When discussing Espionage, it often the case where opinions and viewpoints are driven by historical cases of espionage being purely isolated between state-level actors. In our modern and inter-connected world where economies are driven by trade, commerce, innovation and technological advances; state-level espionage has consequently been directed towards businesses and corporations. This evolving change presents enterprises with a clear requirement to protect their intellectual property and profitable assets from countries seeking to gain economic advantages.
Corporate Espionage threats are no longer exclusively attributed to state-level actors, an increasing number of enterprises report of continuous and often aggressive effort by their competitors to obtain privileged access to confidential and propriety information. Since businesses now have an increased reliance on cyberspace to transmit and produce corporate information – this has consequently provided corporate rivals with an additional approach when conducting espionage. Having said that, the human factor always had a central role in such covert activities. This puts the Boards of so many businesses in an uneasy situation. Countering espionage requires not only a holistic approach but an inclusive one. Such an approach should consist of extensive internal and external collaboration, communication, partnership and consistency with public and private organisations.
Intel-Lytix has supported several clients not only by investigating acts of Corporate Espionage, but also by designing holistic and inclusive governance strategies to provide them with a baseline of accountability within their respective frameworks. Recognising the fact that acts of Corporate Espionage are often enabled by ‘Insiders’ – our use of Staff Vetting and Background Screening has proven to be a valuable method when measuring a person’s level of integrity in addition to unforeseen risks ranging from associations with competitors, economic irregularities and improper behaviour.
Every enterprise is different, and the internal dynamics will vary depending on its industrial market, size, location and configuration. This factor means that there is no set blueprint for enterprises to design and introduce a Counter Corporate Espionage program with any degree of success without addressing the needs of their business and additional considerations by means of a Risk Analysis Profile complete with a series of recommended actions to take. However, enterprises are strongly encouraged to consider the following:
In short, there is no set answer due to the rapidly evolving and sophistication of threats and threat actors. However, within the context of physical security, we have recommended enterprises to consider the following general measures:
Of course, this above is just a very small number of recommendations that we have made for enterprises seeking to reduce threats from Corporate Espionage threat actors. In most regards, enterprises should ensure that security procedures are also extended to address document handling and storage processes, recruitment procedures, information security and personal security. The latter of which we have a long-standing history of addressing through the provision of Staff Vetting and Background Screening, Training and Awareness, and Risk Consulting.
Time is of the essence and it is essential for an enterprise to contain an incident as soon as an issue is identified. An investigation should be conducted as a matter of course in order to accurately identify the root cause of an incident; by doing so will enable an enterprise to implement measures to mitigate its impact. The investigation will further enable an enterprise to adapt and reconfigure their security arrangments to ensure that such incidents cannot be repeated.
Whether the incident is a cyber breach or an intentional leak of sensitive information to a competitor, the response that should be taken by an enterprise remains unchanged.