• United States




The theft of tea leaves and the evolution of cyber espionage prevention

Mar 22, 20185 mins
CyberattacksData and Information SecurityIT Skills

All companies, big and small, are trying to figure out how to secure important data — the trade secrets. Lucky for us, it might come down to something as simple as being human.

CSO slideshow - Insider Security Breaches - A briefcase of binary code, wind turbines on the horizon
Credit: Aram Becker / ChinaFace / Toni Vaver / Getty Images

More than 200 years ago, a British botanist smuggled a cache of tea plants and seeds out of China and into British-controlled India. Within a couple of years, that theft enabled India to usurp China as the world’s leading tea grower. India is still one of the biggest producers of tea as a result of one of the greatest acts of corporate espionage in history.

Today, stealing trade secrets doesn’t require anyone to cross borders, break into file cabinets or even open iron-clad safes. Thieves, posing as employees online, can easily smuggle large amounts of data with a few keystrokes. Industrial espionage has become highly sophisticated and more daunting than ever to combat. Any company that sees R&D as a means to gaining competitive advantage should be concerned.

Modern-age industrial espionage can come in multiple forms and have serious financial consequences for those impacted. A man casually walked into the Houston offices of a Fortune 500 energy company in the early morning and strolled around for two hours unchallenged before leaving with a stolen backpack and shoulder bag. He wasn’t an employee or contractor, but rather a criminal who pilfered corporate secrets that could be in the hands of a competitor or foreign government. In 1981, Hitachi snagged design documents for IBM’s Adirondack Workbooks, even though the technical materials were marked “FOR INTERNAL IBM USE ONLY.”   

A gold mine for industrial espionage

The common thread across these scenarios is that the final product is less critical than the underlying intellectual property (IP). Whether the IP exists in the form of software code or cancer cures, the digitization of IP – coupled with the adoption of technologies such as cloud and mobile — results in an ever-expanding attack surface that is a gold mine for those attempting industrial espionage. 

In this context, what is clear is that traditional cybersecurity methods are no longer the answer. Try as hard as they might, security teams cannot shore up defenses to protect perimeters that don’t exist. With personal and corporate data intermingling on mobile devices and in cloud services, data usage and behavior patterns have changed so much that the perimeter is now the people.  And that perimeter constantly shifts as people move around in the digital world.

The irony is that we are relying on the same old technology to catch IP thieves who now know how to avoid getting caught. Instead, our businesses and government agencies need to shift their thinking to analyze and predict human behaviors as warning signs of espionage. A human-centric approach to security could sound the alarm based on human cyber behavior and enable security teams to mitigate or prevent critical data loss regardless of whether the network was breached.

The stakes are incredibly high as we face new and exotic threats of large-scale data theft and business disruption. Organizations are challenged to protect digital “crown jewels,” whether that means proprietary algorithms that run high-speed trading operations, sensitive customer data most vulnerable to breaches, IP and valuable R&D that companies have invested millions for product roadmaps.  

According to the FBI, the American economy loses $400 billion a year from industrial espionage.  On a global scale, nation states continue to penetrate and steal corporate assets across a wide swath of industries, leaving businesses to fend off the resources of major governments. They use drones and aircraft to identify physical weaknesses as well as thieves with stolen identities who brazenly walk into offices to steal important data.

Think about it this way: if a spy steals a blueprint to the cockpit of a stealth aircraft, he might as well have walked into the cockpit on the manufacturing floor — only in the case of the blueprints, he will have much more information to act upon.

Rather than focus on building bigger walls, the industry needs better visibility into human behavior to understand how, when and why people interact with critical data, no matter where it is located. With anonymity, people behave differently in the cyber realm than they do in the physical world. Companies need to understand who is touching critical content and why.

This new approach doesn’t require a new government policy or more regulation. But it is a paradigm shift that calls for companies to take a realistic look at current security norms and implement technology that is already available to help detect cyber thieves. Stopping corporate theft requires understanding the behavior of legitimate users with access to important systems and data.  

Shifting security industry’s focus

Typical security teams receive dozens or hundreds of alerts in a given day. Advances in behavior and risk analytics can help spot anomalies and provide needed context to parse normal from malicious or compromised activity. Automatic enforcement policies could then curtail or prevent access to sensitive IP depending on the observed level of risk. Security teams would understand, predict and act on potential threat events as they unfold, not weeks, months or years after the fact. 

By shifting the security industry’s focus from protecting infrastructure to understanding human behavior, we can also enlist our employees to help secure our corporate assets. We end up with not only greater security efficacy, but we also engage with our people and continually include them in the security equation. In a chaotic world of hackers and industrial thieves, we all have to work together to keep ourselves and our data secure. 

All companies, big and small, are trying to figure out how to secure important data — the trade secrets. Lucky for us, it might come down to something as simple as being human. 


Matt Moynahan is the chief executive officer for Forcepoint. He joined in 2016, bringing more than twenty years of security, cloud services and technology industry leadership, ranging from product development to sales to general management. Throughout his career, Moynahan has been steeped in nearly every facet of security, including digital rights management, encryption, application security, network security, web and email security, and insider threat.

Under Moynahan’s leadership, Forcepoint launched a bold new approach to cybersecurity, centered upon enabling customers to focus on what matters most: understanding people’s behaviors and intent as they interact with critical data and IP wherever it resides. Moynahan also championed Forcepoint’s acquisition of the Skyfence CASB (cloud application security broker) business, furthering the company’s ability to protect data anywhere, including within cloud applications.

Before joining Forcepoint, he held a series of senior leadership positions, most recently as president of Arbor Networks. During his tenure, Arbor Networks gained a leading share in the distributed denial-of-service (DDoS) market, launched the world’s foremost cloud-based DDoS service and successfully moved into the Advanced Threat Detection (ATD) market. Prior to Arbor Networks, he was the founding president and CEO of Veracode, the leading cloud-based application security services provider acquired by Computer Associates in March 2016. Previous to Veracode, Moynahan served as vice president of Symantec’s Client & Host Security and Consumer Products & Solutions divisions, leading the latter to $2 billion in annual revenue.

Moynahan holds a bachelor’s degree in economics from Williams College and a Master of Business Administration degree from Harvard Business School. He currently serves on the board of directors of Care to Compete, a nonprofit organization supporting athletes with brain damage and chronic traumatic encephalopathy, and is a member of the Big Brothers Big Sisters program.

The opinions expressed in this blog are those of Matthew Moynahan and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author