[vc_row css_animation=”” row_type=”row” use_row_as_full_screen_section=”no” type=”full_width” angled_section=”no” text_align=”left” background_image_as_pattern=”without_pattern”][vc_column][vc_row_inner row_type=”row” type=”full_width” text_align=”left” css_animation=””][vc_column_inner][vc_column_text]
Key Takeaways from Cybersecurity: What Directors Need to Know and What They Should be Asking
[/vc_column_text][vc_empty_space height=”25px”][/vc_column_inner][/vc_row_inner][vc_row_inner row_type=”row” type=”full_width” text_align=”left” css_animation=””][vc_column_inner][vc_column_text]FBI Goals for the Event:
- Make the business community more aware of potential threats
- Proactively engage and build relationships between business community and FBI
- Provide information to help make risk assessments for your organizations
- Make business community aware it is okay to contact the FBI even if you don’t have a cyber event
General Information:
- Threats can come from anywhere, but the most common foreign governments involved are China, Russia, Iran and North Korea
- They are looking to steal IP, valuable assets and technology
- This does not have to be done via cyber attacks. An example is a person in a business suit stealing seeds on a farm that can lead to millions lost because of the access to intellectual property found in the seeds themselves.
- They are looking to steal IP, valuable assets and technology
- Risks:
- Determine what your risks are and how you are protecting your company.
- This is an ever-changing process, making it a “Year Round Dynamic Process.” It should never leave an organization’s line of sight.
- Collaborate with the FBI to see the full picture of threats. The relationship between the business community and the FBI is symbiotic. Both groups will benefit.
- Develop this relationship prior to an issue/ event.
- This may require a culture change across industries to build proactive relationships with the FBI at the company’s highest levels.
- Develop this relationship prior to an issue/ event.
- Economic espionage is costing the U.S. economy $225 – 600 billion dollars.
- Companies can collapse as a result of having intellectual property stolen.
- Determine what your risks are and how you are protecting your company.
- Executives:
- Recognize you are a target! As an executive, you are being targeted as an individual, particularly if you are traveling to China.
- Be aware:
- Pay attention to whether or not you are continually assigned the same hotel room? This is a red flag.
- Privacy is different in different countries. Be careful what you receive, unrequested (ie- a thumb drive).
- Being asked to download a specific application may be problematic.
- Using burner phones and laptops is a good idea when travelling outside the United States.
- Detailed security briefings are available through the FBI.
- Be exceptionally careful if you go to a foreign country where you are using intellectual property.
- Remember that many threats are legal, overt activities in other countries.
- Food for Thought for Boards:
- A retired federal agent or other government official on your board will allow you access to more information.
- Having a Chief Information Security Officer on your board may also be beneficial and will keep the topic of security top of mind.
- China:
- Thousands of hackers are working to steal your information.
- Their goal is to be the global superpower by 2050.
- China uses a 5-year plan as a government strategy (essentially a business plan) to strengthen its country and continually updates it.
- Target Industries in which China is focusing between now and 2025: IT, Robotics, Aerospace, Marine Engineering, Energy Efficient Automobiles, Agriculture Equipment, Biomedical Instruments and Medical Devices.
- If your industry is represented, you especially need to start developing a relationship with the FBI.
- China has a law that requires China based entities to comply with intelligence services within China.
- Common threats:
- Ransomware
- Business E-mail Compromise (BEC)
- Wire fraud is highly sophisticated
- BEC San Diego Federal prosecutors will not take a case with losses under $400,000.
- This is a policy and process issue and is avoidable.
- Install and implement processes within your organization that will help protect you against these attacks. It is really a social engineering problem.
- This is a policy and process issue and is avoidable.
- Resource:
- IC3.gov – Internet Crimes Compliant Center
- Immediately go to the website and file your complaint.
- A financial “kill chain” will be activated and you are more likely to get most of your money back.
- IC3.gov – Internet Crimes Compliant Center
- Be Proactive:
- Protect your crown jewels through encryption and limited access.
- Conduct exit interviews to identify who may be a threat after they leave.
- If you see something, say something.
- Connect with the FBI quickly.
- Know what you have that is valuable and protect it. Make sure proprietary information is clearly labeled.
[/vc_column_text][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row]