London, 26 January 2012: International information security expert Lieutenant Colonel (Ret'd) William Hagestad II is today warning UK businesses could fall victim to cyberattacks from China unless they improve their cybersecurity.
Speaking at Cyber Defence & Network Security 2012 in London, Hagestad said: "The threat of Chinese cyberwarfare cannot be ignored. Cyberattacks are a clear and present danger to the experienced and innocent alike and will be economically, socially and culturally damaging for the nations targeted."
Hagestad continued: "China is using and will continue to use state-sponsored cyberwarfare to promote the nation's own imperialistic national interests. The US has been a target for Chinese cyberterrorists and the UK, as a long-term American ally, will be next in the sights of the Chinese. The UK business community will be a likely target because of the role businesses play in supporting the country's economy. Businesses should be putting proper measures in place to protect employees, clients and internal networks from attacks.
"Businesses throughout the country must improve their cybersecurity and the government should be taking the lead on this objective," Hagestad added. "The UK government has been proactively researching this particular issue and trying to encourage businesses to improve their cybersecurity, given the number of businesses in the UK which retain sensitive data relating to customers and internal plans, procedures and projects. Through a combined public, private and academic partnership, the UK and other countries can move towards defending against an advanced persistent threat such as that of the People's Republic of China."
Hagestad continued: "Advanced persistent threats, or APTs, are coordinated and sophisticated attacks often carried out by state-level entities. The goal of an APT is not to bring down a business but to stay embedded and suck out information at a slow, undetected pace. The ever-evolving, strategic nature of these attacks means it is imperative businesses have the latest strategies in place to defend themselves. The government must do more to make businesses aware of the threat faced by APTs and businesses must ensure they have the proper cybersecurity strategy in place. ISO27001 is the international best practice for protecting information assets from cyberattacks, and the sooner companies comply with ISO27001, the sooner they will be secure."
Hagestad concluded: "The threat from Chinese cyber attackers is very real, and without the correct measures in place, the consequences could be disastrous for the UK's business community and the country itself."