Are Your Secrets Still Secret?
“Hackers target startups that secure early-stage funding. Some startups are detecting heightened cyberattacks just after they raise Series A funding.” According to recent reports from the Wall Street Journal.
Business leaders tend to disregard this kind of news because their IT people are telling them, “We’ve got it covered.” This afternoon I will be speaking to a group of CIOs in Irvine California, hosted by Accuvant and sponsored by McAfee. This is a message every business leader needs to hear – before it’s too late.
The criminals aren’t sitting around worrying about new technologies that thwart their mischievous deeds. They’re researching, testing, and collaborating. The amount of money that goes into R&D on the enemy’s side hasn’t been published like it often is with security technology companies. For instance, Cisco is proud of the fact that they spend around 300 million on security R&D annually (last I heard). But innovation is happening on both sides, and the attacker is usually ahead (if not always ahead.) There is no telling how much effort goes into their side, but based on the attacks we’ve seen, it’s significant, and should be scary.
A New Target: Start Up companies
“In March 2012, when cybersecurity startup Skyhigh Networks received $6.5 million in funding, the company noticed a marked increase in outsiders looking for vulnerabilities in its network.” Nation State sponsored attacks, as well as competition, may be the instigators here. Recent Patent Law changes encourage the theft of intellectual property when it deals with innovation. The person who files first has an advantage over the patent rights…that means that as your clients are inventing, others are watching online to see when a development is ready, but not yet filed in the patent office. This would be a good time to strike. Notice that the security risks are suddenly higher at this point. The measurement of impact goes up, but so does the likelihood of attack (an important model covered in my book, The House & the Cloud). Understanding this is key to building a solid security architecture – it is also critical for the security provider if you want to better understand the sales cycle and how to justify a change in security spending.
Chinese Government – Are They Really Hacking?
There have been numerous hacker reports about Chinese Government over the past year. Are they really hacking into US companies? I have not personally experienced this – however the news is certainly saying, “Yes”.
“The disclosure early this year of a secretive Chinese military unit believed to be behind a series of hacking attacks has failed to halt the cyber intrusions,” according to Reuters’s Deborah Charles and Paul Eckert report. Wall Street published this earlier in November, pointing to the People’s Liberation Army’s Shanghai-based Unit 61398 – the primary suspect. This sounds pretty specific. What are they after?
According to the above mentioned article, this effort involves “cyber espionage to steal proprietary economic and trade information,” from the US. In other words, they are after US innovation – taking what has taken years to develop, with a plan to develop the same innovations without the cost of R&D. Expect these new products to come on the market for much less, competing with the inventor on price. This is called a copycat product, and often puts the inventor out of business.
If your clients are still thinking they are safe, have avoided attacks, and have it covered when it comes to keeping their innovation secrets under cover, they’re likely out of touch with the real world. IT has often said, “We have it covered,” only to later find out that hackers have been inside for years. The FBI says it takes 14 months, on average, to realize you’re under attack, but many companies will never figure it out – soon it will be too late.
© 2013, David Stelzl
One thought on “Warning: Your Secrets May Not Be Secrets Much Longer”
Nice article. Usually I don’t follow cybercrime news on WordPress, as that’s more for my job, but I thought I’d check it out and yours was the first I came across I liked.
I just wanted to say that if you have any other thoughts like this, we have an open community at HackSurfer.com (I’m the editor over there) where people can contribute, post their thoughts, get some free press, etc. We get a good amount of views and engagement. We even have a contest going right now looking for bloggers on the subject: http://www.hacksurfer.com/articles/first-ever-holiday-cybersecurity-blogging-contest
Just thought I’d drop a line as most articles along these lines are quite boring to read for the average person, but I liked yours!