.

Sunday, July 21, 2019

The Evolution Of Corporate Espionage Business Essay

The Evolution Of Corporate Espionage Business Essay Espionage is the use of illegal means or deceptive practices to gather information. It is also commonly referred to as industrial or economic espionage. Industrial Espionage (or Economic Espionage) is the clandestine collection of sensitive, restricted or classified information. This information by its very nature is not openly accessible and can only be obtained through covert collection means. Industrial Espionage might include the theft of sensitive or restricted competitor information (such as financial data, restricted manufacturing processes, customer accounts, etc.), covert recruitment of sources within a competitors firm, and other such methods. Each and every day covert activities are being conducted for the purpose of obtaining information that can create value for another organization, be it a business or another government. Corporate initially meant united in one body (1398, from L. corporatus or corpus which means body  [1]  ). However, in due course of time the term the connotations attached with it finally paved way for the new age definition which is pertaining to a corporation or a group come together for a common goal. Moving onto Espionage, it means the systematic use of spies to get military, political or industrial secrets (1793, from Fr. Espionage  [2]  ). Corporate Espionage basically suggests impregnating a corporate system or structure with spies or systems so as to facilitate leakage of information which could in all probability mar the growth, financial stability the prospects of the victim organization to have sustained development in future. Corporate Espionage would cover illicit activities like theft of trade secrets, bribery, blackmail technological surveillance. And with developments that followed in the recent years, even attempts to sabotage a corporation may be conside red corporate espionage. Basically there are three primary motivations behind corporate espionage. First, an individual corporation may use corporate espionage to advance their goals towards maximizing shareholder value. Secondly, state-sponsored corporate espionage is an essential ingredient of modern day economic warfare or military application of the intellectual property. Thirdly, special interest groups may conduct corporate espionage to gather data to further their cause (i.e. environment interests). There are also instances where the distinction between legal and illegal intelligence gathering activities is blurred. Probably the most notorious case of corporate espionage that has been dealt in this study is Proctor and Gambles attempt to find out more about Unilevers hair care business by hunting through their garbage bins. Distinction between corporate espionage and competitive intelligence The difference between competitive intelligence and industrial espionage, is significant. By definition, industrial espionage refers to illegal activities which range everywhere from outright theft to bribery and everywhere in between. Conversely, competitive intelligence collection is governed for the most part by adherence to corporate and professional ethics which preclude the use of illegal means to obtain information. Moreover, the distinction between the two is in terms of modus operandi. At bottom, the competitive intelligence process consists of collecting information as elements which when legally, ethically but rigorously collected and analyzed, can provide the same kinds of information as might otherwise have only been available through such illicit means as theft. Burglary, outright theft or bribery might be some of the ways that criminals would resort to in order to obtain what a competitor may need constituting an act of corporate espionage. The evolution of corporate espionage over decades and the rationale behind its use The history of corporate/industrial espionage probably dates back to the sixth century when Justinian, the Byzantine emperor hired two monks to visit China. He wanted them to gain an understanding of silk production in China and to smuggle silkworm eggs and mulberry seeds out of that country to break its worldwide monopoly on silk production. The monks smuggled these eggs and seeds out of China in hollow bamboo walking sticks. Subsequently, in a few years the Byzantine Empire replaced China as the largest silk producer in the world. Over the centuries, industrial espionage practices continued to play a major part in the development of many countries. In the 18th century, alarmed by the industrial and military supremacy of Great Britain, France sent its spies to steal the latters industrial secrets. Corporate espionage gained more attention in the last few decades. Some of such instances are mentioned herein: In 1999, one of the most famous cases of corporate treachery, a Taiwanese company head was arrested as he was convicted to have paid an Avery Dennison (U.S. Label manufacturer) employee $160,000 for the secret formulas for the companys pressure-sensitive adhesive. In 1996, General Motors sued Volkswagen, charging that GMs former head of production had stolen trade secrets turned them over to Volkswagen. In 2000, Oracle Corporation head Larry Ellison had hired an investigation firm to dig out embarrassing secrets about Bill Gates headed Microsoft. In 2001, FBI arrested two employees from Lucent Technologies for conspiring to steal lucent trade secrets sell them to the Chinese government. In 2003, Italian auto manufacturer Ferrari charged Toyota with stealing the design for its Formula One racing car. Looking at the recent trend it becomes clear that corporate espionage cases have been increasing by leaps and bounds. The reasons for this can be attributed as: -advent of the information age with its tools and technologies has made it much easier to gather information and analyse intelligence. -Trained intelligence analysts can easily ferret out deeper information through masqueraded phone calls, purported interviews of the victim companys employees, going through their garbage, creating e-relationships with employees or joining use nets frequented by them. -The second issue that places most companies at risk is lack of employee awareness and education. At times, the management is to blame for the myopic approach that IT security should safeguard its intellectual property. The misplaced over-dependence on technology to protect the companys intellectual property is ridiculous, given that, even in the most digitised companies, over 70 per cent of critical information is still in non-digital forms. -Companies that invest hundreds of thousands of dollars in firewalls and PKIs (public key infrastructure) forget that over 15 per cent of their employees are talking to prospective new employers (or competition) at that very moment. Or that several third parties and temporary employees are swarming all over their organisation with complete access. -The single factor that makes corporate espionage devastating is its transparent nature. Physical assets when stolen get noticed and things can be attended to rapidly. But a company could be getting robbed of intellectual property or competitive advantage for years and might still not know what exactly is going wrong. Thus what began as that innocuous glance at what competition is doing, just to keep oneself abreast of the latest developments in the business one was in, is now taking the ugliest forms of ethical and legal violation. And this includes the entire gamut of wrongdoing: the selling of technological knowhow, product design, research papers, client lists and other trade secrets by loyal employees, infringing intellectual property law, teams resigning en masse from a company, taking along with themselves upscale, lucrative customers to the new entity, selling defence secrets in the lure of monetary kickbacks, and what not. In fact, corporate espionage has moved far from within the confines of the corporate sector to foreign nations, with many IT expatriates and even foreign employees with acquired citizenship acting as a conduit for the flow of confidential information from one corporate to another, from one nation to another. Cross border businesses and employees, remotely located custom ers in an era of E-Commerce, telecommuting contractual employees-all these are adding to the ease with which these acts of malfeasance are being committed. It is interesting to examine the Annual Report to U.S. Congress on Foreign Economic Collection and Industrial Espionage, FY 2008, it brings out the following:- The threat to the United States from foreign economic intelligence collection and industrial espionage has continued unabated since the publication of the Annual Report to Congress on Foreign Economic Collection and Industrial Espionage, 2007. Economic espionage cases went up slightly and nearly every day brought reports-in the press and in the classified world-of new cyber attacks against US Government and business entities. Additionally, the increasing use of new modes of communication and social networking provided uncharted opportunities for transferring information and spying on the part of enterprising foreign intelligence services. According to evidence amassed by the US CI community, a wide variety of foreign entities continued to try to illegally acquire US technology, trade secrets, and proprietary information. With companies encouraging outsourcing of research and development (RD) and establishing foreign bases of operation, foreign entities had more opportunities to targe t US information and technologies and mask their collection activities. As a result, it was increasingly difficult to measure fully the extent of their espionage and illegal acquisitions. Nonetheless, the CI community assessed that the cost in FY 2008 remained high, given the number of legal cases, investigations, and technologies targeted. à ¢Ã¢â€š ¬Ã‚ ¢ The FBI opened 55 new cases and pursued 88 pending cases during the reporting period, slightly more than reported in FY 2007. à ¢Ã¢â€š ¬Ã‚ ¢ ICE made 158 arrests in FY 2008 and achieved 187 indictments that resulted in 143 convictions for export-related criminal violations, more than any other Federal law enforcement agency. These efforts-similar to the previous year-significantly contributed to preventing sensitive US technologies, as well as weapons, from reaching terrorists, hostile countries, and violent criminal organizations. à ¢Ã¢â€š ¬Ã‚ ¢ DOC/BIS participated in more than 792 export investigations. This resulted in 40 criminal convictions, $2.7 million in criminal fines, over $800,000 in forfeitures, 56 administrative cases, and $3.6 million in administrative penalties. Wide Ranging Group of Actors According to information compiled during the reporting period, businessmen, scientists, engineers, and academics, as well as state security services from a large number of countries, continued to target US information and technology. The bulk of the collection activity, however, came from a core group of countries. Enduring Acquisition Methods While the most frequently reported collection methods remained the same during the past year, requests for information (RFI); exploitation of open-source media; and requests to purchase or share technology were often used. Some reports indicated an increase in the use of multiple methods in single contacts. General techniques included: RFIs Collectors used direct and indirect requests for information in their attempts to obtain valuable US data. These types of approaches often included requests for classified, sensitive, or export-controlled information. Solicitation or Marketing of Services Foreign companies sought business relationships with US firms that would enable them to gain access to sensitive or classified information, technologies, or projects. Acquisition of Technology Collectors continued to exploit direct and indirect acquisition of technology and information via third countries, the use of front companies, and the direct purchase of US firms or technologies in 2008. Conferences, Conventions, and Trade Shows These public venues offered opportunities for foreign adversaries to gain access to US information and experts in dual-use and sensitive technologies. Official Foreign Visitors and Exploitation of Joint Research Foreign government organizations, including intelligence and security services, also targeted and collected information, frequently through official contacts and visits. Statistics on visits and assignments to DOE facilities indicate that the number of visitors remained relatively stable compared to 2007. The statistics also show that visitors made multiple visits to individual facilities. China and Russia accounted for a considerable portion of foreign visits to DOE facilities during FY 2008. Cyber Attack and Exploitation Cyber threats are increasingly pervasive and are rapidly becoming a priority means of obtaining economic and technical information. Reports of new cyber attacks against US Government and business entities proliferated in FY 2008. Several adversaries expanded their computer network operations, and the use of new venues for intrusions increased. Threats against mobile telephones rose as well. Blackberry and iPhone-essentially general purpose computers-are susceptible to malicious software, according to opensource reporting. Foreign Targeting of US Travelers Overseas Foreign collectors also targeted US travelers overseas. Collection methods included everything from eliciting information during seemingly innocuous conversations to eavesdropping on private telephone conversations to downloading information from laptops or other digital storage devices. Targeted Information and Sectors Foreign collectors continued to seek a wide range of unclassified and classified information and technologies. Information systems attracted the most attention; aeronautics, lasers and optics, sensors, and marine systems were other top targets. Where as in case of India a report by Leslie DMonte Sapna Agarwal / Mumbai  February 10, 2007 from Business Standard (http://www.business-standard.com/india/news/corporate-espionage-goes-undetected-unsolved-in-india/274229/) highlights the existing state of affairs , in that Corporate espionage virtually goes undetected and unresolved in India. The arrest of a VSNL employee for allegedly leaking information to a competing company is one of the few cases of corporate espionage to have come to light. However, a majority of corporate espionage cases go undetected. If detected, very few complaints come to light. And in the few cases that complaints are registered, hardly any action is taken. Only 20 per cent of corporate espionage cases are detected. Of this, a mere 20 per cent get reported and only 10 per cent can be solved, says Raghu Raman, CEO, Mahindra Special Services Group. Moreover, there have been very few convictions in India till date for corporate espionage or data theft, while not a single case has been registered under Section 66 of the IT Act 2000 the recent online ticket booking fraud cases where airlines were duped, is a case in point. In data theft cases, proving the crime is difficult. Besides, it could span across countries, under different jurisdictions, making it more difficult for law enforcement agencies, explains Vijay Mukhi, president, Foundation of Information Security and Technology (FIST). Every company I meet knows they are victim of some or the other form of data theft, but are not aware of how to deal with it, he adds. Any corporate leveraging intellectual property rights (IPR), offering cost-effective solutions or innovative or ingenuous solutions and not taking structured measures to protect its IPR, loses 5-10 per cent of their revenues to data theft, corroborates Raman. We get at least one or two cases every month, besides many inquiries; our clients ask us for specific information from their competitors or send dummy interviewees to find out salary packages, says Sunil Sharma, CEO, Authentic Investigation, Delhi. Ajay Jugran, Partner of law firm, Lawcombine, says, This malady is deep-rooted. Its prevalent when PSUs call for bids. Trading in bidding information is rampant. Companies are even using annual maintenance (AMC) contractors to plant surveillance software in rival firms. The software gives a daily log of the data via e-mail. Corporates have not woken to this fact despite the fact that the law (unless for national security purposes) does not permit this, explains cyberlaw expert and Supreme court lawyer, Pavan Duggal. Corporate Espionage has risen to epidemic levels. Espionage strategies range from illegal to merely seedy. In most cases, the best defense is employee awareness. The current organisational focus on risk management, governance, and compliance has, for some, blurred the responsibility for ensuring the security of an organizations assets. Corporations have to reconsider the effectiveness of their overall security programs, given the current threat of corporate espionage. Comprehensive security programs should address this threat. Though espionage cannot be eliminated, implementing multi-layer safeguards will at least minimize losses. What Can Companies Do? As competition in the global market place increases, so will the instances of corporate espionage. Therefore, companies both big and small need to take steps necessary to protect themselves from becoming a victim. Here are four necessary steps to help protect valuable data from falling into the hands of competitors. 1. Companies must identify what information is sensitive and classify it as such. Information such as RD processes and innovations or new market strategies are easily identified as sensitive. However, other information such as personnel files, pricing structure, and customer lists are often overlooked and left unprotected. 2. A company should conduct a risk assessment to identify vulnerabilities, and the probability that someone will exploit those vulnerabilities and obtain sensitive information. 3. Establish, review and update security policies and appropriate safeguards, both procedurally and technologically, to thwart attempts to exploit vulnerabilities and gain access to valuable company data. 4. Train all employees. Users, managers and IT staff all need to be trained in what business information needs to be safe guarded, techniques that can be used to gain access to sensitive data, and what procedures should be taken to report compromises or suspected attempts to solicit sensitive information. Government Involvement in the Espionage Threat Countermeasures -The government must conduct a threat assessment to determine risk and External / Internal flaws in the security the major corporations both private and public sector undertakings so as to prevent any possible attack of espionage. This would help protect such information as is necessary for keeping the economy of nation on track and preventing from it from any derailment by the financial loss that might be caused due to espionage activities. -There is a need of initiative on the part of government to make policies and procedures that would help in controlling the rampant increase of espionage activities. Such policies and procedures must be in writing and easy to understand and should be accessible easily. Further it is also needed that such regulations passed by government must be disseminated so that it becomes friendlier for the victim of corporate espionage to take recourse to the measures provided under this. -The government must also stay updated with regard to various developments that take place in the corporate world. For this revision of such policies and procedures is required from time to time. Such policies must also be updated annually so as to keep in touch with the latest technological developments. -The government must also take care of its assets, its people, its information, and its property so that it can utilize all these resources properly without any threat of being espionage by enemy organizations. -The government while handling various public sector undertakings must take care of its human resources. There must be Proper Position Descriptions of all the employees which must be accompanied with Pre-Employment Investigations about their background. It must be followed by Periodic Investigations so as to check any change in the behavior of a disgruntled employee. -The government must also advocate for the publication and release of Audits and Investigations. There must be regular audits of all areas, as this would help in investigations of losses and investigations of violations of policy. After doing this the government would be successfully able to check corporate espionage.

No comments:

Post a Comment