What can you do to stop the cyber espionage?
There's probably no way you can completely protect your organization against the increasingly sophisticated attacks by foreign and domestic spies. That's especially true if the attacks are coming from foreign governments, because nations have resources that most companies do not possess.
But there are steps you can take to at least reduce the chances of an attack being successful or doing significant damage.
One strategy many experts agree on is to practice "defense in depth." By having multiple layers of defense, the failure of one layer does not have to result in a compromise. This strategy includes not only deploying some of the latest technology but also educating employees about the risk and showing them how they can help prevent spying incidents.
If resources allow, consider hiring people who specialize in uncovering and defending against the methods electronic spies use to get into networks.
Gartner's MacDonald recommends that companies get the basics right. For example, sharpen patch management discipline in both breadth and depth, establish and track configuration management standards, and train users about the threats from social engineering attacks.
Because most attacks come via email and the Web, it's a good idea to beef up your email and Web security gateway capabilities to next-generation protection platforms that provide multiple styles of protection, including URL and Web reputation services.
Also, move from antivirus and antispyware to endpoint protection platforms that provide multiple styles of protection (such as antivirus, antispam, firewalls, and host-based intrusion prevention systems) in an integrated framework and management console.
"Assume you will be compromised," MacDonald says. "Beef up your detection capabilities by performing detailed monitoring of system, network, application, and data transactions looking for behavior that falls outside normal parameters." Most security event and information management (SEIM) products are adding these types of capabilities.
Cryptography Research's Kocher says the most reliable defense is to run small, physically isolated networks. As networks grow, the likelihood of a malicious attack increases. "In my company, we manage a completely offline network with separate PCs, network cabling, and printers," he says. Employees have laptops for email and Web browsing, but these don't carry highly sensitive data. The systems with critical data have no Internet access whatsoever.
While it's expensive and cumbersome to duplicate hardware and eliminate connectivity with the outside, it's the only way the company can be confident that its data stays where it should, Kocher notes.
New and more powerful security tools, such as network forensic products, are emerging to help defend against electronic spying threats. For example, NetWitness Investigator is an interactive threat analysis application that can perform free-form contextual analysis of raw network data.