It seems a day doesn't pass without some new data theft issue in the headlines. These attacks are made for economic gain, competitive advantage, espionage or some mix of the three.
The attack vectors targeting your company can be defined in three categories:
1. Inside attacks
2. Outside targeted attacks
3. A twofold attack that combines internal and external attacks
Inside attacks are the oldest and most common of these three, but with advances in technology and the professionalization of the adversary, outside and twofold attacks are growing in both number and sophistication.
But who are the perpetrators? In this post we'll look at the five types who carry out these attacks.
Hactivist attacks can be perpetrated by insiders, but can also originate from outside activist groups looking for social justice. Hacktivists of all types are motivated by political, environmental and social issues. It takes only one employee with strong feelings that a wrong has occurred and using that belief to justify action to cause problems.
2. Criminal Organizations
Organized criminal groups (primarily located in Eastern Europe and Russia) frequently use the Internet to commit fraudulent actions in the banking and financial system and e-commerce. These organizations have an underground marketplace where cyber criminals can buy and sell stolen information and identities. The challenge security teams face is that these attackers will go after any data they can monetize. Corporate IP such as movies, videos, music and computer games can be sold to competitors in foreign countries is becoming a favorite target.
3. Careless and Compromised Employees
Careless employees violate corporate policies by moving sensitive data to unprotected locations (e.g., computers or public cloud storage). They may unwittingly expose this data to bad actors internal to a company or external partners and contractors. Compromised employees are those that are stealing data for an external source, and is a very common form of data loss. The attacks are often long-term, moving small amounts of data over a long time.
4. Leaving Employees
"Leaving" employees who take sensitive data with them are a major problem. Studies consistently find that almost 60 percent of former employees have taken sensitive company data when they depart an organization regardless of the reason why they left. One Symantec study found that 56 percent of workers believe it is okay to take data with them and use it at a competitor. This includes not only customer contact lists but also the IP and trade secrets related to the programs these employees were involved with.
5. State-Sponsored Cyber Espionage
China's People's Liberation Army (PLA) has developed a combat strategy called "Integrated Network Electronic Warfare", which guides computer network operations and cyber warfare tools with the goal of seizing control of an opponent's information flow and establishing information dominance. Analysts have long linked a military unit in the Chinese military's 3rd Department to extensive cyber espionage.
Korea was rumored as the perpetrator in a recent breach of a major film studio, in order to prevent the distribution of a film that depicted their leader in a less than flattering light
Worried? You should be. Current security solutions (e.g., signature-based and perimeter-based) aren't effective against constantly changing new attacks that are increasingly becoming more sophisticated and complex. Security teams are overwhelmed. To detect and mitigate the threat of the theft of critical IP, companies must look to new technologies that preventadvanced attacks or insiders from stealing data even when perimeter and network defenses have been defeated.