Corporate Espionage: Are You Prepared for the Threat from Within?
When you hear the word “espionage,” which spy movie comes to mind?
007? Jason Bourne? Mission Impossible? Unfortunately, corporate espionage isn’t just in the movies—it’s a real threat that has become an ever-evolving challenge to companies large and small. No matter the industry, if your company develops any form of new technology or intellectual property of interest to your competitors, you could be at risk.
In a perfect world, every company would have a Zero Trust security environment, granting access only to certain individuals within the company. While it may seem daunting, it is possible to keep your company’s virtual and physical world secure from internal breaches.
Let’s examine some of the most infamous cyber-heists in history and how, by using the latest applications in identity access management, you can best protect your company.
Trading Tech Secrets
This tech giant has seen multiple attacks of internal espionage, including two very high-profile cases recently. These cases involved engineers working on Apple’s autonomous vehicle program, where the employees allegedly stole trade secrets with the intent of handing over the data to their next employers. If not for another employee who spotted one of the engineers taking pictures in a restricted area, they might have gotten away with millions of dollars’ worth of proprietary data.
This is a good example of how Physical Identity Access Management (PIAM) can help to prevent these types of situations from occurring. PIAM assures that employees have access to only the necessary areas of the organization for their work. Access can be for designated days, times and durations by utilizing a number of tools, such as ID cards, badges, biometrics, etc.
The Color of Espionage
In 2015, a former chemist for Valspar was convicted of stealing trade secrets. He admitted to stealing numerous formulas and other proprietary information valued up to $20 Million—just as he prepared to go to work for an overseas competitor. He also used his access to Valspar’s internal computer network to enter databases containing trade secrets and downloaded proprietary formulas for paints and coatings.
This case represents the need for policy-based tiered access and multi-factor authentication (MFA), which is a more secure approach to protecting data. The use of MFA adds an extra layer of security assurance by requiring users to verify their identity with a combination of irrefutable authentication steps.
For example, if an employee were to obtain your password without your consent, MFA would require them to also utilize a second or third form of authentication to access.
A Self-Driving Hit and Run
In 2018, Tesla filed a lawsuit against an employee who had stolen confidential photos and videos of Tesla's manufacturing systems. For several weeks, the employee spied on his employer and collected data before sharing it on social media. Tesla investigated and found the employee to be responsible for leaking the data to Business Insider in an apparent smear campaign.
Implementing internal security measures can aid in deterring employees from similar situations. In addition, by utilizing the data analytics capabilities of a PIAM solution, employers can identify deviations from normal behavior and processes. For instance, does an employee’s behavior change over a period of time, like accessing areas that are not part of their work profile or spending time during off-hours when not typically authorized?
The Spies Among Us
What these high-profile cases teach us are the elaborate lengths people will go to in order to obtain trade secrets. In addition to protecting your company from outside attacks, such as cyber hacking or spreading viruses or malware, the growing threat is now more likely to come from within your own organization.
Is your organization prepared? Consider creating a security checklist like this one to mitigate internal threats.
Print this checklist to ensure your company is taking the right steps to prevent internal threats.
Start with a Risk Assessment
- What is your most valuable corporate data?
- What systems are in place to protect them?
- What trade secrets or other valuable data does your company possess?
Manage Threats from Within
- What’s your internal security policy?
- Is there badge access to your building, elevators, and sensitive floors?
- Are your security access cards unique to the user?
- Have you completed background checks on new employees?
Thwart a Cyber Attack
- Do you have a multi-factor authentication system in place?
- Is your malware protection and network security up-to-date?
- Have you considered one-time password tokens (OTP)?
Monitor Employee Online Activity
- Do you have company protocols for removable media storage?
- Have you considered securing sensitive printed material?
- Do you monitor employee’s data usage while traveling?
Educate Your Employees
- Do you keep your employees up to date on the latest security procedures?
- Are new employees taught security protocols standard to your company?
To learn how to protect your company against these threats, take a look at HID Global's suite of identity and access management solutions for today’s Zero Trust environment.
Get the latest blogs on identity and access management delivered straight to your inbox.
Jeff Carpenter is Director of Cloud Authentication at HID Global. In his 15+ years in cybersecurity, Jeff has held positions with several top tier cybersecurity and technology companies including Crossmatch and RSA, a Dell Technologies company. He holds both Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) designations.