Hack­ers are tar­get­ing start-ups. Are we pre­pared?

Popular Mechanics (South Africa) - - Contents - Kevin Dupzyk

LOST IN THE DIZZY­ING ES­CA­LA­TION of multi­bil­lion-dol­lar tar­iff de­crees is the fact that there ex­ist other ways to crip­ple in­ter­na­tional trade. Bill Pri­estap, as­sis­tant di­rec­tor of the FBI’S coun­ter­in­tel­li­gence di­vi­sion and a 20-year vet­eran of the agency, says cor­po­rate es­pi­onage has moved be­yond spy-ver­sus-spy and into the realm of busi­ness­men, sci­en­tists, and aca­demics – and that it may in­creas­ingly tar­get smaller com­pa­nies that don’t have a se­cu­rity ap­pa­ra­tus built in to their busi­ness plan. –

POP­U­LAR ME­CHAN­ICS: Which in­dus­tries are the main tar­gets of es­pi­onage by for­eign coun­tries?

BILL PRI­ESTAP: China has this ef­fort called Made in China 2025, in which the Com­mu­nist party has iden­ti­fied ten ar­eas in which they want to be­come more self-suf­fi­cient. Things such as ar­ti­fi­cial in­tel­li­gence, ro­bot­ics, biotech­nol­ogy, en­ergy, aero­space [which are all in­dus­tries fre­quently tar­geted by for­eign agents]. So, if you are a world-lead­ing busi­ness – and I don’t care what your busi­ness is – it is likely you’re be­ing tar­geted by a for­eign ad­ver­sary, and it is likely you are be­ing tar­geted by China. PM: A lot of the in­dus­tries you’ve men­tioned are start-up-driven. BP: Be­fore, it was just the largest of the large with the ca­pa­bil­ity to be the great­est in­ven­tors. To­day, more and more ex­tremely ca­pa­ble peo­ple drop out of col­lege or grad school and start a com­pany that can take off and be a world-beat­ing tech­nol­ogy. And whereas large com­pa­nies are very fa­mil­iar with global risk, start-ups don’t of­ten think of things from a se­cu­rity per­spec­tive. They have to make it part of their de­ci­sion-mak­ing as a young com­pany: How do we best se­cure our unique ideas?

PM: Es­pi­onage cases re­gard­ing big com­pa­nies have been seen in the me­dia. How about start-ups? BP: I don’t have as many ex­am­ples of start-ups be­ing taken ad­van­tage of. One rea­son I’m con­vinced that is the case is be­cause, in my ex­pe­ri­ence, the start-ups aren’t think­ing about their se­cu­rity and pro­tec­tion writ large. And as a re­sult, I be­lieve, most start-ups aren’t iden­ti­fy­ing the prob­lem like some big­ger com­pa­nies would. The bot­tom line is that the FBI doesn’t get as many leads or re­fer­rals from start-ups as I think are cur­rently be­ing tar­geted. PM: When there is a re­fer­ral, how does an in­ves­ti­ga­tion un­fold? BP: We try to un­der­stand the value of the item or in­for­ma­tion that’s

tar­geted. That eval­u­a­tion isn’t just made on po­ten­tial mon­e­tary value, but also ap­pli­ca­bil­ity. Could it be used in mil­i­tary com­po­nents that would give our coun­try a dis­tinct strate­gic ad­van­tage? An­other thing we take into ac­count is the will­ing­ness of the com­pany to work with us. Of­ten, as­sist­ing us will mean not do­ing any­thing. Fir­ing the sus­pect isn’t al­ways con­ducive to al­low­ing us to do what we need to do.

PM: So what se­cu­rity mea­sures do you rec­om­mend at small com­pa­nies? BP: Des­ig­nate some­one as the lead se­cu­rity per­son. This can­not be an af­ter­thought. The other thing I would sug­gest is, think hard about what the valu­able as­sets truly are. Some­times that’ll be an em­ployee with spe­cial tal­ents or spe­cial knowl­edge that makes that com­pany unique. It’s not al­ways just in­for­ma­tion on a com­puter, or some wid­get that was pro­duced.

PM: Start-ups of­ten op­er­ate in in­for­mal ways – co-work­ing spa­ces, staffing up with univer­sity stu­dents. Are there se­cu­rity im­pli­ca­tions to this?

BP: In re­gard to co-work­ing-type spa­ces, it would stand to rea­son that there are. There are a lot of dif­fer­ent peo­ple and a lot of dif­fer­ent or­gan­i­sa­tions all in one fa­cil­ity. It all comes down to what com­pany you are rent­ing from. What are the se­cu­rity pro­to­cols in place? When it comes to hir­ing peo­ple, what is the vet­ting process? You can spend a whole lot of money on this, but you don’t have to. You can have more peo­ple you trust in­ter­view the ap­pli­cant. You can re­quire more ref­er­ences. We’re see­ing more peo­ple check on so­cial-me­dia ac­counts. The last thing I’d say is that there are ways to phase in ac­cess over time as you get to know em­ploy­ees. Just be­cause some­body starts at your com­pany doesn’t mean you have to give them full ac­cess to ev­ery­thing you’re do­ing im­me­di­ately.

A Q&A WITH: BILL PRI­ESTAP, as­sis­tant di­rec­tor of coun­ter­in­tel­li­gence, FBI

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.