Cyber espionage a serious business threat
The poor economy and lack of data control makes cyber espionage an increasing problem.
Cyber espionage is an increasing problem for businesses, with employees stealing information to sell or pass to other companies or even governments.
So claims Rick Caccia, vice president for product marketing at Arcsight. He said that this was one of the big trends he was seeing in its work analysing the log files and system data of his firm's business clients.
He referred to a recent incident in the US where an engineer was recruited to steal internal documents and allegedly pass them onto the Chinese government.
“This has always been happening, but the big change in the last decade is that more and more information is online and accessible to employees," Caccia said.
“If you back 20 years, it was hard for someone to steal the design for a new plane because you actually had to pick the printouts up and carry these big things out," he added.
“Now you can mail it to your Yahoo account. In that environment, you can imagine it becomes easier to steal information.”
With the tough economy, he said employees might be more willing to take the risk to win payment for stealing such data.
Caccia said that businesses could attempt to defend themselves from this type of insider threat by making sure their controls worked properly, and also look at historical patterns.
For example, watching for patterns might help catch a database manager who regularly looked at particular information when others didn’t.
“It absolutely happens more than is publicised,” claimed Caccia. “It happens in businesses that don’t know about it. They won’t know until the employee leaves.”
Caccia said he worked previously at one company that used Salesforce.com, where an employee left to go to a competitor. For six months, the account wasn’t shut off and they were able to see all of the upcoming projects in the pipeline.
“He knew the prices we were quoting and who the contacts were. That competitor was able to undercut us on deals,” he claimed.
Businesses rarely publicised these types of incidents, usually finding out and quietly getting rid of the person involved.
“Imagine a bank and you find out someone has been stealing customer data,” Caccia said. “Unless there’s a breach law, they won’t want to publicise it."