Cyber espionage a serious business threat
By Asavin Wattanajantra,
Cyber espionage is an increasing problem for businesses, with employees stealing information to sell or pass to other companies or even governments.
So claims Rick Caccia, vice president for product marketing at Arcsight. He said that this was one of the big trends he was seeing in its work analysing the log files and system data of his firm's business clients.
He referred to a recent incident in the US where an engineer was recruited to steal internal documents and allegedly pass them onto the Chinese government.
“This has always been happening, but the big change in the last decade is that more and more information is online and accessible to employees," Caccia said.
“If you back 20 years, it was hard for someone to steal the design for a new plane because you actually had to pick the printouts up and carry these big things out," he added.
“Now you can mail it to your Yahoo account. In that environment, you can imagine it becomes easier to steal information.”
With the tough economy, he said employees might be more willing to take the risk to win payment for stealing such data.
Caccia said that businesses could attempt to defend themselves from this type of insider threat by making sure their controls worked properly, and also look at historical patterns.
For example, watching for patterns might help catch a database manager who regularly looked at particular information when others didn’t.
“It absolutely happens more than is publicised,” claimed Caccia. “It happens in businesses that don’t know about it. They won’t know until the employee leaves.”
Caccia said he worked previously at one company that used Salesforce.com, where an employee left to go to a competitor. For six months, the account wasn’t shut off and they were able to see all of the upcoming projects in the pipeline.
“He knew the prices we were quoting and who the contacts were. That competitor was able to undercut us on deals,” he claimed.
Businesses rarely publicised these types of incidents, usually finding out and quietly getting rid of the person involved.
“Imagine a bank and you find out someone has been stealing customer data,” Caccia said. “Unless there’s a breach law, they won’t want to publicise it."
You may also like...
advertisement
Latest Security Features
Q&A: The ID card commissioner talks cards and controversy
We spoke to ID card commissioner Sir John Pilling about his thoughts on the identity scheme and why we might all think he's a bit of prat down the line.
- So you've been hacked, now what?
- The problems facing Internet Explorer
- Year in Review: 2009 in your words
- Top 10 security predictions for 2010
- Year in Review: Top tech stories of 2009
- The worst IT disasters of 2009
- Five free security software suites
- How to stay safe shopping online
- Is it time to switch to IPv6?
Latest Security Reviews
Symantec Backup Exec 2010 review
Rating: 
advertisement
Most popular
- App market will be worth $17.5 billion by 2012
- Report: Macs cost less to run than Windows PCs
- Why is Microsoft accelerating Service Pack 1?
- Q&A: Conrad Wolfram on communicating with apps in Web 3.0
- Open source developers ditch iPhone for Android
- Symantec Backup Exec 2010 review
- Head to Head: Office 2010 vs Open Office 3.1
- O2 condemns 'bullying' law firms for threatening file-sharers
- Google Nexus One review: A week with the superphone
- HTC Legend review
Latest News Videos in Security
Video: Why security is everybody's responsibility
PlayRik Ferguson, senior security advisor at Trend Micro says it's up to all of us to make security work.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.