Wednesday, November 25, 2015

Economic Espionage: The Global Workforce and the Insider Threat

Once again Economic Espionage is a multi Billion Dollar industry, Instead of monitoring the copier in the office for Employees stealing data like client lists and critical supply chain data, it is off loaded from your office computers to cloud accounts or very large flash drives that are actually physically very small. As employees get ready to leave for all sorts of reasons, most consider it a right to take as much data with them as they can. It is getting easier instead of harder. Once Case CTI worked on involved an American firm that had pretty good controls on their in house system, but their Canadian software developer was wide open. New critical software that supported the process for the firm, was contracted out, and a simple cash transaction was all it took for one employee of the American firm to decide to jump ship and take the still being developed software with him. By the way when you audit your security on new product development, remember security controls are normally the last things added to the software prior to release. If you want to muddy the waters on an espionage grab of software getting it before it is completely developed allows for small changes to be made to the software that can help the bad guy look like it was developed in their shop. Being able to setup a simple but comprehensive audit plan is key for any company large or small. You do not have to be able to write code, or even analyze it, you can bring in that expertise when and if needed, you just need to understand the process to develop security plans for it.
from CTI Consulting

No comments:

Post a Comment