Companies turn blind eye to cyber espionage threat

Ovum report urges firms to shore up defences as criminals target key personnel

Too many companies have overlooked the cyber espionage threat in their preoccupation with preventing the theft of financial data, according to a new report from analyst firm Ovum.

And this is despite the fact that almost every organisation has sensitive information that would damage it if it were to be leaked out.

These companies need to "wake up" to the danger or risk losing valuable information, said Ovum principal analyst Graham Titterington, who wrote the report.

Titterington added: "Cyber criminals are graduating from stealing credit cards and banking credentials to targeting corporate plans and proprietary information. They want valuable information such as product and technology blueprints, customer lists, or information that can be used to embarrass or disadvantage a victim."

Cyber espionage is usually aimed at key individuals in the form of "spear phishing" emails containing malicious links or attachments that infect their machines. The criminals then use malware to identify assets, decrypt login details and steal the target information.

Titterington explained: "The home computer networks and personal lives of individuals may be the weakest part in the corporate security defences. Personal information may reveal passwords and other credentials, and some individuals may even be susceptible to blackmail."

The report advises enterprises to increase their awareness of cyber espionage, restrict distribution of sensitive information, vet users with access to high value information, protect data held on third-party sites and conduct a risk analysis, including mobile devices and removable media.