5 Crucial Ways To Neutralize Cyber-Espionage

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://tech.co/5-crucial-ways-neutralize-cyber-espionage-2015-09

Cyber-espionage has become more and more common. Companies find that their
servers have been hacked and that closely-guarded corporate secrets have
been stolen more often than many people realize. But cyber-espionage goes
beyond the boardroom — governments are also victims of cyber-theft.
Important defense or financial information has been stolen from government
systems before, and it will inevitably happen again. What can be done to
neutralize cyber-espionage?  While it may seem daunting, there are multiple
ways to fight back.

Deterrence

One of the best ways of handling cyber-espionage is to avoid it
completely.  To that end, deterrence is the option of choice for many
governments.  Many governments have issued statements promising military
retribution in the event of a cyber attack. In some cases, these threats
may simply be an attempt to deter any future cyber-espionage. In other
cases, they may be true threats that the country will follow up on.
However, due to the nature of the internet and the anonymity that it
provides, it’s not always easy to discover who is behind cyber-espionage.
Because of this, deterrence is not always a successful strategy.  In the
business world, deterrence is even more difficult to successfully utilize.

Treaties and Legal Options

Another way of neutralizing cyber-espionage is through the use of treaties
and other legal documents.  While it hasn’t occurred yet, it’s possible
that countries will come together to declare cyber-espionage off-limits in
the same way that the nuclear weapons have been. However, this type of
treaty would require everyone involved to be honest and stick to the
agreement, which is not always a guarantee. Countries, even allies, have
often spied on each other to maintain tactical advantage. Whether or not an
international ban on cyber-espionage would be effective remains to be seen.

In the business world, cyber-espionage is often fought in court when it’s
possible to determine who was behind the attack. Many large corporations
and governments have had their legal divisions become proficient in
national and international laws regarding cyber-attacks so that they can
use the legal system to combat this threat.

Make use of Malware and Virus Removal Software

One of the issues behind a cyber-attack is that the attack doesn’t always
come from outside of the company.  Web usage control software can be a
great help in tracking what your employees are doing and can greatly reduce
unethical activity in the workplace. Viruses and malware can infect your
network in a number of ways. Usually, this occurs when an employee visits a
website that contains a virus or other harmful program.  Most of the time,
antivirus software will catch the intruder and block it, but that’s not
always the case since new viruses are constantly being created and released
online.  In other cases, your employees bring these harmful programs into
the network by using their own laptops, flash drives, and other devices.

This is why it’s vital for companies, government offices, and other
organizations to always update their antivirus and malware removal
programs. Even with policies in place that prevent employees from using
their personal devices on the company’s network, it’s possible that a virus
or a piece of malware will get into the system.

Attack Back

This isn’t always the best option (or even an available option for some
low-tech countries or small businesses), but as the saying goes, the best
defense is often a strong offense. Countries that have been attacked via
cyber-espionage may launch their own attacks online.This method may not
necessarily involve hackers or other unsavory individuals.  For example,
when Russia launched a denial of service attack on Estonia in 2007, the
country responded by blocking a number of IP addresses from Russia. This
small response was enough to get the point across without the need of
expert cyber-attackers.

Implement Stronger Online Laws

Some have pushed for stronger laws pertaining to online identity and the
anonymity of the internet.  Without the ability to hide so easily,
proponents say, cyber-criminals would be more reluctant to engage in
cyber-espionage.  These proposals have been met with strong opposition,
with opponents stressing that the internet is designed to be a free space
where a person’s movements are not policed so strictly.  With no one
country or company having any sort of clear control over the internet,
there’s also the fact that such measures may be impossible to actually
implement since it would take a global agreement.

A Continued Threat

While these methods may help reduce the damage of cyber-espionage, the fact
remains that it continues to be a global threat.  However, by limiting the
amount of damage that comes from within while continuing to discuss
cyber-espionage on a local and global level, we can hopefully keep the
number of cyber-attacks to a minimum while working towards a solution.

Do you have any additional tips for neutralizing cyber-espionage?  We’d
love to hear them.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!