Protecting Yourself From Hacking Will Also Protect Your Clients

Wall Street Journal report about the previously unknown scale of a massive hacking attack against cloud providers should scare AV integrators.

Leave a Comment

As the professional audiovisual industry continues to merge with IT, AV integrators are becoming managed service providers and moving to a service-based model.

That’s nothing new, as this has been a theme for a few years now, although some AV firms and professionals dispute the necessity to shift to a monthly subscription-based business.

However, the AV firms that are tapping into their clients networks should keep up with cybersecurity news as recent hacking attacks are targeting companies with a large customer base.

A Wall Street Journal report Monday said in one of the largest-ever corporate spying attacks, hackers working for China stole massive amounts of intellectual property from large companies by first targeting cloud services providers. If they were successful in infiltrating those networks, they had the keys to the information of thousands of their customers.

According to the Journal, Hewlett Packard Enterprise Co. was so overrun that the company didn’t even see hackers re-enter their clients’ networks.

Investigators identified the attack, called Cloud Hopper, in 2016, and U.S. officials charged two Chinese men for the operation last December.

However, the Journal’s report said the attack was much larger than previously known, going far beyond the 14 unnamed companies listed in the U.S. indictment and stretching across at least a dozen cloud providers.

They came in through cloud service providers, where companies thought their data was safely stored,” the Journal reported. “Once they got in, they could freely and anonymously hop from client to client, and defied investigators’ attempts to kick them out for years.”

The U.S. government has even worried that they were subject to the hacks, and it’s possible that hackers still have access to companies’ networks today, the Journal reported.

Any company that has access to a client’s network should not only preach cybersecurity to its client, but its own employees, staff and executives.

Remember the 2013 Target data breach? Hackers accessed customer information by first compromising an HVAC company that performed work in the retailer’s stores.

Hackers are increasingly targeting those kinds of companies, and as AV and IT merge, both should ensure that their cybersecurity defenses aren’t a liability.