Friday 19 June 2020 11:44 am

As China gears up on the cyber offensive, we need herd immunity to boost our national resilience

Andrew is co-founder and chief strategist at Assured Cyber Protection

With a GDP of $13.5 trillion, dwarfing Britain’s by almost $12 trillion, China is the third most economically powerful country in the world after Russia and the US — for now at least. 

And as the coronavirus outbreak disrupts the world in a way not seen since the Second World War, China is seeking to improve its position. 

Over the past 10 years, the widespread pastime of hacking in China has gradually come to light. 

Though the activities of several hundred thousand hackers are allegedly not endorsed by the Chinese government, coincidentally they share the same interests — the so-called “Chinese hacker army” presents a clear and present threat to every business outside China.

Now, the Covid-19 pandemic has presented a formidable cloak from behind which China is delivering state-sponsored cyber attacks. As “have-a-go fraudsters” use the coronavirus outbreak as an opportunity to dupe and coerce unsuspecting individuals to part with their cash for one scam cause or another, it seems that China’s state-sponsored hackers are going one step further, weaponising coronavirus data to deliver attack payloads.

The most recent state-sponsored attack targeted the Mongolian public sector with a malware-laced document that purported to come from Mongolia’s Ministry of Foreign Affairs. The attack, which plays on the invariable vulnerabilities of humans, uses social engineering methods to deliver malware which starts the infection chain. A successful hack enables the attackers to take screenshots, remove or edit files, and remotely execute processes on the host computers.

The Chinese hacker group “Vicious Panda”, attributed to this attack, used the time while the rest of the world was imposing lockdown restrictions to develop its arsenal of cyber weapons. While everyone else was grappling with the challenges of lockdown, the Chinese were capitalising on it. 

This is not a new idea. Some of the best attacks in history have used ruse and “sleight of hand” tactics — and as the focus turned to dealing with a major pandemic, the Chinese launched a major cyber offensive. And the rest of the world should be on high alert.

So what should Britain be doing? In short, we should be taking cyber security much more seriously.

As the chancellor gears up to make seismic promises around investments in British infrastructure next month, there is a question on whether there will be anything meaningful to improve the nation’s cyber resilience. While all eyes will be on rebuilding a nation in the throes of a recession, the government must be mindful to consider its flanks.

According to the Department for Digital, Culture, Media & Sport, the government body charged with governing the nation’s cyber security, almost one in every two businesses in the UK suffered a cyber attack in the last year. Other reports suggest a more serious number and a concern that more companies were attacked but just don’t know it — yet. 

The department’s recent announcement about new legislation to strengthen consumer internet of things security on the back of its Secure by Design Code of Practice is comforting and a step in the right direction. But is it enough?

As Honda joins British Airways and Easyjet on the list of major organisations to be hacked, one may well question what more should be done to protect British infrastructure. The UK’s financial services industry presents a valuable target, sitting as it does in the top five of industries most vulnerable to cyber attack. 

In fact, breaches in the sector have more than tripled in the last six years, and with the average cost of a breach costing in excess of $18m, it is the hardest hit of all verticals. The lack of trained cyber professionals is a real area of concern for the industry, and is an issue that the government must address. 

Of course, no one is suggesting that all these attacks came from China. And nor is this a new problem — cyber has been a key area of vulnerability for some time. But the sudden increase in the threat level from Chinese hackers in particular should be a warning sign. Investment must be directed at the nation’s core vulnerabilities and not just paper over the cracks.

Now is a more important time than ever before to build on a herd immunity that increases national resilience to cyber attack. As China gears up on the cyber offensive, others may follow, and the UK may find itself way behind the power curve. 

If Britain wants to maintain its position in the world order, the time for loitering in the margins is over.

Get City A.M. columnists’ views delivered straight to your inbox in our daily Midday Update newsletter.

Main image credit: Getty

City A.M.'s opinion pages are a place for thought-provoking views and debate. These views are not necessarily shared by City A.M.