The NCSC organized an effort as “Know the Risk, Raise Your Shield” to raise awareness on cybersecurity practices for businesses.
Cyber-Crime On A Rise
The Trump administration developed a public awareness campaign for the U.S. private sector. Their intention is to get businesses to better defend themselves against online threats that may attempt to obtain their sensitive data or wage supply chain attacks.
The National Counterintelligence and Security Center is in charge of this effort to improve security practices. At the very least, NCSC is urging all businesses to “review supply chain security, safeguard against spear-phishing emails, beware of social media deception and expect that, when traveling abroad, their equipment will be subject to surveillance or interference.”
“Know the Risk, Raise Your Shield”
The NCSC developed the effort as “Know the Risk, Raise Your Shield” by creating videos, posters, brochures, and flyers on their website. They aim to promulgate strategies to help protect data, assets, technology, and networks.
“To enhance private sector awareness, we’re arming U.S. companies with
informationthey need to better understand and defend against these threats,” says NCSC.
Release in July, the U.S. NCSC’s 2018 Foreign Economic Espionage in Cyberspace report singles out China, Russia, and Iran. As these are the largest nation-states known for their hacking abilities, they are a threat to the U.S. private sector. Laws in these states allow government agencies to compel firms to assist in their efforts.
“Make no mistake, American companies are squarely in the cross-hairs of well-financed nation-state actors, who are routinely breaching private sector networks, stealing proprietary data and compromising supply chains,” Evanina says. “The attacks are persistent, aggressive, and cost our nation jobs, economic advantage, and hundreds of billions of dollars.”
Nation-State Cyber Charges
NCSC pointed to the numerous charges that have been filed in the past 12 months against alleged nation-state hackers to warn private businesses to take information security more seriously.
- China: “In December 2018, the U.S. Department of Justice charged two Chinese citizens, associated with China’s Ministry of State Security, with perpetrating online attacks designed to infiltrate IT managed service providers, which serve large numbers of IT customers. It followed the Justice Department last October charging two Chinese intelligence officers and eight others with economic espionage.
- North Korea: In September 2018, the Justice Department charged a North Korean national with having helped perpetuate the WannaCry ransomware outbreak, the Sony Pictures Entertainment breach as well as the theft of $81 million from Bangladesh Bank.
- Russia: In June 2018, the U.S. government imposed sanctions on multiple Russian individuals and organizations for their alleged “destabilizing cyber activities,” including intrusions against the U.S. energy grid and global compromises of routers and switches.
- Iran: In March 2018, the Justice Department charged nine Iranian nationals with stealing more than 31 terabytes of data from 320 universities in 22 countries – including 144 U.S. institutions – as well as multiple businesses and government agencies.”
Shield Against Online Attacks
Spear Phishing Scams
Do not underestimate the power of a convincing scam email. Since a lot of private information can be found on social media platforms, getting someone to click a link or downloading an attachment has been made easy by adding a few personal details.
For instance, a hacker can find out who you work for on your LinkedIn profile and create an email to you, posing as your boss, requiring you to send back sensitive material, downloading an attachment with malware, or going to a malicious site.
Security experts say that spear-phish attacks are the entry point for the majority of hacks conducted by remote hackers.
Friending People on Social Media
Be sure to only add people you know personally on your social media platforms. It is recommended to limit personal information on these sites, or at least only viewable to your friends which you approved their request.
Foreign intelligence service recruiters use social media as a tool to their advantage. “China’s intelligence services use social media platforms to spot, assess and target Americans with access to business or government secrets,” NCSC warns. For instance, last year a Chinese intelligence operative posed as a job recruiter and approached a former CIA officer who was ultimately convicted of espionage.
Travel Without Devices
The NCSC insists to avoid traveling abroad with smartphones, laptops, and other mobile devices whenever possible.
“If possible, leave your electronic device at home,” NCSC says. “If you bring it, always keep it with you; the hotel safe isn’t really ‘safe.'”
The NCSC advocates that WiFi access points are typically montiored by domestic government agencies, spyware, or malicious software pushed to devices that connect to the network. The NCSC advises organizations to issue “burner” devices, especially to executives, with minimum functionality when traveling to foreign countries.
“When abroad, don’t expect electronic privacy,” NCSC concludes.
Original Article Found Here.