Cyber espionage a serious business threat
By Asavin Wattanajantra,
Cyber espionage is an increasing problem for businesses, with employees stealing information to sell or pass to other companies or even governments.
So claims Rick Caccia, vice president for product marketing at Arcsight. He said that this was one of the big trends he was seeing in its work analysing the log files and system data of his firm's business clients.
He referred to a recent incident in the US where an engineer was recruited to steal internal documents and allegedly pass them onto the Chinese government.
“This has always been happening, but the big change in the last decade is that more and more information is online and accessible to employees," Caccia said.
“If you back 20 years, it was hard for someone to steal the design for a new plane because you actually had to pick the printouts up and carry these big things out," he added.
“Now you can mail it to your Yahoo account. In that environment, you can imagine it becomes easier to steal information.”
With the tough economy, he said employees might be more willing to take the risk to win payment for stealing such data.
Caccia said that businesses could attempt to defend themselves from this type of insider threat by making sure their controls worked properly, and also look at historical patterns.
For example, watching for patterns might help catch a database manager who regularly looked at particular information when others didn’t.
“It absolutely happens more than is publicised,” claimed Caccia. “It happens in businesses that don’t know about it. They won’t know until the employee leaves.”
Caccia said he worked previously at one company that used Salesforce.com, where an employee left to go to a competitor. For six months, the account wasn’t shut off and they were able to see all of the upcoming projects in the pipeline.
“He knew the prices we were quoting and who the contacts were. That competitor was able to undercut us on deals,” he claimed.
Businesses rarely publicised these types of incidents, usually finding out and quietly getting rid of the person involved.
“Imagine a bank and you find out someone has been stealing customer data,” Caccia said. “Unless there’s a breach law, they won’t want to publicise it."
You may also like...
![My email address is [CENSORED]](http://cdn.itpro.co.uk/images/front_picture_library_IT_Pro/dir_227/it_photo_113980_36.jpg)
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Who to trust after the VeriSign hack?
Davey Winder questions what data was stolen from VeriSign and wonders why the company hasn't been more forthcoming.
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
- Are the cookie laws crumbling already?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Will someone rid me of these troublesome Macs?
- BT considering Ofcom price cap appeal
- Google sends in Bouncer to sort out malicious apps
- Anonymous publishes FBI hacking call
- ACTA: the basics, the controversies, and the future
- Virgin 100Mbps rollout 'ahead of schedule'
- Who to trust after the VeriSign hack?
- Head to Head: Mac OS X 10.7 Lion vs Windows 7
- VeriSign admits 2010 hack
- What should RIM do to recapture the attention of businesses?
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
