Tech firms vulnerable to spying and industrial espionage

Data security experts agree that Irish companies of all sizes, not just multinationals and governments, are at risk of being targeted for data

Eye spy: contractors can be “passed a USB key” and money to supply company data, says Europol Cybercrime Centre adviser Brian Honan. Photograph: Getty Images/iStockphoto

Eye spy: contractors can be “passed a USB key” and money to supply company data, says Europol Cybercrime Centre adviser Brian Honan. Photograph: Getty Images/iStockphoto

Thu, Jun 19, 2014, 01:10

Last month it was reported that British intelligence agency MI5 had, in a series of high-level meetings, painted a worrying picture for leading British corporations in which their IT workers may become targets for foreign powers seeking sensitive data.

The idea of an IT department infiltrated with double agents may sound a little fanciful but the threat of a rival nation trying to influence them is far more realistic than many may think according to Uri Rivner, vice-president for cyber strategy at Israeli security company BioCatch.

“Obviously there are cases like this,” says Rivner, who compares the situation to having “someone on the inside” of a bank before committing a robbery. Of the companies or organisations that will be targeted, he says that “whatever a nation is good at, that’s interesting to other nations”.

In the case of the UK, he says this may be the financial sector, while in Scandinavia two industries in particular, telecommunications and mining, “have been targeted”.

So where does that leave Ireland? “I would guess multinational companies working in Ireland would be a target,” he says.

Rik Ferguson, Trend Micro’s global vice-president for security research, says staff in call centres could be another target to be “turned”. Whether identified by rogue nation states or corporate rivals, “staff with access to data in any location are potential targets for insider attacks or being recruited into any type of cyber- attacks,” he says.

Peter Tran, RSA’s worldwide senior director for advanced cyber defence, says that “defence and aerospace contractors” who have manufacturing and component facilities in Ireland could become targets for such threats as well. Ireland, he adds, is also “a hotbed for intellectual property development, so that’s a target”.

Eamon Noonan, technical director with Dublin-based cyber security company Digicore, is in no doubt that the MI5 warning should ring true for Irish businesses, adding that it’s “a little sad” companies here don’t seem to take such threats seriously.

“It would naive to think it doesn’t happen. It happens quite a lot. The difficulty is that it’s a hard thing to prove,” he says.

“I know of several cases where issues have been raised in relation to this point . . . I’m not saying there’s been cover-ups but they may not make much out of it as it may ruffle certain feathers.”

Noonan added that while Ireland is unlikely to be involved at the higher echelons of corporate or nation-state cyber espionage “we are involved” from the “midstream upwards”.

Throughout the security industry, many think along the same lines as Noonan, believing it’s naive to think employees with access to valuable data have not been targeted by interested parties, though details related to such incidents are often sketchy at best.

USB key and money Brian Honan, a member of the advisory group on internet security at Europol’s Cybercrime Centre says it is logical to imagine a situation where a member of a company’s IT staff or a contractor could be “approached and passed a USB key” as well as some money to supply internal data on a targeted company.

Social media could offer a route for attackers to target potential “allies”, says Ferguson. One tweet by a person working for a particular company on “how their credit card is maxed out” can give malicious actors “an opportunity to approach them more openly and offer financial assistance in return for their material assistance”, says Ferguson.

Sign In

Forgot Password?

Sign Up

The name that will appear beside your comments.

Have an account? Sign In

Forgot Password?

Please enter your email address so we can send you a link to reset your password.

Sign In or Sign Up

Thank you

You should receive instructions for resetting your password. When you have reset your password, you can Sign In.

Hello, .

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

Thank you for registering. Please check your email to verify your account.

We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.
From Monday 20th October 2014 we're changing how readers sign-in to comment, click here for more information.