Kleptopredation in a Digital World

Enterprise cybersecurity programs may have something to learn from an unlikely source—the humble sea slug.

While nature metaphors can border on trite, the behaviors of predator and prey, their hunting strategies and evasion tactics in the wild do provide valuable parallels for the ever-changing cyber risk space. Enter, the sea slug—or more specifically, the Nudibranch.

When Nudibranchs hunt, they leverage a clever strategy. The small but cunning sea slug waits to consume its prey, until after it has eaten its own prey. In doing so, the Nudibranch receives a 2-for-1 special – its prey plus the prey’s dinner. Marine biologists classify this strategy as Kleptopredation – a method of hunting perhaps unique to the ocean world yet increasingly familiar to “hunters” in the cybersecurity domain.

In the business world, enterprises are vulnerable to this same attack strategy during periods of internal change or growth. Organizations depend on a metaphorical “food chain” of data wherein new “meals” are taken at regular intervals. “Data meals” range from byte-size snacks, like onboarding a new client or vendor replete with third-party data into an environment, or a hearty “meal” of fresh intellectual property data, all the way up to “data feasts” consumed in the form of a merger or acquisition.

"Understanding Kleptopredation allows organizations to identify key moments of vulnerability, but in order to adequately protect themselves, they must explicitly and proactively include security considerations in business decision-making. Two ways to accomplish this are by prioritizing Gap and Risk assessments ahead of vulnerable moments."
-Daniel Woods, Manager, Alvarez and Marsal

Contact the Author:
Daniel Woods
Global Cyber Risk Services
Mobile: +1 202 820 4328
dwoods@alvarezandmarsal.com

This article was originally published on www.infosecurity-magazine.com on August 19, 2020