The topic of cyber-attacks is frequently referenced in the context of phishing campaigns, online fraud, or the theft of personal and sensitive information. However, a niche and pressing threat that is currently understated is the targeted theft of intellectual property. Representatives of MI5 alongside the rest of the Five Eyes Alliance, have issued a stark call to action for businesses: take protective action against intellectual property theft from foreign states. This warning is particularly relevant for those involved in new technologies such as artificial intelligence, quantum computing and synthetic biology.
Knowledge translates to power, particularly knowledge of an innovative nature, making information invaluable for those wanting a leg-up on the global stage. States leading the way in emerging technologies will have influence over the future of the world, inevitably lending a material interest to foreign states whose desperation for said influence outweighs the merit of legitimacy and moral standards. Whilst there is concern about foreign states such as Russia and Iran, the main concern was confirmed at the Emerging Technology and Securing Innovation Security Summit to be China. Early in his leadership, President Xi said that in areas of technology where China cannot catch up with the West by 2050, they ‘must research asymmetrical steps to catch up and overtake’, which M15 have subsequently observed in multiple ways. Firms are being warned to be wary of new investors and mindful of signing contracts that could see their intellectual property taken offshore, never to be returned.
Between 2018 and 2022, the number of investigations by the UK intelligence service into concerning Chinese activity rose seven times, with mI5 director-general Ken McCallum warning, ‘The UK is seeing a sharp rise in aggressive attempts by other states to steal competitive advantage’.
Examples of this interference in the UK include one British aviation expert, who received payment for technical information on military aircraft. This payment came from a company that was found to be a front for China’s intelligence service. In another instance Smith’s Harlow, an engineering company, fell into administration back in 2020; after striking a deal with a Chinese company who, in due course, abandoned the partnership upon the receival of vital technology.
Director Dr Raymond Davies, B.Sc. (Hons), Ph.D., D.I.C., is a highly experienced professional working in international market capture strategy and Global Value Chain (GVC) development, alongside being a valued member of the ECRC. He believes businesses should take time to consider their position; whether that is the industry they work in, their present or future partnerships, or where they sit in key supply chains. Heeding the warnings from the Five Eyes, they should remain alert and vigilant to the prospect of being targeted internationally for a competitive advantage. Even a seemingly innocent approach on LinkedIn could be the first step to conducting business under misleading pretences, and it is important the threat is not underestimated.
‘Cybersecurity is vital to maintaining your company’s IP and its inherent competitive edge, so seek the expertise to what trade and intellectual property controls do you require to be cyber resilient. This will become increasingly imperative as procurers of your service and products will want to know what cyber controls you have in place during their due diligence to award contracts. The Cyber Resilience Centres across the country and our Eastern Cyber Resilience Centre (ECRC) are there to help you seek the expertise needed and report incidents to them.’
As MI5 director-general Ken McCallum states “We all need to be aware, and respond, before it’s too late.”
Be ahead of the curve and seek the competitive advantage of being Cyber Resilient!
What Should You Do Next?
One of the best ways to protect your business and its assets from cybercrime is to understand the scope of the issue. Whilst investing in infrastructure that monitors and defends your internal systems and connected devices can help defend against attacks targeting your physical vulnerabilities; much cybercrime, including the theft of IP, is a result of clever and targeted social engineering. This meaning, it is just as vital to build your personal resilience in knowing how to spot fraudulent approaches.
The Five Eyes Alliance used the Emerging Technology and Securing Innovation Security Summit as a platform to launch the 5 Principles of Secure Innovation. These principles are grounded in the Secure Innovation Campaign, co-created by the NPSA and the NCSC. For business owners and leaders, the Quick Start Guide is designed to help them embed good security practices at the earliest stage.
Furthermore, if you join the ECRC as a free core member you will be enrolled onto our Little Steps program. This arms you with weekly, bite-sized steps to improve the cyber resilience of your business in a more general sense. The program will give you simple, actionable steps you can take; as well as informing you on how social engineering breeds cybercrime, and some of the characteristics to look out for.
Additionally, you will find various free support tools and guidance, which is sector-specific and informed by up-to-date guidance from the National Cyber Security Centre (NCSC).
Reporting a live cyber-attack 24/7:
If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress) please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day 7 days a week.
Reporting a cyber-attack which isn’t ongoing:
Please report online to Action Fraud, the UK’s national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.
Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050)