Inside the Briefcase

Augmented Reality Analytics: Transforming Data Visualization

Augmented Reality Analytics: Transforming Data Visualization

Tweet Augmented reality is transforming how data is visualized...

ITBriefcase.net Membership!

ITBriefcase.net Membership!

Tweet Register as an ITBriefcase.net member to unlock exclusive...

Women in Tech Boston

Women in Tech Boston

Hear from an industry analyst and a Fortinet customer...

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

In this interview, JumpCloud’s Antoine Jebara, co-founder and GM...

Tips And Tricks On Getting The Most Out of VPN Services

Tips And Tricks On Getting The Most Out of VPN Services

In the wake of restrictions in access to certain...

Defending Against Competitor Cyberespionage

September 10, 2015 No Comments

Featured article by Vidhya Raganathan at Accellion

Tales of cyberespionage pervade mainstream media with new breaches being reported almost weekly. While cyberwarfare is a reality, sometimes the biggest breaches are not the work of spy agencies, organized crime syndicates or even sophisticated hackers, but rather the act of a former employee or business competitor. Today’s IT departments need not be on the look out for James Bond – it’s James the disgruntled former product manager with an axe to grind that they should be concerned with.

For example, in 2009 US-based hospitality company Starwood accused rival hotelier Hilton of industrial espionage, specifically the theft of more than 100,000 electronic files containing sensitive information about its luxurious W hotel chain resulting in a $75 million settlement. More recently, federal investigators have recommended charges be filed against members of the St. Louis Cardinals front office for allegedly accessing a database managed by the Houston Astros that contained information on the club’s developing players.

What is to be gained from competitor cyber-espionage? If you manage a sports team, it may be information on potential trades or draft picks or details of a player’s injuries. If you are an enterprise business owner, it could be new product features, M&A discussions, customer contracts, employee issues; the list goes on and on.

These and other incidents should be a wake up call for CIOs and CISOs and IT managers. Because a competitive advantage is priceless in the market place, those employees entrusted with safeguarding proprietary information should assume that they are already being targeted by a competitor, at risk of an accidental data leak by a careless employee or an intentional data breach by a disgruntled worker. Adopting an offensive mindset, namely being proactive with managing your corporate data, can provide the best defense.

With reputation and shareholder value at risk, data security has become a C-suite issue. Below are four crucial actions that enterprise business owners and IT departments must take to better protect themselves against competitor cyber-espionage:

Terminate privileged accounts and credentials of rogue employees

Insider attacks are among the biggest threats facing enterprise data. In fact, according to a 2015 study from Online Trust Alliance, 29 percent of data breaches are caused either accidentally or maliciously by employees. To avoid making the headlines as the latest victim of a breach, or worse, a competitor hack, CIOs must ensure IT departments identify and terminate any privileged accounts and credentials that are not in use, including those associated with employees that are no longer with the company. This will increase the likelihood of keeping your businesses’ secret sauce out of the hands of your biggest competitor.

Enforce security protection using unique and complex password requirements

It doesn’t take a sophisticated hacker to break into your enterprise data vault if passwords are easy to crack. Because we all have a multitude of passwords to keep track of, people tend to become lax using the same easy-to-remember passwords for a variety of purposes. According to a 2015 Trustwave research report of 574 data compromises that took place across 15 countries, 28 percent of the breaches were the result of weak passwords. Each year, several reports are released sharing the most common passwords such as “1234” or “qwerty.” Although common knowledge, employees may still use these uncomplicated passwords. As the first line of defense, enforce passwords that require upper and lowercase letters, symbols and numbers that are unique, meaning they are not in use elsewhere, to decrease the likelihood of a breach. Despite how much of a St. Louis Cardinals fan an employee may be, any password that also uses a favorite sport or sports team is not recommended.

Take ownership of encryption keys

While house keys are never shared with complete strangers, the same concept should be applied with encryption keys. Enterprise data and information that is stored in a public cloud can be at risk since encryption keys are also maintained by cloud service providers and architects. Rather than overthinking whether an encryption algorithm is strong enough, a better question to ask is where encryption keys are held or managed. Whether information is being stored via smartphones, laptops or wearables, organizations should be aware of the risks associated when using the public cloud. Consider deploying a private cloud storage solution that guarantees ownership of encryption keys for maximum protection and control over stored data.

Train employees on cybersecurity best practices

Steven Covey famously said, “always treat employees exactly as you want them to treat your best customers.” Employee training does two things: It shows that you value them and are willing to provide them with all the tools they need to do a good job. From a security perspective, enterprise management and IT departments can teach employees the value of protecting customer and employee information. This helps to decrease the likelihood of careless errors concerning corporate information. Mandatorytraining sessions that focus on security practices help employees learn how to manage passwords and identify and avoid risks. In addition to periodic training sessions, an ongoing support system ensures that employees have the security resources and education they need to stay up-to-date in making smart decisions when using corporate data.

As important as it is to invest in a strong security system, internal measures that protect against competitor cyber-espionage are essential to guard sensitive information. The negative repercussions from the Starwood Hotels and Houston Astros’ breaches prove that all organizations should develop, monitor and continually enhance internal systems and policies to safeguard sensitive data. Human error, carelessness or malicious attacks from rogue employees are prime examples of internal security risks that can be avoided. In order to prevent a scandal and subsequent headaches for IT managers, their C-level bosses and their boards of directors, you need to develop solid internal security measures that keep spies out of your business and back in novels and movies where they belong.

Leave a Reply

(required)

(required)


  • TOPICS

     APPLICATION INTEGRATION
     DATA and ANALYTICS 
     DIGITAL HEALTH
     SOCIAL BUSINESS
     MOBILE DATA
     DATA SECURITY
     DATA PRIVACY
     CLOUD DATA
     HR TECHNOLOGY

    • ADVERTISEMENT

    Gartner

    WomeninTech






    IT BRIEFCASE MEDIA PARTNERS
    Gartner

    IBC 365

    Gartner

    cloudexpo

    unicom

    tdwi

    World Congress

    Witi

    Broadgroup

    The Open Group

    gsmi

    tmforum