How IT Can Help Detect Corporate Espionage

Are there spies lurking inside your organization, silently stealing business secrets and perhaps even planning to sabotage promising new projects and strategic initiatives? Maybe yes, maybe no. After all, spies by their very nature tend to keep their nefarious activities under wraps. Some may even be your most trusted team members.

Corporate espionage is a significant and growing threat in today’s digital age, says Andrew Hural, director of managed detection and response at UnderDefense Cybersecurity in an email interview. “The value of intellectual property, sensitive data, and trade secrets has never been higher, making them attractive targets for both cybercriminals and nation-state actors.” As organizations increasingly rely on digital infrastructure, the threat of espionage, whether through cyberattacks or insider threats, continues to evolve, posing a serious risk.

The espionage threat isn’t limited to large enterprises. Businesses of all sizes are vulnerable, since they’re part of the supply chain. Smaller businesses often don’t see themselves as a target, but they store data and can also act as a gateway to the larger enterprises businesses they serve, Hural explains. “With smaller budgets and often lower priorities when it comes to cybersecurity, these businesses are generally less fortified, creating viable access points for threat actors.”

Related:Top Secret: Pentagon Leak Sheds Light on Insider Attack Threat

All enterprises, regardless of size, should also be alert to the threat posed by internal spies. Insiders often seek some form of business advantage or financial gain, taking organization assets, such as intellectual property, on their way out the door, says Randy Trzeciak, director of the Masters of Science Information Security Policy and Management program at Carnegie Mellon University, via email. Such individuals may then start their own business or go to work for a competitor.

Based on research conducted by the Carnegie Mellon Software Engineering Institute, which Trzeciak also works for, insiders who steal intellectual property tend to be technologists, such as scientists, programmers, or engineers, as well as sales and business development personnel.

IT’s Key Role

IT and its security department or team plays a key role in preventing both online and on-site enterprise espionage. “Organizations should conduct regular risk assessments to spot vulnerabilities, whether they’re in weak cybersecurity measures or physical gaps in security,” Hural says. “Unfortunately, human errors are still a leading cause of security breaches, so fostering a security-conscious culture where everyone knows how to safeguard sensitive information is critical.”

Related:The Mind of the Inside Attacker

Any enterprise that has invested time and resources into developing a product or idea needs to protect it, Trzeciak says. He notes that the FBI recommends taking the following steps:

To identify potential insider threats to critical assets, Trzeciak suggests examining The Critical Pathway to Insider Risk Model, which offers detection techniques designed to help leaders identify individuals predisposed to stealing or attacking critical enterprise resources.

Essential Planning

Security team members should think like an attacker, recommends Juniper Networks CISO Drew Simonis via email. “Identify what assets are valuable to an adversary -- not just those that you think are valuable to you.” Identify where and how assets are stored, how they’re processed, and who interacts with them. “Too often, people share [assets] as a matter of ease and convenience versus suiting a need,” he observes. Simonis also advises closely examining systems and their interdependencies, limiting them as much as practically possible. “Monitor anything you can and create a plan to enhance monitoring.”

Related:Cybersecurity Training to Beat the Enemy Within the Gates

Simonis suggests embracing a ‘see something, say something’ culture. “People usually know if their colleagues are under stress, in significant debt, or otherwise subject to blackmail and coercion,” he explains. “They may see the colleague behaving oddly, working new hours or being evasive.” Team members should be assured that their concerns will be held in strict confidence, Simonis adds.

To Catch a Thief

IT and business leaders should know in advance what has to be done when someone has been definitively identified as a spy. “A process needs to be thought through and agreed on in advance of finding the suspected spy,” Simonis says.

The exact process should be specific to the organization’s risk tolerance and culture, and may include a notice to law enforcement, engaging third-party investigators, and other relevant parties, Simonis says. Failing to act quickly and decisively, he warns, may undermine any claim down the road.