Subscribe

Corporate espionage on the rise

The scourge becomes common as criminals master the Internet and take advantage of lax security prevalent in companies.

Mike Hamilton
By Mike Hamilton
Johannesburg, 28 Oct 2008

In 2002, the war between Dell Computer and its rivals in the personal computer market was hotting up. Dell had made gains in market share with its cheaper PCs, which it sold direct to the end-user, obviating the costs and mark-ups associated with many of its competitors' dealer networks.

Now there were rumours that Dell was poised to enter the printer and peripheral market too. The PC giant would be going head-to-head with many established companies in this niche - including HP.

Galvanised into action, HP dispatched its 'competitive intelligence unit' to find out more about Dell's plans. It successfully managed to gain access to detailed information relating to Dell's soon-to-be-released printers.

The facts about HP's covert intelligence-gathering operation may have remained a secret, but they came to light last year (2007) in documents linked to a messy court battle - relating to another matter - involving HP and former employee Karl Kamb.

Kamb, according to legal documents, accused HP of hiring former Dell employees to supply information about the company's plans to enter the printer business back in 2002.

HP denied the accusations and the case was eventually dismissed, but the episode serves as a reminder of just how extensive, sophisticated and sometimes ruthless corporate 'snooping' operations can become.

Dumpster diving

Illegal data collection methods can range from computer hacking, theft, intimidation, personnel impersonations - called pretexting - and what is known in the US as 'dumpster diving' or mining the garbage for nuggets of valuable information.

Today, it is estimated that 70% of the average enterprise's value is held in its information. While this figure is expected to rise, so too are the incidents of corporate espionage.

In SA, press and other reports highlight the fact that local companies are increasingly turning to private investigators to spy on their competitors. Conservative estimates suggest that one out of every 20 local companies has had its intellectual property compromised in some way.

What information is being targeted? The list is long and includes patent procedures in progress, customer information, pricing strategies, source code, unique manufacturing methods, research findings and future marketing plans.

Don't be a victim

In South Africa, press and other reports highlight the fact that local companies are increasingly turning to private investigators to spy on their competitors.

Mike Hamilton is MD of Channel Data.

In order to protect companies from becoming victims, it's important to establish a 'culture of security' within the organisations and have employees understand the importance of correct policies and procedures.

Ensure that employees are aware of electronic social engineering ploys and have an escalation plan for them to follow if they think they have been targeted.

Social engineering attacks, in which a hacker commonly tricks an employee into providing a username and password, using phone and e-mail communications, are becoming increasingly frequent. Because they rely on the frailty of human nature they can bypass technological protection.

For this reason, it is important for organisations to install systems that emphasise the personal aspects of security, with technologies that focus on the logic behind data streams both entering and leaving the corporate network.

Sophisticated and intelligent content filtering technologies are needed to prevent individuals - authorised or otherwise - from opening the door to outsiders and giving them access to sensitive data.

Susceptible

Computer network vulnerabilities that could lead to information leakage include a company's Web presence, users' e-mail and Internet activities, as well as employee intranet and access privileges.

Solutions that should be employed include Internet content filtering - to limit access to Web sites that could compromise corporate privacy - and e-mail filtering designed to stop inappropriate e-mail transmissions.

Comprehensive anti-virus solutions are a 'given' and will help to eliminate data theft through backdoor methods. Similarly, intrusion detection software will enable only those authorised to gain access to restricted areas of the network.

Vulnerability assessment solutions will help senior executives to better understand the security architecture and the vulnerabilities of each component within that structure.

Finally, policy implementation will help develop a solid set of rules for configuring networks. Policies can also help establish access rules for users so their activities can be better monitored for potential breaches.

In a competitive marketplace, where information is an increasingly valuable commodity, many experts predict that espionage will be encouraged by the ready availability of sophisticated Internet and electronic surveillance technologies.

* Mike Hamilton is MD of Channel Data.

Share