What online spies are after
Cyberespionage goes after whatever information is valuable. Sometimes the spies want it for their own use, but more after they expect to sell it. Crime has its specialists, and networks exist for black markets. The thieves don’t care much about where they get the information, just about how much they can get for it.
These are a few samples of what criminals like to grab from business servers and networks:
Information on top management. What are their plans? Where do they think the markets are going? Should investors buy or sell their stock?
Account access. Getting into servers and databases is the first step toward grabbing vast amounts of information or installing malware. The techniques include password guessing, exploiting application vulnerabilities, privilege escalation, and luring people to fake login pages.
Trade secrets. Any employee might have access to valuable inside information. Intercepting email or other communications lets a thief get a steady stream of data. Badly configured Wi-Fi networks make it easy for someone nearby to snoop. Unauthorized access to servers can yield whole documents full of information that competitors would love.
Supplier information. Where a company gets its supplies and materials and what it pays is valuable information to competing suppliers. It also helps someone whose aim is to disrupt the supply chain.
Information on employees. Recruiters would love to know how much employees are making, whether they show signs of dissatisfaction, and what their promotion record is. Negative information such as reprimands is also useful to recruiters.
Damage to reputation. Someone who doesn’t like a business might pay for information that makes it look bad. A more direct form of damage is to publish confidential information for everyone to see, killing trust in the company’s data privacy.
Types of threats
Spies use whatever methods will work best, and they constantly change their approach to stay ahead of system defenses. Several kinds of attacks remain perennially popular, though.
Targeted phishing. It’s called “whaling” or “spearphishing.” Carefully crafted email messages trick executives into disclosing valuable secrets. Those messages are the result of careful profiling and research, so they look as if they come from a trusted employee or colleague.
Password acquisition. The techniques for grabbing passwords and breaking into accounts include brute-force guessing, luring employees to fake login pages, and finding poorly protected information that contains passwords.
Advanced persistent threats (APT). That’s security jargon for malware which gets onto a server and stays unnoticed for weeks or months. It steadily gathers information and sends it to the thief’s server. It works slowly enough that there isn’t an obvious burst of unexplained activity.
Exploitation of software vulnerabilities. Old software that hasn’t been patched in a long time has known vulnerabilities. An outsider can exploit them to deliver malware or gain access to files.
Information worth stealing isn’t just on servers. Mobile devices and desktop computers are favorite targets. They usually aren’t as well protected, and keeping their software up to date is a lower priority. Data on mobile devices can be stolen the old-fashioned way: by grabbing and running. If they aren’t encrypted, they could have a wealth of data ready for the taking.
Wi-Fi access points that aren’t properly configured are vulnerable points. A spy just has to bring a device somewhere close by and intercept the traffic. They provide a way to get past firewalls and reach internal services.
In brief, there are many ways to separate information from its owners. Protecting it is a complicated matter.
How to stay safe
It’s been said many times: There’s no such thing as absolute security on the Internet. There are, however, always ways to make systems safer. How much security you need depends on the nature of your business and the potential consequences of successful cyberespionage.
The first step toward better data protection is to conduct a risk assessment. You need to determine what needs protection the most and what kinds of threats it faces. Based on that information, you can allocate resources where they will do the most good. Weaknesses that are harder to exploit or can’t cause as much damage shouldn’t be ignored, but their priority is lower.
Education and training are vital. Employees who are aware of phishing tricks, don’t leave data in unprotected places, and use strong passwords will keep the data they handle safe. Periodic reviews and assessments will keep them from forgetting.
Well-planned access control will limit the chances for unauthorized acquisition of data. Employees should have the privileges they need but no more. If an account is compromised, limiting its access will reduce the amount of harm that can result.
Offsite access should always be by secure connections. A VPN for telecommuters and off-site workers lets them connect to company systems as securely as if they were at the office.
Firewalls and anti-malware software keep hostile queries from getting through to applications, and they stop attempts to deposit malicious software on machines. It’s not enough just to install a firewall; it needs to be configured to suit the company’s security profile. Security software needs regular updates.
Many companies have limited IT resources and can’t afford full-time security specialists. Managed services are an alternative that gives access to expertise without having to pay an expert’s salary. White Mountain IT offers managed services and security audits to make your business’s data networks safer from cyberespionage and other threats. We’ll review your security situation and recommend actions that will provide the greatest benefit for the money. Contact White Mountain IT Services today for the best IT support in New Hampshire.