Cyber-Espionage: If you were a victim, how would you know?

January 21, 2020

Cyber-espionage in the U.S. has escalated to unprecedented levels. According to Verizon Data Breach Investigation Report 2015, the most affected industries are Manufacturing, Public Sector and Professional Services. Others that came on the radar included Information Technology, Utilities, Transportation, Educational Institutions, Real Estate, Financial Services, Healthcare, Pharmaceuticals, and Automotive industry. The motivation is clear – steal intellectual property and trade secrets. This kind of information is worth lot more than personally identifiable information (PII) and even patient health information (PHI). Intellectual property and trade secrets are worth hundreds of million of dollars in the hands of cyber criminals. For Nation States it’s an opportunity to leapfrog years of R&D. For the victim company, this often means slow death through loss of competitive edge, market share, and lost revenues. In a statement to Congress, the former commander of the U.S. Cyber Command General Keith Alexander approximated the economic loss to the U.S at around $300 billion per year.

Email is clearly the number one attack vector for cyber-espionage. Malware delivered by email attachment or email web-links through phishing or spear phishing attacks made 75% or more of the cybe-espionage incidents. Web drive-by was responsible for about 17% of the other incidents. To appreciate the serious impact of email vector, consider the Radicati Group Email Statistics Report 2013-2017; “email remains the go-to-form of communication in the Business world. In 2013, Business email accounts total 929 million boxes. This figure is expected to grow at an average annual growth rate of about 5% over the next four years, and reach over 1.1 billion by the end of 2017”.

So, how would you know if you were a victim? Get deep visibility into the email communications of your organization, of course without compromising the privacy and confidentiality of the email content and your employees. At a meta-level know what domains, countries and personal email services your organization is communicating with. Apply threat intelligence and data analytics to identify suspicious activities in-bound and out-bound. Collect email transaction logs to be able to track email attachments and links in emails. Invest in solutions that give you real-time and on-demand visibility into your email channel. Deterring a persistent adversary is difficult, they will get in if they try long enough but with proper tools in place you will be able to discover the compromise much sooner and limit your companies exposure.