[ISN] Corporate spying grows

From: InfoSec News (isnat_private)
Date: Wed Apr 10 2002 - 01:50:51 PDT

  • Next message: InfoSec News: "[ISN] Wartime CIOs Alter Security Strategies"

    Forwarded from: William Knowles <wkat_private>
    
    http://news.com.au/common/story_page/0,4057,4095601%255E15319,00.html
    
    Karen Dearne
    The Australian
    09apr02
    
    THE corporate spy trade is booming. One-quarter of Australia's largest
    companies admit they are involved in "competitive intelligence
    gathering", according to a PricewaterhouseCoopers survey.
    
    The information-gathering techniques are almost always legal and
    carried out by trained professionals - often former government
    intelligence operatives highly trained in obtaining military and
    economic secrets.
    
    But the operatives were spying on competing companies rather than
    foreign governments, and many companies were easy targets, PwC dispute
    analysis and investigations director Richard Batten said.
    
    "Corporations have people trained to obtain raw data from a wide range
    of sources and apply traditional intelligence analysis techniques to
    produce usable information," he said.
    
    "It's worrying to find 62 per cent of companies have no protection in
    place to stop the loss or theft of intellectual property -- even
    though 30 per cent admit already experiencing at least one incident."
    
    Competitors were involved in 37 per cent of incidents reported by
    respondents to PwC's Intellectual Property Loss Survey 2001 -- up 15
    per cent from the last survey, in 1998.
    
    Mr Batten said most companies did not properly value their information
    and intellectual property, and were often unaware that data had been
    lost.
    
    "If intelligence gathering is being done by a professional, the victim
    will probably know nothing about it," he said.
    
    "If a customer list is copied and taken out of a company, the original
    list is still there and they may never know it has been taken."
    
    Forty per cent of incidents were caused by people in a trusted
    relationship with the company -- employees, consultants and
    contractors -- up from 12 per cent in 1998.
    
    "These people have internal access and it's easy for them to get
    information without having to break in or bribe someone," Mr Batten
    said.
    
    "People get tempted - they may see the value of some information and
    try to sell it to a competitor."
    
    Theft or loss of laptops was less of a worry than the behaviour of
    people using them in public places such as airports.
    
    "Businessmen often work on sensitive projects on their laptops while
    they are in a frequent flyer lounge, on a plane or even in a taxi," he
    said.
    
    "They don't pay any attention to who's sitting next to them and don't
    realise how much information can be seen or overheard by others."
    
    Laptops should always be secured by encryption and passwords so data
    was not readily accessible to anyone who picked up a lost or stolen
    laptop, he said.
    
    
    -------------------------------------------------------------------
    
    How to protect IP
    
    Prepare an inventory that identifies the company's information and
    intellectual property crown jewels.
    
    Devise a method of valuing these information resources to establish
    what material is worth protecting.
    
    Undertake a risk management review of the total business operation to
    discover security deficiencies.
    
    Once the information protection hotspots have been identified,
    controls can be put in place.
    
    
    
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Apr 10 2002 - 04:41:36 PDT