Cyber and the Cost of Doing Business

The possibility of encountering cyber espionage while doing business in China is high, but one should consider it a cost of doing business rather than a mortal threat. Although certain kinds of intrusions can indeed be fatal to your plans in China, proper preparation and understanding the environment can mitigate it’s more damaging effects. For this reason, one cannot rely solely on technical solutions to combat Chinese hackers; instead, a careful analysis and consideration of the who, what, when, where, and why of the threat and your targeted market is the best path to developing viable courses of action.

The list of high-profile, state-sponsored Chinese cyber espionage incidents are too numerous to count. The most recent one, a breach of the U.S. Office of Personnel Management's networks resulted in the compromise of four million current and former federal employees' personal data. Before that, United Airlines was hacked, resulting in the exposure of flight manifests as well as information about the company's mergers and acquisitions.

These examples only serve to illustrate that Chinese cyber espionage is a reality and it must be taken into account when doing business in China or competing with Chinese entities. There is a high probability that people you will likely be dealing with, including government organizations, state-owned enterprises, and even private companies, will be able to employ cyber espionage assets in some fashion or another. They will want to find out information about you, measure your capabilities and intent, or circumvent you altogether by stealing your intellectual property. Consequently, cyber intrusions should be thought of not as an extreme anomaly, but a basic cost of doing business in China - one that must be planned for and mitigated along with the myriad of other issues you will face in that environment.

Dealing with Chinese cyber threats requires more than hiring a cybersecurity company or updating your antivirus software. While these measures can help you strengthen your network defenses, it is just as important to know what information will be sought and how its theft can change your ability to operate in China. For instance, during negotiations over prices or investments, one should pay special attention to guarding access to information about your bottom line and strategy. Conversely, if your concern is intellectual property, emphasis should be on understanding what your Chinese competitors/potential partners actually need - the newest and most advanced widgets might not necessarily be applicable for them.

Ultimately, mitigating the risk of Chinese hackers needs to be a combined effort involving your most senior-level operators, decision makers, and planners. They will need to be paired with experts that thoroughly understand the China market, environment, and cyber security in order to develop strategies and plans long before you set foot in China. Too often, System Administrators and Chief Technology Officers are left to deal with the Chinese cyber threat in a vacuum. Even when cyber security experts are consulted, it is done so after the fact to conduct remedial action and damage assessments with little understanding of why the company was targeted in the first place. These are recipes for failure and are all too common descriptions of companies that have suffered losses at the hands of Chinese cyber espionage actors.