Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity NewsEnterprise Services

War at Home: How U.S. Corporations are on the Front Lines of the Silent War on Privacy

By Jarrett Kolthoff
Gaps in Cybersecurity Programs
May 1, 2020

The four individuals who were identified and indicted by the Trump Administration in relation to the Equifax breach from 2017 is yet another example of the overt collection efforts by the Chinese government to steal Americans’ sensitive personal information. The openness of the U.S. government to share these examples should help bring the reality of cyber threats to the forefront in corporate board rooms and research universities. I would like to highlight that these particular attacks were conducted for a different goal – espionage.

As a former Special Agent, U.S. Army Counterintelligence, I understand there are profound and far-reaching implications of these carefully coordinated and expertly executed cyberattacks. It’s a known fact that nation-state bad actors aren’t just exploiting American companies for their own financial gain, the attackers are digging for information that they will almost certainly use to put lives at risk.

The DOJ announcement publicly cited what we in the industry have known for a long time – China has carried out successful, elaborate and potentially ongoing cyberattacks against American citizens for some time. This compromised information was never specifically seen on the Dark Web or sold by known cybercriminals – this indicates a nation-state both in the sophistication and secrecy of the attack, and in that the attackers’ motive is not for financial gain.

The scale of this incident is a terrifying reminder that American companies and organizations cannot passively sit back and assume their liability is limited to their bottom line. A foreign government now has the personal information of nearly 150 million Americans. This includes known habits, medical records, complete financial history and facial recognition that would allow the Chinese government to monitor the location and activity of an American visiting that country, or any online activity via social media. This information can be extremely useful in influencing campaigns and elections – and the policy implications thereafter.

Private datasets continue to contain more invasive information on individuals. In most cases, this data is collected without explicit authorization. It's particularly troubling that companies like Clearview AI are collecting and selling similar types of data to dozens, if not hundreds, of American corporations, law enforcement agencies and foreign governments. A breach or disclosure to a hostile government of this kind of information doesn’t represent a minor inconvenience for victims, as might be the case with a credit card number. Access to these comprehensive datasets can result in a severe breach of consumer privacy, making it impossible for an individual to remain anonymous. If companies and organizations accept such potentially invasive data, they must also accept their position as being on the front lines in the battle for data security and keeping Americans' private lives private.

The combined compromised datasets of the Anthem, Marriott and Equifax breaches, along with others, greatly assists nation-states in identifying vulnerable individuals who are likely targets within American organizations. These could be employees with high debt, with a hidden past, and/or who can gain physical access to your internal network – people the agent handlers can recruit through pressure tactics, putting even more information and people at risk. This is the cyber equivalent of “spotting and assessing” for source-targeting and for identifying U.S. personnel operating overseas.

When cyber espionage becomes part of the conversation – as I know from my time as a counterintelligence agent and now working with corporate America – the issue becomes one of national security that can endanger America’s competitive advantage. American corporations, alongside U.S. intelligence agencies, are primarily responsible for protecting and defending our most critical national assets.

The Department of Justice absolutely did the right thing in taking a more aggressive posture against a nation-state for its attack on our national security and in unmasking the individuals and governments behind it. My hope is this is just the first of many steps the U.S. will take to protect American lives and corporate intellectual property from this active cyber warfare activity by adversarial nation-states.

The Equifax breach, and numerous others, were terrible events. Now that the stakes of this issue are becoming clearer to more Americans, we can use these as a cornerstone to reinforce a commitment to privacy and data security, and ensure American companies and universities take the right steps to protect their information at all costs. This is a “clarion call” for Board Members and Chief Executives to demand more to protect the information for which they are responsible. It is a matter of national security.

KEYWORDS: cyber security Equifax espionage privacy concerns

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jarrett Kolthoff is founder and CEO of SpearTip, a cyber counterintelligence firm that combines proprietary technology and extensive expertise to respond to cyber threats and protect organizations around-the-clock.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cybersecurity Intrusion Detection

    Battle at the edge: How the convergence of 5G and IoT are opening a new front for threat actors

    See More
  • rackspace-wargames

    Moving to a State of Resiliency: Why War Games Are the Key

    See More
  • cyber-data-protection-freepik456.jpg

    How to apply Sun Tzu’s ‘The Art of War’ to cybersecurity

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing