Ironically, QinetiQ won a bid to consult with the Department of Defense on cyber-threats.
Denials by the Chinese government have been less than convincing, given the thoroughness of the report released by security firm Mandiant.
State-sponsored cyberattacks have become more common in recent months. These attacks can be particularly difficult for a company to defend against, since the resources of a state sponsor can swamp an individual security department. Even with that, most attacks can be defended against by following basic security principles like the 20 controls recommended by SANS. The US CERT has released 31 guidelines to protect against a broad range of attacks.
In the case of QinetiQ, for example, two-factor authentication would have protected against the most damaging hacks, if it had been implemented.
UPDATE: The Pentagon has directly accused the Chinese government of cyber-spying. The Chinese response:
Although it is common sense that you cannot determine sources of cyber attacks only through IP addresses, some people in the Pentagon still prefer believing they are from China as they always bear a sense of rivalry. It is an allegation based on presupposition.
No comments:
Post a Comment