Sunday, January 17, 2010

The New Era of Government Sponsored Cyber Warfare

The world has changed forever. Cyber warfare has reach new heights with initial reports confirming that the attack on Google, Yahoo, Adobe, Juniper and at least 31 other companies were sponsored by the Chinese Government (see report: Verisign iDefense IDs Chinese Government ).

The sophistication of the attacks has stunned everyone including Carlos Carrillo, the consultant who helped do the investigation for Google and security firm MacAfee. With details emerging, it is no wonder that Google is considering pulling out of China. Government sponsored attacks on Companies at this level are unheard of and given the number of companies targeted, executives must realize that the very survival of their enterprise hinges on making some fundamental changes in their approach to corporate security.

These attacks weren't just probes, the hackers were trying to get access to source code, which is what products and software services are based on. One who has access to source code can copy it, change it and make a new product or service.  News of this should make any rational business person shake their head in disgust. It means that it is now all out cyber warfare and a different approach to defensive measures must be taken.

So what does one do in the short term? Since every version of Internet Explorer is vulnerable to this kind of attack and since no enterprise can guarantee that users will reset their browser settings to high security, the simplest approach is to remove Internet Explorer from all corporate PCs and all personal PCs that access the corporate network. Mashable reports on that exact recommendation that the German Government just issued.

CIOs can't wait on this. This screams for immediate action. No one wants their career to be marked by the story of how the crown jewels (aka source code) of the company they worked at were stolen because a bad browser wasn't replaced. That is just the first step. Realizing that governments are using multi-stage cyber attacks means that new guidelines and procedures must be employed.

1 comment:

  1. IM is the culprit....