What to do in case of conflict with Windows Defender →
English ENG

Contact us:

+16504570739 sales@kickidler.com
Free trial Demo

Client Case. The Tale of Corporate Espionage in IT Sector

The Tale of Corporate Espionage in IT Sector

A common misconception about corporate espionage is that people view it as a concern only for the businesses that deal with sensitive, government intelligence-related data. In reality, though, this could not be further from the truth.

Both large corporations and small businesses alike can fall victim to the malicious data access. Good news is, while the damage from data loss can be colossal, it’s also quite easily preventable.

The theft of critical information tends to happen due to minor data security oversights coupled with a general lack of acknowledgement. We already have a whole article dedicated to an in-depth look at what is DLP.

Today, we’ve decided to take it a step further and publish an actual example of a client of ours (with names and details obviously changed for privacy purposes) to shed some light on the issue of corporate espionage and the growing concern for data protection.

Quite recently, we had a client of ours – a U.S. tech company – share a story of two their employees being guilty of stealing trade secrets and other sensitive corporate data (this, of course, occurred prior to the company implementing Kickidler DLP). The attackers spent a few years planning how they’ll obtain the data needed to start their own company in China to compete in the multimillion semiconductor market.

Our client is an innovator of high-performance analog semiconductors and has spent over $50 million on R&D in the last 25 years, investing in a dozen of different technology solutions.

The insiders chose a low and slow method of data exfiltration, where they slowly extracted sensitive corporate data over the course of several years. This approach, quite frequent for corporate espionage cases, relies on bypassing the data security measures using methodical and planned actions, with the attackers often testing control points for alerts before actual data exfiltration attempts. This makes identifying malicious activity rather difficult, since it’s spread out over the course of years of normal behavior. It also makes finding evidence and indicators of suspicious user behavior in activity logs similar to finding a needle in a haystack.

Company Security Measures

First, let’s assess the maturity of the company insider threat protocols based on what they had implemented for data protection.

Security controls in place included the following:

  • NDA’s;
  • physical restrictions (badges, keycards);
  • employee training in confidentiality;
  • security cameras;
  • username and password requirements;
  • restricted VPN access;
  • exit interviews.

Let’s start with the good. Standard deterrent procedures such as login banners and NDA signings had been implemented so as to warn users from considering a malicious act and to gain a legal standing. Physical security controls seemed adequate and proportionate to the size of the organization. Finally, annual education and awareness employee training had been in place.

At the same time, a blatant lack of data protection tools at the time of the attack is evident. Best DLP software is a foundational mechanism for insider threat detection and prevention. Had it been implemented and configured correctly, it could have potentially helped with identifying hostile or malicious email communication with external entities.

What’s more, there had been no centralized means for data analysis, with each control point being monitored on its own instead of comprehensive data analytics.

Attack Profile

The exfiltration method used was email correspondence – simple emails with confidential attachments were frequently sent to external parties.

The email content wasn’t encrypted or even disguised, with the only exception being that corporate emails were avoided as they could be tracked and some messages were written in Chinese, which made identification of their contents a bit more difficult.

Attachments ranged from design diagrams and spreadsheets to text documents and databases.

The attackers even displayed boldness in their actions by attempting to patent parts of the stolen data in both the United States and China under a name of the company they created in the Cayman Islands.

Data theft caused significantly harm to the organization, resulting in the brief loss of competitive advantage and a number of legal repercussions.

Stolen trade secrets included the following:

  • product designs;
  • equipment specifications;
  • project plans;
  • testing reports;
  • performance data;
  • databases;
  • sensitive corporate data (usernames, passwords).

Behavior Analytics

The data insiders stole included a range of types, from pricing and designs to vendor and client databases, not all of which would be typical for their job roles to be accessing (engineers).

Timely UBA software implementation could have determined that the patterns exhibited by the engineers were abnormal from files and folders that peers had accessed.

Moreover, UBA features of our software could’ve helped with identification of data movement (including its volumes, frequency, and patterns of intended recipients) as well as with detection of any deviations from the attackers’ normal behavior (such as sending large volumes of sensitive company data externally).

Overall, this case is a very typical example of an insider threat that wasn’t met with the maturity needed to collaborate various tools into a centralized resource. When data loss prevention, user behavior analytics, and employee monitoring features operate in sync, it becomes significantly easier to detect malicious insider activity.

Preventive Measures

Organizations simply must implement robust preventive cybersecurity measures to safeguard their business.

Here are a few strategies you can adopt to minimize data security risks:

  • Tracking user activity using employee monitoring software to detect unusual behavior or unauthorized access attempts in real time;
  • Restricting access to sensitive information based on employee roles to ensure that only authorized personnel can view confidential data;
  • Implementing two-factor authentication and encouraging the use of complex passwords to add another layer to data protection;
  • Conducting regular security audits to evaluate security protocols and identify any potential vulnerabilities;
  • Establishing a culture of security awareness to help you deter potential corporate espionage attempts through company workshops and seminars;
  • Developing clear policies on data handling to foster an environment where every employee feels responsible for safeguarding sensitive company data;
  • Providing ongoing employee training on cybersecurity to educate employees about common data security threats and social engineering tactics.

As you can see from our client’s example, corporate espionage is an incredibly real aspect of any business. Since companies try their best to downplay instances of it to avoid reputational damage, the issue doesn’t receive the attention it deserves.

But not to worry! Our experts here at Kickidler have a wealth of knowledge regarding various incidents and utilize this knowledge to help you secure your company information against exploiters with malicious intent. Obtain a tailored solution specific to your industry needs, which will help you uncovers hidden weaknesses you may not recognize internally and strengthen your data security.

Secure your business and protect your sensitive data with the help of Kickidler!

Author photo.
Alicia Rubens

As a tech enthusiast and senior writer at Kickidler, I specialize in creating insightful content that helps businesses optimize their workforce management.

Kickidler Employee Monitoring Software

More Features of Kickidler

Here are some other interesting articles: