Web Applications
Of course, not all spies take the low-tech approach; an increasing number are taking advantage of known insecurities in Web applications, according to a SANS Institute report on the Top 20 Internet security risks of 2007. The report names vulnerable Web applications as the top new risk, enabling Web sites to be poisoned, data stolen and computers connected to the Web site compromised. In 2008, the report says, Web application attacks will grow substantially.
How to stop them: Web scanning tools can help find application vulnerabilities, especially when combined with source code review tools and application penetration tests. The SANS Institute also recommends inspecting the Web application framework's configuration and hardening it appropriately. "No one should be engaged to write Web applications unless they can pass the GSSP Secure Software Programming exam that covers the essential security skills and knowledge that developers need to produce more secure applications," the report concludes.
Insider Theft
An efficient way for spies to work is to pay inside employees to steal information. Often, there's nothing high-tech about the maneuver, Winkler says; employees simply use their existing access rights to download greater volumes of data than they ordinarily should.
How to stop them: Use a combination of access control and proactive auditing, Winkler says. For instance, if customer service representatives generally access 30 records a day, he says, and suddenly a couple of people are accessing 100 a day, that's a red flag. So is an employee who suddenly begins accessing data from home, adds Ken van Wyck, a principal consultant at KRvW Associates LLC, a security consultancy in Alexandria, Va. "You're looking for drastic changes in behavior," he says, which can be detected through statistical anomaly detection programs.
It's also important to use the access control capabilities of the operating system, van Wyck adds. "People don't take the time to configure these very well," he says. "Many employees can access more than they need to do their job."
Another counter-measure is to disable the USB ports through the system's password-protected BIOS or use centralized tools that restrict the use of ports and external devices, according to the SANS Institute report, making it more difficult for wannabe spies to easily export the data.