Guarding against corporate cyber espionage

Guarding against corporate cyber espionage

Tips on how enterprises can reduce risks and stay immune when going in for new technologies.

Industrial espionage or the art of spying on competitors and ferreting out trade secrets has been around since the advent of business. With increasing competitiveness, the evolution of digital technologies, and the Internet this is a threat most corporations will have to protect themselves against.

If we were to look at the history of business, a few such incidents have surfaced. A few examples of industrial espionage that surfaced include the one in the 1980s when two tech majors took to their guns after one discovered that the other had got its hands on some design and technical blueprints of its workbooks. It led to a messy battle where various US enforcement agencies like the FBI became involved. Eventually the two companies had an out of court settlement. The Night Dragon incident in 2009 was another case of industrial espionage, where unknown hackers accessed digital information containing the location of oil reverses from the databases of six European and American corporations. Till date no one knows who carried out the attacks. More recently, the personal data of 6,00,000 drivers of a major taxi aggregator was hacked in the United States. The company paid a hefty fine of USD148 million for its inability to inform the drivers about the hack. There was no clue about who hacked the data.

In the earlier days corporate spies used to rely on typical tactics used by governments. Many companies would hire people with spying skills from the government. But today it is far easier for companies to spy on their competitors. They can employ hackers and penetrate competitor networks. Putting sensitive company data on cloud has only increased the risks. Here’s how enterprises can reduce risks and stay immune to corporate espionage as they go in for new technologies.

Secure your network
Today many companies are transitioning from MPLS based networks to software-defined networks. These bring new security challenges as they utilise the Internet. Traditional security measures won’t be adequate. Make sure you deploy advanced security appliances.

Secure the end-points
The endpoints are the weakest links in your network. Hackers can easily penetrate your employees’ devices and steal data. Secure all end user devices, including laptops and mobile devices.

Work on an adaptive security framework
As you deploy new technology like the Internet of Things (IoT) your security risks are bound to increase. Build an adaptive security framework that will make it easy to secure new technologies.

Never underestimate internal threats
It’s not merely disgruntled employees who are potential threats, but also other gullible employees who could be exploited by hackers. Find ways to profile employee behaviour and proactively monitor potential threats.

Screen your employees and identify potential loose ends
While most companies do some form of background checks when hiring employees, they never do an audit to shortlist those with backgrounds that could indicate potential risks. Social media profiling and monitoring will also go a long way in helping you beef up your security posture.

Graphic: kjpargeter /