It has been a little more than a week since I first told you about the Justice Department’s legal actions against five Chinese military personnel on charges of hacking into six American companies in order to steal corporate secrets. Although we have known that this form of international corporate espionage has been done by Chinese hackers for years, it was not until now that the government took official action. However, China is certainly not alone in this type of offense. In particular, Russian hackers have been doing the same types of cybercrimes for the same reasons. It has been estimated by the cybersecurity company CrowdStrike earlier this year that the Russian government has been involved in the same type of corporate espionage through hacking of literally hundreds of companies not just in the United States, but also in Europe and Asia. I predict that it will not be long before indictments similar to those that have been brought already against Chinese hackers will be brought against Russian perpetrators.
Companies throughout the world must recognize that they must do a better job at protecting the security of their data. It is also important to note that regardless of how sophisticated the malware programs used by hackers whether for state-sponsored corporate espionage or by individual criminals to gather personal information for identity theft purposes, these malware programs are worthless unless they are able to be installed into the computers of corporations and the way this is done is still predominantly by way of phishing emails whereby employees of companies are tricked into clicking on links in emails that download the malware into their companies’ computers. Until companies do a better job of establishing protocols and security systems related to clicking on links and downloading attachments, we will all be vulnerable.