Last September, the Justice Department indicted North Korean computer programmer Park Jin Hyok for allegedly participating in the 2014 cyber attack on Sony Pictures, stealing $81 million from a bank in Bangladesh in 2016 and the 2017 WannaCry 2.0 global ransomware attack. Park is accused of being a member of a state-sponsored hacking team known as the “Lazarus Group,” and while he faces 20 years in prison he remains free to practice his trade in his home country.
Such stories are becoming more commonplace in the wake of repeated cyber attacks by well-funded nation states. That’s why the National Counterintelligence and Security Center has launched the “Know the Risk, Raise Your Shield” campaign to warn companies in the private sector of the threats they face.
“Make no mistake, American companies are squarely in the cross-hairs of well-financed nation state actors, who are routinely breaching private sector networks, stealing proprietary data and compromising supply chains,” said NCSC Director William Evanina. “The attacks are persistent, aggressive, and cost our nation jobs, economic advantage and hundreds of billions of dollars. To enhance private sector awareness, we’re arming U.S. companies with information they need to better understand and defend against these threats.”
The NCSC, which is within the Office of the Director of National Intelligence, considers itself “the top source for counterintelligence and security expertise and a trusted mission partner in protecting America against foreign and other adversarial threats.” NCSC is also home to the National Insider Threat Task Force.
Campaign materials, which include videos, posters, brochures and fliers, can be found on NCSC.gov. The advice includes strengthening your passwords, locking down social media accounts, deleting suspicious emails, knowing who you’re talking to and not expecting data privacy while traveling.
Specifically, the NCSC is advising that:
- Corporate supply chains are growing targets of foreign intelligence entities, who infiltrate corporate defenses that use less-secure suppliers and vendors. Know your suppliers, the equipment and services they provide, and their service providers.
- Never click on suspicious links or attachments, particularly from unverified or unknown sources.
- While traveling overseas, Wi-Fi networks are regularly monitored by security services and others who can hack into devices. Keep your devices with you at all times and know that leaving it in the hotel room is a risk.
Among the materials in the campaign is a short film intended to educate American academia on being targeted by foreign countries: