Know Your Enemy Before He Strikes
Risk Management ▶ Keeping tabs on rivals may help companies foil attacks ▶ “All this time we’ve been focused on the technology layer”
Jeffrey Johnson has the stamp of a military man, perhaps as a result of his early career in the U.S. Navy. The part in his hair might as well have been drawn with a ruler; his shirt is tucked as tight as a hospital corner. He looks slightly incongruous striding around his downstairs den in suburban Virginia in his socks and eating Chick-fil-a takeout, as he explains why Squirrelwerkz isn’t just another cybersecurity startup.
His contention is that hacking isn’t a technical issue: It’s a business and competitive issue, and that’s how companies need to approach it. “All this time we’ve been focused on the technology layer, but it’s just a means to an end,” he says. “What we forgot to do was to focus on the business transactions.” Johnson began doing just that as a cyber-risk specialist at EY (formerly Ernst & Young). In 2012 he was called in to examine a breach at a U.S. chemical company. An earlier investigation by the FBI concluded that Chinese hackers had penetrated the company’s network using a phishing e-mail and gained control of servers in Germany and Canada for two months.
As Johnson began digging into the company’s business plans and operational data, it became clear the damage was more extensive and insidious. He uncovered evidence that the hackers were intercepting inbound orders, as well as outbound e-mails with price quotes and other terms. They also tampered with the ordering system for raw materials, causing production delays, and made off with valuable research related to a line of environmental products.
The likely beneficiary of all the malicious activity emerged, Johnson says, when a Chinese firm made a lowball offer for the U.S. company after its performance began faltering. He says the business “has no way of recovering. You’re literally stealing the future.”
Johnson left EY in July and runs Squirrelwerkz out of his house. (On Linkedin, he lists his current position as Chief Squirrel.) He’s assisted by five analysts scattered across the country. They closely track the activities of Chinese “national champions,” strategically important companies that the Chinese government supports through overt and covert means. Johnson’s analysis has uncovered a correlation between cybercampaigns targeting international heavy equipment makers and spikes in patent filings by a pair of those companies’ Chinese rivals beginning about 10 years ago. Neither had much research and development spending to support the sudden innovation, or capital expenditure to support their rapid growth, according to Johnson. Squirrelwerkz’s model flags that kind of anomaly, including overlapping intellectual property, and can offer recommendations on responses, such as challenging the IP claims.
Johnson says his approach simplifies things. Instead of defending against everyone, companies identify the two or three competitors most likely to target them. Individuals, whether an executive at a partner company or an engineer at an acquisition target, are assigned a risk score based on career history and links to institutions in China that may support hacking and IP