The Tech Grinch Blog

The Cyber Spy

Posted by Autodata on Oct 25, 2019 10:48:53 AM

How far would your competitors go to get hold of your intellectual property and trade secrets?

Corporate or Industrial Espionage is the term used for the covert (and usually illegal) practice of gathering private and confidential company information, data, trade secrets, business plans, product specifications or formulas using human or technological means [1].

Well-known cases of corporate espionage have involved multinational corporations engaging in various acts of physical spying and theft to get their hands on their competitors’ information:

•    Proctor & Gamble  spied on Unilever over a six-month period and rifled through their bins [2]

•    Oracle  bribed the cleaning staff at Microsoft’s offices to look for sensitive documentation [2]

•    McLaren  obtained Ferrari’s 780-page operating manual by colluding with a senior engineer [3]

•    Hewlett-Packard  used ‘legally questionable methods’ to spy on one of its own Directors [4]

But these days pretty much anyone with the necessary motive can gain access to delicate information if an organisation leaves itself vulnerable.

A modern Cyber Spy’s tactics include:

•    accessing files remotely or even physically by trespassing onto a competitor’s property

•    attacking any aspect of a competitor’s network with malware to harvest or encrypt data

•    launching spear phishing attacks to trick employees into revealing credentials or activating executables

•    launching targeted and APT attacks to gain and maintain continued access to databases

•    social engineering and island hopping

Insider Threat also represents a significant risk, whether it’s a disgruntled employee willing to trade information for their own personal gain, or an industrial spy plotting to infiltrate a competitor company by getting themselves hired as a legitimate employee.

And it’s not just corporate competitors who present a threat. Foreign governments and state-owned businesses are known to engage in Political or Economic Espionage in order to gain valuable information and materials to advance their own political, economic, military or technological aims.

Back in 2010 Google reported a major cyberattack launched from China to gain access to the Gmail accounts of numerous Chinese human rights activists. A wide range of companies were also targeted, across the finance, technology, media and technological industries [5].

2019 has already seen Chinese-owned tech giant, Huawei, suspected of using their global 5G network to spy on customers and installing backdoors for the Chinese Government [6]. The US Secretary of State has announced they will not team up or share intelligence with any country enabling Huawei technologies [7] and Australia and New Zealand followed suit by stopping operators from using Huawei in their 5G networks. However, the EU has since rejected demands for an outright ban [8].

The theft of trade secret and intellectual property now accounts for a full third of overall cybercrime [9].

So, what technological measures and solutions can be put in place to protect your business against corporate, industrial, political or economic espionage?

(1) End-User Permissions and Privileges:  The first step is to ensure that you have the right end-user permissions and privilege settings  in place along with an effective DLP policy, so that when your employees leave your employment, they can’t take important files with them. Some people can be bribed for the correct price and access and during the course of their employment they might know exactly where the most important files are held. If you are monitoring your files and restricting access you should be well-defended from insider threats.

(2) Cyber Essentials Plus:  In order to have a good overview of your security posture we would recommend becoming Cyber Essentials Plus certified. Cyber Essentials is part of The NCSC’s 10 Steps To Reduce Cyber Risk:

All companies with a Cyber Essentials Plus certification are listed in the NCSC’s online Directory. Are your main competitors on there?

Read more about how to gain Cyber Essentials Plus certification

(3) EDR and SIEM Solutions:  Deploying an Endpoint Detection and Response (EDR) platform and an automated Security Incident and Event Management (SIEM) solution provides an extra layer of defence.

An EDR will detect and block threats, including threats that may not trigger prevention rules set up in your logs, giving you additional visibility over your endpoint security, cloud and on-premises environments.

SIEM arms you with the information necessary to be able to identify and defend threats from their earliest point. AT&T Cybersecurity (formerly AlienVault) is one of the most effective solutions for these platforms as their solution encases both platforms working together which helps to better protect data with advanced threat protection, incident response and compliance automated services.

(4) Regular Security Assessments:  To understand your risks and potential vulnerabilities you need to conduct regular security assessments including penetration testing. A penetration test can include internal and external infrastructure assessments, teaming exercises or physical security breaching assessments.

Hacks are often missed due to criminals being well-funded, sophisticated hackers who can bypass your modern security defences. Penetration testing is a crucial for mapping your vulnerabilities to enable you to put the necessary security systems in place to prevent a hacker attempt and be able to stand up against any level of hacker intelligence.


To learn more about how to secure your networks and reduce your cyber risk please get in touch.




Topics: The Tech Grinch Blog

Blog Posts