CDF Key Takeaways – Cybersecurity: What Directors Need to Know and What They Should be Asking

CDF Key Takeaways – Cybersecurity: What Directors Need to Know and What They Should be Asking

FBI Goals for the Event:

  • Make the business community more aware of potential threats
  • Proactively engage and build relationships between business community and FBI
  • Provide information to help make risk assessments for your organizations
  • Make business community aware it is okay to contact the FBI even if you don’t have a cyber event

General Information:

  • Threats can come from anywhere, but the most common foreign governments involved are China, Russia, Iran and North Korea
    • They are looking to steal IP, valuable assets and technology
      • This does not have to be done via cyber attacks. An example is a person in a business suit stealing seeds on a farm that can lead to millions lost because of the access to intellectual property found in the seeds themselves.
  • Risks:
    • Determine what your risks are and how you are protecting your company.
      • This is an ever-changing process, making it a “Year Round Dynamic Process.” It should never leave an organization’s line of sight.
    • Collaborate with the FBI to see the full picture of threats. The relationship between the business community and the FBI is symbiotic. Both groups will benefit.
      • Develop this relationship prior to an issue/ event.
        • This may require a culture change across industries to build proactive relationships with the FBI at the company’s highest levels.
    • Economic espionage is costing the U.S. economy $225 – 600 billion dollars.
    • Companies can collapse as a result of having intellectual property stolen.
  • Executives:
    • Recognize you are a target! As an executive, you are being targeted as an individual, particularly if you are traveling to China.
    • Be aware:
      • Pay attention to whether or not you are continually assigned the same hotel room? This is a red flag.
      • Privacy is different in different countries. Be careful what you receive, unrequested (ie- a thumb drive).
      • Being asked to download a specific application may be problematic.
    • Using burner phones and laptops is a good idea when travelling outside the United States.
    • Detailed security briefings are available through the FBI.
    • Be exceptionally careful if you go to a foreign country where you are using intellectual property.
    • Remember that many threats are legal, overt activities in other countries.
  • Food for Thought for Boards:
    • A retired federal agent or other government official on your board will allow you access to more information.
    • Having a Chief Information Security Officer on your board may also be beneficial and will keep the topic of security top of mind.
  • China:
    • Thousands of hackers are working to steal your information.
    • Their goal is to be the global superpower by 2050.
    • China uses a 5-year plan as a government strategy (essentially a business plan) to strengthen its country and continually updates it.
    • Target Industries in which China is focusing between now and 2025: IT, Robotics, Aerospace, Marine Engineering, Energy Efficient Automobiles, Agriculture Equipment, Biomedical Instruments and Medical Devices.
      • If your industry is represented, you especially need to start developing a relationship with the FBI.
    • China has a law that requires China based entities to comply with intelligence services within China.
  • Common threats:
    • Ransomware
    • Business E-mail Compromise (BEC)
      • Wire fraud is highly sophisticated
      • BEC San Diego Federal prosecutors will not take a case with losses under $400,000.
        • This is a policy and process issue and is avoidable.
          • Install and implement processes within your organization that will help protect you against these attacks. It is really a social engineering problem.
  • Resource:
    • IC3.gov – Internet Crimes Compliant Center
      • Immediately go to the website and file your complaint.
      • A financial “kill chain” will be activated and you are more likely to get most of your money back.
  • Be Proactive:
    • Protect your crown jewels through encryption and limited access.
    • Conduct exit interviews to identify who may be a threat after they leave.
    • If you see something, say something.
    • Connect with the FBI quickly.
    • Know what you have that is valuable and protect it. Make sure proprietary information is clearly labeled.
Share with your peers: