Chinese spies are targeting disgruntled workers within U.S. corporations, warns national counterintelligence head Michael Casey
- The U.S. and its companies needs to prepare for the possibility of more cyberattacks from an increasing number of threat actors across the globe, and China is the biggest one.
- CEOs need to be aware that China is targeting disgruntled employees who can be recruited to steal data or IP.
- Michael C. Casey, director of the National Counterintelligence and Security Center, said at the CNBC CEO Council Summit on Tuesday that he is “stunned by the number of companies that have no concept of their insider threat.”
The U.S. needs to prepare for more cyberattacks from an increasing number of threat actors across the globe, with China being the biggest one, said Michael C. Casey, director of the National Counterintelligence and Security Center.
China is “by far the most prolific actor out there and the one coming after us across the board and in the hardest way possible,” he said at the CNBC CEO Council Summit in Washington, D.C., on Tuesday.
Casey said there has been a 100% increase in cyber incidents and ransomware demands across the board. Over the years, he said, China realized that America’s advantage in the world was technology and that made it a huge target. And it won’t stop, “because it works, because they keep succeeding,” Casey said. “China has published their list of desired technologies and then they go get it and it works.”
Among the threats that CEOs need to have on their radar when it comes to any IP threat is a rise in the use of what he called “human assets.” These are people within organizations that can be recruited to steal IP, data, or whatever the bad actor is targeting.
Given that CEOs and others in the C-suite can’t keep track of every employee conversation and interaction around the globe, Casey told CNBC Senior Washington Correspondent Eamon Javers that the best course of action to stop nation states from recruiting human assets is to deploy a layered defense.
“A CEO needs to really look at what secrets a company wants to protect and then who needs to have access to that information,” he said.
Another issue to focus on is the potential for employees to become human assets in the first place. “These are the employees who are having money problems, marital problems that someone can take advantage of,” Casey said. That’s why there needs to be a program in place to identify these employees and get them the help they need. “I’m stunned by the number of companies that have no concept of their insider threat,” he added.
Another issue that CEOs are dealing with is fear of alienating the tech talent they need, which often is comprised of people of Chinese descent.
“The PRC is an authoritarian state and there should be no confusion between that and Chinese Americans and people of Chinese descent,” Casey said. “In some cases, they are vulnerable because they have relatives at home, but companies should know how to make the distinction.”
The best strategy for CEOs is to share information with the public sector. “If you don’t know your local FBI representative, you’re doing something wrong,” he said.
And with China and Russia already targeting critical U.S. infrastructure, such as water supplies, CEOs must run worst-case scenario drills should these systems be taken down.
“Leaders need to know what they would do if the worst thing happens,” Casey said.
No comments:
Post a Comment
Comments always welcome!