Cybercrime challenge
May 18, 2011
These are boom times for stolen data. Be it the publication of secret diplomatic cables on Wikileaks, foreign intelligence services mining data from German government computers, or the case of Sony, which had to admit that information on millions of customers had been hacked, the incidence of sensitive data being stolen from protected networks is on the rise.
German business leaders are well aware of this phenomenon, according to consulting firm Ernst & Young, which surveyed 400 executives on the topic of economic espionage and data theft. Almost all the respondents said they were convinced that the problem would become even more serious in the future, especially in countries and regions such as Asia, China, eastern Europe, Russia and the US.
However, Ernst & Young found a remarkable contradiction in its poll. While 94 percent of those leaders surveyed talked about the growing danger of cybercrime, 38 percent said they thought the threat to their own firm was rather small.
Digital denial
One-half of those polled said the danger posed to their companies was only moderate, and only one in ten admitted that their firms had been victims of corporate espionage or data theft in the past three years.
"This is far removed from reality," said Stefan Heissner, a security expert at Ernst & Young. "Our experience tells us that every company faces this risk, not just large corporations."
He added that many executives do not take the risk seriously enough.
"All information today can be accessed in some way and those who don't accept that live with a sense of false security," he said.
In-house problem
Sometimes simple online searches and the collection of data from different sources, available to anyone with an Internet connection, can lead to the assembly of amazingly complete troves of sensitive information.
Getting hold of important information doesn't always involve a talented hacker or direct access to a data-rich computer and a USB stick. Sometimes human vanity is enough, according to Heissner.
"Just think of the amounts of know-how some people reveal in speeches at conferences or trade fairs," he said. "It's sometimes really dramatic."
However, the most dangerous risk for companies is not hackers from another continent - experience bears out – but disgruntled in-house workers. In two-thirds of data theft cases, companies say their own employees were the guilty parties.
In about half of those instances, monetary gain was the motive, although one-third involved taking revenge for some kind of slight, perceived or otherwise.
"A good defense against data theft is satisfied employees," said Heissner.
Antitrust issues
Computers in a company's administration department are most frequently targeted, even more often than those in research and development sections. According to Heissner, that is because a company's administration usually has to have an immense amount of information on its computer drives just to be able market its own products.
That means data theft from these machines often becomes an antitrust issue if the material taken is related to product launches or pricing.
"Some cases where antitrust authorities suspect price collusion among companies are in fact instances of data theft by competitors," Heisser said.
Lax security
Many firms struggle to establish effective countermeasures to prevent data theft. While most companies do have a basic system of firewalls and passwords in place, big holes often remain.
Only one in five companies forbid CD burners or USB ports on its computers, which are often used by data thieves absconding with precious data. Only about 18 percent of companies prohibit employees from accessing the Internet. And just 6 percent have installed so-called intrusion detection systems, which can alert system administrators when outside parties try to breach computer security walls.
In addition, only one in ten firms is certified according to standards set out by the Federal Office of Information Security (BSI), which investigates IT security risks and develops preventive security measures.
Author: Rolf Wenkel (jam)
Editor: Sam Edmonds