Attacks on prominent businesses show how industrial and economic spies are targeting and finding valuable intellectual property
January 1, 2017
Why do so many people click on phishing email messages?
February 14, 2017

Working with extremely sensitive data

3D rendering of a usb cable connected to a strongbox containing electronic files.

A friend of mine is developing some complex software that he hopes to license to other companies. When I asked him how he was protecting it from being stolen by a competitor, I was impressed with his answer.

He keeps the software he is developing on an external  drive that plugs into his computer. Whenever he is using the Internet, he disconnects his external drive from his computer. If he wants to work on his software or test it, he disconnects his network from the Internet before he plugs in his external hard drive. He also disables any wireless capabilities on his computers. So, there is no way that anyone on the Internet could directly access his software at any time.

You might think he’s being paranoid, but in some cases, this is a smart thing to do. If you’ve been working on a project for years, as he has, you can’t afford to allow anyone the chance to steal your work and beat you to the market, or otherwise hurt your chances of succeeding.

He was happy when I told him he was doing a good job to address most of the risks. However, there was still a way that a determined attacker could steal his software. Can you think of how they might do it?

ANSWER:

A really determined attacker could develop some malware that attempts to infect the computer while it’s connected to the Internet, or by stowing away on a USB thumb drive and moving onto the computer when it is plugged in. Then, once it has infected the computer, it would wait until the external hard drive with the software is plugged in, and then copy it and store it on the computer (probably encrypted) until the computer is connected to the Internet or a USB thumb drive again. Then the malware would copy the version off of the computer to a place that is accessible by the attacker. This would take a lot of effort and expense, but complex attacks like this have been known to occur. You can Google an example called Stuxnet to learn more.

 

If you enjoyed this post, please CLICK HERE to join the Streetwise Security Newsletter mailing list.

Why not ask for a free consultation?

We can even do a live demo to try out some options.

LET’S GET STARTED