This morning I read an article on Infoworld: Why you should care about cyber espionage which – to me – is a strange question. First of all, most companies have to protect some sort of intellectual property. It is not new for the Internet, that state-driven espionage not only targets state’s secrets but industrial espionage as well. Therefore Cyber Espionage as it is in no way different than any other espionage. Did you care about losing your intellectual property 20 years ago? Better care about it today as well.
Secondly, if I looked at the targeted attacks companies suffered, they are by no means limited to state-owned infrastructure. It hits private sector companies as well as public sector organizations.
Should you are about protecting your intellectual property? For sure!
Should you defend against targeted attacks? What a question. If you are concerned about this, I recently blogged about a paper we published: Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques.
So, there should be no separation – just protect your infrastructure and make sure you care about classical network hygiene (as described in the paper above). This is the best first step to happiness J
- Why you should care about cyber espionage (pcworld.com)
- Why you should care about cyber espionage (infoworld.com)
- Targeted attack against UAE activist utilizes CVE-2013-0422, drops malware (zdnet.com)
- Massive espionage malware targeting governments undetected for 5 years (arstechnica.com)
- ‘Red October’ is global espionage malware that targeted governments around the world (USA, Iran, Russia, etc.) for 5 years… without being detected (dottech.org)