HPE Software is now Micro Focus
HPE Software is now Micro Focus
Protect Your Assets
cancel

Of Security Secrets and Yoga Pants

Of Security Secrets and Yoga Pants

Contributor... RONL_MCRO Contributor...

yoga_sm.jpgYou might be wondering what a pair of yoga pants has to do with this article. I saw a woman wearing them while I was on a business trip, and it occurred to me that this might be a great way to smuggle information overseas in plain sight. And since the source code needed to rip (copy) DVDs onto a PC was distributed using T-shirts and ties, this isn’t that far-fetched. There is also the story of the wheelbarrow thief… but let’s not even go there.

Here we go again:

We’ve seen the same headline over and over. One or more employees are charged with lifting corporate secrets and shipping them somewhere overseas. In this case, four people are accused of downloading data from a US chip manufacturer’s internal engineering database, including more than 16,000 drawings, to deliver them to China. 

Which of course begs the question, “how did these employees gain access to the database and how were they allowed to download over 16,000 files without alarms being sounded somewhere within the company?” 

Not only did they download trade secrets, they physically removed some of the actual technology from their employer’s offices in Santa Clara, California. O-M-G! Like I said, this is not the first time something like this has happened 

Where to Begin?

There are so many failures in this story, that I don’t even know where to begin. But I can tell you that Micro Focus Security solutions could have helped to prevent this theft at every step. 

Let us begin at the beginning:

  • Separation or Segregation of Duties (SoD): Ensure that one person does not have access or cannot perform actions which would allow them to commit fraud. For example, the same person should not be able to enter an invoice, approve it, and pay it. Micro Focus Identity and Access Management solutions might have warned if one or more of the four perpetrators had too much access to this organization’s systems.
  • As for removing technology from the labs? That could be a failure on the part of this organization’s physical security. Or they simply trusted their employees to do the right thing. But Micro Focus Advanced Authentication can give you a single picture of your employees’ activities whether cyber or physical, and can feed your security information and event management (SIEM) with actionable information. Advanced Authentication supports hundreds of different hard and soft tokens, smart cards, and building access cards. Advanced features include time of day, geofencing, and impossible travel, where card access in London in the morning would prevent cyber access from San Francisco before lunch. Note to the security team; if you have advanced technology that you know is being targeted, you may want to search your employees on the way out the door.
  • The four men downloaded some 16,000 files from corporate servers and whisked them away. Micro Focus Privileged Account Manager can prevent the use of shared passwords though check-out / check-in, can record user activities, and by using risk profiles, can prevent commands from being issued or can shut down a user’s session entirely. Additionally, Micro Focus ZENworks® Endpoint Security Management is a location-aware, policy-based solution that protects the data on every PC, and controls how endpoints communicate and access information. Even if the files made it to a company-owned PC, ZENWorks could have prevented them from going any further, like to a CD or USB thumb drive.
  • Were any of the 16,000 stolen data files encrypted? I don’t know. But encrypting your most critical information can help make theft of it worthless since it will be unreadable. Micro Focus Identity-Based Encryption (IBE) dynamically generates private decryption keys that correspond to public identities, facilitating granular control over access to information in real time. Using IBE means that everyone has a different decryption key so that you know exactly who is accessing your critical information. Unlike symmetric keys where everyone uses the same one, IBE means that users cannot claim that someone else decrypted the data.
  • The last part of any good security program is the analytics which can piece together user actions and either flag or prevent something bad from happening. And as you might imagine, Micro Focus plays in the SIEM (Security Information and Event Management) market as well. ArcSight, our flagship product, and Sentinel, its baby brother. Your Micro Focus sales rep can help determine which one is appropriate for your organization. You also can take a peek at IT Central Station’s report

Summary

While we don’t know exactly what policies and procedures broke down, we do know that four employees of a chip manufacturer managed to exfiltrate 16,000 documents and some actual technology in an attempt to deliver them to a Chinese startup. 

The startup may have wanted to create their own chips, or they may have wanted to counterfeit the original chips using the stolen drawings. Counterfeit goods, pirated software, and theft of trade secrets cost the U.S. economy as much as $600 billion a year, according to a 2017 study by the Commission on the Theft of American Intellectual Property. Yeah, this is big money and your company might not want to be contributing to that number. Isn’t it time for you to do a cyber and physical security checkup?

About the Author

RONL_MCRO

Ron LaPedis, a global enablement specialist at Micro Focus, is a prolific author, blogger, and speaker with more than 21 years of information security, business continuity, and emergency response experience. After 25 years with Hewlett Packard in various domestic and overseas positions, he worked for Citrix, NetApp, and most recently Sungard AS before joining us to focus on identity, access, and security. Ron holds several certifications including AFBCI, MBCP, CBCV, CISSP-ISSAP and ISSMP.