4 factors for avoiding cyber espionage attacks
Righard Zwienenberg of ESET offers advice for protecting your company and its intellectual property against espionage attacks
By Righard Zwienenberg
November 02, 2012 — CSO —
Another category raising its ugly head is the malware developed specifically for industrial espionage, like ACAD/Medre.A, which we will be seeing more and more of in the future. Why these sudden spikes in the news? This isn't something new; these kinds of situations have happened before. But since people in general are becoming more security-aware due to the ongoing stream of information and related coverage in the media about state-sponsored malware, these anomalies are now noticed on a more regular basis and as a result of being detected more often.
You're most likely are asking yourself:"What can I do to protect my company against these targeted attacks?"
First off, the attacks that are targeted are usually invisible to current security measurements and undetectable by even the most up-to-date anti-malware solutions. This is, of course, not a reason to stop using anti-malware software, as it continues to be a line of defense that can still help you identify and remove threats. Also, anti-malware software is getting smarter and new(er) versions may be able to detect the threats purely based on behavioral detection, but even if it doesn't, when the signature database is updated with entries covering the threat, you may suddenly find that your network has been affected. Even though the system was compromised, and data may have been leaking, at least you now know you have a problem and you can start a proper damage assessment and begin issuing remediation protocols.
More often than not, these attacks have been built with information from the inside, which allows hackers to smoothen the point of entry into your environment. So, to properly protect your company and its assets in the best ways possible against these potential espionage attacks that are trying to steal your intellectual property, it is imperative that you will have to take additional actions and precautions.
1. Data Policy: You need to look at who is allowed to access to critical information. In many cases the data holding the intellectual property is readily available on the network for many people and is easily accessible.
2. Bring Your Own Device (BYOD): an entire topic by itself. BYOD may seem like an inexpensive solution, but in the end it may cause you more problems than it is worth. You do not know where the device has been, what kinds of software have been installed on it, if copied material has been downloaded to it, etc. If you do support BYOD, at the very least you need to enforce that management/maintenance software has to be installed. Also make sure that some kind of Device Control Mechanism is in place that will safeguard against data leakage. Not only can it only allow certain (USB) devices to be inserted, it will also encrypt the data. When the data is later used on another system inside the company's environment, the data will automatically be decrypted 7mdash; and thus usable — but when copied to a system that does not have the Device Control Mechanism installed, it will be useless.