The Real Threat of Cyber Espionage
For many industries, the level of threat from cyberattacks with an espionage focus can seem relatively small, however that is by no means a reason to judge them as a low-level of risk to businesses. Irreparable damages to financials and operations are caused by the successful theft of confidential company IP and, in many cases, poses a serious danger to the future success of the organisation itself.
According to Verizon, a quarter of all breach attempts are motivated by espionage and the lure of acquiring valuable company IP. This could include new product blueprints, a newfound geographical site for mining, or company-led insights, which cyber criminals will typically then deliver to a competitor for significant financial reward.
The face of espionage
When espionage first comes to mind, it’s the economic and political relationships between governments and the changing shape of modern-day warfare that automatically jumps to the front. Examples like Russia’s continued use of cyber espionage through campaigns like ‘Red October’ discovered in 2012, which revealed the theft of confidential information from the US Department of Defense, Department of Energy, NASA and military contractors through malware that exploited vulnerabilities in Microsoft Office packages to gain unauthorised access to computer systems and gather secure data. Whilst the malware breach was detected in 2012, it has been running rife in the systems for up to 5 years before its detection. Most recently, China has had the searchlight turned on them in their frequent attempts to infiltrate various organisations in the energy, finance, IT and automotive industries to steal economic and financial data for their own economic gain.
The reality is that any nation, government, organisation or business with information of value is a potential target from those that seek to exploit for their own competitive or financial interests. The increased adoption of automated systems in businesses to save on operational costs now makes them even more of a target to cyber theft, and it’s key that these organisations assess the value of their IP and invest into the appropriate precautions to help keep it safe as they rely more and more on the value future technologies affords.
Who is most at risk?
This year, Verizon have reported that 75% of attacks in the mining, oil and gas industries is espionage-motivated, and are routed via the exploitation of unpatched web applications. In an industry where the majority of operatives work remotely in (sometimes) unsafe international territories, it’s vital that data and communications between operatives via mobile devices remains secure and uncompromised. Read our case study to learn more about how we’ve helped a petrochemical company with this.
Since the wake of the coronavirus epidemic, healthcare, scientific and technical services (both governmental and private sectors) have found themselves subjected to a greater wave of threat than ever before posed by cyber espionage, with cyber criminals and APT actors intent upon gaining research that can be sold to nation-states in the biological war to combat the virus.
Even for industries where businesses experience espionage motivations in around only 10% of their breach incidents, there is no such thing as a ‘less high-risk’ attack. Just one successful breach can compromise confidential IP that impacts key company operations. Over the past few years, Serbus has worked with a pharmaceuticals company who, before becoming a client, were victims of cyber espionage. The criminal infiltrated their company network via unsecured mobile devices and were able to access confidential data that greatly impacted a new product launch, resulting in expensive damages to the company’s financials.
To find out more about how Serbus can assist with protecting your organisation from cyber espionage and the theft of company IP, get in touch today on [email protected], or call our office on +44 (0) 1432 870879.