Big Brother is Watching. Here’s How to Stop Them.

Written by: Francesco Trama | Published on: March 9th, 2016

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Francesco is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

Keeping your network safe from the typical cyber attacker is difficult enough, but what happens when the entity who wants to infiltrate your network is more than the average cybercrime? What happens when your organization becomes the target of an entire government? It sounds crazy, but state-sponsored espionage is a very real threat, which can lead to some very real security risks.

Intellectual Property and the Chinese Government

The biggest culprit in state-sponsored espionage is China. Many businesses have valuable intellectual property, and the Chinese government has been known to break into networks and steal it, both from U.S. companies and from companies abroad. How do they do it? Here’s a true example:

A U.S.-based steel company invited some representatives from a steel manufacturer from China to tour their premises as part of a goodwill trip. During this tour, one of the representatives gave the CEO of the U.S.-based company a gift: a USB stick. As it turned out, the stick contained a virus. Once it was plugged in on one of the company computers, an execution code opened up a door to the Chinese manufacturer.china.jpg

This allowed them to move throughout the U.S. company’s entire network, siphoning all kinds of data. They were able to access all of the company’s intellectual property and use it for their own purposes. This went on for quite a while, and in the end, the FBI had to get involved.

Protecting Yourself Against State-Sponsored Espionage

Incidents like this are far more common than you realize. What makes them so difficult to guard against is that they begin from a place of trust. When an attacker takes the time to build up your trust, you’re much more likely to accept whatever they give you. This is someone you’ve been communicating with for months. You’ve developed a working relationship. You have no reason not to trust them, nor any warning signs to let you know in advance that there’s something suspicious going on.

This is why an Advanced-location filter is so important. It can detect the shady happenings behind the innocuous gift, or randomly shared link, and block them before they have a chance to do any damage. If there’s a sudden, unexpected spike of traffic going to a particular country, it can block it based on the IP, preventing {{cta(‘a9ecac34-12f8-4d04-8742-1db89ec9917c’,’justifyright’)}}Big Brother from getting in.

But what if, in the process, you end up blocking legitimate traffic, and shutting out potential customers from a country? Most companies generally have a pretty good idea of what countries they do business with, and how much business they do there.

If you see a sudden deluge of traffic leaving your network, going to a country you don’t do business with—or at least that you don’t do that much business with—it’s a pretty good tip-off that it’s a cyber attacker trying to access your network. You can then add that country’s IPs to your Advanced-location filter’s blacklist and filter them out. If there is some legitimate business that you do with that country, you can add those specific IPs to the filter’s whitelist and let them through, while still blocking the cyberattack attempts.

An Advanced-location filter is the only way to protect yourself reliably against state-sponsored espionage. There’s not much you can do against an entire government that’s trying to steal your intellectual property. If you can identify threats faster – even before the they can gain a foothold within in your network, you can keep your network safe and secure, no matter how they try to get in. {{cta(‘0b717fe4-e950-496a-9ce1-04c0026764d3′,’justifyright’)}}