Theft From Afar: A Story of Data Looting

Whether they be ten feet or ten thousand miles away, criminals now have the ability to rob you of your data. So, where are you most at risk?

As an organization, data is your most valuable resource. It’s also where you are most vulnerable because it is a resource that can be seized by anyone and from anywhere on the planet. Whether from ten feet or ten thousand miles, a cybercriminal can utilize his skills in the aim of stealing your valuable digital assets, including money, intellectual property, as well as personal or sensitive information. In the past, we were more worried about our physical security. Now we have to be concerned with controlling our digital data, and the number of potential threats has increased exponentially. Malicious actors are constantly seeking to steal this data so they can sell it, hold it ransom, or simply destroy it. This all offers a great convenience for cybercriminals because they can pull off breathtaking heists from the comfort of their living rooms.

The US government has lifted cybersecurity to the number one threat that exists to the United States. Why? It’s not just about the protection of our critical infrastructure. It is also because there is an increasing concern about mid-sized companies being attacked and losing data and critical intellectual property thereby disrupting the economy.

Let’s take a look at some of the biggest dangers to your data:

Angry Employees: People steal things, even employees. Especially angry employees. The first thing a disgruntled salesperson will do is steal customer data. In the past, salespeople had a black book, one they could use to take your customers to your competition. Today, a black book is a spreadsheet or a USB drive with this data downloaded on to it.

Personal Device Access: Employees are increasingly using their personal devices to do their jobs. While this may seemingly be an asset because they are more plugged in and accessible, it is also a major security risk. When people use their personal devices to get on the company network, they can download information to their devices and they can introduce viruses to the network. This can often be a wide open door for cybercriminals as well as unhappy team members.


State Sponsored Corporate Espionage: The above map, was obtained by NBC News from an NSA briefing in February of 2014. Each red dot (and there are nearly 700 of them) represents a successful Chinese attempt to steal American corporate and military secrets. These intrusions have netted China anything from the specifications to hybrid cars to formulas for pharmaceutical products.

This year’s Verizon Data Breach Digest included an extremely interesting case study of an organization who was miffed how a direct competitor, on another continent, could release a complex piece of construction equipment that, rather surprisingly, was an exact copy of a model recently developed by this organization. The ensuing forensic examination discovered one of the company’s engineers, a rather enterprising one, was communicating with a “recruiter” who contacted him on LinkedIn because he was actively looking for employment elsewhere. Malicious software was embedded into an employment document attached to an email sent to this engineer. This malware allowed threat actors to steal design blueprints for the large and complex piece of construction equipment. This attack was determined to be courtesy of a Chinese hacking group suspected of being state funded. Let’s stop and consider briefly the amount of work and planning that had to go into such an attack. That, my friends, is far from your basic phishing scheme.

Third Party Data Leaks: One of the most famous and devastating security breaches was the one that struck Target during the 2013 holiday season. The attack netted 40 million credit and debit card numbers and 70 million personal records. The attack began with a phishing attack sent to employees of an HVAC firm that did business with Target. This allowed attackers to steal credentials that led to the breach. Third party vendors and anyone that has access to your data can make you vulnerable. That’s why segmentation is important. Ensure that people only have access to the data they need to do their jobs.

Organized Crime: Earlier this year attackers used a strain of malware to hold hostage the data of a California hospital. The data was only returned after the hospital agreed to pay $17,000 in bitcoin. Turkish hackers claimed credit, but the attack is just one example of a rapidly maturing cyberthreat: ransomware. Organizations of many different sizes and industries, as well as individuals, have fallen victim. Ransomware has gotten very sophisticated and is often perpetrated by organized criminal syndicates.

As an example, this year wives of husbands exposed in the high-profile hack on the online-cheating website Ashley Madison were sent physical blackmail letters, at home no less, telling them that unless they coughed up ransom demands, their spouse’s profile details would be released to family and friends. These are concentrated acts of extortion by criminals preying on vulnerabilities for financial gain.

There are some considerations that you should take into account when thinking about how best to protect your data.

What Data is Most Critical: Certain data is more critical to protect. For instance, simple marketing analytics are likely not as important, at least from a protection standpoint, as any identification information you might have such as social security numbers or personal health information or protected intellectual property that could, if released, decimate your organization’s competitive advantage.

Who is Most Likely to Steal Your Data?:  Is it a disgruntled team member? Is it an employee who might use this data for financial gain? A recent study showed that one out of five people would, for the right price, sell their work passwords. That’s an alarming statistic. Maybe it’s a competitor who might try and recruit one of your staff in order to steal valuable data such as your margins, salary information, bid pricing, etc. Could it be a loyal executive with a visible LinkedIn presence and a careless habit of accidentally clicking on phishing emails? Where are you weakest? Where do you need to control access? These are important questions that you should have answers to.

How Are They Most Likely to Steal It?: If data disappears, how will it go? Will thieves download it from your network on to an external drive or their own device, or maybe just take a screen grab? Will they gain access through vulnerabilities in the network or through a malware attack? When you understand how bad actors are most likely going to try and take you, you are better able to defend yourself.

How Would You Know if it was Stolen?:  If you don’t have the capability to do auditing or forensics on your employees computers, people steal things without you even knowing that it has been taken. Or a hacker might put a back door in your system and then go in and out anytime they would like. How would know that data was stolen or someone has access when they shouldn’t?

Who Owns the Security on Your Team?: Larger organizations likely have an entire security department, but smaller organizations may not have such well defined security roles. Oftentimes the buck may be continually passed with no one willing to fully take the responsibility and burden for cybersecurity, increasing an organization’s vulnerability.

How Much Are You Willing to Invest on Cybersecurity?: No one is 100% secure. That level does not exist. You need to define how close to 100% secure you want to be. The higher level of security, the higher the cost. The less money you invest in cybersecurity, the more risk you take. Obviously those in certain industries have to legally invest more energy in cybersecurity, such as those in the retail, financial, or medical fields. Yet, there are some basic things every organization should be investing in. These include:

Security Audits & Penetration Testing: It is important to invest regularly in external penetration testing and internal network audits. Small to mid-sized companies are easy targets in this regard because they don’t often go through this process. Yet it is one that’s inexpensive and can can help illuminate holes in your cybersecurity apparatus so that you can develop a remediation plan to close these holes and protect your data. These are services that Future Point of View regularly implements within organizations, both large and small, around the country.

Education: As you can see, your team members can be an extreme hazard in cyberspace. This, even if their actions were never meant to do the organization harm. That’s why it’s important to continually be learning about the newest hazards and prevention methods in cybersecurity and training your team members to spot them as well. We offer public and private courses devoted to training organizations in the areas of cybersecurity and data management.

When you begin to think of data as a resource, such as gold or oil, or even something as fundamental as food or water, you begin to see how important it is to protect this resource. This especially when you consider that there are people who are actively working to take this resource from you. You will never be 100% safe. That’s just an impossibility and a hazard of life and commerce. But when you begin to understand where your vulnerabilities lay and ways you can protect yourself from these vulnerabilities, you start down a path towards stronger data protection.

2017-09-14T11:24:51+00:00 June 1st, 2016|Categories: Technology Story|Tags: , , |

About the Author:

Throughout his career, Scott Klososky has stood on the nexus between technology and humanity. He has worked to define and help organizations discover the ideal blend of technology and human effort. He is widely recognized for his ability to forecast how technology will impact organizations, industries, and our world. He is the founder and principal at Future Point of View as well as a renowned consultant, speaker, and author.