Tuesday, March 24, 2009

Keep Computer Spies at Bay

Not so long ago, I saw only one or two computer espionage cases a year. The pace picked up about three or four years ago, when malware began turning professional. Today, computer espionage and malware go hand in hand, so it's not only surprising but amazing to me how many companies fail to grasp the seriousness of today's Trojans and worms. For far too many firms, this realization hits home in the form of serious monetary damages.
News accounts are full of cases where cybercriminals were paid by companies to burrow into a competitor's databases to extract crucial information. Do an Internet search on "corporate espionage," and most of the articles you will find talk about external attackers gaining access to internal information. Almost as many talk about trusted insiders sending private information to the competitor just before taking a new job there.
I've been involved in five spy cases recently, all very different. The first one was the simplest -- a classic social engineering attempt. The senior vice president of a large hotel company was caught asking IT for a complete download of the company's customer and lead database. He intended to give this information to his new company, where he was being appointed CEO. Of course, the fact that he was leaving for the top job with a competitor was unknown until he got caught.

No comments: