Tackling corporate espionage with digital forensics

Businesses today derive massive value from intangible assets be it customer data, proprietary software or groundbreaking technology in development. Best regarded as trade secrets, these assets are protected through patents and sometimes secrecy.

Threats to trade secrets, ranging from cyberattacks to corporate espionage, are growing in complexity as more organisations are conducting businesses remotely. Trade secret theft, resulting in monumental financial implications, are fast becoming a concern for C-level leaders. In fact, 77% of C-suite leaders say the threat to trade secrets is a massive concern.

Businesses have long deployed internal measures to counteract the theft of trade secrets — 68% have employees sign confidentiality agreements and 55% include non-compete clauses in employee contracts. And yet, the threat persists, especially in the life sciences, manufacturing, technology and energy sectors. Business leaders in these industries say theft of trade secrets through corporate espionage and insider threats are still the greatest concerns today. For instance, in May 2022, the employee of an engineering and manufacturing giant in India was arrested for theft of designs pertaining to chromium abrasion-resistant castings, despite having signed a confidentiality agreement.

One of the biggest challenges to digital forensics and incident response investigators is the fact that so many devices are outside the traditional perimeter of corporate IT infrastructure. With computers, smartphones, cloud data sources, and IoT devices all connecting remotely, gaining access to devices when and where they need to is a necessity for security. Businesses have no way of tracking what assets employees are accessing or identify what data is being compromised. An example of this is the case of the IT head of a Mumbai-based firm, who was found sending sensitive emails to a rival company just last year.

Without enhancing endpoint visibility, and lack of collaboration between cybersecurity and cyber forensic investigators, incident response teams are blinded. When organisations adopt the digital forensics solutions it can result in monitoring endpoints, speedy investigations and procurement of defensible evidence. These can act as primary countermeasures for protecting trade secrets.

Collaborative and speedy investigations: Even in instances where organisations have adopted security measures to contain threats, the lack of collaboration impedes internal investigations and also the time taken to contain the threat. Currently, it takes organisations an average of 74 days to detect a breach. That’s a long time to just identify a threat with measures to contain it taking up to 249 days on average. This spells financial and reputational damages, not to mention the legal and PR costs.

A recent study showed that while 71% of organisations had adopted security information and event management (SIEM) and security orchestration, automation, and response (SOAR) technologies, only 6% had integrated these with digital forensics and incident response. Connecting digital forensics solutions with SIEM and SOAR is crucial as it can trigger automatic endpoint collection in response to incidents. These technologies can plug exploits, prevent subsequent attacks, and preserve electronic evidence automatically rather than employing time- intensive manual processes.

With the rising threat, organisations need to start defining, documenting, and improving internal investigation processes now. And the solution is scalable digital forensics solutions that work out of the box. While digital forensics has more maturity in law enforcement, the increasing need for internal investigative capabilities among enterprises makes it critical for businesses to catch up or face increased risk of work product theft. Cyber forensics is critical to defend cases of corporate espionage or theft of trade secrets in the court of law. While cybersecurity tools are necessary to identify intruders, digital forensics acts as a bridge between cybersecurity and incident responders. These solutions ensure that the processes of identifying and investigating a threat can occur in tandem. Digital forensic tools can help organisations understand what went wrong — very quickly.

Remote collection of data: When it comes to investigations pertaining to theft of trade secrets, they often have to be performed with extreme discretion. With the right digital forensics tools, organisations can collect data from off-network and remote devices. These technologies eliminate the expense of shipping devices as they securely transmit collected data to validated servers in a legally defensible manner. For instance, these solutions can monitor all remote device activity and detect threats, as well as identify what data was stolen and who took it.

Enabling investigations in a zero-trust environment: And as organisations continue to adopt the zero-trust model, to contain the threat from remote endpoints, the continual vigilance, validation, and verification can create challenges for forensic investigators. Granting forensic investigators full admin access to conduct investigations is in direct conflict with the principles of zero trust — where users, devices, and applications access information on a need-to-know basis. Most digital forensic solutions are connected to the internet, which adds more risk, which leads organisations to provide forensic investigators with multiple devices for different functions. This would only increase costs exponentially. With the right digital forensic tools, solutions can be installed on- prem and secured on a server controlled by IT teams. This enables investigators to carry on investigations in a web browser interface without disrupting the zero-trust architecture and also gather information

The threats from within organisations is ever increasing and informing people of network monitoring is a great start. A lot has changed in the world of digital forensics and incident response over the last few years. In a remote-first, work anywhere world, businesses need to ensure they are saving time and responding to incidents quickly, remotely, and covertly.

Insider threats and espionage activities pose a great risk to organisations, especially when theft of intellectual property can set the tone for business growth. Star Squared PR understands the unique risks that businesses across industries face, and is well placed to help showcase your organisation as thought-leaders to stay relevant in the competitive landscape.