It was announced in the press recently that a well-known multinational consumer electronics company had just filed for Chapter 11 Bankruptcy – all down to a competitor in China stealing its latest designs.
That announcement is fiction, but companies have gone bankrupt over competitors stealing their intellectual property (IP) – it is not new and it is probably happening in your organisation right now.
MI5's head of cyber told the BBC in his first public, yet anonymous interview: “There are now three certainties in life: there's death, there's taxes and there's a foreign intelligence service on your system."
The rapid rise in cyber espionage should be a wake-up call for organisations to rethink their data security strategies to improve protection of their IP.
There are also a large majority of organisations that believe their IP is adequately protected by current security controls, and also believe that they are not a target; either because they are not a financial institution, or involved in the defence industry.
Most of them say, “We are in the soup and soap business”, or “We just sell boxes”. That may be right, but where is their biggest market share – China or other emerging markets?
Various attack vectors are used to steal an origination’s IP, but the biggest and far easiest is a spear phishing attack, whereby a miscreant sends a specially crafted email to an employee in an organisation getting them to open a compromised document, or directs them to a compromised website which takes advantage of an unpatched vulnerability, thereby compromising the employee’s computer.
There are a various steps an organisation can take to help protect itself from cyber espionage. They are:
1. Educate employees about security, with a big emphasis on social engineering attacks, such as spear phishing. As we all know, people are the weakest link.
2. Understand what IP you have. This can be achieved by carrying out a data classification exercise, which will allow you to assess the sensitivity of the data you hold and what data could be valuable to your competitors or anyone else.
3. Make sure systems are patched regularly and not just with Microsoft-related patches, but Java, Adobe and other application patches. Most of the attacks are using Java, Adobe or other application vulnerabilities.
4. Make sure that antivirus (AV) is updated on all systems used by employees within the organisation, and run monthly reports to identify systems that are not compliant with regard to AV.
5. Monitor for unusual behaviour. This is probably the most difficult without a security information and event management (Siem) system or other monitoring devices as organisations may not know what to look for.
These are some of the steps IT security professionals can take to protect their organisation from cyber espionage; hopefully your organisation will be in the news for all the right reasons.