With the current market saturation, competition in many fields is fiercer than ever. One of the main weapons that can be employed in modern economical warfare is information about competitors, their offerings, finances, sales and marketing strategy.
Some of this information can be gathered in a legal way, by closely monitoring all public channels, associated with competitors, networking with industry insiders and analyzing latest trends. This is called competitive intelligence, and it can give an effective leg up in a fight for a market share.
However, not all companies are satisfied with merely gathering data that is already out there. Many turn to much shadier tactics in order to gain advantage over competition. Industrial espionage is much more common, than you would think, judged by the news. Foreign governments may also engage in what is called economic espionage by stealing economic information from foreign companies.
Targets of industrial espionage
The main goal of industrial and economic espionage is to get a hold of protected confidential information belonging to competitors. Usual targets of such actions are:
Trade secrets. While definition of “trade secret” varies from country to country, it generally means protected information about existing products or products in development. This is one of the most popular targets of industrial espionage. This information may help rival companies to increase competitiveness of their products or even bring a similar product to the market faster than you can.
Client information. Private data of your clients, including their financial information, can be used to steal business, or can be leaked to damage the reputation of your company.
Financial information. Financial information of your company can be used to offer better deals to your clients and partners, win bids, or even make a better offer to your valuable employees.
- Marketing information. This will allow your competitors to prepare a timely answer for your marketing campaign, which, in turn, may render it completely ineffective.
Why it is rarely reported
Industrial espionage is illegal and yet, very widespread practice. If it hasn’t affected your company already, it only a matter of time until it will. The question is then – why we don’t hear about it on the news as much?
There are several reasons why most companies are not reporting cases of industrial espionage:
Industrial espionage is hard to prove. Industrial espionage is often performed by insiders that already have access to sensitive data. It is almost indistinguishable from their normal everyday activity. Such actions are very hard to detect and even harder to prove in court.
It is hard to hold perpetrators accountable. Since laws on trade secrets and industrial espionage are different everywhere, it may be very hard to hold foreign companies accountable. And even if the company is domestic, if they are much bigger then you, than they can prolong legal procedures to the point where it will be not feasible for your company to continue. It is also impossible to hold foreign governments accountable for economical espionage.
It may negatively affect stocks. Value of your company stocks may fall if it will become publicly known that your security has been breached. It may lower both trust of your investors and customers.
All of the above compels companies to keep it to themselves and conduct internal investigations. It also means that companies are largely left to deal with industrial espionage by themselves. It is their responsibility to establish effective detection and response procedures. However, effective prevention is arguably the best way to deal with industrial espionage.
How industrial espionage is performed
In order to understand how to effectively prevent industrial espionage, we need to know how it is performed.
There are several ways to breach your cyber security and illegally obtain data. Foreign governments most often use hackers in acts of economic espionage. Hackers can gain access to your sensitive data using malware, zero-day vulnerabilities or even known exploits that were not timely patched, and use espionage software to gather valuable data and trade secrets.
In acts of industrial espionage between companies, on the other hand, malicious insiders are used much more frequently. Competitors can plant “moles” inside your company that will act as regular employees, while secretly gathering intelligence for their actual employer.
They can approach trusted employees with privileged access to trade secrets and other valuable information and offer them money, or blackmail them into cooperation. Malicious activity of such employees is much harder to detect than hacking attacks, making it a much safer bet.
Your employees can also perform or aid in corporate espionage inadvertently. Various social engineering techniques can be used to gather secret information or extract credentials from employees. Random USB stick, left in a hallway for curious employee to pick up and use, or carefully written email that prompts to click on a link, are only two of a large number of ways through which malware can infect your system, giving your competitors full access to sensitive data.
Terminated employees are another source of danger. Disgruntled employee looking for a way to get back at company, or simply one of the trusted insiders leaving for a competition could easily take sensitive data with them.
Best practices to follow for preventing Industrial Espionage
The fact that perpetrators more often than not are your own employees makes digital industrial espionage prevention much more complex, then simply protecting yourself from malware. You need to strengthen overall security posture of your organization, follow the best anti espionage practices, and pay especial attention to insider threat prevention and detection.
Conduct risk assessment. The first step in establishing reliable protection is to identify potential targets. You need to know what trade secrets and other valuable data your company possesses and how much each of them worth. You can evaluate your trade secrets by comparing them with products, already available on the market, or with known assets of your competitors.
Identifying your most valuable data should give you an idea on who may want to have it. This information should be used as a foundation for a detailed risk assessment. You need to identify threats and potential vectors of attacks, which should help you detect vulnerabilities in your own defenses. Risk assessment is a key to a risk-based approach to security that should be a part of security strategy of every organization.
Establish effective security policy. All security rules should be formalized into a clearly written security policy that you need to effectively enforce. This policy should include rules designed to prevent computer espionage and insider threats, such as prohibiting password sharing and bringing your own devices to work. Make sure that all your employees are aware of it and enforce it from top to bottom starting with upper management.
Maintain efficient data access policy. In many companies, access to critical data and infrastructure is allowed by default, and only explicitly prohibited when it is deemed risky. While it may sometimes be more convenient, this policy is not very secure. Your company should follow the principle of least privilege and prohibit access to all data unless an opposite is necessary. By limiting a number of people with access to trade secrets and critical data, you severely limiting the number of entry points, through which your competitors can obtain this data.
Read more about the importance of data protection.
Secure your infrastructure. It is important to establish a secure perimeter around your company network. Conventional corporate cyber security software, such as firewall and anti-virus, are your first line of defense. Make sure to separate your valuable data from your corporate network and prohibit access to it. Protect your border routers and establish screen subnets. Building secure perimeter using layered approach is the best way to protect yourself from industrial and economic espionage done through hacking and malware.
Educate employees. To prevent your employees from inadvertently helping competitors gather intelligence, you need to educate them about potential threats your company faces. Make them aware about the role they play in the security of your organization and teach them about simple security practices, that they should incorporate in their daily workflow. This will help protect your employees from social engineering attempts, and will prevent simple security mistakes, such as sticking with default password. Your employees will also be more eager to follow security policies, if they understand why those policies are in place.
Conduct background checks. Background checks are a good general security practice that will help you judge potential risks, associated with a person before hiring. But it also can help with preventing business espionage, by allowing you to identify moles.
It can also be very useful to periodically conduct background checks of existing employees, especially ones with privileged access to trade secrets and sensitive data, as they are under high risk of being approached by a competitor. Sudden surge in standards of living, unexpected trips, or prepaid debt are among potential causes for a concern.
Create proper termination procedure. In many cases, company espionage is performed in last couple of weeks of work. Employees also often have their credentials still active after termination, allowing them to access sensitive data when they already ceased working in the company. Proper termination procedure should be created and implemented, in order to protect your company from potential acts of industrial espionage by terminated employees.
Monitor employee activity. Malicious employee activity can be very hard to detect, especially regarding users with high level of privileges, such as system administrators and upper management. They can easily gather intelligence while performing their normal tasks and explain any abnormal behavior as a simple mistake. Without proper tools in place, it can be impossible to identify insider attack.
Employee monitoring is the best way to both prevent and detect industrial espionage performed by employees. It makes all employee actions fully visible and transparent, allowing you to identify data theft and take appropriate actions to prevent it.
Employee monitoring can also serve as an effective way to deter opportunistic employees from stealing data, as they will know that their actions are now fully visible.
Ekran System – monitoring solution for preventing industrial espionage
Ekran System is an employee monitoring solution specifically designed to combat insider threats, including industrial espionage. It can monitor actions of every user regardless of the level of privilege they have, allowing you to control actions of system administrators and users with access to trade secrets and financial information.
Ekran System produces indexed video recording of every user session coupled with relevant metadata. You will be able to see everything user sees on his or her screen, including their desktop, opened applications and mouse movements. Metadata will allow you to see and search by entered keystrokes, titles of applications and active windows, visited websites, etc., all easily searchable and with relevant timestamps.
Ekran System also provides robust alerts and notification feature. Upon setting up custom alerts, your security personnel will receive e-mail notification upon suspicious events. They can then view session live as it happens and decide to block it if any malicious activity is confirmed. This allows you to effectively respond to any potential acts of industrial espionage and minimize the damage.
Industrial espionage can severely damage company business and reputation and hinder any opportunities for potential growth. By following best practices, mentioned above and using Ekran System as your user monitoring tool of choice, you can reliably prevent industrial espionage and protect your company from both outsider and insider threats.