intelligence gathering still requires access to the data, which can be carried out through the internet, but is commonly done through internal access to company networks
(PRWEB) November 23, 2011
In an October report to Congress, the Office of the National Counterintelligence Executive (ONCIX) outlined the emerging threats to American businesses from industrial and economic espionage carried out by foreign governments and domestic competitors. These “represent significant and growing threats to the nation’s prosperity and security,” according to the report.
The ONCIX report focused particularly on the risks to “private sector targets,” many of which “are unaware when their sensitive data is pilfered.”
China and Russia are identified as the most active foreign perpetrators of state sponsored corporate espionage, but the report also pointed to the prevalence of spying by allies and private sector rivals.
Significantly, the ONCIX report exposes a common misperception that cyber espionage is predominantly a web based phenomenon by outsiders trying to “break in.” The report highlights three recent cases of trade secret theft perpetrated by company insiders, who had the credentials to work around internal cyber defenses. It is generally easier to obtain secrets through disloyal insiders than to attempt to hack into system.
The ONCIX report states that these economic espionage programs combine five elements:
- Collection of open source information;
- Human intelligence;
- Communications interception;
- Computer network intrusions;
- Exploitation of insider access to corporate networks.
“This report confirms what we have been doing from the start when it comes to industrial counterespionage,” says SpearTip CEO Jarrett Kolthoff, himself a former Special Agent - U.S. Army Counterintelligence.
“The emergence of digital technologies has not fundamentally changed how espionage is carried out,” Kolthoff says. He notes the primary consequences of digital technology on espionage:
- it vastly increases the amount of data that can be acquired,
- it increases the speed with which data can be acquired,
- it enhances the ability to conceal the theft
- it allows the theft to go undetected over a longer period of time.
“Despite these advantages,” Kolthoff says, “intelligence gathering still requires access to the data, which can be carried out through the internet, but is commonly done through internal access to company networks.”
It is often easier to exploit insider access than it is to circumvent perimeter security. The principle methods of network intrusion are malware hidden in code in file attachments to sham emails, and exploitation of insider access. SpearTip is armed to confront these as well as the other attacks identified in the ONCIX report.
Almost all traditional computer security firms focus on the technical aspect of internet attacks only. SpearTip offers the full range of counterespionage capabilities identified by ONCIX in its report to Congress. We carry out daily open source data review and analysis, incident response, human intelligence collection efforts, cyber forensics and enterprise risk management that culminates into a Framework of Guidance for chief executives.
SpearTip is a corporate counterespionage advisory firm providing disinterested guidance to board level and executive corporate leadership. Under the direction of its founder/CEO, Jarrett Kolthoff, a former U.S. counterintelligence officer, SpearTip’s specially trained team combines computer forensics and cyber counterespionage capabilities with proven intelligence gathering techniques to provide clients with a comprehensive Framework of Guidance them to meet threats to company secrets and data integrity.
For more information visit us at: SpearTip or call 1.877.551.0438.