Subscribe to FDD

Foiling Cyber-Spies on Business Trips

Samantha F. Ravich
13th November 2017 - Quoted by Julie Weed - The New York Times

The admonitions to business travelers headed to other countries should be familiar by now: Keep your laptop with you at all times. Stay off public Wi-Fi networks. Don’t send unencrypted files over the internet.

But not all travelers are heeding them, and many are unaware of the foreign hackers and state-sponsored spies who are taking advantage of their lax security practices.

“There’s a difficult intersection between convenience and security,” said Samantha Ravich, who studies cyber-enabled economic warfare at the Foundation for Defense of Democracies, a policy institute focusing on national security. It takes more time to work abroad in the most secure way, and she said she would “often see executives hanging their head somewhat sheepishly when I ask who in the room follows all the security protocols.”

...

“There’s a difficult intersection between convenience and security,” said Samantha Ravich, who studies cyber-enabled economic warfare at the Foundation for Defense of Democracies, a policy institute focusing on national security. It takes more time to work abroad in the most secure way, and she said she would “often see executives hanging their head somewhat sheepishly when I ask who in the room follows all the security protocols.”

The theft of technical product specifications, investment plans, research on mergers and acquisitions, marketing plans and other information can have consequences beyond loss of revenue and market position, Ms. Ravich told the Senate Foreign Relations Committee this year. She described potential large-scale effects of state-sponsored economic warfare, which, she said, could disrupt the delivery of items crucial for manufacturing, malware incidents that could disrupt travel and cyberattacks that could force companies to shut down their websites.

The problem of intellectual property theft is not new, but it is now much more widespread. “Placing listening devices in conference rooms, hotels and restaurants is traditional Espionage 101,” Ms. Ravich said. But with tools like tiny inexpensive cameras and microphones or compromised Wi-Fi networks, corporate or state-sponsored industrial espionage “can be done cheaply and at scale,” she said.

Multiple microphones in a conference center, for instance, can be recording constantly, and those recordings can be fed into natural language processing software trained to flag certain words and report those conversations. “It’s not just a guy with headphones listening in the next room anymore,” Ms. Ravich said.

...

Ms. Ravich agreed. “There is a glaring disconnect between how critical this is, and how seriously people take it,” she said. One reason is that the theft of information, data or plans may go unnoticed, unlike the theft of a physical laptop. It is also hard to connect a cyberattack on a company to a specific trip taken by a specific employee.

Companies need to place better controls on the hardware they issue, like laptops and cellphones, Ms. Ravich said, so the devices automatically send only encrypted data, require strong passwords and use cellular connections rather than the local Wi-Fi. To really improve or “harden” cybersecurity for business travelers, she said, companies need to take human behavior out of the equation.

...

Read more here.

 

Tags

ceew, cyber-warfare