Question 1: Discuss the significance of competitive intelligence gathering for an organization in succeeding in this current competitive field .
Currently, successful industries in the United States have kept their status based around the massive investments in innovation and R&D (How, n.d.). In order to gain a leg-up on the competition, companies (Kahn, 2018) and other nations have been known to steal corporate trade secrets through hacking (Dilanian, 2018). In order to prevent events such as the Sony Hack on a corporate level, steps need to be taken to validate network security (RBS, 2014).
Separately, attacks could come from loosely organized civilian teams globally as black-hat hackers. The main objective is broad for these civilians. Some tend to be political “Hacktivists” seeking change in politics or society while others are criminals seeking financial gain (Putman, 2018).
One of the ways to validate network security is to hire penetration testers (pen testers). A corporate compliance, infrastructure, and security team is only as good as their vulnerabilities. Penetration testers are white-hat hackers there to bring vulnerabilities to the attention of corporate security teams in stead of black-hat exfiltration/exploitation.
The objectives of a hack are pretty resolute. Mostly, attacks fall into categories of exfiltration or disruption.
- Exfiltration – If a bad actor attempting to steal data, it’s likely for monetary gain for the competing company or civilian criminal. In exfiltration, depending on the data stolen, differing legal implications may be involved especially concerning employee data.
- Disruption/Destruction – Competing companies, criminals, and hacktivists target corporate
There are a couple concepts that need to be identified before selection of a pen tester:
- Know that the competition is many – While cyber attacks may become “operational” for a short period of time, there may be many competitors that can perform some cyber attack each year. This means, depending on the industry and profile of target, you could see attacks year-round.
- Quality and Quantity – A single pen tester is going to have a single approach to finding vulnerabilities with one “set” of tools and applications. Having multiple, quality pen testers will typically have multiple approaches and applications to work with. Prioritizing quality and quantity will likely result in a speedier and more thorough security posture validation.
Cyber attacks aren’t going to magically go away from human sources until Artificial Intelligence automates the industry (Dilek, 2015). Industries need to be aware of their digital security posture and prevent unauthorized loss of trade secrets, finances, and employee information.
Dilanian, K. (2018, October 9). They’re back: Chinese hackers are stealing from U.S. firms again. Retrieved May 22, 2019, from https://www.nbcnews.com/news/china/china-s-hackers-are-stealing-secrets-u-s-firms-again-n917836
Dilek, S., Çakır, H., & Aydın, M. (2015). APPLICATIONS OF ARTIFICIAL INTELLIGENCE TECHNIQUES TO COMBATING CYBER CRIMES: A REVIEW. International Journal of Artificial Intelligence & Applications, 6(1), 21-39. doi:10.5121/ijaia.2015.6100
How much does your country invest in R&D? (n.d.). Retrieved May 22, 2019, from http://uis.unesco.org/apps/visualisations/research-and-development-spending/
Kahn, R. A. (2018, September 19). Economic Espionage in 2017 and Beyond: 10 Shocking Ways They Are Stealing Your Intellectual Property and Corporate Mojo. Retrieved May 22, 2019, from https://www.americanbar.org/groups/business_law/publications/blt/2017/05/05_kahn/
Putman, P. (2018, December 11). What is a Hacktivist? Retrieved May 22, 2019, from https://www.uscybersecurity.net/hacktivist/
RBS. (2014, December 5). A Breakdown and Analysis of the December, 2014 Sony Hack. Retrieved from https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/