The National Counterintelligence and Security Center (NCSC) earlier this week kicked off a program of videos, brochures, and other informative materials to help the private sector guard against growing threats from foreign intelligence entities and other adversaries.
NCSC is a center within the Office of the Director of National Intelligence and is positioned as the country’s primary source for counterintelligence and security expertise.
“Make no mistake, American companies are squarely in the cross-hairs of well-financed nation-state actors, who are routinely breaching private sector networks, stealing proprietary data, and compromising supply chains. The attacks are persistent, aggressive, and cost our nation jobs, economic advantage, and hundreds of billions of dollars,” said NCSC Director William Evanina in a statement.
The trademarked program, dubbed Know the Risk, Raise Your Shield, aims to boost cyber vigilance among private sector organizations by raising awareness of the cyber threats they face. The offering features a list of best practices and tips to help businesses protect their data, assets, technologies, and networks.
The materials, which have already been distributed to the federal workforce, are also posted on NCSC’s website or here. In particular, the information addresses supply chain risks, economic espionage, social engineering, social media deception, spear-phishing, mobile device safety, and foreign travel risks. It provides an explanation of the types of attacks favored by foreign intelligence bad actors with corresponding advice for how not to be victimized by hackers.
Here are some examples NCSC pointed out:
- Corporate supply chains are growing targets of foreign intelligence entities. Adversaries are bypassing hardened corporate defenses by using less-secure suppliers and vendors. Tip: Know your suppliers, the equipment and services they provide, and their service providers.
- Spear-phishing e-mails, in which the recipient is asked to click on a link or attachment, remain a common tool for foreign intelligence entities. Tip: Never click on suspicious links or attachments, particularly from unverified or unknown sources.
- Social media deception is used to target private sector individuals. Adversaries may create fake profiles on social media or as in a recent deception used fake job recruitment posts to lure in targets. Tip: Maximize your social media privacy settings; use caution in what you share; never accept friend requests from strangers; and validate friend requests through other sources.
- Foreign travel presents critical risks to private sector individuals, particularly those bringing smart phones, laptops or other electronic devices. Tip: If possible, leave your electronic device at home. If you bring it, always keep it with you; the hotel safe isn’t really safe.
The NCSC also recommended its 2018 Foreign Economic Espionage in Cyberspace report as a source for the latest unclassified information on foreign intelligence efforts to steal U.S. intellectual property, trade secrets, and proprietary data via cyberspace.