A very well written article (rather unusual, in USAToday) on corporate espionage and data theft caught my eye today. I’d highly encourage you to take a look, even though it may make you nervous. It made ME nervous, but then, I’m supposed to be.
The article is on security researchers reporting the cybercrime shift from identity theft (the market has become saturated – enter dryly ironic comment of your choice here) to targeting anything they can get from corporate networks for selling at a later date.
If your company holds copyrighted material, patents, bids for proposals, financial planning for clients, business plans – all of these are targets for break-in artists. One PC can yield a treasure-trove of email corporate addresses so that targeted emails can be sent with specific payloads.
And because most of us have HTML-enabled email, those messages can have code never seen by the reader, which is executed when the email is opened – in the preview window.
(P.S., I know it’s pretty, but PLEASE turn HTML email off).
Consider where all that information is, and who has access to it. How do you know? This is the most common auditing question I ask. These thieves work very hard not to be found.
How could you catch these people?
1. Monitor your outbound firewall traffic – they have to deliver their data somewhere!
2. Block servers that don’t need to go to the Internet
3. utilize proxy servers for Internet access – for EVERYBODY (don’t exclude IT staff)
4. Utilize internal firewalls and secured subnets
5. Designate critical servers for Host-based intrusion detection agents
Make them work for it, or better yet, make it impossible.