blog hero2x
Data Security & Privacy

How to Keep Trade Secrets Safe from Cyber Espionage


Aug 12, 2016

Cyber Espianoge Image

Last summer, scandal rocked the world of Major League Baseball, but this time it had nothing to do with steroids or gambling—this time it was about cybercrime.

The St. Louis Cardinals were under investigation by the FBI and Justice Department for hacking into the Houston Astros database to steal confidential information about players including trades, proprietary statistics and scouting reports.

What is this crime you ask? Well it’s known as cyber espionage, and unlike the phishing scams or ransomware attacks, the hackers aren’t after money—they’re after trade secrets.

What is Cyber Espionage?

Cyber espionage, also sometimes referred to as economic espionage, doesn’t have a unified, agreed upon definition; however, MI5 defines it as:

“Cyber espionage should be viewed as an extension of traditional espionage. It allows a hostile actor to steal information remotely, cheaply and on an industrial scale. It can be done with relatively little risk to a hostile actor's intelligence officers or agents overseas.”

And unfortunately cyber espionage is on the rise. According to Verizon’s 2016 Data Breach Investigations Report, “89 percent of breaches had a financial or espionage motive.” While it was mostly found to be financial, espionage has emerged as a dangerous threat. This is partly because of the time that passes before a breach is discovered.

InformationWeek, commenting on a similar report from 2014, points out that, “In 62 percent of espionage cases the breach went months before being detected, and in 5 percent it went on for years. In 85 percent of cases the espionage was discovered by an outside third party rather than the victim.”

Who is at Risk?

While it’s mostly directed at government entities, private business isn’t safe from hackers determined to steal trade secrets (as you can tell from the previous MLB scandal). The 2016 Verizon report identifies the following industries as having a high risk:

  • Manufacturing
  • Professional
  • Information
  • Utilities
  • Transportation
  • Mining
  • Healthcare
  • Finance
  • Educational

The Verizon report also points out that hackers are gaining access to proprietary company information the same ways they gain access to personal sensitive information: through phishing. Phishing is quick, allows them to target specific people and allows them to bypass many security checkpoints.

Another way hackers get in is through browsers. They will target specific websites that are someone from the company is likely visit, and then install malware through browser or plug-in vulnerabilities.

What Can You Do to Protect Your Organization?

Have Legal Compliance and IT Work Together

In their article for Fortune, David J. Kappos, partner at Cravath, Swaine & Moore LLP, and Pamela Passman, CEO of the Center for Responsible Enterprise and Trade (CREATe.org),make that case that to successfully defend against cyber espionage, legal compliance departments and IT teams need to work together.

They state that neither team has the expertise to defend against these criminals alone, but that working together, they can take a proactive stance against cybercrime. Plus, they will be better equipped to respond when an attack is carried out.

Follow These Recommendations from the FBI

Additionally, the FBI offers the following recommendations for economic protection against cyber espionage:

  • Recognize the threat
  • Identify and value trade secrets
  • Implement a definable plan for safeguarding trade secrets
  • Secure physical trade secrets and limit access to trade secrets
  • Provide ongoing security training to employees
  • Develop an insider threat program
  • Proactively report suspicious incidents to the FBI

Conclusion

As cybercrime continues to grow, so will instances of cyber espionage. It’s essential that your organization does everything it can to protect its trade secrets and confidential information. And this includes department collaboration, developing protocols and offering security awareness training to your employees.

Workplace Answers &
Click 4 Compliance Join Forces

We’ve created the world’s most comprehensive and engaging online compliance training library for companies around the globe.

Learn more View courses

We're sorry this resource is no longer available, we've redirected you to our Resource center.