Preparing for Industrial Espionage

In December 2015 the lights went out across parts of Ukraine as an unseen adversary launched a persistent multi-vector cyber attack against multiple power companies. In 2014 multiple threat groups launched waves of attacks designed to compromise and probe military organisations, defence contractors and industrial control systems but also impacting business verticals that were intrinsically linked like financial services. In the last year, cyber crime malware has been found on factory fresh USB memory sticks and CCTV cameras, injected by unknown individuals, into the manufacturing supply chain.

As the impact of cyber attacks is increasingly felt across all business verticals, organisations should continue to pay attention to protecting their networks and improving overall security posture. If financial assets, production data, future projects and critical day-to-day operations remain vulnerable, they will become targets for threat actors looking for a way to steal this invaluable information or sabotage production environments.

To best prepare for a cyber attack, organisations need to devise a security strategy that encompasses both internal and external intelligence to best determine the highest risks to their corporate information.

To do this the best of breed organisations are:

1) mapping the territory: taking stock and understanding their extended enterprise to build a clear picture of where and how they do business, what the business values and what it needs to protect;

2) enhancing visibility: collecting and monitoring security events on network and endpoints, scanning infrastructure and applications for vulnerabilities and pen testing is the baseline. Deploying advanced endpoint threat detection solutions to provide the deep and rich data necessary for early detection of threats, rapid containment and eviction is the next step;

3) preparing: having a robust, tested, IR (Incident Response) plan to deal with breaches;

4) cultivating: building a culture of security within the organisation from the top down and educating staff, with a particular focus on recognising and reporting spam, spear-phish and social engineering attempts.

With figures from a recent PwC report equating to around one attack per month on the average large business, those at the top of the corporate ladder should take note on how best to protect their assets. However, whilst the world speeds up, many organisations are left in the age of legacy technology and poor insight into current cyber threats.

Industries such as oil and gas, engineering, nuclear facilities, construction and infrastructure, have historically moved very slowly when it comes to updating their systems and adapting to new technology trends. With focus primarily centred on the uptime of operations and on overall health and safety, cyber security can take a back seat.

However, despite the advances in technology, security professionals often find it hard to push their agenda amongst those working within industrial organisations, with cost and return strongly shaping decisions at the very top tiers of the business. Unless security professionals can demonstrate a strong return on initial investment, they are often left out of the company’s overview for the future and are neglected in favour of other financial priorities. This in turn can have an enormous impact on organisations should their security continue to be consistently underfunded; the industry has already seen a number of incidents where this lack of funding has caused severe repercussions.

Consequences of industrial espionage 

The potential consequences of industrial espionage vary widely but all threats should be considered as holding the potential to lead to a serious incident. For example, the theft of vital testing data and reports could allow competitors to gain insider knowledge into an organisation; the loss of data would be felt both emotionally and financially across the business.

If threat actors were to deliberately sabotage industry operations to create a cascading chain of events and incidents, this could result in chaos, outages and even fatalities. Events of the last five years indicate that certain governments and non-state actors may view this type of operation as a legitimate tool of tactical power projection in pursuit of foreign policy or ideological goals.

If an attack results in damages, the public is increasingly of the opinion that corporations must take responsibility for both their role in proceedings and their negligence to customer requirements; claiming ignorance will not stand as a valid defence in a legal court. Any business operating in a potentially risky environment must then be prepared to handle the ensuing loss of business, the threat to public safety, and the resulting legal cases following an attack on their systems.

 Gaining insight

It’s important to remember that the bad guy’s definition of winning is not the same as the security professional’s definition of losing. We often consider targeted malware, executing on the network, as a battle lost, and it is, but if it’s detected early the responder can interdict the attacker on the network, prevent them achieving their aim and win the war. Early detection requires proper instrumentation of the IT environment and skilled operators hunting for the anomalies that reveal the bad guy on the network.

With a lack of budget consistently proving a key factor in organisations’ lack of adequate security, managed security services providers can provide a cost-effective source of skilled personnel, effective automated monitoring processes and assistance in incident response situations. Specially trained experts with a solid understanding of the threat landscape will be able to determine the severity of an incident and offer advice on an appropriate response. Where an organisation has properly instrumented the environment with advanced host-based and network-based monitoring solutions, this effect is multiplied. This approach to security will ultimately limit the impact of outbreak, which will lower cost, reduce potential for brand damage and financial fallout.

The rise of managed security services also ties in with the need to establish a standardised approach to security intelligence. Whilst every industry does not currently have a cyber security framework in place, it may be useful for these organisations to reach out to a managed security service provider that can offer the same level of insight needed to drive the innovations which will protect corporate assets from potential attacks.

Successful organisations are recognising that while they have systems that represent a special case from a security perspective there is a significant volume of knowledge, expertise and solutions that can be applied to the upper layers of their operations to protect the business.

Security leaders must ensure that those within the organisation are aware of a plan of action and are prepared for nearly any eventuality when it comes to cyber-attacks. Although no workplace can be fully secure and cyber-attacks are, to some degree, inevitable, a comprehensive and tested response plan will often mean the difference between a near miss, and game over.

For more information visit www.dell.ie