Corporate spying grows

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://news.com.au/common/story_page/0,4057,4095601%255E15319,00.html

Karen Dearne
The Australian
09apr02

THE corporate spy trade is booming. One-quarter of Australia's largest
companies admit they are involved in "competitive intelligence
gathering", according to a PricewaterhouseCoopers survey.

The information-gathering techniques are almost always legal and
carried out by trained professionals - often former government
intelligence operatives highly trained in obtaining military and
economic secrets.

But the operatives were spying on competing companies rather than
foreign governments, and many companies were easy targets, PwC dispute
analysis and investigations director Richard Batten said.

"Corporations have people trained to obtain raw data from a wide range
of sources and apply traditional intelligence analysis techniques to
produce usable information," he said.

"It's worrying to find 62 per cent of companies have no protection in
place to stop the loss or theft of intellectual property -- even
though 30 per cent admit already experiencing at least one incident."

Competitors were involved in 37 per cent of incidents reported by
respondents to PwC's Intellectual Property Loss Survey 2001 -- up 15
per cent from the last survey, in 1998.

Mr Batten said most companies did not properly value their information
and intellectual property, and were often unaware that data had been
lost.

"If intelligence gathering is being done by a professional, the victim
will probably know nothing about it," he said.

"If a customer list is copied and taken out of a company, the original
list is still there and they may never know it has been taken."

Forty per cent of incidents were caused by people in a trusted
relationship with the company -- employees, consultants and
contractors -- up from 12 per cent in 1998.

"These people have internal access and it's easy for them to get
information without having to break in or bribe someone," Mr Batten
said.

"People get tempted - they may see the value of some information and
try to sell it to a competitor."

Theft or loss of laptops was less of a worry than the behaviour of
people using them in public places such as airports.

"Businessmen often work on sensitive projects on their laptops while
they are in a frequent flyer lounge, on a plane or even in a taxi," he
said.

"They don't pay any attention to who's sitting next to them and don't
realise how much information can be seen or overheard by others."

Laptops should always be secured by encryption and passwords so data
was not readily accessible to anyone who picked up a lost or stolen
laptop, he said.


-------------------------------------------------------------------

How to protect IP

Prepare an inventory that identifies the company's information and
intellectual property crown jewels.

Devise a method of valuing these information resources to establish
what material is worth protecting.

Undertake a risk management review of the total business operation to
discover security deficiencies.

Once the information protection hotspots have been identified,
controls can be put in place.



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.