2023 Calendar

The Need for an Enterprise Top Down Security Strategy

The Need for an Enterprise Top Down Security Strategy

By Rex M. Lee

Since the U.S. government is both unable and seemingly unwilling to protect U.S. corporations and private businesses from nation-state threats, it is incumbent upon board members and senior executives to be at the forefront to a top-down Intelligence, security and privacy strategy that includes corporate counter intelligence and wargaming.

The fact is, companies from China and Russia have been wargaming to prepare for competition since the mid-90s when China officially launched their unrestricted hybrid warfare campaign against the west.

This means that corporations from China and Russia are proactive regarding competition and are willing to use unrestricted hybrid warfare strategies to compete, and historically they intentionally do not compete by the rules, according to FBI Director Christopher Wray.

According to Mr. Wray, the FBI-MI5 partnership between the U.S. and UK announced in July of 2022, is based upon the collaborative experience of these agencies, regarding China and business competition: 

“The Chinese government is set on stealing your technology — whatever it is that makes your industry tick — and using it to undercut your business and dominate your market… They’re set on using every tool at their disposal to do it…We’ve even caught people affiliated with Chinese companies out in the U.S. heartland, sneaking into fields to dig up proprietary, genetically-modified seeds, which would have cost them (U.S. company) nearly a decade and billions in research to develop themselves.”

Despite these quotes by Wray, the U.S. government is still enabling companies from adversarial nations to conduct lobbying efforts in the U.S., while the U.S. government enables Google, Apple and Microsoft to actively distribute intrusive Chinese and Russian apps that can be considered “legal malware”, developed by companies that include ByteDance (TikTok- China), Tencent (WeChat-China), Baidu (Android Apps- China), and Prisma Labs (Android Apps- Russia).

If your company or organization is not proactive regarding intelligence, security and privacy, your company is vulnerable to numerous security threats, attacks on networks/critical infrastructure, and the theft of confidential data/IP conducted by nation-state actors, including bad actors associated with criminal networks/cartels.

Today, companies also need to include a “cloud exit strategy” centered on confidential information, connected devices (smartphones, tablet PCs, & IoT devices) supported by network/critical infrastructure. The cost of data storage has come down to a level that companies should now consider on-site data centers specifically centered on critical infrastructure to protect confidential information, IP and endpoint devices.

In closing, countries such as India are banning intrusive connected technology, including apps, from China.  The German government instituted the use of typewriters and paper for highly confidential information dating back to 2014 considering threats posed by today’s connected world.

Unfortunately, corporations, private businesses or government agencies can no longer depend on lawmakers to protect their confidential information/IP or networks, or even critical infrastructure. China has been allowed access to influential lobbying groups in Washington, and given undue access at the highest level of government in setting policies that are ultimately cyber threats to all of these entities and citizens. 

US companies can no longer afford to be reactive to all threats concerned, including cybersecurity threats. At an average cost of $4.5 million dollars per corporate or government data breach, it is important that companies, organizations and government entities implement best practices, including proactive measures, to address threats posed by nation-state adversaries, bad actors, and today’s connected world.

Rex M. Lee is a Privacy and Cybersecurity Advisor, Tech Journalist and a Senior Tech/Telecom Industry Analyst for BlackOps Partners, Washington, DC. Find more information at My Smart Privacy, www.MySmartPrivacy.com