Data theft: industrial espionage in the home office

How well is the German economy protected against espionage and data theft? This is a question that the Corona pandemic raises in a new way. Companies have become more vulnerable.

Internet access, Wi-Fi, many connected devices - standard in most private households. In the Corona pandemic, however, smartphones, computers and TV sets are used to access more than just movies, music or cooking recipes. While parents are connected to businesses via their laptops, children are being taught digitally. Data flows in parallel via a shared home network.

This poses considerable risks, warns Roland Feil, managing director of Munich-based security company Dallmeier Systems. "You might have two or three kids on the Internet with their devices, and each device provides a gateway." A gateway all the way into a company's core systems. At the beginning of the pandemic, many companies still completely underestimated this, he said. "People simply accepted it in order to be able to continue working," says Feil. "But we still see the situation critically in many cases even now."

Data leakage alarms

Accessing sensitive data from the home office offers corporate spies new opportunities to obtain trade secrets. However, the old familiar ways, i.e. on-site access, still play a major role. More and more information is being stored digitally. Securing the relevant systems must therefore be a top priority, says Volker Wagner, who is responsible for corporate security at chemical giant BASF and heads the Alliance for Security in Business association.

For example, via tools that automatically detect data leaks. "Figuratively speaking, there are intelligent alarm systems to detect anomalies in data traffic." The security kicks in when very large amounts of data are loaded or when research databases are accessed too often and at unusual times.

100 billion euros in damage per year

For Wagner, the spies focus on three areas: Research and development, as it is complex and expensive and it is worthwhile for thieves to find a "shortcut" for their own product development. Also in demand are product compositions and recipes that only a few companies have. "I'll just cite the current Corona vaccines as an example." German companies' skills in manufacturing and production are also of interest to spies.

According to figures from the digital association Bitkom, espionage, data theft and sabotage cause more than 100 billion euros in damage to the German economy every year. While large corporations are generally well secured, medium-sized businesses and startups are particularly lacking. "The weaker a company is economically, the smaller the scope for technical defense and the greater the probability that it will be successfully attacked," notes Michael Kilchling of the Freiburg-based Max Planck Institute for the Study of Crime, Security and Law.

The intern can be a spy

According to Kilchling, industrial espionage has many actors: they are sent from competing companies, are employees who are being blackmailed or former employees who want revenge. They are interns in research, alleged journalists and visitors at trade fairs.

Increasingly, foreign intelligence services are behind the spies. "But it's by no means just the usual suspects, i.e. China, Russia and North Korea," Kichling qualifies. "You have to broaden your view. U.S. Customs also checks laptops on entry, and I always look with fascination to France, which maintains an École de guerre économique, or school for economic warfare, where government officials are trained accordingly."

Cold technology war

According to Thomas Haldenwang, president of the Federal Office for the Protection of the Constitution, industrial espionage is becoming an ever greater challenge for the German economy. "We know that numerous states are using their intelligence services to actively achieve growth targets in selected industries." He said this is less about infiltrating agents and more about recruiting employees in Germany for their own purposes.

More than ever, he said, cutting-edge technology and economic performance are keys to economic strength, sovereignty and dominance of states. "The picture of a cold technology war is emerging, with fault lines running along technological spheres of influence," Haldenwang said. The discussion about the expansion of the 5G network and the role of the Chinese Huawei Group is only a small part of the picture, he said.

Currently, the Office for the Protection of the Constitution has its eyes particularly on companies, research institutions and authorities involved in the fight against the COVID 19 pandemic. They are a sought-after target, as the cyberattack on the systems of the European Medicines Agency (EMA) in December, which Russian hackers are said to have been behind, showed.

Few file charges

The state protectors describe it as their "core competence" to prevent industrial espionage in advance by raising awareness and providing advice. But they are also on standby when a company is attacked. However, the majority of victims are hesitant and prefer to keep attacks to themselves, says Michael Kilchling, a researcher in criminalistics. Often for fear of reputational damage.

"What is at stake here is the image of a company that has not been able to ensure its security and could therefore lose reputation among customers," analyzes Kilchling. But many companies are also afraid that operations could be disrupted by the investigation, he adds. "Who would like to have the state security in the company, where it is assumed that the best thing they can do is still pack up all the computers."

Comments

Post a Comment

Popular posts from this blog

Chrome targeted by criminals: Why users need to update quickly now

A security vulnerability in Google Chrome is currently being exploited by cyber criminals. Malware could land on your PC through it. Read here how you can protect yourself. The Google Chrome browser is currently struggling with some security vulnerabilities. In a blog post , Google warns about a total of seven vulnerabilities, with the majority of these gaps being classified as a "high" threat to users. The vulnerabilities have been fixed in the latest version of Chrome for Windows, Linux and macOS. If you have Chrome version 90.0.4430.85 installed, it can no longer be exploited. If you have an older version of the browser installed, you should update urgently. You can find the download of the new version below these lines. Smartphone users do not have to be afraid of the security vulnerability. Google has not had to take any security measures here for the time being. The security vulnerability probably remained undiscovered by cyber criminals for the time being. So far, noth...
Read more

Face and voice recognition: Why TikTok wants to be allowed to collect biometric data in the USA

TikTok's privacy policy for the US now mentions the collection of biometric data from faces and voices. The background is likely to be a legal dispute that cost the company $92 million. Neue Datenschutzbestimmungen sind oft eher etwas für Juristen, doch die jüngste Aktualisierung von TikTok sollte alle Nutzerinnen und Nutzer in den USA aufhorchen lassen. Denn in den am 2. Juni aktualisierten Datenschutzbestimmungen für die USA ist ein Abschnitt enthalten, den es zuvor nicht gab. Er lautet übersetzt: »Wir sammeln möglicherweise biometrische Identifikationsmerkmale und biometrische Informationen, wie sie im US-Recht definiert sind, wie etwa von deinem Gesicht und deiner Stimme, aus deinen Inhalten.« Im englischsprachigen Original ist von »faceprint« und »voiceprint« die Rede. »Bevor wir damit anfangen«, frage man jedoch nach dem Einverständnis, wenn dies gesetzlich nötig sei, fügte noch TikTok hinzu. In response to an initial inquiry from "TechCrunch" about the ba...
Read more

Microsoft Teams, Zoom, WebEx: Berlin authority warns against popular video systems

After an initial data protection audit, some video service providers have made improvements to their offerings. But the Berlin data protection commissioner still sees serious shortcomings. The State Commissioner for Data Protection in Berlin (Germany), Maja Smoltczyk, advises against using leading video conferencing systems such as Microsoft Teams, Skype, Zoom, Google Meet, GoToMeeting, Teamviewer and Cisco WebEx. The reason is a retest of various offerings. After a number of services had already failed a test of data protection requirements last year, a new test of the major providers did not reveal any substantial improvement. Smoltczyk said that she was pleased "that our comments had persuaded so many providers to improve their offerings, in some cases very significantly, in terms of data protection". There are now enough legally compliant services for a wide range of purposes that there is no reason to break data protection law for video conferencing. However, if a provid...
Read more