cyber hacker with concept
Cybercrime continues to increase, plaguing businesses, governments, and citizens, but one form of attack – cyber espionage — threatens intellectual competitiveness and economic and military security while potentially going unnoticed and with few cyber insurance options in the marketplace.
This week, reports indicated that the White House may implement sanctions against China over the stealing of state secrets and private sector business research and development. The move would be the first to formally employ an executive order issued by Pres. Barack Obama last spring, and it follows the massive data breach at the U.S. Office of Personnel Management (OPM) that experts have speculated allowed nation-states to tap into the personally identifiable information of government intelligence agents. The information gathered via cyber espionage may be more dangerous in the hands of outsiders, but frequently isn’t broadcast as having been stolen, unlike the more typical data breaches of payment cards and corporate practices of companies such as Sony or Ashley Madison.
Early in 2015, McAfee Labs cited cyber espionage as a significant threat for the coming year, and indicated an expansion of the tactics beyond nation-states to other hacking organizations.
“We are seeing a general trend of less sophisticated state- and non-state actors increasingly using cyber warfare and cyber espionage tactics traditionally exclusive to sophisticated state actors,” Ryan Sherstobitoff, principal security researcher for Intel’s McAfee Labs told Advisen at the time.
Motivational meaning
The evolution of cyber threats to include what could amount to cyber warfare between countries prompts the question – how does cyber espionage differ from the more prevalent forms of cyber attacks launched against retailers or other consumer businesses? During a recent webinar held by ISight Partners, threat expert Sarah Hawley offered a distinction. Cyber espionage actors more likely seek economic data, valuable research and development information, or military intelligence. While cybercriminals and hacktivists pursue money and/or notoriety, cyber espionage has the collection of secrets as its goal and such threat actors are far less likely to broadcast their successful heists.
Hawley cited the OPM breach and the attack on health insurer Anthem, noting that cyber espionage contains the element of seeking information that can be stolen, interpreted, and leveraged at a later date. A recent whitepaper from Symantec attributed the attack on Anthem to a Russian group known as “Black Vine,” which also targeted organizations in the fields of aerospace, healthcare, gas and electric turbine manufacturers, military and defense, finance, agriculture, and technology, using zero-day attacks to deposit malware on their systems.
According to Hawley, these zero-day exploits are the mark of a sophisticated espionage group.
“It represents a long-term threat,” she said. “They’re much less likely to expose it, since the advantage of the information might be lost if widely exposed.”
For security researchers, the possibility of U.S. sanctions against countries that launch attacks on U.S. businesses represents an opportunity to see if threats coming from China or Russia or other countries change in their tactics. Currently, Hawley said, China is “the most prolific actor” in cyber espionage, but not the most sophisticated. Russia has also been active, and both countries target foreign governments, companies, and academic institutions engaged in research. However, China also takes its aim at dissidents within the country to both gain intel and test out new hacking techniques.
Insurance, Anyone?
In conversations with numerous cyber insurance experts and scanning the available policies in the marketplace, coverage for intellectual property — the type of data that cyber espionage actors want — is rare, if not impossible to find. Most policies evaluated by Advisen contained a specific exclusion for IP theft. The difficulty both in ascertaining the insurable value of corporate secrets has thrown the most significant wrench in the underwriting and pricing process for a still evolving insurance market, according to observers, and the situation is unlikely to change swiftly.
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
