[caption id="attachment_1162" align="alignleft" width="200" caption="orangized cybercrime"][/caption]
Following is an excerpt from an article by Rockie Brockway, Security Practice Director, LOGOS Communications, Inc.
Cybercrime has evolved over the last two decades, from brute force attacks for bragging rights in the hacker communities to billion-dollar black and grey market profit centers. Today, we are seeing very sophisticated tools that can control millions of hacked zombie computers for a single purpose, like mass spamming, phishing or attacking other Internet resources. And, these tools come with 800 numbers for live tech support just like any other software you might purchase at your favorite home electronics chain. The bottom line today is that it is easier and cheaper for new or developing companies to purchase stolen trade secrets in an effort to be competitive than it is to develop it themselves, and such incentive opportunities will always create markets, legal or not. This demand translates into exceptionally ingenious ways to exfiltrate critical intellectual property from organizations and presents a large challenge for the security industry as a whole to keep up with the innovations being developed as a result of these new markets.
The other primary threat to an organizations intellectual property is geo-political in its nature state-sponsored hacking with the intent to gather as much competitive intelligence not only through stolen IP and trade secrets but also through business methodologies in an effort to try to get a leg up on other countries in these shaky economic times.
What are some ways data can be stolen?
Lost USB sticks, stolen laptops, improper disposal of documents, disgruntled employees, third-party vendors, not to mention targeted hacking attempts and even hacktivism. If you can think of a vector for data loss it probably can be done. But the tried-and-true threat vector in the war against data loss ends up being the human factor and social engineering, which has also vastly improved in the last decade. Today, spear and whale phishing high-impact targets, such as CEOs, presidents and board members, and getting them to navigate to a website that installs a malicious application that hasnt been seen before is commonplace and once that foothold is in place, a little patience goes a long way. If you look at the recent slew of high-profile attacks that resulted in severe data loss like RSA, Oak Ridge Labs and others they all share the same MO targeted spear phishing, malicious code execution, staying low and under the radar of existing security countermeasures and data exfiltration.
To read the complete article click here: How companies can protect their intellectual property
An important first step for any organization to take is to improve their own internal online security with Internet Security Awareness Training. Test and train you staff regularly. Take a Free Phishing Security Test at KnowBe4.
Stu Sjouwerman
KnowBe4
Following is an excerpt from an article by Rockie Brockway, Security Practice Director, LOGOS Communications, Inc.
Cybercrime has evolved over the last two decades, from brute force attacks for bragging rights in the hacker communities to billion-dollar black and grey market profit centers. Today, we are seeing very sophisticated tools that can control millions of hacked zombie computers for a single purpose, like mass spamming, phishing or attacking other Internet resources. And, these tools come with 800 numbers for live tech support just like any other software you might purchase at your favorite home electronics chain. The bottom line today is that it is easier and cheaper for new or developing companies to purchase stolen trade secrets in an effort to be competitive than it is to develop it themselves, and such incentive opportunities will always create markets, legal or not. This demand translates into exceptionally ingenious ways to exfiltrate critical intellectual property from organizations and presents a large challenge for the security industry as a whole to keep up with the innovations being developed as a result of these new markets.
The other primary threat to an organizations intellectual property is geo-political in its nature state-sponsored hacking with the intent to gather as much competitive intelligence not only through stolen IP and trade secrets but also through business methodologies in an effort to try to get a leg up on other countries in these shaky economic times.
What are some ways data can be stolen?
Lost USB sticks, stolen laptops, improper disposal of documents, disgruntled employees, third-party vendors, not to mention targeted hacking attempts and even hacktivism. If you can think of a vector for data loss it probably can be done. But the tried-and-true threat vector in the war against data loss ends up being the human factor and social engineering, which has also vastly improved in the last decade. Today, spear and whale phishing high-impact targets, such as CEOs, presidents and board members, and getting them to navigate to a website that installs a malicious application that hasnt been seen before is commonplace and once that foothold is in place, a little patience goes a long way. If you look at the recent slew of high-profile attacks that resulted in severe data loss like RSA, Oak Ridge Labs and others they all share the same MO targeted spear phishing, malicious code execution, staying low and under the radar of existing security countermeasures and data exfiltration.
To read the complete article click here: How companies can protect their intellectual property
An important first step for any organization to take is to improve their own internal online security with Internet Security Awareness Training. Test and train you staff regularly. Take a Free Phishing Security Test at KnowBe4.
Stu Sjouwerman
KnowBe4