The United States Department of Justice has charged 9 Iranian nationals for theft of intellectual property from hundreds of colleges and universities, dozens of U.S. companies, Federal agencies, state governments and the United Nations.
DoJ Values the theft to be IN EXCESS OF THREE BILLION DOLLARS. That is likely a very conservative number.
The defendants are associated with an organization called the Mabna Institute that stole, among other information, 31 terabytes of email since 2013.
They targeted the accounts of 100,000 professors, compromising 8,000 of them; the stolen information was then sold.
At the same time, the FBI and Homeland Security are formally accusing Russia of attacking energy sector targets (such as nuclear power plants), water and critical manufacturing. The two departments jointly issued an alert.
So what does this mean for America? First and foremost, it means that America needs to take cyber security far more seriously than it has. For most Americans, both consumers and businesses, when there is an intersection between security and convenience, convenience wins. We saw that recently when Yahoo was breached and their dirty laundry started to be aired. Marissa Mayer made conscious choices to implement new bells and whistles on the Yahoo software rather than improving the security. Contrast this with Sergey Brin and Larry Page, co-founders of Google, who, when they heard that the Russians were attacking them and had gotten in, issued an edict to fix the problem at whatever the cost. They hired hundreds of security professionals, wrote obscene hiring bonus checks to get the talent they wanted and declared war on the hackers. Granted Google can afford that, but the distinction is the strategy, not the size of the checks.
So what should or can you as an individual or business person do? Actually there are a number of things that you can do that are not terribly expensive.
Number one has to be that America as a country has to understand that we are in a war and it is a war that we are losing because Russia and China and other countries are taking the war way more seriously than we are.
Some experts have recently said that if an all out cyber war were to break out today, the U.S. would lose. I have no idea if that is true, but the idea alone is scary.
Number two, we, as consumers and business people, have to change our ways. Understand that we may have to do things that are somewhat inconvenient (two factor authentication comes to mind) and we have to give up the notion that we have nothing that they want. EVERY BUSINESS has something that they want, even if it is just to put it up on the black market and sell it to your domestic or international competitors.
Engage cyber security experts. Many of the calls that we get come from companies that have just been hacked. While we appreciate the business, that is NOT the “optimal” time to call us. At that point, the best you can do is damage control. Not a great option.
If you don’t know what to do but realize you need to do something, contact us; we can help you create a plan. Whether you are an individual, small business or Fortune 1000 firm.