Spy vs. Spy

Money in the pocket and nothing to lose
May 15, 2018
Widespread corporate lapses highlight weaknesses in fraud detection
October 19, 2018
Show all

Spy vs. Spy

Based on the increase in incidences of industrial espionage in South Africa, it is evident that local companies do not have robust frameworks in place to effectively manage this risk.

The biggest mistake they still make is incorrectly assuming that industrial espionage only occurs in large companies and that it is predominantly a cyber-related threat. Meanwhile, most of their prevention tactics are usually geared at external risks and neglect breaches that are committed from the inside.

The reality is that other types of business espionage have dwarfed cyber intrusion. This is not that difficult to believe if one considers that the sales of eavesdropping devices in the country is unregulated, with fairly sophisticated devices bought for as little as R300 over the counter.

Technologies such as these have contributed to the more than US$1-trillion damage that is caused by non-cyber-related espionage, while US$400-billion is lost annually due to digital theft of business-critical data.

Many of these crimes are also being perpetuated closer to home than many would believe.

There have even been incidences where disgruntled employees, including at managerial and supervisory level, as well as representatives of supply-chain partners have been involved in leaking valuable intellectual property, including trade secrets, internal memos and sales reports.

Honest employees have even unwittingly provided information to rival companies as victims of “social engineering”, a carefully orchestrated operation that can take months or even years to succeed.

In these instances, one or more employees of a company are instructed to infiltrate their opposition by applying for available positions there.

Once they have successfully infiltrated their rival, they establish personal and working relationships with other employees to gain access to critical positions that entail overseeing important and sensitive information. This can include passwords for encrypted data, which is then recorded and shared with their real employers.

Operations such as these can have very serious negative consequences on bottom lines and business viability, and have even compromised reputations and brand legacies. In extenuating circumstances, companies have even lost sizeable market share overnight in increasingly competitive global economies.

While cyber threats remain a growing concern, businesses simply cannot continue to overlook other vulnerable areas, such as knowledge gaps and human frailty.

More time and resources need to also be expended in conducting security audits of premises to identify and test the rights of access and way for employees, as well as service providers.

Attention also needs to be given to processes for on-boarding new employees and those of external suppliers. Visitors to the premises must also be included in the analysis, and these findings shared with all employees.

Organisations should also initiate a strict clean-desk policy that is enforceable and establish a process for the secure and timely disposal of sensitive printed material to avoid, for example, “dumpster diving”. This is a very low-tech industrial espionage tactic that simply involves stealing private information, such as passwords, social security numbers, internal memos and payroll data, from garbage disposal areas.

While espionage is also a major threat to private companies, it has reared its ugly head in state-owned enterprises (SOEs) on more than one occasion.

A widely publicised example is the stolen blueprints for the Rooivalk helicopter by a foreign intelligence agency, as well as the theft of details of missile systems and other intellectual property.

The Al-Jazeera spy-cables also revealed that France and the United States had been attempting to influence the bidding process for the expansion of Eskom’s proposed contentious nuclear-build programme.

In addition to its cutting-edge debugging capabilities, Havensec Solutions provides state-of-the-art private and civil investigations, polygraphing services, discreet surveillance and information gathering, as well as off-site monitoring.

Our clients have also benefited from our extensive experience using covert cameras to protect their businesses, as well as our undercover investigations that reveal significantly more information than most security systems.

Leave a Reply

Your email address will not be published.