A difficult question to answer, in view of cyber espionages conducted by state sponsored foreign hackers to gain access to your business secrets on regular basis. UK intelligence agency GCHQ (Government Communications Headquarters) director Ian Lobban had asserted that the government in his country is targeted by nothing less than 70 sophisticated cyber espionage campaigns every month. “Business secrets are being looted on an “industrial scale”, he told the BBC.
While GCHQ launched campaign sometime ago in the belief that this was going to be matters relating to the defense sector alone, Lobban now confirms that any intellectual property is vulnerable and can be reaped by cyber criminals.
MI5’s (Military Intelligence, UK) head of cyber, who spoke on condition of anonymity, added that “there are now three certainties in life:
(1)Death, the most inevitable factor
(2)Tax, that has to be paid, even after your death (by your successors)
(3)Foreign surveillance on your system
Even though neither MI5 nor GCHQ was willing to spill out the names of persons or the nations who may be blamed for such attacks, Lobban was emphatic that in most cases the attacks were state sponsored.
The MI5 cyber head, however, elucidated by stating that most hostile foreign states were interested in a company's mergers and acquisitions activity, their joint venture intentions, and their strategic direction over the next few years – issues both lucrative and well worth an investigation. “Any organization masquerading sensitive or money-spinning data,” he added, was the target.
Steps You May Take to Save Yourself From Cyber Espionage
In order to protect yourself from cyber espionage, you could take the following steps.
Always remember that your security is in your own hands. Stay cautious and alert at all times and be on your look out because someone somewhere is trying to hack, while basic security practices mentioned above can protect you from most hacks.
- Make your employees understand the significance of cyber espionage, especially about social engineering attacks, like spear phishing.
- Know your IP well, so that you may be able gauge the sensitivity of the data you are holding, in terms of value to yourself as well as others. However, this may be achieved by way of carring out a data classification exercise.
- Check and double check if your systems are patched comprehensively – not merely with Microsoft-related-patches, but also Java, adobe and other application patches, for the simple reason that most invaders use Java, Adobe and additional applications.
- Make sure that AV (antivirus) is fully updated on all systems practiced by employees, as also identify those that are not covered, so that you may get them covered forthwith.
- Keep an eye on unusual behavior, which of course may prove to be a difficult task in the absence of a Security Information and Event Management (SIEM software). In the field of computer security, Security Information and Event Management (SIEM) software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.