Countering corporate espionage
Published: 07 Jan 2008 13:01 GMT
...memory sticks and mobile devices, but with appropriate encryption and other security measures.
The best approach is to accept that providing employees with access to sensitive information will always carry some risk, but to mitigate that risk as far as possible, said Schettenhelm. Compuware provides a range of tools designed for "application auditing", which basically means monitoring who uses software and what they do with it. One of the biggest challenges for any company that has been hacked is knowing the extent of the breach and application auditing can also help in this respect, showing which screens and fields of data were viewed by an individual user.
"It means, if there is a breach, you can easily see where it happened, who did it and what was breached," says Schettenhelm. "It also protects employees from false accusations because it shows where there was no inappropriate action."
Application auditing can be combined with data-mining tools to reveal patterns of usage and alert managers to anomalous activities. For example, you could monitor the activity level in a customer-service centre to show that a typical agent is accessing 100 records per day, while one employee is regularly accessing 500 records. "That type of spike might indicate a problem, and further investigation may show which sort of records he is accessing and whether it tallies with the number of inbound calls they were handling," said Schettenhelm. "You can then ask: why did you need that screen for that call?"
A common trigger which might indicate a problem or a hacker is someone accessing files outside of office hours, when they can't be seen by colleagues
Mark Schettenhelm, Compuware
This type of technology works best when sensitive data is held on separate screens, Schettenhelm added, so that you can track exactly who is accessing information such as credit-card details or medical records. It will also help in preventing future problems, because auditing will show which screens really are needed to do a specific job — meaning that access to any information that isn't strictly needed can be restricted.
Of course, an organisation can't simply block access to all confidential data — developing new products is difficult if the engineers can't access the plans, after all. But analysing network traffic can show who is downloading information and at what times. "A common trigger which might indicate a problem or a hacker is someone accessing files outside of office hours, when they can't be seen by colleagues," said Schettenhelm.
Five corporate espionage cases
In 2005, HP allegedly paid an ex-Dell executive to collect "competitive intelligence" about its rival's business activities. The allegations were contained in a countersuit filed by former employees of HP who were accused of starting a rival business while still employed by the firm. Another lawsuit filed by one of Dell's Japanese rivals accused the company of running a "competitive intelligence investigation".
Five years earlier, in 2000, Microsoft fell victim to what the company called "a deplorable act of industrial espionage" when hackers broke into the company's system and access Windows and Office source code. Hackers had access to the source code for up to three months.
In the pharmaceutical sector, Proctor & Gamble and Unilever became involved in a dispute when Fortune magazine reported that Proctor & Gamble had been involved in corporate espionage against its archrival. Agents appointed by Proctor & Gamble were alleged to have misrepresented themselves as market researchers and used various other methods to collect information about their rival.
In 2006, two hackers were extradited from the UK to Israel when it was alleged that they had developed and sold spyware which was used by companies to spy on rivals in their native Israel. Three private investigation companies in Israel were alleged to have sent emails with Trojan packages designed to evade detection by security tools.
A UK hi-tech firm became a potential victim of corporate espionage when computer hardware was stolen from its offices in Lancashire. Thieves who stole a number of laptops from the fuel management firm in March also stole server hard drives, causing fears that the information could be sold to commercial rivals.
Previous
- Governments prepare for 'cyber cold war'
- MI5 warns of Chinese digital espionage
- Burglars plunder Verizon's London data centre
- Cyberterrorism: Myth or reality?
- Explaining the Estonian cyberattacks
- The worst IT security incidents of 2007
- Cracking open the cybercrime economy
- Countering corporate espionage
- Anatomy of a hack attack
- Storm worm anniversary brings fresh variants
- CIA: Cyberattack caused multi-city blackout
- Schneier: Cyber-extortion on the rise
Did you find this article useful?
5 out of 12 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
