In our last blog, we briefly touched upon the Bloomberg report claiming that the Chinese government may have put spy chips on motherboards supplied to western companies (Google, Apple and Amazon were cited).
The sh*tstorm that this report has kicked off is enormous. The vendors are denying it, apparently backed by Government but Bloomberg are still confident about the piece in the face of massive criticism, continuing to take the matter forwards.
Far be it for us to say where the truth may lie. Perhaps a disinformation exercise to discredit China (you know, just like the Russians, Iranians and Chinese use to manipulate and discredit the lives of others), or perhaps it could turn out to be true. We wait to see the evidence.
What we can be absolutely sure about is that the stakes (Nation State wise) are high and are currently being played out with a small public window into the melee.
This week has seen the exposure that the World’s largest CCTV manufacturer Xiongmai (by an absolute coincidence from China, surprise!) can be easily compromised to spy on you, used as botnets and be repurposed as laser death weapons (that one is not true, yet) etc.
The esteemed Brian Krebs has taken the time to write up this very thorough piece on the issue.
Which brings us to the crux of the matter. In this world where it is very clear that dark forces are at work, one in which it would appear that your agents can get away with travelling across the world to poison someone, without regard for your morals or invite them into your embassy and vanish them piece by piece, it is very clear that we cannot underestimate the will, capability or scale of activity. It is beginning to make spy swaps on bridges in Germany look like amateur dramatics (ok, ok).
At our bi-annual Cyber Security council this week, we heard from very experienced senior Government and Military speakers about the risk of collateral damage from this on-going escalation. The impact on the NHS of WannaCry, the NotPetya disaster that struck Maersk and Reckitt Benckiser, were referenced, no biggies!
So, what can we do? We need to be aware of our estate and understand what condition it is in. We need to be prepared to act quickly either manually or automatically when the balloon goes up.
As luck would have it, in addition to the Big Chiefs, ITC has a highly skilled and committed team, together with technology and processes, which, might, just might, make your word a safer place.
We would love to take the time to discuss the potential impact of Global cyber activity on your business, if you would like a briefing or some advice, please contact us at: [email protected] or call 020 7517 3900.
In other news, Microsoft and Adobe released patches for pretty much everything. You know what to do, don’t you?
