Industrial espionage once involved someone physically stealing a rival’s information by emptying a filing cabinet or copying exclusive designs. Today the risk still exists but it is far more subtle and harder to trace
Worryingly, every business is at risk, whether the firm’s directors realise it or not. Recent press reports of US and Israeli governments’ growing arsenal of digital weapons (with names like Gauss, Stuxnet, Duqu and Flame), may sound more like an issue for James Bond, but businesses need to be on their guard.
“Cyberspace provides relatively small-scale actors an opportunity to become players in economic espionage,” warns a recent report to the US Congress, which also suggested the economic cost of industrial espionage could vary from $2bn to $400bn or more a year. The figure could not be quantified because so little information is available.
One of the keynote speakers at the DVS Symposium, Fred Maro, of FM-nospy, firmly believes it is time businesses woke up to the growing risks. “It is hugely underestimated as a risk. About one in every four or five firms will have been attacked and most will know nothing about it until something else goes wrong,” Maro said.
As a security consultant, Maro tends to get called up at that point, but he said then it is too late “because the information is already out there and the damage has been done”. He cited recent examples of firms who found their exclusive designs being copied elsewhere and sold for a fraction of the price, undermining the market.
Another example is the company which suddenly found five of its major customers all cancelling contracts and renegotiating rates at 30% less. Investigations revealed that a student on work experience had received a call from a man purporting to be working in the firm’s overseas office. He knew so much information that the student overcame his caution and sent out sensitive pricing files.
Just four weeks later, all the major customers were cancelling. The caller has yet to be traced, but clearly he had infiltrated the firm’s systems before making the call. The clever combination of hacking and abusing human nature left the company victim of a devastating attack.
“Think of industrial espionage and people think of James Bond, but that is not how it is done these days and everyone is at risk,” Maro said.
No comments yet