TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Google spam proposal sparks partisan backlash in Washington

    June 28, 2022

    G7 accused of ‘backsliding’ on climate goals over energy security fears

    June 28, 2022

    Ransomware in Q1 2022 doubled total 2021 volume

    June 28, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Google spam proposal sparks partisan backlash in Washington

      June 28, 2022

      Axie Infinity NFT game reopens transactions months after $625 million theft

      June 28, 2022

      Podcasters are organizing to support abortion rights after Roe is overturned

      June 28, 2022

      VW sells minority stake in Electrify America to Siemens

      June 28, 2022

      Our favorite benchmarks for testing PCs and how to use them

      June 28, 2022
    • Business
    • Cyber Security

      Ransomware in Q1 2022 doubled total 2021 volume

      June 28, 2022

      Lithuania hit by DDoS cyberattack

      June 28, 2022

      2 out of 3 European citizens welcome digital ID wallet

      June 28, 2022

      87% of executives have no cybersecurity tools on personal devices

      June 27, 2022

      CISA releases cloud security reference

      June 27, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»China Is A Target – Just Like Us
    Cyber Security

    China Is A Target – Just Like Us

    February 12, 2019Updated:February 12, 2019No Comments7 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Chinese Companies Are facing Many of the Same Cyber Challenges as Companies Elsewhere in the World

    Late last year, I had the opportunity to visit China. It’s not an exotic trip for an American company, but it had been a while since an executive from my company had visited, for reasons that might be obvious. So, I didn’t take this trip for granted, and was excited to have the chance to meet with some of the most innovative companies in China. I wanted to learn about the problems they’re facing them and how they are addressing those challenges. My agenda included companies in high tech, hospitality, healthcare, finance, and security. 

    Before my arrival, I asked what topics these organizations wanted to discuss, and they all responded with some variation of “we’d like to hear more about state-sponsored attacks on Chinese companies,” which struck me as an interesting request. I’m not ignorant to China’s place in the world, and I spend a lot of time outside the US. However, I’ll be honest—in a career working in security for a multinational company, and for a cyber security vendor, I’ve not spent a lot of time thinking about Chinese organizations as victims of cyber attacks. 

    The next few days were educational. With 120 companies in the Global 500 (just behind 126 companies from the US), and the world’s second largest economy, Chinese organizations have a huge target on their backs. As compared with the West, life in China is more dependent on online and mobile services, which increases the motivation of threat actors. Chinese companies must respond with commensurate defenses. The same machine learning and artificial intelligence technology that is being used to detect fraudulent payment transactions and fake social media profiles is being effectively deployed to detect insider threats, phishing emails, and lateral movement. I was also impressed to read the threat intelligence and nuanced analysis published by several Chinese organizations. 

    So, it’s not surprising that the Chinese companies I met with are facing a lot of the same challenges as companies elsewhere in the world. However, these challenges seemed amplified by a few factors. Although it is risky to generalize about a country as large and diverse as China after a dozen interactions, three themes seemed consistent across companies of various size and industries:

    • Scale – Most of the organizations I spoke with are dealing with a scale not seen outside of the largest banks or tech companies in the US. Hundreds of millions of users, billions of daily transactions, all generating data at scale. 

    • Verification Challenges – China has strict privacy laws, and many citizens don’t have a banking or credit history. Thus, the identity verification procedures we are accustomed to in US companies (validating previous addresses or loan balances) won’t work. This makes the mobile number a convenient identifier—but new SIM cards can be obtained cheaply, so app-based fraud is common. When a company can’t know exactly who is behind an account, or cannot verify a bank account, there’s little risk for the attacker. One organization I spoke with told me about staggering losses due to fraudulent activity on their platform.

    • Growth – Imagine trying to secure an environment of unprecedented scale and complexity, and then also having to build the team, processes, and technology in a couple of years. The rapid growth of so many companies means that they’re still learning as they go.

    Stars of China FlagThe business environment in China also provides a few advantages for defenders, compared with their western counterparts:

    • Ubiquity of Mobile – Like many travelers from the US to China, I was struck by the convenience of mobile payments, and the fact that many shops and restaurants refused my cash or credit cards. Several of the companies I spoke with have only mobile interfaces. When your organization’s primary (or only) user interface is a mobile app, your threat model is different, but simpler, than a company supporting a variety of methods of user interaction. It’s a smaller surface area to defend, when compared to that at so many Western companies I work with—who are tasked with defending not only mobile and traditional web sites, but dozens of legacy DMZs, 3rd party interfaces, direct vendor connections, legacy system connectors, etc. that have built up over the years. 

    • Modern Platforms – None of the organizations I spoke with faced the legacy tech issues that I see at companies in the US. Most are working with systems that have been built in the last few years.

    • Cost – The sheer size of security teams at the companies I met with was eye-opening. While some organizations in the US have large information security teams, the Chinese companies dwarfed them on a relative basis—resources are generally more affordable. Reuters has reported that salaries for those with graduate degrees in Artificial Intelligence and Machine Learning are starting to rise, compensation for experts in other security domains—incident analysis, compliance, vulnerability management—remain relatively low.

    • Culture – US companies often struggle with the basics as they try to balance user convenience with security. I remember once talking with executives at a Western pharmaceutical company who had been breached. Despite their issues, this company resisted deploying two-factor authentication to their critical research systems and was slow to deploy critical patches to most of the enterprise out of fear of employee disruption. I’m sure many readers have to deal with a similar balancing act in their organizations. I asked several Chinese companies about how they balanced employee convenience and security, and this did not seem to be an issue. “When we need to deploy a patch, we just deploy it.” This is not to say that every organization I spoke with had a stellar security culture, but I did not get the impression that employee convenience got in the way of security.

    At the risk of sounding like an Us Magazine article (“Chinese Companies – They’re Just Like Us!”), it’s a reminder that our industry sometimes needs. The companies I met with are facing many of the same threats that your organization faces today, but they are addressing these threats at a massive scale, on emerging platforms, and with innovative approaches that we can learn from.

    As we search for solutions to secure organizations around the world, we need to learn from the challenges that China is addressing today. I don’t know how we’ll do this while still balancing the reality of China’s role in the threat landscape, but as we try to solve tomorrow’s security challenges, we’d be remiss if we didn’t enlist the best people and ideas, regardless of where they live. 

    Related: A Convenient Scapegoat – Why All Cyber Attacks Originate in China

    view counter

    Grady Summers is Executive VP and Chief Technology Officer at FireEye, where he oversees the global CTO team that supports R&D and product engineering and works with customers to address today’s evolving threat landscape. Grady has over 15 years of experience in information security both as a CISO and consultant to many Fortune 500 companies. He joined FireEye through its acquisition of Mandiant in 2014. Prior to Mandiant, he was a partner at Ernst & Young, responsible the firm’s information security program management practice. Before E&Y, Grady was the CISO at General Electric, overseeing a global information security organization. His previous roles at GE include divisional CTO and a variety of positions in application security, web development, and infrastructure management. He holds an MBA from Columbia University and a bachelor of science in computer systems from Grove City College.

    Previous Columns by Grady Summers:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Ransomware in Q1 2022 doubled total 2021 volume

    June 28, 2022 Cyber Security

    Lithuania hit by DDoS cyberattack

    June 28, 2022 Cyber Security

    2 out of 3 European citizens welcome digital ID wallet

    June 28, 2022 Cyber Security

    87% of executives have no cybersecurity tools on personal devices

    June 27, 2022 Cyber Security

    CISA releases cloud security reference

    June 27, 2022 Cyber Security

    Colin Ahern named New York’s Chief Cyber Officer

    June 27, 2022 Cyber Security
    Editors Picks

    G7 accused of ‘backsliding’ on climate goals over energy security fears

    June 28, 2022

    Ransomware in Q1 2022 doubled total 2021 volume

    June 28, 2022

    Axie Infinity NFT game reopens transactions months after $625 million theft

    June 28, 2022

    Nicola Sturgeon sets date for fresh Scottish independence referendum

    June 28, 2022
    Trending Now

    Global shares rise as China eases quarantine restrictions

    By techbizweb

    Post Roe, women in America are right to be concerned about digital surveillance. And it’s not just period-tracking apps

    By techbizweb

    Our favorite benchmarks for testing PCs and how to use them

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.