NOWELL

SECURITY ENFORCEMENT http://www.nowellgroup.com

Preventing Industrial Espionage

Industrial espionage is no new economic threat. Today it is estimated that 70 percent of an average enterprises value is held inside its information systems (source: Trends in Proprietary Information Loss, American Society for Industrial Security and PricewaterhouseCoopers, 1999). Enterprise leaders must continue to decisively address the threat posed by corporate espionage and other methods of information security breaches. According to the FBI, industrial espionage costs U.S. companies anywhere from $24 billion to $100 billion annually [1]. In another survey by the American Society for Industrial security, the potential monetary losses as a result of security lapses costs American industries as much as $63 billion [2]. Last, in an anonymous survey by the Computer Security Institute (CSI) and the FBI, over 50 percent of information security professionals cited corporate competitors as likely sources of cyber attack [3]. Corporate Espionage is a reality in this age of the Internet and the global economy. Economic and industrial espionage occurs around the world and U.S. Companies are prime targets, not to mention, easy ones [2]. For example, in some foreign countries the philosophy says, why spend 10 years and $1 billion on research and development when you can simply bribe a competitors engineer for under a million and get the same results? [2]. Furthermore, some foreign governments have asked their officials to close the technology gap by making better use of industrial intelligence in doing so according to Senate select committee on Intelligence Chairman Sen. Arlen Specter, who earlier spoke at a hearing on this issue [2]. It is evident that the threat of corporate espionage is very real and occurs frequently, here on U.S soil, in our offices and sadly, sometimes by our own employees. However, the greatest problem is that of ignorance and negligence by some information managers. Most information managers and company owners simply dont believe that their organizations could be targets of Industrial Espionage [1]. If a company is not in the defense industry or if the organization is very small, often the thinking goes that no one will ever come after us. This all-too-common attitude is a crooks best weapon because he will strike hardest when you least expect it [1]. In fact, any company that is publicly traded, involved in an on going litigation, related to government strategy, possessing intellectual property, or holding customer profile information (such as brokerage firms, banks, insurance firms, etc) face the risk of becoming victims of corporate espionage.

How Corporate Spies Carry Out Espionage Activity Internal Espionage

According to industry surveys like the 2000 Computer Crime Report by the FBI and the Computer Security Institute, insiders are considered to be the biggest threat to computer security. Seventy-one percent of the companies surveyed have experienced unauthorized access by insiders [2]. This implies that corporations, government agencies and research institutions are increasingly vulnerable to insider espionage [2]. A seemingly trustworthy, law-abiding company insider fits the perfect profile of a corporate spy and could be your worst enemy. A fraudulent person could be anybody in a corporation, spanning anyone in the ranks from

senior management executives, to office workers, down to janitorial staff. The common methods that facilitate corporate espionage among insiders include [2]: Bribery of employees by outside corporate intelligence agents. Manipulation or social engineering of IT personnel to divulge information such as logon or other authentication information, which can be used to obtain access to sensitive information. Sometimes criminals pose as authentic users, and by simple phone calls, they request a password change with little or no verification by the administrator on the other end. Disguise of voice or facial attributes in order to look or sound like someone else. Group collusion and password sharing; where several employees come together to illicitly share their privileges to gain access to sensitive information.

External Espionage
External methods are also common and are usually safeguarded by traditional firewalls. However, firewalls and secure login procedures do not solve basic security holes such as password theft, or deliberate policy violation. Computer attackers acquire passwords by a variety of means such as through password cracking programs, backdoors and Trojan horses, packet spoofing, sniffing, keystroke loggers, etc, and sometimes by mere manipulation and deceit of IT personnel via the phone or through falsified emails.

Protecting Yourself
How can we protect our financial data, intellectual property information, and trade secrets from getting into the wrong hands? The threat of espionage is clearly evident, so the real question is-how do we stop it? Well first, can a company truly protect itself from security threats inside the firewall? The answer is yes- through an inner shield of insider security agents. What most security sensitive organizations need is an Inner Security Shield; a system of insider agents that lie in-between corporate users and computer systems. At Nowell, we have developed this insider system that addresses both external intruders and internal spies. Shalom CounterEspionage Software preemptively and proactively defeats internal security threats.

How Does Shalom Detect Fraudulent Activity?

Let's assume, John, a company employee has access to his companies customer financial records database. If an attacker is able to steal access to Johns computer account, it is likely that the attacker will exhibit behavior that is very much unlike John. Shalom was designed to detect such abnormalities in real-time and confront users behaving suspiciously. Shalom is an espionage-fighting security system that is dynamic, and secures multiple users at the same time independent of what operating system they are using.

Defeating Espionage Using Shalom Security

Some companies have been hit very hard by electronic espionage incidents, and statistics show that the numbers are steadily climbing [1]. In 1999, Fortune 1000 companies reported a total of $45 billion in losses due to corporate espionage (Trends in Proprietary Information Loss, American Society for Industrial Security and PricewaterhouseCoopers, 1999). It is important that we curb this problem by providing insider security agents that identifies corporate spies and stops them while in the act of carrying espionage activity. Our system not only identifies crooks, but also expunges intruders before administrators start investigating.

How Shalom Identifies Espionage-Like Activity And Stops It. Shalom starts off by first learning how users behave (applications used, time of use, accessed networks, physical location, etc) on their computers. For each user, Shalom masters their behavioral patterns and has the ability to detect deviations, or user anomalies that intruders and bad insiders always exhibit. Shalom also learns multiple specifics by interviewing each user using artificial intelligence. Here, Shalom talks with each user in natural language. Users tell Shalom whatever they wish in an encrypted private session shared with no one. This information is later used to interrogate suspects who exhibit suspicious activity.

Reports Suspicious Insider Activity

When Shalom sees a user behaving way out of the norm, Shalom questions the suspect using information obtained earlier from the real, authentic user. If the suspect is able to verify their identity by passing the interrogative investigation, Shalom releases the user, but still reports. Administrators can later review these reports to check for possible unauthorized insider activity.

Ejects Corporate Spies And Keeps Them Locked Out

On the other hand, if the suspect fails, or runs away, Shalom immediately ejects the intruder and informs other Shalom agents to keep the compromised account locked out. Shalom also reports the incident giving full details for further investigation. Shalom employs proven mathematical models to distinguish between normal and suspicious user activity. This inspection process is dynamic and held concurrently for all users at the same time everywhere on the network. In conclusion, deploying Shalom agents provide you with an inner shield of insider security agents to protect your company information from corporate spies and intruders. To say the least, a company using Shalom will be better secured from threats within the firewall and the risks associated with corporate espionage are greatly reduced.

More Information?
For more information on Shalom, insider threats, and corporate espionage visit our Internet site at www.nowellgroup.com

References
1. Ira Winkler, Corporate Espionage: What It Is, Why Its Happening in Your Company, What You Must Do About It, Prima Publishing, Rocklin California, Jun 1997. Ben N. Venzke, Economic Industrial Espionage", http://www.computerconsultants.com/news1.htm, July 14th 2002. Richard Power, Richard Power On Corporate Espionage, http://www.techtv.com/cybercrime/print/0,23102,12005,00.html, September 15th 2000.

2. 3.