Page 311 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 311

Proprietary Data

               Proprietary data refers to any data that helps an organization maintain
               a competitive edge. It could be software code it developed, technical

               plans for products, internal processes, intellectual property, or trade
               secrets. If competitors are able to access the proprietary data, it can
               seriously affect the primary mission of an organization.

               Although copyrights, patents, and trade secret laws provide a level of
               protection for proprietary data, this isn’t always enough. Many
               criminals don’t pay attention to copyrights, patents, and laws.
               Similarly, foreign entities have stolen a significant amount of

               proprietary data.

               As an example, information security company Mandiant released a
               report in 2013 documenting a group operating out of China that they
               named APT1. Mandiant attributes a significant number of data thefts
               to this advanced persistent threat (APT). They observed APT1
               compromising 141 companies spanning 20 major industries. In one

               instance, they observed APT1 stealing 6.5 TB of compressed
               intellectual property data over a ten-month period.

               In December 2016, the U.S. Department of Homeland Security (DHS)
               and the Federal Bureau of Investigation (FBI) released a joint analysis
               report documenting Russian malicious cyber activity. This report
               focused on activities of APT 28 and APT 29, also known as Fancy Bear
               and Cozy Bear, respectively. These groups primarily targeted US

               government entities and others involved in politics. Cybersecurity
               firms such as CrowdStrike, SecureWorks, ThreatConnect, and
               FireEye’s Mandiant have all indicated that APT 28 is sponsored by the
               Russian government and has probably been operating since the mid-
               2000s.

               It’s worth noting that different organizations frequently identify the
               same APT with different names. As an example, U.S. government

               entities named one APT as APT 28 or Fancy Bear in a report. Other
               entities, such as cybersecurity organizations, have referred to the same
               group as Sofacy Group, Sednit, Pawn Storm, STRONTIUM, Tsar
               Team, and Threat Group-4127.
   306   307   308   309   310   311   312   313   314   315   316