The cyber economic espionage is a growth market, according to experts. Espionage as a Service (EaaS) is becoming readily available on sites such as hackerslist [dot] com. Hackers are realizing that it is easy and lucrative. They can find the data on target systems and then sell it on the dark market. The dark market is expanding its offerings beyond credit card information for sale so there is a ready sales channel.
The FBI has seen a 53% increase over the past year in economic espionage cases, or the theft of trade secrets leading to the loss of hundreds of billions of dollars. Intellectual property theft in the US alone is estimated to cost companies a staggering $300 billion a year, according to research by IT ProPortal, a technology information resources company.
In addition, nation states are directly involved with the hacks for their own use. They also sponsor or hire hackers to go after companies in other countries.
“Cyberattacks stealing competitively important business information are a fundamental part of the national economic development strategy of China”, according to Scott Borg, director and chief economist of U.S. Cyber Consequences Unit, a non-profit research institute.
What the hackers are looking for
Cyber criminals search for any information that can provide a competitive edge to another company or country. The hackers look for information on business networks such as:
• Sales strategies
• Merger/acquisition data
• Product designs
The FBI has launched a campaign to increase awareness for businesses. When they surveyed companies, they found that China was the culprit in 95% of economic espionage cases. Espionage may be a combination of physical spying, cyber spying, and social engineering to gain confidential information. Spies have been known to appear as professors, engineers, traveling students and business people. To help educate American businesses, the FBI released a case study video. This is a high quality movie type video, not what you might expect from a government law enforcement entity. Its credibility is reinforced since it is based on a true story. Spend 30 minutes to watch this.
What You Can Do
Any size business can be a target of economic cyber espionage. If you have formulas, global expansion plans, product designs, or other intellectual property, you may be a target of a spy hacker.
Consider hiring an ethical hacker to check the dark market to see if your information is already there. If so, talk to a specialized attorney.
Reinforce to your employees the chances of a spy attempting to use social media and sites like LinkedIn. Potential recruits for spies can be found and contacted based on relevant knowledge and work experience.
Ensure you have strong cybersecurity measures surrounding your sensitive data, including encryption and limited access to your network systems. Closely manage any contract workers and third parties that have knowledge of your trade secrets.
Don’t assume because you are not a Fortune 500 company that the espionage actors aren’t aware of your business.
Read more of Carolyn’s blogs and how cybersecurity impacts small businesses on her NCI page.