Cyber espionage

This month, Verizon released its Data Breach Investigations Report (DBIR) for 2017. One thing stood out: the rise in cyber-espionage. Spies take many different forms, but they’re all after corporate information. How can you stop them pilfering your secrets and getting a market advantage?

Verizon saw more espionage-related breaches this year than last. 2016’s report found 247 total incidents, with 155 resulting in a confirmed data disclosure. This year, that jumped to 328, and intruders were more successful; 289 of the breaches led to the successful theft of data. Of course, there may be many more breaches that no one noticed.

At least one thing stayed constant in the figures: the most significant target sectors for cyber-spies. Manufacturing and public sector organizations are the most popular targets. What kinds of things do these attackers steal?

Who spies?

Much depends on who the attacker is. They fall into several categories, says Bob Gourley, former CTO of the Defense Intelligence Agency, and now partner and co-founder of Cognitio, a consulting firm that sports several former intelligence agency pros.

Nation states will hack for military or commercial purposes, and will often steal intellectual property to help domestic businesses linked to state interests. If a manufacturer can get to market earlier with a new product by filching the blueprints from your company, then that country’s economy – and its government – benefits.

Nation states will often sponsor others to do the hacking for them, Gourley says. “China is definitely guilty of this – it’s proven where they will allow orgs in the government or private sector to hack for theft of IP, sometimes encouraging, sometimes aiding,” he says.

A partnership between government and third party hackers means that both parties win. Governments get plausible deniability. “Having a nation behind you gives you more competence, cover, and intelligence support,” he adds.

Organized criminal groups will also go after enterprise data that they can sell on dark markets, but state-affiliated actors are more selective, and play a long game, says the DBIR. No wonder, then, that it attributed nine in ten breaches to state-affiliated actors.

How they get in

Social engineering was the more popular form of cyber-espionage attack, said the report, typified by phishing attacks that give intruders a foothold into the system using stolen account credentials. The use of back doors to hack directly into corporate networks came second, and malware using command and control networks came third. A significant addition to attack techniques over last year’s list was adminware – the use of compromised legitimate administration tools to gain access to corporate systems.

How do you prevent against these cyber-attacks? Common cybersecurity hygiene is still the biggest starting point (and according to SecTor experts, the point that many CIOs still overlook). Tools to stop attackers establishing a foothold with malware are important, especially as almost three-quarters of malicious payloads arrived by email, with another 13% delivered via drive-by downloads.

DBIR also recommends network segmentation, in conjunction with multi-factor authentication, to stop attackers moving laterally through the network should they gain access (and the chances are that they will).

The spy who was in all along

This is all great advice, but tools alone won’t prevent what Christopher Burgess sees as the biggest cyber-espionage threat: insiders. Disgruntled or desperate employees are still the number one cause for concern, warns the founder of security consulting firm Prevendra, who was formerly a CIA station chief and senior security advisor to the chief security officer at Cisco.

“The nation state, the criminal and the competitor can all reach out to your individual, who is the key to the kingdom,” he says, adding that such insider threats are difficult to detect. “If that individual stays in their purview, doesn’t go fishing for information that they didn’t have natural access to, and doesn’t copy information in violation of the technologies monitoring your equipment, you will never detect them unless the information they’re providing is revealed somewhere.”

Companies can make it harder for insiders to steal information using technologies like user behaviour analytics, identity and access management, and data leak prevention. These are all valid approaches, but the truly savvy organization will make it harder for spies to tempt employees in the first place, he says.

Revenge, greed and financial need are the biggest causes of insider breaches, according to Burgess. By managing employees properly, companies can help to prevent resentments from brewing. Best practices like career succession and properly-trained managers are key to happy employees.

Another best practice is to understand any emerging financial needs. Unexpected challenges can quickly derail a family, especially when so many are living month to month. For many, all it takes is a sick family member to potentially bankrupt a household. On that note, offering proper employee healthcare insurance in jurisdictions that need it can stave off temptations.

“Understand when they’re going through hardship and make resources available to help,” Burgess says. “Otherwise, they may look around and say ‘I can’t sell my house, so the only thing left is to sell what I know’,” he warns. “It’s survival.”

One of the biggest danger points for companies worried about protecting against corporate espionage from insiders is when they leave. There’s a natural opportunity at that point for individuals to sell what they know to others. Providing a smooth transition is key. Retiring a senior worker without properly managing that process could leave them open to offers from spies – and punch a hole below your waterline.

Cyber-espionage is as much about people as it is about tools. Ensure that you’re using appropriate technologies and cybersecurity best practices to protect yourself from hackers who want to sniff out your information, but don’t forget the human element. For spies of all kinds, live assets are just as important as digital ones.