International high-tech companies are increasingly often faced with aggressive attempts to steal their intellectual capital. After all, companies that are front-runners are, and will be, an attractive target for competition, often in the form of criminal organizations or state actors. Despite the security usually being in order at these high-tech companies, they too must remain vigilant. Security technologies such as encryption and data diodes, but also staying on top of awareness go hand-in-hand in doing so.
The CEO of ASML, Peter Wennink, was clear in his interview with the British Financial Times: in order to adequately protect the company’s intellectual capital, ASML must increase its investments in cybersecurity every year with a percentage that clearly goes into the double digits. In this way, the company has already fended off several thousands of cyberattacks. In addition, the executive voices the fear that the rising tensions in worldwide trade relations will lead to an increase in the size and impact of cyberattacks. This of course, is about the restrictions that have been imposed on sales of the most modern machines needed to manufacture chips. Now that China can not have access to this technology by buying it from ASML, it will have to develop the knowledge and expertise itself. The idea of this is done in nefarious ways, is not inconceivable. There is already an ongoing investigation into a Chinese ex-employee of ASML who is thought to have stolen data from a location in China. In this case, a link to the Chinese government has not yet been confirmed.
Intensify security efforts
The worries of a ‘captain’ of the high-tech industry show that security efforts must be intensified. That is to say, more resources need to be allocated towards it and at the same time, smart security solutions need to be considered. This begins, as usual, with a comprehensive Identity and Access Management (IAM) approach and getting the ‘basic IT hygiene’ in order. The example above just shows once again that the threat does not always come from outside, thus it is important that employees are only assigned rights they need. This allows you as an organization to ensure that employees only have access to the applications and data required by their position and role. Combined with a comprehensive solution for detection and response, it is possible to intercept suspicious network behavior and mitigate dangers.
Encryption is mature
So, using IAM and Detection & Response solutions, you can strengthen the first line of defense. Consequently, it is important to think about additional measures that match the Zero Trust approach. This implies that you don’t trust any device or user that logs in on the network. For example, apply whitelisting. According to this strategy, only a set of email and IP addresses, domain names or specific applications receive access to the systems, while all others are denied. Another measure that can be taken, is making use of encryption technology. This is so mature and advanced by now that it dynamically moves along with the organization’s assets. This, among others, means that not just data-in-transit, but also data-at-rest can be encrypted when deemed necessary.
But, like all security technologies, encryption is under attack from cyber attackers. Maybe not immediately, but in the future, encryptions can be broken a lot faster using quantum computers. What is also conceivable, is that encrypted data is stolen right now, but is not decrypted until around 2030 when this technology is mature and developed. By that time, this data could still be sensitive and cyber attackers could still use it to their advantage. This mainly applies to so-called long-lived data, such as personal information, medical data, intellectual property, and sensitive, confidential and secret government information. It is therefore advised, especially for high tech companies, to now start preparing the migration to a security environment that is (post) quantum-proof. This is also what the General Intelligence and Security Service of the Netherlands (AIVD) advises. Also, to strengthen the encryption at short notice, it is worth considering adding a layer of symmetric encryption on top of the asymmetrically encrypted data for critical and sensitive connections. This is also known as a hybrid solution. In fact, fully symmetrical encryption based on AES256 is seen as post quantum-proof crypto.
Data diode technology
Lastly, it is a good idea to reflect on the opportunities that data diode technology provides. For the most critical links and connections (data in transit), this allows you to enforce that network traffic can only go one way. Depending on the organization’s wishes, strict one-way traffic can be set up, or regulated two-way traffic – thanks to a double firewall, for example. In this way, you can prevent from data ‘disappearing’ to unwanted locations. Besides, these principles suit the Zero Trust approach that more and more companies and organizations are taking on.
Today, many different advanced solutions to further improve your security are available. High tech companies that want to protect their intellectual capital better would be well advised to constantly review these solutions. What could be improved, and which solutions would be needed to do so? Although we know that cyber attackers are rapidly improving themselves, you can do everything it takes to stay just one step ahead of them.