Hacker Hot Button: Corporations Mum As Cyber-Attacks Increase

Corporations in the US and Europe are experiencing a worrisome increase in cyber attacks - but rather than share information, they are keeping mum about it. The primary reasons for the silence are a)that they dont want the hackers to know what they know and b) most of the attacks appear to be originating in China. Given the importance of that country to their expansion plans and the sensitivity of the Chinese government to any accusation that they may be sponsoring or encouraging such attacks could affect the companies' commercial prospects. The problem is that companies may be losing important intellectual property while they struggle to figure out how to contain the menace. That may be offset by the education they are getting in how the attacks are mounted. The affected governments have also been discreet, suggesting that a massive cat-and-mouse game is being played out. While the business issues are significant, it pales by comparison to the lessons being learned should a shooting cyberwar ever be launched.

Eric Sherman reports in BNet:

"More than a dozen major corporations have been targets of Chinese hackers out to snag intellectual property. Only some emails that other hackers ironically took from a security consultancy brought this to light.

Corporations have long been loath to air their security issues in public. But given how many have witnessed major attacks that all come from China, perhaps it’s time to drop secrecy and get companies and the government working together to solve what is obviously a serious problem.

The list of attacked companies includes DuPont (DPT), General Electric (GE), Johnson & Johnson (JNJ), Walt Disney (DIS), and Sony (SNE). All had kept mum about their problems.

Why execs keep their lips zipped

It’s not unusual for corporations to keep security breaches secret. They fear that giving away such information could possibly provide a competitive advantage to their rivals, encourage other attacks, make them a target for cyber extortion, and cause customers and shareholders to trust them less.

No wonder on that last item. Executives always have better things to do than consider security. From what risk management consultants have told me, even large corporations privately shrug off the potential for losing information because the quantifiable cost is so small compared to overall revenues that most consider it immaterial. That’s another way of saying that the companies don’t have to admit publicly to shareholders that there is a problem.

A pattern emerges… and it’s not pretty

However, they’ve had a problem for some time, and a clear pattern has developed over the last few months in which hackers based in China mount long campaigns of cyberattacks against large corporations to obtain intellectual property. In January, Google (GOOG) announced that it lost proprietary information thanks to cyberattacks from China. Just last month came word that Chinese hackers had stolen information from oil companies for well over a year.

The only reason this latest attacks came to light is because the hacker group Anonymous broke into the systems of security consultancy HBGary and grabbed tens of thousands of emails — the same emails that appeared to link the U.S. Chamber of Commerce to a dirty tricks plot.

This sure looks like a concerted effort — possibly one directed by the Chinese government, if you consider what Britain’s MI5 warned about in 2007. This is no time for companies to hide their heads in the sand. Only cooperation and better dedication to protecting vital information will keep from hackers at arm’s length — and out of the hands of competitors.