Cyberspace is the most prominent attack vector for various industrial espionage threat actors, from insiders to adversarial nation-states to commercial enterprises operating under state influence to sponsored activities conducted by proxy hacker groups. Hence, cyber-enabled espionage capabilities are among the most pervasive threats to US manufacturing, research, and development sectors. Military and political espionage has long been treated as a threat to national security, but in the past few decades, the theft of commercial trade secrets has also been recognized as a significant national problem.
This article, an extract from the recently published 'Ultimate Guide to Insider Threats', will explore the issue of insider attackers within industrial espionage and what drives people to conduct industrial espionage.
Industrial Espionage - Insider Threats
In addition to outsider attackers, insider attackers are frequently involved in industrial espionage by gaining access to sensitive data while exploiting known and zero-day vulnerabilities. Industrial espionage encompasses illegal intelligence-gathering activities, and the attacks are hostile attempts to steal, compromise, change, or destroy information by gaining unauthorized access to an organization’s computer systems. Although advanced cybersecurity tools create a formidable defense against remote electronic attacks, insiders often steal valuable commercial information. For instance, if an adversary can recruit an employee or trusted partner of the targeted organization, that person can use their access to provide data, documents, critical context, and know-how—while operating under the radar and evading detection.
Trusted insiders can identify and work around network and physical security controls, particularly when their illegitimate intentions can be disguised by their legitimate access to information. The number of revealed industrial espionage cases is the tip of the iceberg. The actual financial cost is often challenging to estimate due to factors including delayed discovery, victims unwilling to report incidents, and avoiding the exposure of their incompetence to prevent the erosion of clients and shareholder confidence. However, the financial cost of industrial espionage could be estimated from various reports. For example, the Centre for Strategic and International Studies (CSIS) reports revealed that industrial espionage could cost the world more than $445 billion annually, with a rapid estimated increase of $100 billion to $545 billion. Indirect damages (e.g., stolen customers and the future of the enterprises) are even more complicated to estimate, making it unrealistic to embark on legal measures to restore losses from industrial espionage.
What Drives Industrial Espionage?
Organizations that understand insider types and why trusted insiders are motivated to steal economic and commercial information can better detect and prevent industrial espionage. Numerous motivations might drive an individual to turn against their employer to steal a company's sensitive data, including sabotage, theft of intellectual property or national defense information, insider fraud, workplace violence, malicious, negligent, and unintentional insider threats, and more. Emotional factors that drive malicious insiders include financial hardships, financial compensation, blackmail, divided loyalties, significant stressful life events, disgruntlement, dissatisfaction at work due to actual or perceived unfair treatment, and an individual’s sense of national pride and politics. Individuals with access to sensitive information are motivated not only by a desire to harm an employer they resent, but they frequently take advantage of their access for personal gain.
Despite the attention given to hacking and cyber-enabled industrial espionage, humans (employees, contractors, and business partners) with direct access to information, facilities, and systems have a significant advantage over external attackers and thus remain at the center of the threat. These humans are not only aware of their organization’s technology, procedures, and policies; they are also familiar with its vulnerabilities, including exploitable network flaws and loosely enforced policies. Thus, protecting networks from external cyber-attacks is insufficient; organizations must better understand the motivations that drive trusted humans with access to valuable information to reveal them to competitors or adversaries.
Intellectual property (IP) theft, through both clandestine and open methods, can provide competitors with valuable proprietary commercial information at a fraction of the actual cost of its research and development (R&D) and in far less time than it would take to develop the information itself from scratch. IP theft eviscerates the value of past investments to create or build a marketable product or technology and undermines prospects for future revenues.
Stolen IP enables competitors to sell nearly identical products with virtually no R&D costs and often undercuts the original developer on price.
The ability to gain extraordinary access to proprietary R&D information at a fraction of the cost of its initial development presents a significant motivator to adversaries willing to take advantage of or recruit individuals with inside knowledge. These adversaries work diligently to identify insiders susceptible to bribery or coercion, who may be careless about or ignorant of security policies, and who can abscond with trade secrets. Hence, access to an insider enables an adversary to circumvent security controls from the inside rather than penetrate them from the outside.
The motivations to uncover a rival’s trade secrets, which are critical to a company’s operations and economic success, continue to persist with technological advances, making protecting IP and sensitive data even more challenging. Losing data to a domestic competitor could also result in significant revenue losses and damage to long-term viability. However, malicious insiders don’t only steal proprietary information to share with companies abroad; they often do so as they prepare to leave their jobs to work for competing companies inside the United States. For example, an engineer in a prominent organization could download thousands of project files before quitting their organization, which is then sold to a top competitor in the market. Corporations could also deliberately hire employees of competing firms to exploit their knowledge of and access to the competitor’s IP. Those former employees use stolen passwords to unlawfully gather business intelligence without authorization.
For more information about the topic, such as how to detect industrial espionage and methods to prevent it, download the recently published 'Ultimate Guide to Insider Threats'.
Share this
Methods to Prevent Industrial Espionage from Insider Threats
Using Counterintelligence To Combat Espionage from Insider Threats
