While most of the cyber crime news stories focus on financial and personal information theft, there is clear evidence emerging that large-scale espionage is being conducted – either by nation-states or large industrial entities with lots of resources and patience. This story illustrates how efficiently attackers can locate and access data that is not properly secured.
Industrial espionage can hit any industry that has trade secrets
ThyssenKrup of Germany, one of the world’s leading steel manufacturers, discovered a theft of data from their network in early 2016 that showed signs that the data stolen was specifically targeted – not just an opportunistic attack. Industry experts are speculating that the data could be used in a more advanced attack to impact production capabilities or even product integrity; or it could be used to give an international competitor an easier path to success. There have been cyber attacks on steel companies in the past that affected their ability to shut down blast furnaces properly.
In similar cyber attacks, US law firms have been targeted, resulting in the theft of data that could be used in stock market manipulation or insider trading, for obvious large-scale benefits.
Understanding security risks to sensitive information is critical
For businesses in highly competitive industries or financial markets, risks are becoming higher. It is very difficult to put proper security safeguards in place without identifying how information could be valuable to attackers, and how they might try to access it. Once these risks are understood, secure handling practices need to be built into all employees’ daily job routines. Security awareness training can be tailored to teach employees to recognize risks, or to prescribe standardized procedures that mitigate most risks in each workflow.
Here is a story from Reuters that provides more details.