30-06-21 Exclusive: Mitigating against the cyber espionage threat
As ransomware becomes the most common threat in the current cyber environment, a more sophisticated threat is highlighted – cyber espionage. If hostile actors can get into a system to hold ransom valuable information, with time and means they can also stay inside it to gather all kinds of information and disrupt business continuity.
In the recent case of the ransomware attack on the Colonial Pipeline, DarkSide, the cyber group who took responsibility for the attack, stated on their website: “Our goal is to make money and not create problems for society”. In contrast, those involved in cyber espionage want to disrupt and cause damage. While ransomware has a clearly stated short term purpose, cyber theft has a more sinister and costly aim.
During a ransomware attack, once the cyber attackers have gained access to an information system and are in possession of valuable data they wish to be known so that their demands are met; Cyber espionage actors work hard to stealthily be a fly on the wall. Economic and industrial espionage aims to detect and exploit a system’s vulnerabilities with short, medium and long term goals.
As a billion personal devices, business and industrial equipment are becoming seamlessly connected in Industry 4.0, the “surface” available for hackers is amplifying, encouraging the multiplication of means and techniques for the fulfillment of cyber intrusions. Rapid globalisation, increased mobility, advancements in technology and the anonymous nature of the internet create growing challenges in protecting trade secrets.
Economic and industrial espionage has two forms:
- Acquisition of intellectual property, such as manufacturing processes or techniques, locations of production, proprietary or operational information like customer data, pricing, sales, research and development, policies, prospective bids, planning or marketing strategies.
- Theft of trade secrets, bribery, blackmail or technological surveillance with different types of malware.
Corporate espionage, on one hand, is espionage conducted for commercial or financial purposes. In contrast, economic espionage is mostly orchestrated by governments and rogue states and is international in scope.
Challenges for an effective response to espionage
One of the main challenges in order to develop a comprehensive cybersecurity strategy against cyber theft is the lack of accurate and exhaustive data on the issue. The real extent of the problem might therefore be much larger than what it is currently perceived. Estimates on the economic impact of cyber theft of trade secrets can be considerably high and these impacts can have repercussions both for businesses and for society as a whole.
Companies almost systematically do not disclose any information concerning incidents of cyber theft of their trade secrets. The reason for such reticence usually lies in its unwillingness to disclose critical company information, fearing economic damages. This makes it quite difficult to evaluate the cost associated with reputational losses. Once the cat is out of the bag and the media present the news to the public, then there is an evident cost in reputation.
Here comes another problematic issue: the general lack of awareness among companies on the threat posed by cyber theft of trade secrets and the measures that should be put in place to prevent it. This is especially true for Small and Medium Enterprises (SMEs), because of their limited capacity to invest in advanced cybersecurity defense measures. At the same time, SMEs, which constitute the vast majority of the entrepreneurial sector, are inadequate in establishing the nature and quantity of stolen data. This translates to a limited availability of data on cyber theft of trade secrets across the world.
The more information available, the more precise the measurement of the impact would be. Nevertheless, the full availability of information is critically dependent on the single case taken into consideration.
A global solution to a global problem
Considering the global nature of the threat, an effective strategy to fight industrial cyber espionage must rely on a multi-disciplinary approach, derived through coordinated collaboration among businesses, cybersecurity service providers, governments and researchers.
But where the public sector falls short, is where the private sector has the ability to step forward and lead. Since there is not a single reporting system for the notification of cyber theft of trade secrets, overlapping of the reporting systems using different taxonomies and methodologies for data collection across organisations and countries limits the possibility of building accurate aggregate data. A common and coordinated reporting system at a global and regional level would be crucial for timely response interventions.
A feasible approach is the creation of a global sector-based and industry-led unified reporting system that could function as a rapid alert system between peers. This unified global solution would progressively increase awareness and expertise and improve preparedness and resilience.
To be a valid tool and avoid negative repercussion on business reputation, a global unified reporting scheme should be on a mandatory and non-voluntary basis. This way collection of data would be efficient and fair, as each organisation, public or private, would have to comply with the same reporting requirements. A common and coordinated reporting system at a global level would be crucial for timely response interventions.
Such a system of reporting will make other preventive measures significantly more efficient. With clear and comprehensive data available, organisations will be able to create up-to-date protocols in order to educate and train its corporate communities to protect sensitive information. Higher cyber risk awareness will also make the market demand the strengthening of law enforcement in order to regulate and establish clear rules of engagement in the commercial cyber environment.
Cyber theft of trade secrets represents a concrete and growing threat for all types and sizes of companies and organisations holding confidential information. The interconnectivity of the commercial tools available demands an interconnected response mechanism to accurately defend the free market conditions necessary for communities and organisations to flourish.