Chinese cybersecurity breaches drop 90%, but expert warns not to let guard down

Image: iStockphoto/weerapatkiatdumrong

US security breaches that could be attributed to Chinese hackers have dropped 90% in the past two years, according to a new report from network security company FireEye.

The report, released late Monday, pointed to the most significant dip coming after a 2015 bilateral agreement between the two countries that neither would openly support cybercrime against intellectual property (IP). An example of IP could be trade secrets that could enable further competitiveness in the private sector.

The initial agreement occurred in September 2015, when US President Barack Obama met with Chinese President Xi Jinping to discuss how the two countries would handle issues of cybersecurity moving forward. The pair agreed to begin developing “an architecture to govern behavior,” Obama said.

Before the agreement, there had been rumors that the US would impose sanctions against Chinese individuals and businesses for alleged cybertheft, but they ended up not imposing them before the two presidents met. Even at the time of the agreement, President Obama did not seem certain that the results would be beneficial.

SEE: Network Security Policy Template (Tech Pro Research)

“The question now is: Are words followed by actions?” Obama said. “And we will be watching carefully to make an assessment as to whether progress has been made in this area.”

But, this has taken a long time to develop. In October, a month after the agreement, Chinese cyberattacks were persisting. One attack even occurred on September 26, 2015—one day after the bilateral agreement was announced.

More about IT Security

Now, it seems as though real progress is being made, as attacks began to decline in early 2016. Although, according to the initial report from Reuters, the Obama administration isn’t yet ready to say that China is complying fully, evidence shows that change is happening.

John Pironti, the president of IP Architects, LLC., said that he believes the efforts from the US government have helped apply the necessary diplomatic pressure to effect change.

“The evidence that was provided publicly to the Chinese government, and the likely presentation of confidential evidence by US officials in confidential settings, made it difficult for them to continue to carry out the cyber espionage campaigns in the same method and pace that they had previously without international pressures from other countries who also raised concerns about them,” Pironti said.

While the change has been dramatic, it isn’t the end of cyberattacks against the US, and Pironti believes that Chinese cyber espionage activities will continue against private industry in the US. Businesses should be aware, he said, that the Chinese actors who perpetrated the attacks have shown an ability to infiltrate the information infrastructure of US organizations easily, and aren’t always immediately detected.

“These capabilities still exist and I believe will continue to be developed and matured,” Pironti said. “Their use will most likely become more strategic in nature and they will most likely concentrate on maturing their capabilities in ways to carry out their activities without detection, or through the use of third parties that cannot be easily attributed to the Chinese government.”

The 3 big takeaways for TechRepublic readers

  1. According to a report, US breaches attributed to China-based offenders have dropped more than 90% in the past two years, marking a serious decline in the number of attacks against US organizations.
  2. The 2015 bilateral agreement between China and the US seems to be the linchpin that started the slowing of attacks, but the US government isn’t ready to say that China is complying fully.
  3. Despite the significant drop in breaches, the threat continues and US organizations should be aware that the attackers could be starting to act in more strategic ways or use third-parties to avoid detection.

Also see