The recent US elections made us all aware of a range of cyber security issues, from the vulnerability of our email systems to hacking as a form of attack by foreign governments. Hacking, the motives behind it, the consequences of it and the prevalence of it could not have been made more clear. But what has not been made so clear is the method of it.
We think of hackers as ingenious people – equipped with both the latest technology and the expertise to use it – who infiltrate and controvert the cutting-edge security systems of government agencies and multinational corporations alike. We portray them on TV as shadowy geniuses who write clever programs that enable them to crawl through the back doors of the internet into our homes and businesses. Then by MacGyver-ing together uber-fast processors that somehow attack millions of IP addresses and run trillions of permutations of usernames and passwords, they randomly hit pay dirt – our credit card numbers and our trade secrets – to vanish behind a trail of IP addresses borrowed from coffee houses and public libraries, maybe in Siberia or Bora Bora.
In fact, hacking as a process is more like con-artistry than panning for gold. Most hacking is targeted and purposeful. Hackers depend more upon human relationships than upon back doors and gadgets to invade our systems. 63% of all corporate data breaches don’t come from external, sinister forces, but from internal agents – people who have access. For most companies, proprietary information is hacked by employees who simply befriend coworkers, learn their way around their companies’ systems and exploit the information they gather.
A 2014 PWC Survey concludes that ultimately, cybercrime is not a technology problem, but a strategy problem. It is a human and process problem.
The most common hacks into private, corporate and government systems are socially engineered hacks that rely upon the hacker knowing his subject, the landscape of his company, the places where security codes might be kept or cultivating congenial enough relationships with coworkers to wheedle their passwords out of them or to just observe when, how frequently and how long people leave their unlocked computer stations unattended. Simply by knowing how one’s own username is structured by an employer, one can easily guess the user names of coworkers. Then as they get to know coworkers, the probability of learning their passwords increases by the day as personal communications increase and physical proximity becomes less of an issue. 85% of all trade secret theft is committed by persons internal to an organization, often as they anticipate leaving the organization.
Security filters and virus scanners will not stop the internal agent with a malicious agenda who has permission to be in the system. The only way to combat insider hacking is to develop, implement and enforce corporate-wide security practices. This aspect of training, absent from many workplaces, pays employers dividends not just in increased security, but in increased power to retrieve exfiltrated information when security procedures fail.
Through departed employee investigations, corporations have a great deal of power to counter the theft of trade secrets
Several procedures that can become part of a comprehensive security policy will do more to protect your trade secrets that installing the latest malware scanner will:
- Have every employee sign nondisclosure and confidentiality agreements
- Teach employees to create and maintain secure passwords
- Require employees to put their computers to sleep when they leave their stations even for brief periods
- Require employees to immediately delete IMs or emails from unknown senders that contain attachments or links
- Encourage employees to review their program and update logs regularly and report the appearance of unfamiliar programs
- Have employees log off of their systems nightly
And beyond enforcing security procedures workforce-wide, employers should routinely examine the computers and mobile devices of employees who depart the company. When breaches are discovered, companies must be aggressive in retrieving the data that has been stolen from them.
Trade secrets are valuable currency for employees who want to “trade up” in making a career move, but employers can stop them. It is very difficult for an employee to move information without leaving electronic footprints on his way out the door. An employee who is leaving to join a competitor, for instance, may download client records from a database, then copy them to a USB drive, email them to his personal account, send them to a printer or upload them to a dropbox. He may rename files, cut information from documents or spreadsheets, or convert files to disguise the nature of the data that he transfers. All of his electronic activity, when analyzed alongside dates, times, email activity, and other context, can reveal a pattern of malicious behavior that is evidence of sabotage or theft, and employers are increasingly using this evidence to stop the theft of their trade secrets.
- Staff Recognized for Departing Employee Investigations - The first issue of Corporate Counsel Business Journal, CCBJ, includes an interview with our Director of Digital Forensics, Yaniv Schiff, and Solutions Architect, Curtis Collette, on the evolution of departing employee investigations. Departing Employee: When Do Investigations Become Necessary? appeared in the print publication, online edition, and on CCBJ’s In-House Tech website. For Increasing Numbers of Employers, Departing Employee Investigations[...Read More]
- Chicago Office Food Drive – The Results Are In - QDiscovery’s Chicago Office collected nearly 1,000 containers of food for the local food bank this Holiday Season! Our office competed with sister offices in Indiana and Connecticut. Alas, we came in third. Our sister offices each collected nearly 2,000 containers for their local food banks. Relatively new to the company-wide food drive, the Forensics Division[...Read More]
- QDiscovery QMobile App Wins Innovation Award - QDiscovery’s QMobile is winner of a 2017 Relativity Innovation Award. Presented at Relativity Fest, the Innovation Award celebrates organizations that create apps or integrations that extend the functionality of Relativity’s eDiscovery software. Our development team created an application that makes the analysis of mobile collections much more manageable. Relativity users can now produce and review mobile[...Read More]
- Moving and Changing - Acquired by Connecticut-based QDiscovery in 2016, Forensicon’s capabilities multiplied overnight, both in forensics brain power and eDiscovery expertise. As part of a leading provider of end to end litigation support, moving to larger offices that are more central to the Chicago legal community was inevitable.
- QDiscovery Named One of the Top 20 Providers of Legal Services! - Leading industry publication, CIO Magazine, has named Forensicon’s parent company, QDiscovery, to it’s Top 20 Providers of Legal Services. The annual listing includes 20 companies that are at the forefront of providing legal solutions and impacting the marketplace. Read the whole article here. Featured in the publication alongside QDiscovery President, Dave Barrett, is Director of Digital Forensics, Yaniv[...Read More]