Sister CISA CISSP

Nov 13 2008   5:32PM GMT

The Corporate Data “Grab”



Posted by: Arian Eigen Heald
Tags:
Security

A very well written article (rather unusual, in USAToday) on corporate espionage and data theft caught my eye today. I’d highly encourage you to take a look, even though it may make you nervous. It made ME nervous, but then, I’m supposed to be.

The article is on security researchers reporting the cybercrime shift from identity theft (the market has become saturated – enter dryly ironic comment of your choice here) to targeting anything they can get from corporate networks for selling at a later date.

If your company holds copyrighted material, patents, bids for proposals, financial planning for clients, business plans – all of these are targets for break-in artists. One PC can yield a treasure-trove of email corporate addresses so that targeted emails can be sent with specific payloads.

And because most of us have HTML-enabled email, those messages can have code never seen by the reader, which is executed when the email is opened – in the preview window.

(P.S., I know it’s pretty, but PLEASE turn HTML email off).

Consider where all that information is, and who has access to it. How do you know? This is the most common auditing question I ask. These thieves work very hard not to be found.

How could you catch these people?

1. Monitor your outbound firewall traffic – they have to deliver their data somewhere!
2. Block servers that don’t need to go to the Internet
3. utilize proxy servers for Internet access – for EVERYBODY (don’t exclude IT staff)
4. Utilize internal firewalls and secured subnets
5. Designate critical servers for Host-based intrusion detection agents

Make them work for it, or better yet, make it impossible.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Johnfranks999905
    In the realm of risk, unmanaged possibilities become probabilities. Data breaches & thefts are due to a lagging business culture. As CIO, I look for ways to help my business and IT teams. A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices. The author, David Scott, has an interview that is a great exposure: http://businessforum.com/DScott_02.html - The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action. I like to pass along things that work, in hopes that good ideas make their way to me.
    15 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: