The economics of economic espionage
Imagine for a moment that your company is developing a new product, and that the development effort will cost fifty million dollars. Then imagine that you have competitors overseas who would have to pay a similar sum to develop a similar product.
Now imagine that these competitors are disinclined to spend fifty million dollars on the development effort, but they are willing to spend a million dollars to steal the information you developed, plus another million to implement it and beat you to market.
How can a million bucks be enough to get development information worth fifty million? Through a relatively low-cost espionage operation that begins with determining which of their potential victims is likely to be doing development in their field of choice. They can then find out who is working on the precise project that includes that information. At that point, how they get the information is immaterial as long as they get the information they need.
What are the possibilities? Multiple, unfortunately for you:
• They can hack your computer system.
• Even better, they can suborn someone on your computer staff, or get someone to get a job on your computer staff, and have them steal the information for them.
• If you have telecommuters working for you with access to sensitive information, or employees who take their work home with them, they can monitor them, get into their homes and steal the information from their laptops.
• They can use bribery. Oddly, most people who betray their employers – or their countries, for that matter – sometimes do it for surprisingly small amounts. You may think that millions of dollars of stolen information might cost them millions of dollars, or at least hundreds of thousands of dollars, but it will more likely only cost them in the tens of thousands.
• They can use blackmail.
• They can use deception operations (E.G. Have an employee meet a beautiful woman or handsome man, and, over a period of time fall in love and persuade the new love to steal the information, or steal information from them without their knowledge.)
• They can move someone in next door, have them become trusted friends, then they can steal the information.
• They can put someone on the cleaning staff that can bug offices, steal information, and put key loggers on computers to send out information of interest.
• They can get someone hired on the staff of the facility that stores your emergency backup system and steal the backup information.
• They can put someone on the staff of a supplier who has access to your information, but is less rigorously checked or monitored, and whose systems are less secure.
• They can rob your people at gunpoint.
Some of the above scenarios are, we admit, less likely than others. Depending on the value of the development, however, in some cases murder might not be far-fetched. Clearly, not everyone can be corrupted. (We can’t, but the consensus opinion among the single men in the company is that if you want to try, you should please try it via seduction.) But almost anyone can be robbed. And absolutely everyone lets their guard down or makes a mistake from time to time. If someone is spending a lot of time and money to be there to take advantage of that mistake, you may – you will! – have a problem.
The good news is that proper preparation can help you can avoid many of the risks of economic espionage (much of our work is helping companies do just that). And if you can’t avoid it entirely, you can anticipate the possibility (and try to detect it) and take some damage-limiting steps.
Being a victim of economic espionage is partly a matter of choice. The bad news is that many companies choose not to spend the time and money needed to protect themselves.
We like to think the regular readers of the ÆGIS e-journal are a cut above average, and that you have chosen – or will choose – the path of prudence, and will let some other less-than-prudent company be the victim of economic espionage.