By Graham Titterington

In a new study*, Ovum claims that cyber espionage is a major threat to enterprises. But despite this, it has been overlooked by many, leaving them vulnerable.

The threat of cyber espionage must be addressed by enterprises as it is as relevant to them as it is to national security organisations.

Cyber criminals are graduating from stealing credit cards and banking credentials to targeting corporate plans and proprietary information. They want valuable information such as product and technology blueprints, customer lists, or information that can be used to embarrass or disadvantage a victim.

Almost every organisation has sensitive information that would damage it if it were to be leaked out; however, many have overlooked cyber espionage in their preoccupation with preventing the theft of financial data. This needs to change, and enterprises need to wake up to the danger posed or risk losing valuable information and having to deal with the consequences.

Cyber espionage is usually aimed at key individuals within an organisation, who are sent ‘spear phishing’ emails containing malicious links or attachments that infect their machines. The criminals then use malware to identify assets, decrypt login details and steal the target information.

The home computer networks and personal lives of key individuals may be the weakest part in the corporate security defenses. Personal information may reveal passwords and other credentials, and individuals may be susceptible to blackmail.

The report advises enterprises to increase their awareness of cyber espionage, restrict the distribution of sensitive information, vet users who have access to high-value information, protect data held on third third-party sites and conduct a risk analysis, including mobile devices and removable media.

The report also warns enterprises that holding large amounts of data can increase the risk of falling victim to cyber espionage, and they should look to minimise volumes. Every piece of stored data and every copy of this data is a potential leakage incident as it gives spies more potential targets to attack. The increasing volume of data makes it harder to manage the entire data estate.

The growth in data volumes should be examined critically. At minimum, organisations should make more use of shared data infrastructure and services so individual users can be discouraged from creating their own copies.

* Protecting Against Cyber Espionage

About the author and Ovum

Graham Titterington is author of the report and Ovum principal analyst. Ovum provides clients with independent analysis. Its research draws upon over 400,000 interviews a year with business and technology, telecoms and sourcing decision-makers. Ovum is part of the Datamonitor group.