions offer the best line of defence against data breaches, featuring state-of-the-art encryption key management and network independent, multi-layer encryption. For long-term data protection, hybrid encryption solutions feature the best of today’s standards-based algorithms and the emerging NIST certified quantum resistant algorithms.
In their joint statement, MI5 and the FBI identified the need to become a “harder target” by raising awareness among all parts of society of evolving cybersecurity risks.