Last summer, scandal rocked the world of Major League Baseball, but this time it had nothing to do with steroids or gambling—this time it was about cybercrime.
The St. Louis Cardinals were under investigation by the FBI and Justice Department for hacking into the Houston Astros database to steal confidential information about players including trades, proprietary statistics and scouting reports.
Cyber espionage, also sometimes referred to as economic espionage, doesn’t have a unified, agreed upon definition; however, MI5 defines it as:
“Cyber espionage should be viewed as an extension of traditional espionage. It allows a hostile actor to steal information remotely, cheaply and on an industrial scale. It can be done with relatively little risk to a hostile actor's intelligence officers or agents overseas.”
And unfortunately cyber espionage is on the rise. According to Verizon’s 2016 Data Breach Investigations Report, “89 percent of breaches had a financial or espionage motive.” While it was mostly found to be financial, espionage has emerged as a dangerous threat. This is partly because of the time that passes before a breach is discovered.
InformationWeek, commenting on a similar report from 2014, points out that, “In 62 percent of espionage cases the breach went months before being detected, and in 5 percent it went on for years. In 85 percent of cases the espionage was discovered by an outside third party rather than the victim.”
While it’s mostly directed at government entities, private business isn’t safe from hackers determined to steal trade secrets (as you can tell from the previous MLB scandal). The 2016 Verizon report identifies the following industries as having a high risk:
The Verizon report also points out that hackers are gaining access to proprietary company information the same ways they gain access to personal sensitive information: through phishing. Phishing is quick, allows them to target specific people and allows them to bypass many security checkpoints.
Another way hackers get in is through browsers. They will target specific websites that are someone from the company is likely visit, and then install malware through browser or plug-in vulnerabilities.
In their article for Fortune, David J. Kappos, partner at Cravath, Swaine & Moore LLP, and Pamela Passman, CEO of the Center for Responsible Enterprise and Trade (CREATe.org),make that case that to successfully defend against cyber espionage, legal compliance departments and IT teams need to work together.
They state that neither team has the expertise to defend against these criminals alone, but that working together, they can take a proactive stance against cybercrime. Plus, they will be better equipped to respond when an attack is carried out.
Additionally, the FBI offers the following recommendations for economic protection against cyber espionage:
As cybercrime continues to grow, so will instances of cyber espionage. It’s essential that your organization does everything it can to protect its trade secrets and confidential information. And this includes department collaboration, developing protocols and offering security awareness training to your employees.
We're sorry this resource is no longer available, we've redirected you to our Resource center.