Web of Spies
Ever since Edward Snowden revealed the extent of state-sponsored espionage over the Internet in 2013 businesses have been acutely aware of just how vulnerable data communications are to being intercepted. It is no coincidence that in the same period cybercriminals have also stepped up their attempts to spy on organisations. For example, the use of Advanced Persistent Threat (APT) malware and ransomware to try to capture valuable financial or customer data for financial gain has risen dramatically. While no defense method is ever 100% impregnable the risk of snooping and theft of sensitive data can be significantly reduced by encrypting it using VPNs.
Legitimate online tools and services such as supercookies and social media platforms are being increasingly exploited by sophisticated threat actors to hide their activities and spy on their targets. In 2015 one Russian group opted to hide its cyber-espionage activities in social media sites such as Twitter and GitHub, while another secretly compromised 100 legitimate websites and used web analytics tools to spy on their victims.
The main threats from data espionage are:
- State-sponsored – cyber-attacks by nation states are seldom out of the headlines. In the past year state-sponsored threat actors are thought to have been behind attacks on databases containing huge quantities of detailed data, as in the data breaches at Anthem Healthcare - where up to 80 million records were exposed — and the US Office of Personnel Management (21 million). Nation states were also implicated in last December’s attacks on the industrial control systems (ICS) of Ukrainian energy companies, causing power outages for around 225,000 customers.
- Industrial espionage – companies work extremely hard to protect their intellectual property against theft. Loss of trade secrets costs businesses billions of dollars every year. Traditional industrial espionage techniques have merged with digital ones to spawn new threats and fresh problems. Remotely launched computer attacks are especially troublesome. It can be quite tricky bringing perpetrators from across international borders to justice. A famous example is the case of clean energy company AMSC’s pursuit of Chinese wind turbine maker Sinovel which resulted in a long-running legal battle. The proliferation of such cyber espionage threats is forcing companies to think hard about how they protect their most valuable intellectual assets in the future.
Reducing the risks
The potential for falling victim to cyber-espionage can be limited by strictly controlling the ways individuals are allowed to access the network remotely. Among the most effective steps to take are:
- Apply two-factor authentication – a two-factor authentication system requires an individual to use two security measures in combination – for example a secure login and a digital key before they can access the network remotely
- Implement SSO – single sign-on (SSO) technology provides workers with controlled remote access to hundreds of the most popular business applications while unifying identity and mobile device management
- Ban USB drives – not only are thumb drives easy to lose, but any device with a USB interface, including laptops and phones, could potentially be affected by malware
- Use a firewall – a network firewall can help monitor network activity and detect unauthorized attempts to access files within the network
- Hybrid IPsec / SSL VPNs – to keep risks to a minimum ensure employees and authorized third parties use end-to-end virtual private network (VPN) connections; ideally data should be encrypted prior to upload, in transmission and while at rest
Evolving VPN strategies can keep snoopers out
VPNs provide an established and well understood method to give workers controlled, remote access to company networks. However, it is important to keep things continually under review to ensure security measures keep pace with developments in technology such as cloud computing and escalating bandwidth requirements. As a result, organizations need to develop VPN architectures that:
- Provide support for all important operating systems
- Are easy to use
- Allow firewall rules and VPN security parameters to be centrally administered
- Deploy trustworthy VPN routers/gateways
- Protect networks and critical infrastructures from eavesdropping, manipulation, and sabotage
- Enable collaboration between different security vendors
In summary, cybercriminals and state-sponsored threat actors are finding increasingly sophisticated means to conceal their actions. Their aim is to remain undetected by conventional security measures for as long as possible while they collect valuable information on their targets. To secure themselves effectively against this, companies need to ensure they have a holistic remote access framework that covers every possible mode of access to the network. The aim must be to make breaking in such a challenge that the spies will keep looking for easier targets elsewhere.