Cybercrime – FBI Reports Increase in Complaints & Losses for 2009.
Among the cyber-crime victims coming forward is a law firm that filed suit against the Chinese government (Click here for the full story from Wired’s Threat Level). In fact, the Wired article notes that “If you’re a law firm and you’re doing business in places like China, it’s so probable you’re compromised and it’s very probable there’s not much you can do about it.” The types of threats that such law firms and other companies face are called Advanced Persistent Threats (APT). An APT attack is distinctive in that they are rarely detected by antivirus and intrusion programs. Further, these attacks are espionage focused. In other words, APT hackers attempt to take business intelligence, e.g., files, e-mails, etc., rather than financial or customer data, which serves as a precursor for identity theft. For an in depth, yet very readable discussion about APT attacks, click here (also a Dark Reading post).
Equally dangerous as APT hackers or other cyber-criminals is the current or former rogue employee. For example, a federal grand jury recently indicted a former employee of the Transportation Security Administration (TSA) for trying to corrupt a database of terrorism suspects in an inside job that many within the information security industry say is a stark reminder of how important it is to track insider access to sensitive data stores. (click here for the full story originally posted at Dark Reading. ).
The preceding FBI report and stories illustrate that business organizations should assume that an attempt will be made to compromise their IT infrastructure. I’ve talked with various IT security professionals about what are the appropriate steps to prevent APT or other cyber-attacks. Unfortunately, the general and unsatisfying response has been to the effect of if someone wants in bad enough and has the resources, they will get into your network. The sophistication and resources of some of the high-profile of cyber-victims (Google, Marathon Oil, ExxonMobil, and ConocoPhillips, to name a few), would seem to confirm this conclusion.
And many remedies available to business organizations are only available after the fact (Click here for prior post discussing theft of business assets and Computer Fraud and Abuse Act). But when it comes to discharging employees, low-tech and common sense go a long way in preventing near disasters like that allegedly committed by the former TSA employee: Make sure your termination process first removes all access to sensitive information, databases, e-mail, etc., and then terminate the individual – not the other way around. Such steps are especially important when the employee has administrative rights to the IT infrastructure.