HUNTSVILLE, Ala. – On Monday morning, President Biden and Western allies formally faulted China for the Microsoft Exchange email server hacks earlier this year. The Justice Department announced its charges against four Chinese individuals who prosecutors say were working with the Ministry of State Security.
The hack, which happened last spring, was caused by an email that was sent out to many users prompting them to click and go to a fake update.
“There was a virus attached to it and allowed the compromise of a great deal of information, personal identifiable information, intellectual property, trade secrets, and things like that and that’s all traced back to China. We knew it then and that’s just been confirmed with the administrations actions today,” Town said.
Former U.S. Attorney and now Vice President and general counsel of Gray Analytics, Jay Town says things like this can easily be mistaken for a company link. The four hackers who are charged with cyber crimes are being accused of stealing trade secrets and confidential business information.
“The threats to our national security and to our economic security are immense and those threats are primarily coming from the countries of China and Russia,” Town told News 19.
While many may think that hacks like this only happen in the defense industry, Town says it affects medium size businesses and even schools.
“They are after all of it, all 10 sectors of our economy. China and Russia both would be perfectly happy to steal all of our ingenuity, all of our trade secrets and intellectual property so that they don’t have to conduct R and D. They can just start building and competing. They can rob, replicate and replace American ingenuity in a world marketplace,” Town said.
It’s not always breaking into a specific code or some extremely advanced technical attack that’s the culprit. About 90% of those cyberattacks come from what’s called, “employee click events,” which is when an employee mistakenly clicks on a link that is from an unknown sender.
“Since we were you, we’re told, ‘don’t talk to strangers,’ and the same goes for opening emails from senders you don’t know,” he added that corporations properly training their employees and having plan in place for if and when it does happen is key.
“But, you also need to know who to call, do we call the local authorities, do we call the FBI, do we have a company like Gray Analytics that can respond in a bait and remediate a hack or a ransomware attack and do so immediately and try to return our system,” Town said.
Time is of the essence when cyberattacks and maturing your cyber environment is vital Town says. That means being engaged in detection like training employees to look for signs and being responsible if there is a breach or having a system that can detect breaches in real-time.
Town added that he commends the Biden administration and the executive orders that were put in place by the President in May along with the recent actions of the Commerce and Justice department in the last week, “Show me a very ethical and responsible way of dealing with these attacks,” Town said.