Watching your back: countering industrial espionage the intelligent way

October 2002 News

To many companies security badges, sign-in sheets, video cameras and other physical surveillance methods create a wall of protection against information theft. However, with most penetrations and information loss coming from within an organisation, these measures alone cannot adequately protect a company.

"Most penetrations and compromises are perpetrated by the target's own employees, by electronic or cyber intrusion, surveillance or photography," said Howard Griffiths, managing director of Griffiths & Associates. "In addition, significant amounts of company strategy are often given away in company websites, publicity material and at trade fairs, all unwittingly," he said.

"The official FBI statistics in the US are that at any one given period in time, that bureau has nearly 1000 open investigations into extremely serious cases of economic espionage of trade secret thefts," Griffiths said. "The only way to counteract activity on this scale is for companies to implement both reactive and preventative counter intelligence programs."

These programs should include employee training, site surveys, inspections and investigations. The company should also develop and maintain files on alleged, reported, and actual attempts at penetration. "Every company must have a counter intelligence manual outlining procedures for the protection of sensitive information, including how to handle incidents that occur," said Griffiths. These manuals should then be made available to personnel within responsible offices so that any incident can be dealt with promptly and consistently.

Overall strategy

The first step in developing such an overall strategy must be the conducting of a vulnerability assessment. The following checklist of important issues is an example of the type of information to be collected in this assessment:

* Employee names, titles, and position, for employees in sensitive positions.

* Responsibilities and types of access to sensitive data.

* Identification of those with whom each employee is authorised to share sensitive information.

* Audit trails and records kept relative to individuals who have been given access to proprietary data.

* Activities where employers could be approached by intelligence gatherers, such as seminars and workshops. Employees should be asked to describe any contacts initiated by other persons seeking any type of corporate data.

* Any gratuities offered or received from providing any type of corporate data. Employees should be asked to identify all types of corporate data being elicited and what responses were given and any ensuing conversation with the person asking for the information.

"The information gathered from this checklist and the general assessment will indicate strengths and weaknesses in the company's protective posture," said Griffiths. It will help security personnel determine which of the company's operations might be likely targets of business intelligence efforts and, just as importantly, allow the company to determine which counter intelligence strategies to put into place."

For more information contact Howard Griffiths, Griffiths & Associates, 011 786 8556, howard@griffithsonline.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

iPulse to distribute Hitachi’s VeinID products
Issue 4 2021, iPulse Systems , News, Access Control & Identity Management
Hitachi Europe, a pioneer of finger vein biometric technology and iPulse Systems have announced a partnership to allow iPulse to distribute Hitachi’s VeinID products and solutions in Africa.

Read more...
Cloud Security 2021: Latest trends and insights
Issue 4 2021 , News
With cloud security continuing to be a hot topic in 2021, Fortinet and Cybersecurity Insiders decided to ask cybersecurity professionals around the world and across all industries for their latest insights.

Read more...
Panomera S-Series recognised with iF Design Award 2021
Issue 3 2021, Dallmeier Electronic Southern Africa , News
All Panomera models are equipped with the uniform Quick-Lock system, which makes them compatible with all mounting options – for wall, ceiling, mast and edge storage.

Read more...
AVeS launches cybersecurity awareness campaign
Issue 3 2021, AVeS Cyber Security , News
Amidst rising cybercrime, ongoing lockdowns and the Protection of Personal Information Act (PoPIA) deadline in South Africa, organisations and their employees are facing a staggering increase in cyber risks.

Read more...
PoPIA: De-identifying, matching and filing
Issue 3 2021 , Editor's Choice, News, Security Services & Risk Management
Three of the crucial areas in organisational PoPIA compliance that must be discussed include de-identifying, information matching programmes and filing systems.

Read more...
ONVIF releases Profile M
Issue 3 2021 , News, CCTV, Surveillance & Remote Monitoring
ONVIF has released Profile M to address the dynamic video analytics market as well as expanding the pathways for the use of metadata and event handling into other systems, such as access control, cloud services and IoT platforms.

Read more...
Top cybersecurity considerations for SMEs in 2021
Issue 3 2021 , Cyber Security, News
Cisco has published its 2021 SMB Security Outcomes Study, highlighting what SMB leaders are doing to thrive in today's ever-evolving threat landscape, as well as offering actionable insights on where they should focus.

Read more...
Never allow someone onto your property without asking questions first
Issue 3 2021, Fidelity Services Group , News, Security Services & Risk Management
Opportunistic criminals are always looking for easy targets. Being aware of basic personal safety measures can go a long way towards protecting you from impersonators and imposters.

Read more...
From the editor's desk: A storm in the cloud
Issue 4 2021, Technews Publishing , News
The latest ransomware attack, named Kaseya after a company that provides a number of tools to customers all over the world, has hit a number of companies ‘downstream. In other words, some of the companies ...

Read more...
Winners of the inaugural South Africa OSPAs
Issue 4 2021, Technews Publishing, Secutel Technologies, Cathexis Technologies , Editor's Choice, News, Integrated Solutions, Security Services & Risk Management
The presentation of the first-ever South Africa Outstanding Security Performance Awards (OSPAs) took place virtually on Thursday 3rd June 2021 as part of an internationally attended online thought leadership webinar.

Read more...