Recently, the United States and China reached an accord of sorts. During a meeting between American president Barack Obama and Chinese president Xi Jinping, the two countries agreed that their digital war was getting them nowhere – except, perhaps, ever closer to real war. They reached an accord, acknowledging that each would stop attempting to carry out digital attacks on the other.
“We’ve agreed that neither the US nor the Chinese government will conduct or knowingly support cyber related theft of intellectual property including trade secrets or other confidential business information for commercial advantage,” Obama said of the meeting.
“Confrontation and friction are not the right choice for both sides,” Xi agreed. “China strongly opposes and combats the theft of commercial secrets and hacking attacks.”
Unfortunately, it appears as though not everyone in China agrees with their president. Since the meeting between Obama and Jinping, seven US companies have come under attack by Chinese hackers. Although it’s unclear whether or not the Chinese government had a direct role in these attacks (security firm CrowdStrike says it did), it seems unlikely that Jinping would violate his agreement with Obama – particularly given that he’s openly seeking investment from the American tech sector.
This leaves us with two apparent options. Either Jinping is being duplicitous, or there’s a faction in the Chinese government which is continuing to operate without their president’s knowledge. Neither is particularly attractive, and either way it’s clear that we’re now living in an era where digital espionage is commonplace.
In other words, if your business holds trade secrets that may be attractive to an overseas competitor, there’s a chance it may be targeted by hackers. And unfortunately, there’s only so much anyone can do to protect against these thefts. After all, the people carrying them out are good – probably some of the best black hats the criminal underworld has to offer.
That isn’t to say you shouldn’t be paying close attention to your server’s security, of course. Quite the contrary. You should be putting more effort into ensuring every security hole, glitch, and vulnerability is discovered and patched out as soon as possible. This isn’t like a run of the mill data breach, where large enough enterprises can simply skimp on their security and put a bit of money towards the inevitable class-action lawsuit.
These are targeted attacks, aimed at stealing valuable corporate data and trade secrets. If this stuff falls into the hands of a competitor, you aren’t just dealing with a damaged brand and some irate customers. You could be knocked out of the market.
As relations between China and the United States continue to warm, there’s a good chance that these attacks will decrease in frequency. CrowdStrike analyst Dmitri Alperovitch remains optimistic of the potential for the accord between China and the US to develop into something resembling established cyber-espionage legislation.
About the Author
John Mack is a technical writer for Datarealm, one of the oldest web hosting companies. You can follow Datarealm on Twitter, @datarealm, Like them on Facebook, and check out more of their web hosting articles on their blog, http://www.datarealm.com/blog.