Often, we hear about deep and complicated cyberattacks against the financial sector, critical infrastructure, and supply chain companies. These kinds of attacks tend to be eye-catching because the potential outcomes they can cause could not only devastate an organization but also a country when it comes to big companies in the financial sector. This being said, however, we often tend to overlook the simpler, more obvious dangers to the organization.
In the past few months, we witnessed a few cases whereby organizations have come under different types of attacks—each with a different goal. The common denominator between them is the use of the “inside man”—a human—who helps provide accessibility to the organization’s intellectual property and sensitive information.
One very well-known example is the Lapsus$ attacks conducted over the past few months. Looking beyond the dangerous trend of ransomware, we should also make note of the dangers of the inside job. Rather than going through the ordinary kill chain step of reconnaissance to find the network weak spots, and then exploiting them, the Lapsus$ group took a significant shortcut, going directly to the “soft belly”—also known as the employees. Going to the right employee can prove disastrous for an organization due to the intimate information employees have about the security gaps in the company. After obtaining the needed information, the group then had a better idea of the possible attack routes and could even access the network as a legitimate user. From this point, it’s up to them as to how much damage they want to cause.
The other incident we encountered was cyberattacks between competing companies. A company paid a competitor’s developer for a remote work VPN and credentials and was subsequently able to access the developer’s user and work environment. Unfortunately, the competitor had also made another grave mistake—its programmers were given access to a wide range of unnecessary libraries and code. This was unnecessary, as the access permissions granted to the employees were beyond what they were working on. This allowed the attacker to access extensive amounts of data from that one user.
Another form of business espionage is not in the cyber domain but in the physical domain, just as a company named Appian recently experienced. In this case, just as with the previous one, it appears that its competitor sent a programmer to interview and work for Appian with the goal of surreptitiously leaking confidential information such as code and future capabilities from the back end. Meanwhile, company employees with fictional profiles requested demos of the product to gain knowledge on features, UX, and UI. It is unclear how long this employee was leaking information to the outside; however, the risk is very clear. Such an employee could leak information to multiple competitors in the field, causing a company to lose its competitive edge.
Strategies for Preventing Cyber Threats
Following all these attacks, and the rising wave of cyber threats, we encourage companies to strengthen their cyber awareness, resiliency, and preparedness to protect against malicious cyber actors. At the same time, it is very easy to overlook other dangers to the organization, such as business espionage in its different forms. Companies, therefore, need to adopt an executive who will supervise the security of the organization’s intimate data. In these cases, this is where this CISO and the chief of security should meet to create a holistic risk map and to address it accordingly in each respective arena.
To mitigate cyber issues, the CISO has a pivotal role in conducting business intelligence and competition analysis. Companies should institute a regular cyber risk assessment and risk quantification overview, together with a very laid out Cyber Response Plan (CRP) in terms of SOC training and simulation on how to spot irregularities. Minimal workable permissions should also be assigned to each employee as needed according to their respective fields.
On the physical side, background checks should be conducted on all incoming employees along with routine follow-ups while applying compartmentalization perception. That means doing exactly what we did in the cyber arena—defining permissions adequacy to business needs and people’s roles.
Having said all this, and with the understanding that business espionage is a great way to get valuable information in a short timeframe and with low investments, we also need to define key areas where strategic business conversations or plans are often shared. Then, besides setting cyber solutions technologies on-prem (on-site), locations should be compartmentalized and safeguarded by setting physical and technological measures in order to limit control and only permit access to both relevant and authorized personal. Continuously doing TSCM (Technical Surveillance Counter Measures) actions will also reduce risks and a business rival’s opportunity and ability to steal a company’s valuable information.
How CYE Can Help
CYE’s Critical Cyber Operations group is made up of national-level cybersecurity experts and senior intelligence officers. They provide organizations with Cyber Threat Intelligence (CTI) assessments that identify potential attackers and their motivations, possible cyberattack targets within an organization, and the potential exposure that can result from such attacks. This assessment can find current incidents or vulnerabilities of a company and its executives. The group provides crisis management and incident response to assist companies in the aftermath of an attack. It is led by Shmulik Yehezkel, Colonel (IDF Res.), who brings years of experience leading cyber and field operations, information security, and risk management in the Israel Defense Forces, the Ministry of Defense, and the Office of the Prime Minister of Israel.
Want to learn more about CYE’s Critical Cyber Operations Services? Click here for more information.