This article describes threats to end-user application data and the facilities required to manage them.
When you shop the market for, "data encryption", you'll find a number of solutions that encrypt and store content in the cloud. These offerings don't protect the data stored in your computer's filesystem - the documents, data, and email you use every day.
From the book, Secrets Stolen, Fortunes Lost: Preventing Intellectual Property Theft and Economic Espionage in the 21st Century:
The threats of economic espionage and intellectual property (IP) theft are global, stealthy, insidious, and increasingly common. According to the U.S. Commerce Department, IP theft is estimated to top $250 billion annually and also costs the United States approximately 750,000 jobs. The International Chamber of Commerce puts the global fiscal loss at more than $600 billion a year.
Application data theft is carried out by Malicious Insiders, Competitors, Organized Crime Groups, and Nation States.
Advanced Persistent Threats
APTs are usually well-funded attack teams, often financed by nation-states to carry out actions in support of global politics or economics (or both). With respect to application content, attackers aim to breach corporate protections and establish a quiet presence in a corporate network, monitoring activity and over time stealing application data content.
It turns out, these attackers aren't always the most capable in the threat landscape, though in truth they don't always have to be. Their persistence and targeted approach allows them to utilize moderate skills and known issues to breach shortcomings in a company's protective capabilities. With time on their side, any limitation they have in bypassing protective controls can be overcome by exploiting momentary gaps as systems are changed, added, updated or perhaps more importantly, not updated.
Sometimes, of course, attackers are exceptionally capable, which allows them to quickly access most anything they desire.
In both cases, with time, attackers acquire their bounty, offloading documents, email, and application content that can then be used to serve political and economic purposes.
Ransomware monetizes access to corporate resources by accessing host computers and encrypting content necessary for employees to carry out their daily tasks. When decryption keys are held remotely, companies are unable to decrypt content and continue operating with their data.
This provides two choices - pay the attacker's ransom, "purchasing" the decryption key that goes with a utility to decrypt content, or delete the encrypted data and restore data from backups, sharing peers, and other systems that have the necessary content in unencrypted form.
Backup and Restore solutions have improved specifically as a result of Ransomware threats, but still suffer obvious flaws - content is often outdated, and data restoration doesn't always work well. This creates real and costly operating gaps.
Remediation requires more than data recovery, it also requires teams to address protective shortcomings that prohibit attackers from returning. This can be a daunting task for companies without a pre-existing commitment prioritizing deployment of established protective controls.
Doxxing is different from Ransomware in that damage is inflicted by publishing information an attacker steals, often personal data specific to a prominent individual. Sometimes attackers use stolen content as leverage, though of course there is no way to know if the attacker will hold up his part of any resulting agreement that compensates them to remain quiet rather than exposing something potentially damaging about a person or a company.
Doxxing is an especially dangerous threat since it's based on the idea of public harassment and/ or credibility. This can - and has - cost people their lives. Unfortunately, this dynamic will not go away on its own, and from an industry standpoint, we are as a community a long way from managing these risks.
Example of Nation-State Intellectual Property Theft
In 2013/ 2014, a team operating out of China and believed to be funded by the Chinese government breached a US-based company trading on the NYSE with a market cap in excess of $10B. The attackers breached an, "edge" protection device and used that to gain entry to host computers on the internal network. From that position, they were able to copy (offload) copious amounts of application data - documents - and make use of the associated data.
This US-based company was a global leader in their domain, the results of massive R&D spending to create and deliver a unique technology not available from competitors. Details specific to these technologies were scattered throughout stolen documents, and attackers shared this with Chinese companies competing in this space.
The impact was quick: Within months, Chinese competitors were able to use new insight from the stolen content to adjust their competitive stance while reducing cost. After a series of wins in strategic, international accounts, shareholders of the US Company lost confidence and the stock price plummeted. The NYSE was as a result forced to delist the company shortly before it was dissolved.
China, to this day, dominates the global market for related goods and services, almost entirely eliminating any competitive US presence.
Prevalence of Nation-State IP Theft
Companies that suffer a data breach don't always have to publicly disclose details. Regulations are far from consistent and depend on a number of factors, primarily location. In the United States, though there are Federal disclosure requirements, individual states such as California have their own set of requirements that govern companies operating in their domain.
Despite these disparities, these types of breaches aren't well-known. Using our knowledge of related dynamics and publicly available data from 2013, we were able to conclude, using very conservative estimates, that more than two US-based corporations were suffering these very same types of breaches - each week.
Since that time, protection, awareness, and security controls have improved, though attackers have found new ways to monetize their ability to acquire corporate content. As a result, the threat to today's host application data is higher than it was even a couple years ago.
For some recent insight, perform a search for, China 2025 FBI or check out the article, FBI Uncovers 11 Years of Economic Espionage. Our team has been party to many related dynamics that have impacted and/ or simply destroyed entire companies, motivating our efforts to develop the technologies we offer.
Data Breach Impact
Data breach costs are are difficult to quantify, and results vary dramatically when comparing dynamics at two different organizations or even two different industries.
The noted case was of course catastrophic, though others who, "survive" data breach dynamics are affected in different ways. Real costs must account for downtime, Incident Response investigation costs, Recovery delays and gaps in restoring corrupted content. Brand value erosion and consumer/ partner confidence can threaten continued revenue. Impact is the unique combination of these issues, and more.
Effective risk mitigation for end-user document/ data disclosure requires far more than protection, if only because protection will never be perfectly reliable. Proper controls minimize the scope of information readily available to an attacker. This should include integrity protection, access control, and means to ensure continuous availability using up-to-date backups and reliable restoration. Data usage tracking can increase Incident Response and Recovery efficiency, and comprehensive Disaster Recovery controls ensure that massive sabotage efforts don't render a small company unable to continue operations (which can, does, and will continue to happen).
This is the approach we took when designing SSProtect, from day 1, allowing us the freedom to innovate new, unique capabilities designed to build the foundation required for effective control.
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to firstname.lastname@example.org, and our staff will respond to your needs as soon as possible.
This article was updated w/ v10.7.1 of the :Foundation Client