Companies can minimize their vulnerability by developing a breach response plan and teaching employees rather than panicking when an attack occurs, experts say.
(TNS) -- Rather than trying to fight off hackers on their own, corporations should work with the government so it can bring more cases such as the indictments filed earlier this year against Chinese military hackers and Russian computer criminals, federal prosecutors in Pittsburgh said Tuesday.
James Kitchen, an assistant U.S. attorney for Western Pennsylvania, said prosecutors can go beyond bringing charges by seeking diplomatic pressure and trade sanctions against foreign attackers. He was among several speakers to about 100 business leaders and lawyers during a cybersecurity conference at K&L Gates, an international law firm based Downtown.
“We can provide valuable information to you that we have gathered,” Kitchen said. “And we can pledge to you that we are going to chase the individuals who are behind it and put them in jail — in some jail, somewhere, whenever we can.”
K&L Gates represents companies that have been attacked, but it also deals with attempts by hackers seeking to infiltrate the company's own computer systems at times, spokesman Mike Rick told the Tribune-Review. He reiterated a previous statement to the newspaper that the company has not determined that its client information ever has been taken.
Kitchen explained how the government believes Chinese hackers operate by showing a hypothetical attack against K&L Gates on a large display screen at the front of the conference room.
David Hickton, U.S. attorney for the state's Western District, declined after the presentation to talk specifically about whether the law firm has been hacked.
Four of the five largest cyber attacks have occurred in the past 18 months, said Roberta Anderson, a K&L Gates partner based in Pittsburgh. She cited the ongoing computer breaches against Sony, saying the company might not emerge from them.
“The breaches are getting bigger,” she said. “They're getting more expensive.”
Companies can be more resilient by testing their systems, teaching employees and developing a breach response plan rather than panicking when an attack occurs, Anderson said.
American companies still make it too easy for hackers to come into their computer systems and steal secrets, said David Bateman, a K&L Gates partner from Seattle. Attacks primarily are coming from Asia — and China, in particular, he said.
“When the (hackers) come in and steal your (intellectual property) trade secrets, you are essentially out of business,” Bateman said. “We are really giving up some of the crown jewels of our intellectual property.”
Breaking into a corporate computer system can be as easy as getting just one employee to click on a fraudulent email that downloads malicious software, said David Kennedy, founding president of TrustedSec, a security company in Strongsville, Ohio, that hacks into company computer systems to expose their weaknesses.
“With technology, we can literally do anything we want to on the security side without any repercussions because no one knows where we come from,” he said. “What we're seeing is that companies right now are vastly unprepared.”
©2014 The Pittsburgh Tribune-Review (Greensburg, Pa.)