ebook img

Understanding Cyber Risk: Protecting Your Corporate Assets PDF

152 Pages·2018·1.213 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Understanding Cyber Risk: Protecting Your Corporate Assets

Understanding Cyber Risk A myriad of security vulnerabilities in the software and hardware we use today can be exploited by an attacker, any attacker. The knowledge necessary to successfully intercept your data and voice links and bug your computers is widespread and not limited to the intelligence apparatus. Consequently, the knowledge required can – at least in part – also easily be accessed by criminals trying to “transfer your wealth” and competitors looking for your trade secrets. The temptation to use these easily accessible resources to the disadvantage of a rival company grows as global competition gets fiercer. Corporate espionage is nothing new, but since the dawn of the Internet age the rules have changed. It is no longer necessary to be on-site to steal proprietary information. Cyberattacks today are cheap, and attackers run a very low risk of getting caught, as attacks can be executed from anywhere in the world – an ideal breeding ground for criminal activities – and the consequences can be disastrous. In U nderstanding Cyber Risk: Protecting Your Corporate Assets , the author provides a wealth of real-world examples from diverse industries from all over the world on how company assets are attacked via the cyber world. The cases clearly show that any organisation can fall victim to a cyberattack, regardless of size or country of origin. He also offers specific advice on how to protect core assets and company secrets. This book is essential reading for anyone interested in cybersecurity and the use of cyberattacks in corporate espionage. Thomas R. Koehler is a founding director of CE21 Consulting, which pro- vides specialist consultancy support to clients throughout Europe, including major telecommunications providers, medium and large enterprises of various industries, government bodies and international organisations. Before founding CE21 in 2007, he worked as a research assistant at the University of Würz- burg and subsequently launched two successful start-ups in the dawning of the Internet era. He is also on the supervisory board of Baliqa Invest AG, a company focusing on technology investments. Thomas is the author of several books highlighting the risks and opportunities of our connected world for both individuals and businesses. He is a regular media commentator on Internet and society and has appeared on television and radio. Understanding Cyber Risk Protecting Your Corporate Assets Thomas R. Koehler First published 2018 by Routledge 2 Park Square, Milton Park, Abingdon, Oxon OX14 4RN and by Routledge 711 Third Avenue, New York, NY 10017 Routledge is an imprint of the Taylor & Francis Group, an informa business © 2018 Thomas R. Koehler The right of Thomas R. Koehler to be identified as author of this work has been asserted by him in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988. All rights reserved. No part of this book may be reprinted or reproduced or utilised in any form or by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying and recording, or in any information storage or retrieval system, without permission in writing from the publishers. Trademark notice : Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library Library of Congress Cataloging-in-Publication Data Names: Koehler, Thomas R., 1968– author. Title: Understanding cyber risk : protecting your corporate assets / Thomas R. Koehler. Description: Abingdon, Oxon ; New York, NY : Routledge, 2018. | Includes bibliographical references and index. Identifiers: LCCN 2017032211 | ISBN 9781472477798 (hardback) | ISBN 9781315549248 (ebook) Subjects: LCSH: Data protection. | Business intelligence. | Business enterprises—Computer networks—Security measures. | Computer crimes—Prevention. Classification: LCC HF5548.37 .K64 2018 | DDC 658.4/78—dc23 LC record available at https://lccn.loc.gov/2017032211 ISBN: 978-1-4724-7779-8 (hbk) ISBN: 978-1-315-54924-8 (ebk) Typeset in Bembo by Apex CoVantage, LLC Contents Foreword ix 1 Espionage: an underestimated matter 1 Yesterday’s paranoia is tomorrow’s threat 2 Digital transformation and espionage 4 Security risks included 5 Technical progress 7 Loss is everywhere 9 Why we hear so little about industrial espionage 10 2 From competition to economic warfare 12 Business means war 12 The great confusion of terms and definitions 14 OSINT: open source intelligence 16 HUMINT: human intelligence 17 SIGINT: signals intelligence 18 COMINT, ELINT and TECHINT 18 At the limits of law and ethics 19 Competitive intelligence 19 Espionage at the expense of companies 23 Espionage as a business model 23 Anyone can be affected 24 3 From old-school espionage to modern methods of attack 27 The dawn of economic espionage 28 The magic of silk 28 The power of fire 29 The broken mirror 29 vi Contents On the way to paper 30 Russian economic development 30 How porcelain came to Europe 31 The secret of tea 31 The beginning of the English textile industry 32 The end of the rubber monopoly 32 The German steam engine 33 As hard as Krupp steel – thanks to some help from the English 33 Espionage as an international business 35 The dreaded copier 35 Supersonic spies 35 The fight for sovereignty in the air 36 When the secret service lends a hand 37 Hopefully it’s concrete 37 Gone with the wind 37 Sow the wind and reap the whirlwind 38 Bad employees 39 A French economic development programme 39 Betrayal by former employees 40 The Detroit and Wolfsburg Strangler 40 Bugs for everyone 41 Starwood versus Hilton 41 Programme code gone astray 42 Sharp razors 42 Garbage bin archaeology 43 Between garbage bins and false identities 43 Unfair play 44 Secret formula 44 The Tour de France Trojan 44 Long live sport 45 Varied interests 46 Perfectionist product counterfeiters 46 The short route to a new design 46 The senior executive and the baby monitor 47 Unsafe at any speed 47 The notebook in the hotel room 48 A new age of industrial espionage 48 4 Economic and industrial espionage in the digital age 50 Helpless victims 50 The author and the Trojan Horse 50 The price of support 51 Contents vii The trainee with the USB stick 52 The classic hack 53 For whom the sun shines 54 Medium-sized companies in the sights of hackers 55 The hacker and the network 55 Plundered into insolvency 56 Spied on and repelled 57 Designed and collected 57 Operation Aurora 58 New hazard potentials 59 Dangerous places and devices 59 The return of the dreaded copier 60 The curse of the good deed 61 Espionage via the power plug 62 The Internet café risk factor 63 Public Wi-Fi 64 Drones and espionage 64 Mind the camera 66 Smartphones as pocket bugs 67 Google Glass 69 Built-in risks 71 Open back doors 71 The attack of the hand scanner 76 New security hazards 78 Aspects of quality and quantity 78 Social engineering as a risk factor 79 Attacks via Facebook and other social media 80 Economic espionage and sabotage 81 Industrial espionage and cybercrime 82 Your money or your network 85 Protection money 2.0 87 Industry 4.0 as a target for attack 87 Technical vulnerabilities as a target for extortion 88 Cybersecurity, cyberwar, cyberactivism, cyberterrorism 88 5 En route to the “spy-proof” company 90 Recognising risks 90 Recognising enemies 92 The motives of attackers 92 Attackers and forms of attack 93 The role of state attackers 95 Collaborations 104 viii Contents The attributability of attacks 105 How to recognise dangers 106 Employees as a risk factor 107 Internationality as a risk factor 108 The risk of targeted attacks 108 Protecting your know-how 109 Location-based protective measures 111 Organisational protective measures 111 Personal protective measures 112 Technical protective measures 113 Basic IT protection 114 Disconnection from the network as a solution concept 114 Hacking as a defensive measure 115 Cyberinsurance 115 Social media and the like 116 Rebound effects 119 Counterintelligence in practise 120 First aid 122 Pillars of corporate protection 123 6 The future of economic and industrial espionage 125 References 127 Index 135 Foreword Only the paranoid survive. Andy Grove, former head of Intel I remember precisely that it was a Wednesday morning, even if I can no longer remember the precise date. It was the beginning of the 1990s, I was a student and the holidays had just begun. Unlike my fellow students, I was not down at the beach but in a large mechanical engineering company in Southern Ger- many. Six weeks’ work in the factory during the summer break helped me to finance my degree. I was already familiar with the company and the work, but I just couldn’t get used to getting up so early – work always started at 7 a.m. At least this summer I had managed to secure myself one of the sought- after jobs looking after visitors. That meant giving up all kinds of supplemen- tary payments – and ultimately less money – but pleasant working conditions, including extended lunch breaks in a cafeteria known as the Casino which was really reserved for management and their visitors. All that I had to do was to pick up visitors – always in groups of at least two – and to accompany them through various stations consisting of design, produc- tion and logistics according to a predetermined schedule and to bring them to lunch and coffee. Often, I had the opportunity to learn something or other about company processes: at each station in the factory, the responsible per- son would give a short presentation on what was particularly interesting about the process being demonstrated according to a precise plan. Unfortunately, just about all that I can remember is the amusing English used in the style of “we can do everything except speak decent English”. Then, that Wednesday, I had what was to become my own personal defin- ing moment, which caused me to explore in depth the topic of economically motivated espionage – a topic which will accompany me for the rest of my professional life and which has now resulted in this book, a quarter of a century after the event. We arrived in the canteen at lunchtime as always – but one seat at the fes- tively decorated table remained empty. One of the guests was missing, but it was impossible to tell which of the group of Asians in dark suits and white shirts

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.