Cyberspace has no boundaries or borders, and this spells trouble for corporations around the world. In an attempt to stamp out cyberespionage, governments are creating agreements dedicated to preventing cybercriminal activity and promoting better cyberawareness on both a federal level and a citizen one.
In a recent meeting between U.S. President Barack Obama and President of China Xi Jinping, the pair of officials negotiated a deal ensuring that neither government will "knowingly support cyber-enabled theft of intellectual property," a category that includes confidential business information, trade secrets and consumer data that provides enterprises with unique advantages.
"Foreign cyberthreats are after trade secrets and sensitive data."
However, despite mutual agreements, stopping cyberespionage and preventing the digital theft of intellectual property is proving to be very difficult - for both federal governments and corporations. In a CrowdStrike blog post, co-founder of the company, Dmitri Alperovitch, wrote on October 19, 2015 that in the past three weeks, there have been "a number" of cyberattacks launched on American companies. In this case, pharmaceutical firms and technology manufacturers were primary targets, but of course, foreign cyberthreats target trade secrets and sensitive data regardless of which business owns it.
Threats from everywhere
Alperovitch indicated that Deep Panda - an organized China-based hacker organization - was responsible for some of the recent attacks on U.S.-based companies, but there are more cybercriminal groups than that, and many of them exist outside of China. NBC News reported that North Korea, Russia, Syria and Iran are also countries that potentially harbor organized hacker organizations, as they've been linked to attacks in the past.
In addition, anyone with hacking know-how and enough money to purchase exploits from the Darknet poses as a threat to American institutes in all industries. The Sony incident, the Target breach and the frequent infiltration of small business networks prove that cybercriminals are after anything they can grab, and intellectual property theft is just a bonus.
Why American companies?
There are a few specific reasons why foreign cyberthreats are more dangerous than those on American soil.
For one, there aren't hard-and-fast laws that could leveraged against hackers and cybercriminal groups in different countries, especially when their governments are not as close to the U.S.'s as they could be. Whether supported by federal agencies or rogue, it doesn't matter, as there is no way to prosecute a foreign hacker for breaching the networks and stealing data from American corporations.
"If you hack in the United States, if it's a U.S. company, you do get caught and there's penalties for that," Kevin Mandia of Mandiant told TechCrunch contributor Randy Komisar. "But if you act from North Korea, China, Russia, Iran, [they] just keep doing it."
Hackers, especially those from different countries, are likely to keep launching cyberattacks until they succeed.Secondly, Mandia asserted that cyberwarfare is very different in that it's "asymmetrical." In other words, one hacker could take down a major corporation, even if the business has the biggest cybersecurity team. Cybercriminals will keep trying to breach firewalls and phish for credentials, and the consequences for failing aren't severe. Sooner or later, after banging on the door for months, a vulnerability will appear and hackers will exploit it.
Lastly, businesses aren't prepared to prevent today's cyberthreats from wreaking havoc on corporate networks and inside enterprise data centers.
"The world has really changed," Larry Ponemon, the Institute's founder, told NBC News. "Companies are doing a good job - but attackers, and not just nation-states, but all attackers, they're becoming more sophisticated, strategic and just nastier. The gap is growing."
The CloudMask Solution
If data breaches are inevitable - and they certainly are - businesses must focus on protecting their most sensitive assets, which is typically consumer data and intellectual property or trade secrets. Cybercriminals from around the world have plenty of time and different sophisticated methods for finding their way onto corporate networks, and therefore, the best solution is to encrypt data and hold onto the key.
CloudMask is a Data-centric protection solution that can prevent data theft even when networks are breached, as users have the ability to obscure data with encryption and they will be the only person who can unlock that information and its true value.
With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.
Watch our video and demo at www.vimeo.com/cloudmask
