Google+

BBC Capital

Russian roulette: The rising risk of cyberhackers

Police security patrol in Sochi ahead of the 2014 Winter Olympics (Getty)

Police security patrol Rosa Khutor village, Sochi ahead of the 2014 Winter Olympics (Getty)

Drones, sniffer dogs, snipers in helicopters and an estimated 100,000 troops on the ground are all part of a colossal security effort underway in Sochi ahead of the 2014 Winter Olympic Games. The Russians have created a vast security perimeter encircling the Black Sea resort amid fear of terrorist attack from neighbouring Caucasus region.

Yet these strong-arm tactics are little defence against one of the most pervasive risks for foreign visitors — the risk of cyber hacking.

The threat of physical violence that hovers around this year’s Games is, to a certain extent, a one-off. But cyber spying and theft of intellectual property are a major threat for all visitors, whether they are sports fans flying in for the Olympics, or business travellers pounding the pavement for work.

The problem is certainly not limited to Russia. Experts advise that cyber spying is a major threat for all overseas firms working in hotspots, countries where risk of political or civil unrest or crime is higher such as Russia.

If you are sending your staff to Moscow, or another of the top business hubs such as St Petersburg, Sochi or even Kaliningrad on a short visit how can you prepare them for doing business?

First, avoid discussing any commercially sensitive or private information on open communication lines, said Rob Walker, head of information and analysis at International SOS, international health, safety and security consultants based in the UK . “Do not use unsecured wi-fi and turn your device's Bluetooth off. Set tablets and smartphone to ‘airplane mode’ when not in use and use a secure private network if you can,” he said.

Business people are increasingly being targeted as soon as they step off the plane, warned Stephen Bonner, partner in the information protection business at KPMG, so raising awareness is crucial. “Business travellers are particularly vulnerable and as they often rely on the wi-fi internet provided at the airport as soon as they get off their flight,” he said.

Bruce Bean, law professor at Michigan State University and Chair, Extraterritorial Jurisdiction Committee, International Law Association agreed and said investing in encrypted laptops, phones and a secure internet connection is key. “If you are dealing with a major company or the government [in Russia], you can be sure that they are listening in,” he said. ”We had a client that gave us an encrypted cell phone and would not let us talk about prices over the phone.”

Airports are real hotspots, said Bonner, and wi-fi in the first class business lounge is often the “prime target” for hackers trawling for company secrets to sell or high-net-worth individuals “sending an email their broker or wealth manager.”  While a traveller might notice quickly that financial information has been stolen, they are less likely to detect that a thief has remotely made off with business plans, said Bonner. This makes this type of theft more dangerous. 

It’s vital for international businesses to manage these issues because mistakes such as lost data are often irreparable and therefore incredibly expensive. The boss of the British secret service unit MI5 recently flagged cyber hacking as a major threat to national security and pegged a recent financial loss sustained by an unnamed FTSE 100 stock exchange traded company that was hacked at £800 million.

Fraser Bomford, analyst at risk consultancy AKE group based in the UK, said Russian hackers in particular are known to be very technically proficient at accessing all sorts of information. He said: “If you are a person of interest [to the government] then I would expect the Russian secret service, the FSB, to be collecting information on all your communications so you have to decide how I mitigate this? What are your procedures; do you encrypt your data?”

Businesses should rationalise what data they employees should be allowed to take out of the country, said Fraser. One question they should always ask, “If it’s ‘sensitive,’ should you be taking it at all?”

Keeping safe

There is little that can be done to retrieve stolen information. Some companies are now using tactics reminiscent of the Cold War.

Companies with particularly valuable secrets, for example, how much they’re willing to bid for an acquisition, will set up two servers. One stores some of their real data and other has dummy information. While the hackers may be able to access both servers, they won’t know which is valuable, said Bonner.

Another tactic is using ‘clean’ devices. Companies will supply their staff with equipment such as I pads or laptops, which will then be shredded when employees return home, said Bonner. This ensures they do not bring anything back in to a home network, he said.

A less high cost option is using virtual private network, which allows employees to securely access their company’s home network remotely. And some are returning to the old-economy method of preserving information — pen and paper.

Multinational corporations and Russian President Vladimir Putin have one thing in common when it comes to their approach to criminals: preparedness.  When it comes to cyber hacking, the focus has shifted from ‘how do we respond if this happens’ to a ‘continual monitoring’ programme from many multinationals, said Bomford.

And smart companies are starting to prepare to defend against cyber attacks from states that have been seen as more friendly or benign.

“As the [financial] barriers to electronic spying and attacks are further lowered, there is more and more of it going on worldwide,” said Bonner.

(With additional reporting by Alina Dizik

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.