Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
2/17/2015
11:45 AM
Michael Sentonas
Michael Sentonas
Partner Perspectives
50%
50%

Cyberespionage: Youre Not Paranoid, Someone Is Spying on Your Company

It's time for all of your counter-espionage tools to work together.

By now you, your peers, and your board should have accepted that cyberespionage is real, active, and not going away. Whether it is a customer or competitor, country or criminal, someone wants to know a lot more about you. They could be looking for intellectual property to steal, product or inventory details to strengthen their negotiating position, customer information to use or sell, or hundreds of other items. Their goal could be getting a better price, gaining a competitive advantage, disrupting your efforts, stealing your customers, or something equally as nefarious.

People have been watching your company from the outside for a long time. They may have even tried to get inside to sneak a peek at your secrets, posing as a customer, employee, or potential investor. And you were probably doing similar things to try to get inside the heads of your competitors, suppliers, or customers – all legally, of course.

The difference is that now there are more people, with access to more technology, trying to get inside. The worst part is that they will not necessarily be brazen about it, either. They may not go screaming from the rooftops about what they have stolen, or post the data on a darknet website. They may keep it to themselves and use the information carefully to keep you unaware, like the Enigma decoders in World War II, so you will not even know that you have been compromised.

In this new corporate cyberespionage environment, security vendors will often say “The old way has failed again; buy our gadget instead and it will protect you.” Unfortunately, this is just as risky as relying on any one sports play. Good defense is flexible, adaptable, and responds to the situation on the field. Most important, good defense relies heavily on communications among team members. Combining star players from several different teams rarely results in a superior defense, until they have learned to play together.

Similarly, no one style of defensive player is going to work for all plays, and no single security product is going to solve all of your security issues. You will need a broad mix of devices and services, but it should not be your responsibility to integrate them all. Look for end-to-end or standards-based solutions that have a proven ability to play well together.

Some espionage targets are obvious, while others can be quite obscure. You cannot know for sure what your adversaries are after, and you cannot lock down everything. You need to ask and honestly answer the questions about where you are vulnerable and what data could be used against you; not just core intellectual property, but information such as delivery schedules, contracts, inventory levels, product plans, and pricing analysis, just to list a few.

Using terminology from the spy world, your analysts will need to combine signals intelligence, human intelligence, open-source intelligence, and surveillance from your full complement of security agents. If they are not speaking the same language and using the same communication channel, there is an added risk of misunderstanding or miscommunication among systems.

You need your whole environment to share and understand threat intelligence, anomalous behavior, and suspicious files. Then you can detect the small percentage of alerts that could indicate cyberespionage, and your analytics team can combine forces and apply the context to evaluate these clues and act appropriately.

Combatting cyberespionage isn’t about hiring the latest silver bullet. It’s about building a collaborative team of special cyberexperts, a team with balanced and reinforcing skills; some network, some endpoint, some big data, some system. Harnessed together, that’s an effective weapon in modern cyberwarfare.

Michael Sentonas is the Chief Technology and Strategy Officer, APAC for Intel Security. Michael has been with the company for fifteen years, previously holding leadership roles such as VP and Chief Technology Officer of Security Connected, VP and CTO for Asia Pacific and, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41392
PUBLISHED: 2021-09-17
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.
CVE-2020-21547
PUBLISHED: 2021-09-17
Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.
CVE-2020-21548
PUBLISHED: 2021-09-17
Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.
CVE-2021-39218
PUBLISHED: 2021-09-17
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger ...
CVE-2021-41387
PUBLISHED: 2021-09-17
seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root.