Cyber espionage is a tangible and growing global threat for business today, and fighting it is still a work in progress.
So says Riaan Badenhorst, MD of Kaspersky Lab Africa, who explains cyber espionage is the act of spying and illicitly accessing information via IT systems and/or the Internet. Badenhorst says the reality is that sophisticated malware and other techniques are being copied by cyber criminals and used to launch attacks against businesses or governments.
"When cyber criminals launch an attack against another organisation, almost any business can become a target, or be damaged in the crossfire. The results of cyber espionage can be devastating for both business and governments.
"Cyber criminals understand the value of corporate information and create opportunities to 'gain' from extortion and ransom campaign, as well as selling stolen data on the black market. Businesses or the government can lose intellectual property and confidential information through cyber espionage," he reveals.
Keitumetsi Tsotetsi, consultant at IT youth hub Geekulcha, says cyber espionage or cyber exploitation is gaining unauthorised access to information for commercial or political gain.
Cyber criminals use the information to gain competitive edge, launch products at the same time or before their competitors or victims do and to reverse-engineer processes to copy them, adds Tsotetsi.
"This crime can have a varying impact, from the individual, to organisational to a nationwide scale. It is often very difficult to detect cyber espionage and very difficult to identify the responsible parties. Insider threats continue to be the biggest threat, and cross-border organisations continue to experience the biggest risks," she explains.
Discussing the impact on the economy of a country, Tsotetsi warns that in the event that a country is more susceptible to being attacked, fewer investors rely on that country as an investment platform.
"Cyber warfare as a result of cyber espionage could result in sanctions. Reputational damage due to the company being hacked can result in lost revenue; increased operating, capital or regulatory costs and even destruction of shareholder value.
"The financial cost is relative, but the social cost continues to have a high impact. Other intellectual property losses could take place such as methodologies, suppliers, processes and procedures," she elaborates.
A business could lose its competitive edge if its trade secrets are stolen by competitors, she adds.
According to a cyber espionage report by McAfee, the cost of cyber crime and cyber espionage to the global economy is probably measured in the hundreds of billions of dollars. The report says cyber espionage could cost a country around 0.5%-1% of their national GDP.
In combating the scourge, Tsotetsi advises private and public sectors to collaborate for the agreement of cyber offences. Government must also facilitate the ability to prosecute for cyber crimes.
"Enhancement of cyber security and cyber resilience is important; cyber security is a preventative measure that tries to prevent attacks from occurring while cyber resilience is the ability to continue to provide services and keep systems running even in the event of a cyber attack," she asserts.
Badenhorst says organisations should evaluate the risk and establish a security policy as many businesses fall into the trap of basing their security strategy on an out-of-date perception of the risks that existed 10 years ago.
"Make sure your policy is relevant to today's threats and that it builds on a sound understanding of the current threat landscape. Your policy should define day-to-day security procedures and should establish an 'attack response' plan and a mechanism for updating procedures - to keep up with the evolving nature of the threats," advises Badenhorst.
Share