In 2011, for the first time, the British government released figures estimating the damage of cyber crimes across the nation. According to that, the cost of cyber crime to the UK is around £27 billion.
Many, however, believe this number is grossly understated, with some companies refusing to admit their systems have been compromised for fear of ‘reputational' damage. Over a third of the estimated cost is a result of intellectual property (IP) theft and another £7.6 billion in industrial espionage.
According to former White House advisor on cyber security Richard Clarke, China and Russia (along with domestic and foreign criminals) continue to pose some of the greatest threats. Often employing what is known as advanced persistent threats, or APTs, cyber criminals are hacking into computer systems with a very specific end result in mind.
In fact, IT security experts, including Dr. Paul Irving, recently warned the nuclear industry that China may be waging a campaign to hack into computers associated with the industry in the hope of stealing information to benefit the expansion of its own nuclear industries.
It has also been speculated that China has targeted the transportation and alternative energy industry. The nation state is now exporting technology it used to buy and in some cases there have been clear links to IP theft and cyber espionage.
These attacks are not the first of its kind. In October 2011, the head of GCHQ Iain Lobban told The Times that IT, technology, defence, energy and engineering sectors have been the target of APTs. It is alleged that the information stolen is being used for commercial gain.
Additionally, Lobban reported that one such attack unsuccessfully attempted to infiltrate the Foreign Office and other various government agencies. Since these attacks are customised and targeted, many go undetected by traditional security measures, which are only able to black list known malware.
Irving also warned that APTs often go undetected for over 400 days, meaning criminals have access to systems and files over a year before being shutdown. Most companies are only made aware of the attack after being alerted by a third-party organisation.
As a result of all this activity, threats to IP security are at critical levels. Why? Put simply, it is because it is easier to steal someone else's intellectual property than it is to devise a proprietary knowledgebase. As it stands many enterprises are vulnerable because they do not have in place policies or systems designed to protect their IP – meaning that there are many loopholes hackers can exploit in order to obtain the knowledge that they seek.
A survey we recently undertook found that European IT security professionals considered their corporate IP to be in the top three of their most valuable assets. Aware that traditional cyber crime protection leaves their IP open to attack, many are starting to explore other security parameters. As it stands there is a lot of focus on stopping ‘bad' attacks, rather than seeking to understand what programmes are ‘bad' and which are ‘good' in order to ensure the integrity of laptops, desktops, servers and even mobile devices so that companies are protected against potential risks and major losses of IP.
Devising a list of trusted sources – known as white listing – that run across all clients and servers is a much more manageable way of understanding and managing the risks to your enterprise security.
Additionally, supplementing advanced threat protection technology with current security information and event management platforms (SIEM) can provide real-time threat detection by filling in blind spots, which are often experienced with event profiling and endpoint executable identification.
In conjunction with endpoint data from firewalls and IDS/IPS, threat detection is not only timely, but also appropriate, eliminating many false positives. In other words, it creates a faster, more accurate insight of system usage and activity needed by today's security professionals.
The evolution of trust policies has changed the way known sources are managed. What used to be a cumbersome process based upon a static list of approved programs now works by allowing predetermined sources such as Adobe or Microsoft WSUS to update as often as necessary.
IT professionals can filter updates and downloads based upon publisher, distribution method or trusted source. When an unknown source attempts to download or access files, it is stopped before it can breach the system's firewall, thus protecting the system, the company's intellectual property and any other sensitive data from potential harm.
In the face of smarter criminals, IP protection is not only necessary; it is critical. Sensitive information and data are targeted through APTs and unfortunately, many organisations are left believing their data is secure until it is too late. White listing is one of the most effective ways to maximise IP protection.
Tony Shadrake is director of EMEA at Bit9