Preventing Cyber Espionage: Cyber Espionage and Corporate Security

The threat of cyber espionage used to primarily be the domain of defense officials and writers of pulp fiction. No more.

Today, the most likely victim of a state-sponsored cyberespionage effort is a corporate network:

What’s behind this sudden influx of spies hacking into civilian networks and devices? Who’s next? More importantly, how do you protect your organization’s data?

Cyber Espionage is an Issue for Every Company

Why does every CISO have to be concerned about cyber espionage— even if his or her organization is well removed from classified or other obviously strategic information?

The answer lies in the interconnectedness of both the Internet and global commerce.

We all know that there’s no sense in storming a well-fortified front gate if there’s a barely latched backdoor available. Those backdoors are frequently subcontractors, service providers, vendors, partners, customers, industrial control systems, and even apparently innocuous but Internet-enabled devices.

The interconnectedness of global commerce means that there are more backdoors to check than ever before. Just think about the much-ballyhooed Internet of Things… which sometimes feels as if it might be better described as “The Internet of Barely Latched Backdoors.”

Ok, Who Left the Backdoor Unlatched?

These backdoors give hackers a quick on-ramp to your network from where they can often quickly do further damage with upgraded privileges.

Access is chained from one network and one privileged account to the next. That’s why password sharing is such a huge liability.

For example, most people don’t care if their password for the local delivery service might get hacked, but that becomes problematic when that password combination can then be used to unlock (directly or indirectly by guessing patterns) one person’s personal Gmail account… which happens to be the backup account to his or her corporate email… which in turn provides the keys to an admin account on your corporate database… which, well, that’s the data in your database gone… and that data in turn probably leads to whatever private information your company has left. All because someone used a vulnerable password for his pizza delivery.

You’re vulnerable to cyber espionage whether you’re delivering pizza or protecting the design for next-gen nuclear submarines and have employees who eat pizza.

This interconnectedness is in turn much easier to exploit than in the past, thanks to increasingly user-friendly hacking tools and widely available malware-as-a-service offerings. Cyber espionage is increasingly subcontracted.

The hardest question hackers have to answer is should they get the “pro” or “enterprise” malware-as-a-service package?

With so many cyber weapons lying around, it’s not a surprise that people are getting hurt.

Of course, we shouldn’t let the intelligence arms of western governments, especially those of the United States, off the hook here. While few cyber experts are shocked to hear that the United States has been stockpiling zero-day exploits and other cyber weapons… more than a few expressed consternation that they were apparently careless enough to allow these weapons to escape from their supposedly secure weapons locker in Langley, VA.  Nearly than 9,000 exploits, how-to’s, and other classified files were apparently passed around various cybersecurity and hacker communities until finally being revealed by WikiLeaks. They are now effectively in the wild.

Having so many of the CIA’s own tools available to hackers (both state- sponsored and not) just adds fuel to the cyber espionage fire.

How Corporate Security Can Prevent Cyber Espionage

Every CISO’s top concern, right now, should be that his or her organization will be subjected to numerous cyber attacks… including ones by state-supported actors. This ups the defensive ante, but luckily most companies are not targets in and of themselves of state-sponsored actors. They are more likely conduits to a bigger target. So, rather than ensuring that they are able to withstand a direct assault by a full-fledged governmental cyber attack, most companies can get away with ensuring that they are not the proverbial “barely latched backdoor.”

PAM: Your #1 Defense against Cyber Espionage

So, where do you start? Well, this is the WALLIX blog, so you shouldn’t be surprised that we’re going to recommend a solid Privileged Access Management (PAM) solution as a good defense. Self-promotion aside, a fully implemented PAM solution would prevent the vast majority of attacks, state-sponsored or not, that we discussed in this article:

  • An access manager, combined with an embedded password vault, provides a huge barrier to any espionage attempts in that it assigns a very secure password to every device or application that is approved for every user. Furthermore, password sharing and leapfrogging are prevented because end users never even know the actual password that is used on any given application or device. Admins can easily rotate actual device passwords at whatever frequency they choose—all of which is completely transparent to the end users.
  • session manager adds significant enhancement to this base level of security by providing both an unimpeachable audit trail of every privileged action on your network as well as granular control of what actions are allowed by any given user. Forbidden actions can be blocked and/or trigger session termination and/or have an alert sent to the security admin.

If China, Russia, or the United States really look after your corporate network… they’re going to get in. But if you don’t make it easy for them… and you’re not in their direct line of fire, they will likely pick on someone else.

The next step to preventing cyber espionage?

Contact us for a demo.