Watch CBSN Live

It's Way Past Time for Corporations To Stop Hiding Security Problems

More than a dozen major corporations have been targets of Chinese hackers out to snag intellectual property. Only some emails that other hackers ironically took from a security consultancy brought this to light.

Corporations have long been loath to air their security issues in public. But given how many have witnessed major attacks that all come from China, perhaps it's time to drop secrecy and get companies and the government working together to solve what is obviously a serious problem.

The list of attacked companies includes DuPont (DPT), General Electric (GE), Johnson & Johnson (JNJ), Walt Disney (DIS), and Sony (SNE). All had kept mum about their problems.

Why execs keep their lips zipped
It's not unusual for corporations to keep security breaches secret. They fear that giving away such information could possibly provide a competitive advantage to their rivals, encourage other attacks, make them a target for cyber extortion, and cause customers and shareholders to trust them less.

No wonder on that last item. Executives always have better things to do than consider security. From what risk management consultants have told me, even large corporations privately shrug off the potential for losing information because the quantifiable cost is so small compared to overall revenues that most consider it immaterial. That's another way of saying that the companies don't have to admit publicly to shareholders that there is a problem.

A pattern emerges... and it's not pretty
However, they've had a problem for some time, and a clear pattern has developed over the last few months in which hackers based in China mount long campaigns of cyberattacks against large corporations to obtain intellectual property. In January, Google (GOOG) announced that it lost proprietary information thanks to cyberattacks from China. Just last month came word that Chinese hackers had stolen information from oil companies for well over a year.

The only reason this latest attacks came to light is because the hacker group Anonymous broke into the systems of security consultancy HBGary and grabbed tens of thousands of emails -- the same emails that appeared to link the U.S. Chamber of Commerce to a dirty tricks plot.

This sure looks like a concerted effort -- possibly one directed by the Chinese government, if you consider what Britain's MI5 warned about in 2007. This is no time for companies to hide their heads in the sand. Only cooperation and better dedication to protecting vital information will keep from hackers at arm's length -- and out of the hands of competitors.


Image: morgueFile user Ladyheart, site standard license.
View CBS News In