According to an intelligence report by security information company Mandiant, China sponsors APT1, a cyber security threat group that attacked US companies. Should businesses take the hint and pack up their IT systems back home?
China has been grooming itself to take a bite out of the global IT and BPO market. Its own IT and BPO industry is valued at $4 to $5 billion. Ten years ago, the country was expected to be the biggest threat to India in the IT outsourcing industry. Unfortunately, language issues and security concerns served as huge blocks to China's ambitions.
It looks like the country is not getting any break as it gets directly involved in cyber espionage, further highlighting the security risks of outsourcing IT services to China.
APT1
Mandiant traced a series of cyber attacks to APT1. It's a single organisation that has launched cyber espionage campaigns since 2006.
According to the intelligence report, APT1 is commonly known as Unit 61398 (its Military Unit Cover Designator [MUCD]). In classified terms, it's the third department of the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department (GSD).
APT1 hacked into 141 organisations and stole terabytes of data, targeting a wide range of companies from English-speaking countries. The report found that the group's infrastructure implies a large organisation, possibly backed by hundreds of human operators.
What Now?
Businesses which are already outsourcing to China is at risk, but then reports suggest that attacks can be done to anyone anywhere. The intelligence report also includes 3,000 indicators to help businesses against potential threats from APT1 and boost their defences.
Should You Stop IT Outsourcing and Offshoring Altogether?
While this presents the security risks that come along with IT outsourcing and offshoring, such attacks can be perpetrated by anyone from around the globe, even just around the corner. Recently, subscription-based information security provider Trustwave found that lack of diligence on both sides - IT buyers and service providers - leads to security breaches in outsourcing deals.
IT buyers should include security in their procurement process. They should also choose an IT service provider that has the knowledge and capabilities to deal with cyber attacks.
IT service providers should keep their client's IT security in mind, besides focusing on meeting their service level agreements.
No matter where your IT systems are, in-house or offshore, security shouldn't be taken for granted, given the technology we have today.
Post a Comment