Don't Blame China For Security Hacks, Blame Yourself
Focus on the sorry state of your information security defenses before worrying about the Chinese, Russians, hacktivists or cybercrime gangs.
Thanks to headlines splashed over every major newspaper in recent weeks, you'd be hard-pressed to miss the news that digital forensic investigation firm Mandiant has blamed People's Liberation Army (PLA) Unit 61398, a Chinese military cyber operations group, for launching advanced persistent threat (APT) attacks against over 140 businesses and government organizations since 2006. Clearly, the panic button has been pushed. But as happens too often with outbreaks of sudden or uncontrolled anxiety, it misses the point: Don't worry about China. Worry instead if the pitiful state of your information security defenses will allow any attacker to wield nothing more than malicious email attachments to steal valuable intellectual property or even state secrets.
"The Chinese are like the Kardashians," says John Pescatore, a former Gartner analyst who last month joined the SANS Institute as director of emerging security trends, speaking by phone. "There are thousands of attacks and many are just as clever, using the same techniques -- before we saw them in Chinese attacks. But you mention China in an attack, and every radio or news station picks it up."
The folly of the Chinese blame game has been quickly seized upon by information security experts. "If you know that the People's Liberation Army is spying on you, do you change your defenses? How? Do you look for Chinese language intrusion prevention tools?" said Alan Paller, director of research for SANS, in a recent newsletter.
"The continuous China bashing simply reflects the inability of watchers to see evidence of the stealthier attacks coming from many nations that may take a different approach to penetrating our telecommunications and banking and power systems and stealing our national wealth," he said. "The number of bad actors, spread among nations, terrorists, anarchists and criminals, is so great that their identity is not as important as what we do to defend our systems -- because they usually exploit the same weaknesses." Read full story on InformationWeek
Post a comment to the original version of this story on InformationWeek