Enterprises are not taking the threat of cyber espionage seriously enough, and many have not taken adequate steps to prevent an attack, according to Ovum. In a new study*, the independent technology analyst claims that cyber espionage is a major threat to enterprises. But despite this, it has been overlooked, leaving many vulnerable.
Graham Titterington, author of the report and Ovum principal analyst, said: "The threat of cyber espionage must be addressed by enterprises as it is as relevant to them as it is to national security organisations. "Cyber criminals are graduating from stealing credit cards and banking credentials to targeting corporate plans and proprietary information. They want valuable information such as product and technology blueprints, customer lists, or information that can be used to embarrass or disadvantage a victim.
"Almost every organisation has sensitive information that would damage it if it were to be leaked out; however, many have overlooked cyber espionage in their preoccupation with preventing the theft of financial data. This needs to changed, and enterprises need to wake up to the danger posed or risk losing valuable information and having to deal with the consequences."
Cyber espionage is usually aimed at key individuals within an organisation, who are sent 'spear phishing' emails containing malicious links or attachments that infect their machines. The criminals then use malware to identify assets, decrypt login details and steal the target information. Titterington commented: "The home computer networks and personal lives of key individuals may be the weakest part in the corporate security defenses. Personal information may reveal passwords and other credentials, and individuals may be susceptible to blackmail."
The report advises enterprises to increase their awareness of cyber espionage, restrict the distribution of sensitive information, vet users who have access to high-value information, protect data held on third-party sites and conduct a risk analysis, including mobile devices and removable media.
The report also warns enterprises that holding large amounts of data can increase the risk of falling victim to cyber espionage, and they should look to minimise volumes. Titterington added: "Every piece of stored data and every copy of this data is a potential leakage incident as it gives spies more potential targets to attack. The increasing volume of data makes it harder to manage the entire data estate.
"The growth in data volumes should be examined critically. At minimum, organisations should make more use of shared data infrastructure and services so individual users can be discouraged from creating their own copies."
