Corporate Espionage Defense: Don't Become a Statistic
One does not really know what to make of it, and this was not given any great importance till sometime back. This was due to the fact that communications were then based on direct methods over which people had control. Today with the advent of the Internet and the World Wide Web, the spread of information is very high, and often information is beyond the control of the people whose information is being spread. The importance of corporate espionage has been proved through the efforts of certain individuals who found out all the "hidden" information to meet a challenge. The methods depended on easily available information. At the same time, the technique is not new and has been the reason for the development of industry in United States. The practitioners are also now easily available from the retired employees of the defense services. Earlier, the efforts were restricted only to a limit of a few million dollars, but lately it is known to be worth more than 300 million dollars.
There are many methods of gathering the required information, but the best method is to use the trust of people and this can be gathered through confidence building techniques which are known to most people and practiced by some. At the same time, the building up of friendships to collect information is important with only some people in the organization, and these people have to be more careful than others. Certain industries are specifically more susceptible to this than others. At the same time, the extent of collecting information has now become so widespread that some people have made a profession of this. As with all other industries, only some are more susceptible to it than others. One of the critical activities is to tackle the victim who is going to provide the required information. Sometimes even wrong suspicion of leakage of information is made, and even some inefficient machines are being touted as the solution to this trouble.
It was done recently by a former U.S. intelligence officer when he was invited by a chief executive officer of a consumer electronics company from California to find out about his own company's new project for developing a new technology. The former intelligence agent was asked to find out the secret as the project was important for the company and expected to double the revenue base. He wanted to be sure that his competitors had not found out the secret, and he wanted the intelligence officer to find out about it. The intelligence officer and his employees went to the house of a senior officer of the company who had not been at home for the last three months and follow him when he went to work the next morning. At his place of working, there were a lot of other people who were working also. The people concerned were traced from the numbers of their cars, and from these find out their identities from the Web. Then they posed as employer representatives and pollsters. They were able to find out the top secret technology, its cost of development and the time of launch. All this was done within 30 days, and the CEO who had set this up as a test was shocked.
How old is corporate espionage?
Corporate espionage has been around for a long time, and the experts in the field say that it has only become professionalized now. In 1811 Francis Cabot Lowell went to England and was able to memorize the plans for the Cartwright loom while on a trip to a factory. This ultimately proved to be the blueprint for the industrial revolution in America. This particular individual got his ideas of espionage from the hackers and the stories on hacking he had done Forbes. This gave him knowledge about software piracy and music piracy on the Net and the structure of the gangs within cyberspace for this purpose. This gave him clear ideas of how hacking is done without people becoming aware of it. For corporate espionage people hire to break the law, and even if they do not break the law, they work as spies. The original training of most of these people came from the CIA or the DIA of the FBI. 2
The business of espionage was not so big earlier, and in 1995, the level was only of the order of about $15 million, but by 2002, it had reached a figure of nearly $300 million. 3 The figures of costs of corporate espionage are very expensive on the shareholders of the U.S. companies and are in excess of $25 billion. 4 According to the FBI and similar organizations, industrial espionage costs U.S. companies from $24 billion to $100 billion yearly. 5
Sometimes people are fooled into giving the information themselves and in one case; a CEO of a biotech firm in California gave an interview to a "reporter" from a foreign television company. The people with the reporter carried around a shoulder video camera which recorded the equipment, the settings on the equipment and the papers and notebooks that were near. This fact was not noted and resulted in the company losing a lot of information. Telling a lie to obtain information cannot be prevented even through successful trade secret law suits, till one has got a signed nondisclosure agreement from the person concerned. Thus often the case can be only against the employee who participated in the entire exercise. There are also subcontractors who do the dirty work for the Fortune 500 companies and they come back with reports, and the person who employed them does not seek the details. This technique may be called plausible deniability. 6
The Human Factor
When any company has to look at a security plan, they have to clearly decide on the people involved and they are the computer staff, security managers and executive management. All of them have a clear role to play. The important characteristics for each group are noted below.
Computer support staff:
1. They should be aware of the security policy of the company and the procedures and should follow them.
2. They should be given training in quality so that they understand the security features in the software that is used. They should have the capacity to use it to the full potential
3. There should be an ongoing plan for teaching them so that they remain up-to-date and this is very important in view of the changing technology and standards.
1. They have to be fully trained about the latest advances about information security technology and its best practices and they should be able to implement them.
2. They should have product and professional certification so that they get a basic knowledge.
3. There should be measurement of the security requirements and how much has been implemented.
4. There should be regular system health checks so that all vulnerabilities are reviewed and small test patches should be conducted before touching the entire system
1. It is the management responsibility to support initiatives in information security and also provide examples for others.
2. All information should be provided in a manner that is familiar to them through expert speakers or at executive committee meetings.
3. There has to be follow up with high level impact statements regarding financial risks, and damages to the reputations of the company and involved liability
Data: Information Systems Security Association
According to a survey by KPMG, the respondents from the Information, Communication and Entertainment sector felt that they were the most vulnerable to corporate espionage. This was due to their intangible assets like databases, knowledge pools and proprietary information. 7
How information is collected for money?
One of the persons in this field is Marc Barry and he has a Competitive Intelligence organization called C3I analytics in New York City, and he says that he regularly uses false pretenses to collect information for his clients. The Society for Competitive Intelligence claims that their members stay within the ethical rules, but that is not true and even Barry has been hired by many of their members to do many dubious activities for them. In certain cases like profiling of a competitor's R&D, that cannot be done without deception or trickery. A cereal manufacturer once gave him a job to find out the R&D strategy of Quaker Oats, and this was by a competing manufacturer. He set up front companies and talked to the professors doing the research about also funding their research, and these methods are how to get the person to open up to the investigator. This is how he penetrated a number of facilities in Chicago, which were previously though to be secure. The result that they came up with was that the main emphasis of research by Quaker Oats was to introduce genetic material from corn into oats so that the…