The spying game has come a long way since the pigeon camera and the lipstick named ‘the kiss of death.’ And it’s not only the kit that has changed. Sensitive state and corporate information, are no longer kept in a manilla file in a locked desk, they are stored online, and corrupt enterprises have quickly caught onto the value of the data. This century, data is the new currency.
You just have to utter the words ‘hackers’ to raise privacy concerns. Earlier in the year, Chinese hackers allegedly gained access to US military and trade secrets which ‘has resulted in the loss of billions of dollars from its economy and millions of jobs.’
That example alone demonstrates why corporate espionage creates fear and uncertainty. And it’s not just high-level organisations that are affected. We’ve all seen the ramifications of a successful cyber-spree. Look at what happened in 2014 with the GOP Sony hacking scandal or the infamous Ashley Madison scandal.
In the former case it is estimated that 38 million files were stolen and released, which included highly confidential information regarding salary awards, social security numbers, private correspondence (some of it highly damaging to the studio’s relationships with talent) and scripts for upcoming movies.
In the latter case, it is estimated that the hackers released the details of 30 over million users. The fall-out of the leak resulted in family break-ups and even in suicide.
And not all cyber spying is as showy as the examples above. What’s very worrying about these types of cybercrime is that hackers can get in and out undetected. Cybercrime is so widespread that the FBI director has stated: 'There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again.’
This may sound dire, but the reality is that businesses need to be constantly looking for ways to stay one step ahead of these hackers. But is it even possible?
The silent crime
According to Trusteer, a large amount of corporate cybercrime goes undetected and when it is finally picked up, it’s usually by a third-party source. The Mandiant report found that in the finance industry the average time required for illegal activity to be detected is 146 days. This doesn’t just cost companies money, but it can also significantly damage their reputation, especially if they are holding very sensitive and personal data, such as in the banking and healthcare industries. In these cases, the value of the information is premium:
In their report, IBM, feels that it’s not so much about focusing on stopping the attacks outright (though there are simple best practices companies should be following), but getting your company to a point where it can quickly detect and respond to a breach. As Caleb Barlow, VP at IBM Security stated: ‘We are now in a mode where these attacks are going to happen even to the people that are well prepared. It’s about being able to respond when the inevitable happens.’
So what measures can companies take to detect these breaches?
The good news is that the time required to detect breaches has already been drastically reduced over the last years. In 2012 it took on average 416 to detect a breach which is almost three times the time it takes now.
If companies want to ensure that these breaches are detected the Sans Institute recommends the following measures:
More sophisticated data analytics systems
One of the biggest issues in preventing cyber espionage is that companies haven’t matured enough to grapple with the staggering amount of data they own. More sophisticated analytics will be able to detect more nuanced patterns in data behaviour.
Better threat intelligence collaboration within industries
While this may seem counter-intuitive (in the Sony case other major film companies refused to show public support for Sony because their view was that they are the competition), it may be that businesses need to pool together resources and knowledge to combat the bigger bad. By sharing information, companies may be able to detect patterns of behaviour, scouring a bigger area and having more resources to commit to the problem.
A more strategic focus on attracting talent
As it is, employees in this field are already stretched. Hopefully as the Internet of Things shifts into a bigger gear, automation of data processes will help relieve the burden and allow staff to focus on the higher-level operations of security.
Be aware, be prepared
No system will ever be perfect, and the threat of cyber espionage is not going to go away. The number of smart technological devices entering our everyday lives is ever increasing, offering an unprecedented number of potential entry points for cyber-attacks.
If you would like to understand and be prepared for the biggest challenges in cyber security, then you need to download the Cautionary tales: Cyber security and the Internet of Things ebook today.