TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Amazon says it has ‘hundreds’ of Rivian electric vans making deliveries in the US

    November 7, 2022

    Ryanair swings to first-half profit and raises passenger forecast

    November 7, 2022

    Devialet brings its sci-fi design aesthetics to a $790 portable speaker

    November 7, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Amazon says it has ‘hundreds’ of Rivian electric vans making deliveries in the US

      November 7, 2022

      Devialet brings its sci-fi design aesthetics to a $790 portable speaker

      November 7, 2022

      Elon Musk’s response to fake verified Elon Twitter accounts: a new permanent ban policy for impersonation

      November 7, 2022

      The iPhone 14 Pro and Pro Max will come with ‘longer wait times’ due to factory lockdown

      November 6, 2022

      Meta’s reportedly planning to lay off ‘thousands’ of workers this week

      November 6, 2022
    • Business
    • Cyber Security
      National Security News

      List of 620 Russian spies, featuring one alleged agent at the centre of one of the biggest personal scandals in Wall Street history.

      September 24, 2022

      Cybersecurity ranked most serious enterprise risk in 2022

      August 31, 2022

      Registration open for CISA virtual summit on K-12 school safety

      August 31, 2022

      What do the Trickbot leaks reveal about Russian cybercrime?

      August 31, 2022

      What cybersecurity measures do CISOs outsource?

      August 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»China Is A Target – Just Like Us
    Cyber Security

    China Is A Target – Just Like Us

    February 12, 2019Updated:February 12, 2019No Comments7 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Chinese Companies Are facing Many of the Same Cyber Challenges as Companies Elsewhere in the World

    Late last year, I had the opportunity to visit China. It’s not an exotic trip for an American company, but it had been a while since an executive from my company had visited, for reasons that might be obvious. So, I didn’t take this trip for granted, and was excited to have the chance to meet with some of the most innovative companies in China. I wanted to learn about the problems they’re facing them and how they are addressing those challenges. My agenda included companies in high tech, hospitality, healthcare, finance, and security. 

    Before my arrival, I asked what topics these organizations wanted to discuss, and they all responded with some variation of “we’d like to hear more about state-sponsored attacks on Chinese companies,” which struck me as an interesting request. I’m not ignorant to China’s place in the world, and I spend a lot of time outside the US. However, I’ll be honest—in a career working in security for a multinational company, and for a cyber security vendor, I’ve not spent a lot of time thinking about Chinese organizations as victims of cyber attacks. 

    The next few days were educational. With 120 companies in the Global 500 (just behind 126 companies from the US), and the world’s second largest economy, Chinese organizations have a huge target on their backs. As compared with the West, life in China is more dependent on online and mobile services, which increases the motivation of threat actors. Chinese companies must respond with commensurate defenses. The same machine learning and artificial intelligence technology that is being used to detect fraudulent payment transactions and fake social media profiles is being effectively deployed to detect insider threats, phishing emails, and lateral movement. I was also impressed to read the threat intelligence and nuanced analysis published by several Chinese organizations. 

    So, it’s not surprising that the Chinese companies I met with are facing a lot of the same challenges as companies elsewhere in the world. However, these challenges seemed amplified by a few factors. Although it is risky to generalize about a country as large and diverse as China after a dozen interactions, three themes seemed consistent across companies of various size and industries:

    • Scale – Most of the organizations I spoke with are dealing with a scale not seen outside of the largest banks or tech companies in the US. Hundreds of millions of users, billions of daily transactions, all generating data at scale. 

    • Verification Challenges – China has strict privacy laws, and many citizens don’t have a banking or credit history. Thus, the identity verification procedures we are accustomed to in US companies (validating previous addresses or loan balances) won’t work. This makes the mobile number a convenient identifier—but new SIM cards can be obtained cheaply, so app-based fraud is common. When a company can’t know exactly who is behind an account, or cannot verify a bank account, there’s little risk for the attacker. One organization I spoke with told me about staggering losses due to fraudulent activity on their platform.

    • Growth – Imagine trying to secure an environment of unprecedented scale and complexity, and then also having to build the team, processes, and technology in a couple of years. The rapid growth of so many companies means that they’re still learning as they go.

    Stars of China FlagThe business environment in China also provides a few advantages for defenders, compared with their western counterparts:

    • Ubiquity of Mobile – Like many travelers from the US to China, I was struck by the convenience of mobile payments, and the fact that many shops and restaurants refused my cash or credit cards. Several of the companies I spoke with have only mobile interfaces. When your organization’s primary (or only) user interface is a mobile app, your threat model is different, but simpler, than a company supporting a variety of methods of user interaction. It’s a smaller surface area to defend, when compared to that at so many Western companies I work with—who are tasked with defending not only mobile and traditional web sites, but dozens of legacy DMZs, 3rd party interfaces, direct vendor connections, legacy system connectors, etc. that have built up over the years. 

    • Modern Platforms – None of the organizations I spoke with faced the legacy tech issues that I see at companies in the US. Most are working with systems that have been built in the last few years.

    • Cost – The sheer size of security teams at the companies I met with was eye-opening. While some organizations in the US have large information security teams, the Chinese companies dwarfed them on a relative basis—resources are generally more affordable. Reuters has reported that salaries for those with graduate degrees in Artificial Intelligence and Machine Learning are starting to rise, compensation for experts in other security domains—incident analysis, compliance, vulnerability management—remain relatively low.

    • Culture – US companies often struggle with the basics as they try to balance user convenience with security. I remember once talking with executives at a Western pharmaceutical company who had been breached. Despite their issues, this company resisted deploying two-factor authentication to their critical research systems and was slow to deploy critical patches to most of the enterprise out of fear of employee disruption. I’m sure many readers have to deal with a similar balancing act in their organizations. I asked several Chinese companies about how they balanced employee convenience and security, and this did not seem to be an issue. “When we need to deploy a patch, we just deploy it.” This is not to say that every organization I spoke with had a stellar security culture, but I did not get the impression that employee convenience got in the way of security.

    At the risk of sounding like an Us Magazine article (“Chinese Companies – They’re Just Like Us!”), it’s a reminder that our industry sometimes needs. The companies I met with are facing many of the same threats that your organization faces today, but they are addressing these threats at a massive scale, on emerging platforms, and with innovative approaches that we can learn from.

    As we search for solutions to secure organizations around the world, we need to learn from the challenges that China is addressing today. I don’t know how we’ll do this while still balancing the reality of China’s role in the threat landscape, but as we try to solve tomorrow’s security challenges, we’d be remiss if we didn’t enlist the best people and ideas, regardless of where they live. 

    Related: A Convenient Scapegoat – Why All Cyber Attacks Originate in China

    view counter

    Grady Summers is Executive VP and Chief Technology Officer at FireEye, where he oversees the global CTO team that supports R&D and product engineering and works with customers to address today’s evolving threat landscape. Grady has over 15 years of experience in information security both as a CISO and consultant to many Fortune 500 companies. He joined FireEye through its acquisition of Mandiant in 2014. Prior to Mandiant, he was a partner at Ernst & Young, responsible the firm’s information security program management practice. Before E&Y, Grady was the CISO at General Electric, overseeing a global information security organization. His previous roles at GE include divisional CTO and a variety of positions in application security, web development, and infrastructure management. He holds an MBA from Columbia University and a bachelor of science in computer systems from Grove City College.

    Previous Columns by Grady Summers:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    National Security News

    List of 620 Russian spies, featuring one alleged agent at the centre of one of the biggest personal scandals in Wall Street history.

    September 24, 2022 Cyber Security

    Cybersecurity ranked most serious enterprise risk in 2022

    August 31, 2022 Cyber Security

    Registration open for CISA virtual summit on K-12 school safety

    August 31, 2022 Cyber Security

    What do the Trickbot leaks reveal about Russian cybercrime?

    August 31, 2022 Cyber Security

    What cybersecurity measures do CISOs outsource?

    August 30, 2022 Cyber Security

    SIA announces Women in Security Forum scholarship recipients

    August 30, 2022 Cyber Security
    Editors Picks

    Ryanair swings to first-half profit and raises passenger forecast

    November 7, 2022

    Devialet brings its sci-fi design aesthetics to a $790 portable speaker

    November 7, 2022

    Google Cloud Says Running Validator on Solana Blockchain

    November 7, 2022

    European stocks rise as investors boosted by China speculation

    November 7, 2022
    Trending Now

    Evergrande creditors sell ‘Versailles mansion’ plot in Hong Kong

    By techbizweb

    OpenSea Creates Tool for NFT Creators to Enforce Royalties On-Chain

    By techbizweb

    FTSE chairs warn of declining relations with institutional investors

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2023 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.