Spying, hacking and industrial espionage seem to be on the rise as companies and governments try to get a competitive edge in business and world affairs. This past week the US government indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American organizations. The companies affected are Westinghouse, SolarWorld, U.S. Steel, Allegheny Technologies, Alcoa and the USW, a union of manufacturing workers.
The indictment alleges that the defendants hacked into American companies and stole intellectual property (IP) and other trade secrets that would be useful to their competitors in China. Some of the information was sensitive, internal communications that would provide a competitor, or an adversary in litigation, with insight into the strategy and vulnerabilities of the American business. The defendants were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA). This group has been implicated in other hacking attempts in recent years.
Espionage accusations between the US and Chinese governments has escalated in recent years with the US trying to have a serious dialog about stopping these cybercrimes. The Chinese government has always denied these allegations, even in the face of proof that members of the PLA have committed these acts. High-level meetings between the presidents of the US and China agreed to regularly discuss cybersecurity issues to curb this type of behavior.
Just after these agreements the story on the NSA and Edward Snowden broke. The Chinese immediately accused the US of doing the same thing they were asking other governments and private organizations to stop. The US has tried to distinguish between spying for national security and stealing from private companies for economic gain. The former is acceptable, according to the governments, while the latter is not.
It seems that stealing IP, trade secrets and other sensitive corporate information will only increase as more competitive pressures mount for businesses to produce economic gains. In many cases it’s easier and cheaper to steal someone else’s IP rather than spend the time and money to create a new product or service. The faster you can get to market with something new, the quicker you will profit from it.
The best way to safeguard and protect your IP is by being proactive. People want to steal your information, so you need to protect it at the moment it’s created. By encrypting files with sensitive information and applying a security policy to them, you control who can access the files and what they can do with them. If an unauthorized person gets the file, that person won’t be able to read the content inside. The security policy maintains control of the file no matter its location.
Use a data-centric approach to protect your critical business information rather than one focused on your network or systems. Obviously the hackers can get past all the network and system security as these news stories show. Protect the data itself so that you are always in control. If you suspect a data breach, you can kill access to all files with a mouse click. In this new hostile reality, you need to assume the bad guys are inside. Stop them in their tracks before you go out of business.
Photo credit Jeremy Keith