US companies urged to raise their shield against foreign security threats

The US National Counterintelligence and Security Center (NCSC) has released new set of educational tools to help private sector businesses better protect themselves from cyber-attacks by nation-state actors.

The government organization announced yesterday it is making available videos, brochures, and other materials, as it ramps up efforts to protect American companies from malicious foreign intelligence agencies.

NCSC director William Evanina said: “Make no mistake, American companies are squarely in the cross-hairs of well-financed nation-state actors, who are routinely breaching private sector networks, stealing proprietary data, and compromising supply chains.

“The attacks are persistent, aggressive, and cost our nation jobs, economic advantage, and hundreds of billions of dollars.

“To enhance private sector awareness, we’re arming US companies with information they need to better understand and defend against these threats.”

The materials – launched in a campaign dubbed ‘Know the Risk, Raise Your Shield’ – include informative videos about spear phishing attacks, social engineering, and supply chain risk management.

Also included are posters and flyers aimed at engaging and educating private sector employees.

Commenting on the initiative, Sam Curry, chief security officer at Cybereason, said: “We live in a world where businesses today have a much harder task of keep adversaries at bay because of the increasing network attack surface that security teams have to monitor.

“I welcome the NCSC’s new campaign to educate businesses and it is indeed good news.

“But the real weak link for any business is its employees that regularly fall victim to phishing scams, open attachments from unknown parties and visit suspicious websites. And until we change human behavior the hackers will continue have the upper hand.

“As an industry we have come a long way and making cybercrime unprofitable for hackers is achievable if businesses use the right tools and deploy the right strategy.”

Mission objective

This latest push comes just a month after the US indicted two Chinese nationals for global computer intrusion campaigns targeting more than 45 US tech companies and government agencies.

In September last year, a North Korean state-sponsored hacker was charged for the WannaCry ransomware, which downed organizations and companies worldwide, as well as the spear-phishing attack on Sony Pictures.

And in March 2018, the US warned against Russian state-sponsored activity, after charging nine Iranian nationals for a campaign targeting more than 144 US universities.

The UK has also stepped up efforts to inform private sector businesses, recently releasing a report (PDF) warning law firms about the threat of nation-state attacks.

In the report from the UK’s National Cyber Security Centre (also NCSC), the biggest identified threats – phishing, data breaches, and ransomware – are laid bare, with advice on how to prevent such an attack.

Some have criticized Britain, however, for not doing enough – especially given that just months ago, NCSC director Ciaran Martin singled out Russia as a major threat to UK government and businesses.