The theft of tea leaves and the evolution of cyber espionage prevention

More than 200 years ago, a British botanist smuggled a cache of tea plants and seeds out of China and into British-controlled India. Within a couple of years, that theft enabled India to usurp China as the world’s leading tea grower.

India is still one of the biggest producers of tea as a result of one of the greatest acts of corporate espionage in history.

Today, stealing trade secrets doesn’t require anyone to cross borders, break into file cabinets or even open iron-clad safes. Thieves, posing as employees online, can easily smuggle large amounts of data with a few keystrokes. Industrial espionage has become highly sophisticated and more daunting than ever to combat. Any company that sees R&D as a means to gaining competitive advantage should be concerned.

Modern-age industrial espionage can come in multiple forms and have serious financial consequences for those impacted. A man casually walked into the Houston offices of a Fortune 500 energy company in the early morning and strolled around for two hours unchallenged before leaving with a stolen backpack and shoulder bag. He wasn’t an employee or contractor, but rather a criminal who pilfered corporate secrets that could be in the hands of a competitor or foreign government. In 1981, Hitachi snagged design documents for IBM’s Adirondack Workbooks, even though the technical materials were marked “FOR INTERNAL IBM USE ONLY.”

A gold mine for industrial espionage

The common thread across these scenarios is that the final product is less critical than the underlying intellectual property (IP). Whether the IP exists in the form of software code or cancer cures, the digitization of IP – coupled with the adoption of technologies such as cloud and mobile — results in an ever-expanding attack surface that is a gold mine for those attempting industrial espionage.

In this context, what is clear is that traditional cybersecurity methods are no longer the answer. Try as hard as they might, security teams cannot shore up defenses to protect perimeters that don’t exist. With personal and corporate data intermingling on mobile devices and in cloud services, data usage and behavior patterns have changed so much that the perimeter is now the people.  And that perimeter constantly shifts as people move around in the digital world.

The irony is that we are relying on the same old technology to catch IP thieves who now know how to avoid getting caught. Instead, our businesses and government agencies need to shift their thinking to analyze and predict human behaviors as warning signs of espionage. A human-centric approach to security could sound the alarm based on human cyber behavior and enable security teams to mitigate or prevent critical data loss regardless of whether the network was breached.

The stakes are incredibly high as we face new and exotic threats of large-scale data theft and business disruption. Organizations are challenged to protect digital “crown jewels,” whether that means proprietary algorithms that run high-speed trading operations, sensitive customer data most vulnerable to breaches, IP and valuable R&D that companies have invested millions for product roadmaps.

Think about it this way: if a spy steals a blueprint to the cockpit of a stealth aircraft, he might as well have walked into the cockpit on the manufacturing floor — only in the case of the blueprints, he will have much more information to act upon.

Rather than focus on building bigger walls, the industry needs better visibility into human behavior to understand how, when and why people interact with critical data, no matter where it is located. With anonymity, people behave differently in the cyber realm than they do in the physical world. Companies need to understand who is touching critical content and why.

This new approach doesn’t require a new government policy or more regulation. But it is a paradigm shift that calls for companies to take a realistic look at current security norms and implement technology that is already available to help detect cyber thieves. Stopping corporate theft requires understanding the behavior of legitimate users with access to important systems and data.

Shifting security industry’s focus

Typical security teams receive dozens or hundreds of alerts in a given day. Advances in behavior and risk analytics can help spot anomalies and provide needed context to parse normal from malicious or compromised activity. Automatic enforcement policies could then curtail or prevent access to sensitive IP depending on the observed level of risk. Security teams would understand, predict and act on potential threat events as they unfold, not weeks, months or years after the fact.

By shifting the security industry’s focus from protecting infrastructure to understanding human behavior, we can also enlist our employees to help secure our corporate assets. We end up with not only greater security efficacy, but we also engage with our people and continually include them in the security equation. In a chaotic world of hackers and industrial thieves, we all have to work together to keep ourselves and our data secure.

All companies, big and small, are trying to figure out how to secure important data — the trade secrets. Lucky for us, it might come down to something as simple as being human.

This article originally appeared on CSO Online