The cyber wars made major headlines on Monday when the U.S. Department of Justice indicted five Chinese military officers on charges of computer hacking and economic espionage, among other crimes. The hackers were allegedly targeting six entities in the U.S. nuclear power, metals and solar products industries.
For all the celebrating in security industry circles over the U.S. government's willingness to take this bold step, FBI Director James B. Comey signaled that the battle isn't over.
"For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries," Comey said. "The indictment announced today is an important step. But there are many more victims, and there is much more to be done. With our unique criminal and national security authorities, we will continue to use all legal tools at our disposal to counter cyber espionage from all sources."
So what does this mean for enterprises? We asked two security industry experts for their reactions and views on where enterprise IT admins go from here.
One Kind of Warfare
We caught up with Ken Silva, president of ManTech Cyber Solutions International, a cyber security firm, to get his thoughts on the indictment. He told us these recent developments further legitimize what security experts have known for years: U.S. corporations are under constant attack from nation-state hackers.
"The Chinese have been hacking into both corporations and government agencies for years," Silva said. "If there is a hope that these indictments will lead to the Chinese government's help, it is asking for something that just isn't realistic at this point."
Silva noted that the DOJ clearly has forensic evidence and many additional details on these hackers -- and what was stolen or attempted to be stolen -- that it has not disclosed.
"Today, this is one kind of warfare where as a company you are on your own to defend your [intellectual property] and data," Silva said. "It goes without question that a determined hacker will eventually find a way into your network, requiring you to detect and respond to threats more quickly, so that you can identify threatening incidents in real time and reduce the risk and damage."
Your Data Footprint
Aaron Titus, chief product officer and general counsel at sensitive-data management solution provider Identity Finder, said he was not surprised to see the indictments, since Fortune 500 companies have been under attack for years. That said, he believes news of the Chinese hackers sheds light on the seriousness of the issue.
"Because companies are required to protect trade secrets and intellectual property from both inside and outside threats, they can no longer rely on gateway scanning to protect against sensitive data theft," Titus told us. "Instead, companies must employ sensitive-data management techniques to decrease the probability that their most critical information is compromised from either side of the wall."
That starts, he said, with data discovery and decreasing the organization's data footprint: What data is leaking? Where is it leaking? Who is stealing it? Most important, he stressed, sensitive-data management allows companies to identify and fix broken business processes that lead to risk.
"Organizations must address data theft from a prevention and remediation standpoint, where an ounce of prevention is truly worth a pound of remediation," Titus said. "Solve the data loss problem at the source by classifying the sensitive data that needs to be retained....Once an organization has a clean bill of health, data should be vigilantly monitored on an ongoing basis to discover anyone or anything out of compliance."