Forms and methods of industrial espionage.
Most people have heard of such a concept as industrial espionage, but very few have a clear idea of the essence of this phenomenon, and even more so about the real threats and consequences of its influence.
In this article, based on some data from domestic and foreign publications, we will try, in an accessible form, to reveal the content of the concept of industrial espionage, its forms and methods.
For a number of reasons, in the modern world almost any human activity (in particular, business) is carried out in a competitively oriented space and becomes the subject of careful study and analysis. Simply put, if you are doing business, welcome to the risk group. If your company is included in a limited number of consistently successful ones, sooner or later you will become a target.The main tool for achieving the goal is commercial intelligence or industrial espionage. In our opinion, the concept of commercial intelligence is wider, since it additionally includes a completely legal mechanism for collecting and analyzing data from open sources.
Thus, it becomes clear that the main purpose of industrial espionage is information that is closed to public access. A trade secret is a much more valuable product than the company’s “physical” assets. And it does not matter in what form it is expressed: customer bases, patents or new developments of leading employees. This is what becomes the subject of the lust of your competitors, and it is to him that they will try to get close. How do they do it? There are only two main ways. The first is using the insider. The second is using technical means presented in the form of specially developed software products for the theft of electronic data, as well as hardware devices for removing acoustic and visual information.
Industrial espionage is an expensive way to steal data. For example, the average cost of a complex of measures for collecting private data about a small company and its employees is between 2,000 and 3,000 dollars. Installing information retrieval equipment in one office is 400 to 600 dollars. Despite this, there is currently a steady trend to an increase in information leakages. Why? The answer is simple. The cash equivalent of the information itself is growing steadily. Nevertheless, many company owners still do not consider this problem as a potential threat, and, of course, do not take any steps to reduce the risks. Most often this is connected with the myths about industrial espionage, which are widely spread.
Reasons for ignoring information leakage threats
Myth 1: industrial espionage does not concern me
This is the most common myth. Most top managers sincerely believe that industrial espionage threatens only a very narrow circle of companies related to defense, the development of state-of-the-art technologies and industrial giants. In reality, a much larger range of targets is under the gun.
According to statistics, companies in the US each year lose about $ 300 billion due to intellectual property theft. Globally, this figure is about 1.7 trillion. Data theft is one of the most profitable methods of fraud, and its distribution is gaining momentum every day.
Myth 2: We are too small to become a goal.
In cases of theft of intellectual property – the size does not matter. In most cases, the attackers make attacks on small companies, as their security systems are at the most primitive level. In the arena of cybercrime, about 30% of the victims are companies with less than 150 employees. Do not forget about another attractive point of small goals – they often cooperate with large organizations. Therefore, an attack on a local firm can only be the first step in catching big fish – penetration into the information perimeter of the “senior” partner. In this case, catastrophic financial damage will suffer absolutely everything and equally.
To become a victim of intruders, it is not necessary to be a transnational corporation, and a hacker attack is not the only threat. Representatives of the US intelligence services conducted a thorough analysis of intellectual property thefts over the past 50 years, and found out that the insider was responsible for 85% of the leaks. It is the employees of the company, business partners, or even managers who contribute to the information flow to competitors.
Underestimating the danger is the first step towards the role of the victim. If a company has something to sell, then it has something to steal.
Myth 3: Protection of digital information - a guaranteed shield against intruders
A lot of penetration strategies inside the company’s information perimeter are not associated with direct hacker attacks. The use of insiders has already become a classic of espionage. In addition, in recent years, a new threat has emerged – social engineering. Both strategies combine two factors: software penetration plays only the role of a second violin, and success is achieved through the use of the human factor.
In 2012, one of the major aerospace agencies lost super-important commercial information, due to the fact that one of the employees “sold out” to competitors from China. The process of theft was extremely simple. The employee printed the secret data on the printer and faxed them. By the time the leak was discovered, the insider had safely left the country. Analysts believe that the main catalyst for information leakage remains and remains the person and his actions.
Myth 4: Data leakage is not a reason for bankruptcy.
If valuable information falls into the wrong hands, will the business still be profitable? Unfortunately, the answer most likely is unequivocal – no.
In 2014, one of the major suppliers of special equipment for the US government came under attack by hackers, which resulted in a major information leak. The US government, which placed orders worth $ 340 million a year before these events, immediately ceased cooperation with the company. Literally within 3 months the company lost absolutely all customers and went bankrupt. It is so easy to leak data can kill a company with a multi-million dollar turnover.
It is necessary to apply a systematic approach to protection against industrial espionage with the development of an integrated strategy, including the use of methods to combat software invasion, monitor the movement of digital data, monitor personnel and protection of premises from the means of information retrieval.
Instead of a conclusion - a few interesting facts collected by American experts in the field of information security.
- Registered attacks using insiders accounted for 47% of the total number of information leaks.
- Online attacks – 33.8%.
- On average, companies lose from 2400 to 8350 personal data (data about customers, partners, medical records, etc.) in one leak of information.
- In 66% of cases, information leakage is not detected for a month or more.
- The average cost of a stolen laptop is $ 49,246. 2% – the cost of replacing a laptop, the rest – the price of stolen information.
- By 2020, 75% of commercial or government data will be stolen.
- In 70% of cases, the insider, who was about to resign within 30 days, stole commercial information.
- 65% of employees who stole information at the time of the crime have already received a job offer from a competitor or started their own business. 20% received an offer after data theft.
- 75% of insiders stole information to which they had the right of access. In 52% of the data was sold to competitors.
- 54% of insiders used email, cloud servers and file sharing to transfer stolen data. The rest allegedly transmitted information on tangible media.