• Home
• /
• Business

Re-strategising IT security

Malware is introduced into databases, applications and systems. Transmitted data is spied on and read at network connections.

Digital industrial espionage is becoming a greater threat for companies in all industries. An additional danger is presented by numerous secret services, with an aim of spying on businesses and organisations. What should companies, the potential victims, do? They must work harder than ever to protect themselves and their data from increasingly complex attacks in order to avoid the kind of corporate disadvantage, which might even threaten their very existence.
There are various forms of attack which have the declared aim of spying on business secrets. Malware is introduced into databases, applications and systems. Transmitted data is spied on and read at network connections. Trojans can make their way into companies with completely innocent software purchases. Software updates can also be used as a transmission vehicle for spying programs. If there are no proper defence mechanisms available, attackers can spy on business secrets as long as they like without the company noticing.
In reality
The attackers can usually leave the network in the same way as they got in - unnoticed by the victims. Annual losses to corporate espionage are estimated to be billions.
The EU published a report on industrial espionage as early as 2001. The list includes two suspected cases against France. These were in relation to the delivery of high-speed trains to South Korea. The French manufacturer Alstom (TGV) was said to have gained a competitive advantage over the competitor Siemens (ICE) by means of industrial espionage.
In 2013, France came under suspicion again. The New York Times reported on the country's alleged industrial espionage programme, which had the aim of obtaining technical secrets from the USA.
In 2015, the newspaper Libération reported that approximately one hundred French companies, including all companies listed in the French stock market index CAC 40, had been spied on. The report was based on information provided in US documents supplied by Wikileaks. The German Federal Intelligence Service (BND) was also in the headlines for several weeks. It has been accused of having helped the US secret service NSA to spy on European institutions and companies.
Although defence mechanisms such as signature-based anti-virus software, firewall and network monitoring software are still required, they are no longer sufficient.
Only a comprehensive shield can help in the face of the intensified threat. It must cover the entire company, include all the necessary IT security services, maintain an overview of all security incidents, be adaptable to new threat scenarios and detect unknown forms of attack.
Though today several IT experts and managers have the expertise and skills to manage cyber risk/ attacks; you need an intelligence-based approach - one that uses knowledge combined with tools - 24x7 to identify threats and protect your assets. In view of this and the high human resources and financial costs; companies have to consider whether they can operate on their own or they should use specialist expertise and tools.
To manage IT security more effectively and efficiently; it's time for organisations to refocus and re-strategize their overall IT security shield - to reduce time until risk is detected and therewith reduce potential damage of attacks.
Companies should consider outsourcing their IT security monitoring needs to highly specialised experts and therewith ensure their infrastructure is monitored every hour - seven days a week ensuring a more proactive approach in protecting their company assets. At the same time this should offer significant cash savings for a company in the long run such as a reduction of costs for purchasing and managing a vast number of complex stand-alone IT security solutions.
The writer is the general manager of RadarServices Middle East. Views expressed by him are his own and do not reflect the newspaper's policy.

• UAE