Corporate counterintelligence - protecting business information

May 2003 News & Events

The purpose of this article is to provide a brief understanding of what counterintelligence is; its role in the corporate environment and how it supports management to protect business secrets and intellectual property.

Corporate counterintelligence is the reverse form of business espionage and business intelligence. It could also be described as the `other side of the intelligence coin' and its main purpose is to protect business information.

In 1981 H.E. Rowan wrote in Protective Security (A South African Approach) that "Few people believe that industrial espionage really exists and those who believe in its existence do not appear to know enough about the subject to be able to define the essential elements. Where industrial espionage is taking place, protection and assurance are lacking..."

It appears that since then not many in management have realised that the threat is real, nor have they been able to understand what should be protected, and why. Many companies still employ outdated measures that do not address the threats against business information.

Regular headlines about industrial espionage, business intelligence and information theft indicate that the adequate protection of proprietary information has since become a worldwide problem.

It is also not restricted to one specific industry. Examples of incidents can be found in the academic, agricultural, communications, defence related, fibre optics, financial, food, pharmaceutical, software, stationary and tobacco industries.

As recently as March 2003, various local newspapers and magazines reported on the alleged spying incidents in the Gauteng business circles. Peter Honey writing for the Financial Mail magazine (21 March 2003) wrote that "The Gulf War has broken out in Gauteng as some of the country's most visible businessmen go undercover to fight their corporate battles."

Companies have always gathered intelligence. Whether it was the simple act of looking at a competitor's pricing in a catalogue or listening to potential customers' views about a company's competitors, intelligence gathering in business is nothing new.

Many companies now go to great lengths to obtain information about their competitors. They can make use of legal/ethical, unethical or illegal information-gathering techniques or a combination to gather business secrets. Companies' do not all abide by an ethics code and many misrepresent them or break laws to get information about their competitors.

Counterintelligence and the protection of information are business decisions. Corporate executives will have to take responsibility and should no longer be satisfied with outdated advice from security companies and managers still clinging to traditional protection approaches.

Many executives are still unaware that their security measures will not always protect their confidential information. Cameras, guards, gates, fences, etc, are easily manipulated by those practising business intelligence and corporate espionage.

The need for counterintelligence

Much has changed in the business world since Rowan expressed his concerns about the preparedness of our companies to counter the business intelligence threat in its various guises. Many companies have ceased to exist, others had to change their operations, find new markets, modernise or had to expand to be competitive and efficient. We are taking part again in the global economy and have many international and new competitors.

Worldwide, companies are becoming more and more dependent on good intelligence (analysed information) regarding their competitors, environment, suppliers, products and even their customers to stay competitive.

"...the old cliché 'Knowledge is power' is an understatement. Knowledge is the lifeblood that perpetuates the existence of your organisation and if utilised properly, could level your competition to shambles" (Helms, Ettkin & Morris - Information Management & Computer Security - March 2000).

The original concept of security, still practised by many companies, cannot protect against attacks against information. Most in the traditional security profession are only accustomed to dealing with the physical aspects of security and property and find it difficult to make the leap into the new knowledge and information-based world.

Security policies also do not always make provision or take into account the scope of existing and modern day protection requirements, ie, determining what sort of information resides in a company that would be worthwhile to a competitor.

A company that has strict standards of physical security can be devastated by a 'penetration agent', a staff member working for a competitor.

"The actual fight requires a change of philosophy. Twentieth-century security doctrine, held a static conception for protection. 'Hunker down' behind defences of locks, fences, guards and alarm systems, was the prime directive. But in a world of portable information with the Internet, laptops, pocket PCs and cellular devices, the traditional security perimeter becomes an illusion" (R.L. Mendell - Security Management - April 2003).

Most of the time the security departments are not to blame as they are increasingly being given more responsibilities, but unfortunately the budget, training, equipment and professional development are not keeping pace with modern day requirements.

Computer security professionals again operate in an environment where security controls are invisible, unobtrusive deterrents. Unfortunately the protection of modern organisations and businesses involves more than installing appropriate technologies, buying the right insurance policies, protecting data networks and guarding critical infrastructure.

It requires the integration of the organisation's security, computer security and information protection with corporate strategy. Appropriate protection standards have to become an integral part of an organisation's business strategy.

Complacency, carelessness and poor security practices all contribute to how confidential information is lost. What others know about a company can make or break that company's ability to compete in the future. The protection of proprietary information is also much more than physical, computer or data security.

Intellectual property and confidential information are the areas usually neglected by management as well as security managers. They do not really concern themselves with loose lips, discarded documents, trade shows, friendships, the press, opportunists and disgruntled former staff.

Intellectual property (trade secrets, patents, formulas and processes, pricing strategies, industry sources, client and customer information) are becoming more and more critical to maintaining a competitive edge. Confidential information again concerns the infrastructure, personnel records, internal communications, agreements, supplier agreements, reports, work procedures, research, etc.

"Indications are that economic espionage, including trade secret thefts and competitive business information/intelligence gathering, will intensify and be more aggressively pursued in the new millennium" (P.F. Kalitka - Periscope - March 2000).

What is counterintelligence?

The most basic objective of business counterintelligence is to protect information from those who are not authorised to receive it, to counter potential threats and of course to enhance security.

It should not only protect against aggressive and illegal information gathering (espionage) but also against open and legal collection efforts that can harm a company and affect its ability to compete in its market.

It will spot the danger signals, prevent illegal activities such as electronic eavesdropping, carefully control critical information that a company publishes about itself and protect those areas vulnerable to business and competitive intelligence efforts by making it difficult for competitors to collect information.

Counterintelligence has both passive and active components. Passive counterintelligence aims to prevent what an adversary may do and comprises defensive and preventative countermeasures such as awareness briefings, technical surveillance countermeasures, defensive programmes and penetration testing.

Active counterintelligence differs from passive counterintelligence. Once the threat or hostile entity has been detected and identified, active counterintelligence will investigate and conduct operations to eliminate any ongoing or threatening action. When employed actively it is also a collection process. To be able to counter what an adversary may do companies need reliable and good information about competitors' intentions, capabilities, budget and resources to conduct intelligence and collection operations.

Possible indicators of intelligence operations taking place

1. Competitors knowing about projects, confidential business, trade secrets and strategy.

2. Various enquiries made by strangers such as students, researchers, and others about company secrets and projects.

3. Repair technicians showing up to do work when no one has called them.

4. Regularly losing to the same competitor(s) with very small margins in tenders and business contracts.

5. Electronic bugging and surveillance devices discovered on business premises.

6. Constant unusual requests for information or for permission to visit company premises or facilities.

7. Key staff leaving to go and work for competitors.

8. Confidential material, information and equipment such as laptops being stolen under suspicious circumstances.

9. Competitors launching products looking very similar to existing products/designs.

10. Staff reporting surveillance, recruitment attempts or suspicious enquiries and behaviour.

11. Competitors establishing competitive intelligence or marketing intelligence units.

12. Competitors hiring a number of analysts or starting new divisions dealing with corporate strategy, industry and competitive analysis.

Employing counterintelligence

Unless the security division in a company possesses a deep understanding of their own company's business, objectives, strategies and plans and know the company's competitors (intentions and capabilities) they will not be able to counter the information collection efforts and the threats.

The first step is to determine what information has to be protected, for how long and from whom. There is not much that a company can do once a guarded secret is stolen. In this regard the old saying prevention is better than cure, is especially true.

The next step is to educate all employees through awareness briefings to make them aware of the value of corporate information. Companies spend millions on firewalls, access control and other security barriers, but few invest in counterintelligence awareness training for their staff. The best security systems will be useless if personnel are ignorant about the tactics and modus operandi employed to steal business secrets.

Protective programmes have to be employed which includes watching your own company's surroundings and activities to see who else is watching and involved. Include third parties in the surveys and counterintelligence audits. Over time vendors and suppliers can develop stronger bonds with competitors.

If all avenues to a company and its personnel have been successfully cut off the industrial spy will turn to technology. Regular technical surveillance countermeasures (TSCM) surveys will reveal electronic and technology attacks. Technical surveillance countermeasures are counterintelligence activities and refer to a set of measures employed to identify and to investigate hostile technical devices planted by an adversary for collection purposes. It is largely directed at the protection of information but will often reveal physical and other security problems, lack of education and can help to assess the vulnerabilities of sensitive facilities.

The elements of protection change as business operations change. Counterintelligence is a critical task and cannot be suitably accomplished as an additional duty. It has to extend across all organisational levels. The skills and technology required is different than those for the protection of people, buildings, etc.

"Counterintelligence properly understood, aims to engage and neutralise competitors collection efforts through a variety of imaginative, flexible and active measures (J.A. Nolan - Phoenix Consulting Group).

Conclusion

Companies and security managers should be alert at all times where no formal counterintelligence structure exists within a company. Private intelligence is a growing industry in South Africa and the world. There is no such thing as a coincidence. One of the basic premises of counterintelligence is that coincidences do not just happen. The moment that a company starts to recognise too many 'coincidences' it might be too late. Counterintelligence programmes should be in place to recognise the indicators that industrial espionage and intelligence operations could be affecting a company.

To admit the need for business counterintelligence is to concede that current security and protection measures are and have been, inadequate. Many also feel that the threats that are countered by counterintelligence do not exist in South Africa and that only the big companies, government and the defence industry is targeted. The truth is that many small companies are targeted because of the total lack of any security or countermeasures.

To remain competitive, companies need to allocate resources for the protection of information and counterintelligence. By implementing counterintelligence as part of its business strategy, management will strengthen its company's overall competitive position in the market place.

ABOUT THE AUTHOR:

Steve Whitehead specialises in corporate counterintelligence matters and regularly writes and speaks on the subject. His articles have appeared in a number of local and international publications. He is a member of international bodies such as the Espionage Research Institute (ERI), Business Espionage Controls & Countermeasures Association (BECCA), American Society of Industrial Security (ASIS), the Society of Competitive Intelligence Professionals (SCIP) and local associations such as the South African Institute of Security (SAIS), Countermeasures Association of SA (CASA) and the South African Association of Competitive Intelligence Professionals. (SAACIP) He is involved with two South African companies, TSCM Services and CBIA. Both companies are leaders in their respective fields and focus exclusively on intelligence and counterintelligence matters in the corporate sector. Before joining the corporate sector in the early 1990s he served as a senior government counterintelligence specialist. He can be contacted on 012 664 3157.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
The power of PKI and private sector innovation
Access Control & Identity Management News & Events Government and Parastatal (Industry)
At the recent ID4Africa 2025 Summit in Addis Ababa, the spotlight was firmly on building secure, inclusive, and scalable digital identity ecosystems for the African continent.

Read more...
Bosch Security renamed Keenfinity
News & Events
Globally renowned brands for video systems, access control and intrusion alarm systems, as well as communication systems, unite under the roof of the new company Keenfinity Group.

Read more...
2025 video surveillance market set for improved fortunes
News & Events Surveillance
Novaira Insights has unveiled its latest report, World Market for Video Surveillance Hardware and Software – 2025 Edition, forecasting a healthy growth rate of 8,1% until 2029, excluding China.

Read more...
Wialon announces integration with fleet maintenance and optimisation platform
News & Events Transport (Industry) Logistics (Industry)
Fleet management software platform integrates with a fleet maintenance and optimisation platform to support mutual customers for better workflows and deeper insights into fleet operations.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Value and industry insight
Securex South Africa Training & Education News & Events
Securex South Africa 2025, co-located with A-OSH EXPO, Facilities Management Expo, and Firexpo, drew thousands of security professionals from across the continent and beyond, offering a platform for networking, product discovery, and knowledge sharing.

Read more...
Gallagher Security achieves ISO 27001 recertification
News & Events Training & Education
Gallagher Security has successfully achieved certification to the updated ISO/IEC 27001:2022 standard for Information Security Management Systems (ISMS). This accomplishment builds on previous certifications and reflects a continued commitment to the highest standards of information security.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.