Corporate Counter–Intelligence
From the guards at the gates, to members of the company’s I.T. dept, to the staff and executives at every level; the basic understanding of counter-espionage should be a required skill.
NewsBharati 05-May-2022 11:15:29 AM
Total Views |
When we think of espionage and spies, the first thought that comes to our mind is that flamboyant agent with a three-digit code number, fast cars, glamour and of course the very unique ‘license to kill’.
In reality however; espionage and counter-espionage, which in current times is defined as data-mining and data analysis is the core of gathering information against your competitors and adversaries. However, most corporates and even law enforcement fail to understand the enormity of the threats themselves. Most professionals in the security sector have never had any training in counter-espionage and training in espionage is considered illegal in many countries. And, therein lies the problem. Since it is not taught at any level, and included as part of the overall security and risk management strategy, its literally unknown and ignored. However, it is actually a very critical issue in the management of risk.
Espionage starts with research of the company from whom information is to be acquired. This consists of surveillance and data-mining (essentially intelligence gathering) to define the weak spots in the target organization; be it to identify a person from whom information can be easily obtained, to identifying weakness in the communications systems and of course in the I.T. system, which is more easy to hack, unless there is a presence of multiple fire-walls.
The general perception is that all aspects of intelligence gathering and counter-intelligence have to be high–tech and require large budgets. In actuality, it can be done on affordable budgets and using low-tech strategies. The reality is that espionage is all around us; whether sports, business, or politics. Industrial espionage is as old as political espionage. In both these areas, having knowledge about your competitor or adversary gives a winning advantage to the party with more information about others.
Money, Ideology, Coercion and Ego [MICE] are usually used either singularly or in any combinations to extract information about the target. In I.T. terminology, these are the four exploits to identify and utilize. Any exploitation that happens affects the profit margins of the organization under attack. It has been observed that Ego is the frequent factor in lack of reporting a breach to the concerned authorities, purely to save the company’s reputation from being damaged.
Educating the staff about espionage and its methods is the prime factor in preventing data leakage. This educational activity will lead to counter-espionage tactics and strategies, which in turn will reduce the risks faced by the companies and its clients and also save money in the long term. A basic understanding of security measures to be followed should be known to every security professional, from preventing humans sharing information, either knowingly or unknowingly with others, to ensuring firewalls and anti-hacking tools in the company’s I.T. system.
Another huge source of data leakage is the social media. What is posted by staff and executives can be data-mined, collated and analysed; usually giving the surveillance entity a fair idea of what is happening in the company. Add to that, un-monitored PR messages can give away technical details of a product or service, essentially sharing proprietary information with the competition. Another leakage point is advertising the inner workings of the organization with too much details. Companies don’t work in isolation in these days of complex engineering or financial accounting. Companies are either contractors to a client, or sub-contractors, or have sub-contractors on a project. Leakage of data at any level means that the competition gets a deeper understanding of operations and designs; and this knowledge can lead to higher competition with lower profitability.
Finally, there is the issue of smart devices. Almost every device is connected to the internet; which means that it can be hacked. Hackers have tools that allow the device's camera and mic to be activated remotely, without the owner of the device knowing about it. Some hackers allow the data to be recorded and stored on the device itself and they retrieve that later when the device owner is sleeping or relaxing. While the device manufacturers and the app developers will give every assurance that their technology is safe and encrypted; its possible to be hacked if the device owners do not take appropriate measures to keep their devices safe from hacking, cracking, tracking, or being targets of data-mining.
In reality however; espionage and counter-espionage, which in current times is defined as data-mining and data analysis is the core of gathering information against your competitors and adversaries. However, most corporates and even law enforcement fail to understand the enormity of the threats themselves. Most professionals in the security sector have never had any training in counter-espionage and training in espionage is considered illegal in many countries. And, therein lies the problem. Since it is not taught at any level, and included as part of the overall security and risk management strategy, its literally unknown and ignored. However, it is actually a very critical issue in the management of risk.
From the guards at the gates, to members of the company’s I.T. dept, to the staff and executives at every level; the basic understanding of counter-espionage should be a required skill. This includes understanding that innocent sounding questions from visitors or even strangers need to be understood and deflected with diplomatic answers. Counter–espionage starts with the cleaning staff and goes all the way up to the CEO or Chairman of the company. It needs to be from the bottom of the pyramid all the way to the top, where everybody in the company needs to have an understanding of it and should be responsible about it. But, in reality most companies don’t even have a policy about it.
Espionage starts with research of the company from whom information is to be acquired. This consists of surveillance and data-mining (essentially intelligence gathering) to define the weak spots in the target organization; be it to identify a person from whom information can be easily obtained, to identifying weakness in the communications systems and of course in the I.T. system, which is more easy to hack, unless there is a presence of multiple fire-walls.
The general perception is that all aspects of intelligence gathering and counter-intelligence have to be high–tech and require large budgets. In actuality, it can be done on affordable budgets and using low-tech strategies. The reality is that espionage is all around us; whether sports, business, or politics. Industrial espionage is as old as political espionage. In both these areas, having knowledge about your competitor or adversary gives a winning advantage to the party with more information about others.
Money, Ideology, Coercion and Ego [MICE] are usually used either singularly or in any combinations to extract information about the target. In I.T. terminology, these are the four exploits to identify and utilize. Any exploitation that happens affects the profit margins of the organization under attack. It has been observed that Ego is the frequent factor in lack of reporting a breach to the concerned authorities, purely to save the company’s reputation from being damaged.
Educating the staff about espionage and its methods is the prime factor in preventing data leakage. This educational activity will lead to counter-espionage tactics and strategies, which in turn will reduce the risks faced by the companies and its clients and also save money in the long term. A basic understanding of security measures to be followed should be known to every security professional, from preventing humans sharing information, either knowingly or unknowingly with others, to ensuring firewalls and anti-hacking tools in the company’s I.T. system.
Another huge source of data leakage is the social media. What is posted by staff and executives can be data-mined, collated and analysed; usually giving the surveillance entity a fair idea of what is happening in the company. Add to that, un-monitored PR messages can give away technical details of a product or service, essentially sharing proprietary information with the competition. Another leakage point is advertising the inner workings of the organization with too much details. Companies don’t work in isolation in these days of complex engineering or financial accounting. Companies are either contractors to a client, or sub-contractors, or have sub-contractors on a project. Leakage of data at any level means that the competition gets a deeper understanding of operations and designs; and this knowledge can lead to higher competition with lower profitability.
Finally, there is the issue of smart devices. Almost every device is connected to the internet; which means that it can be hacked. Hackers have tools that allow the device's camera and mic to be activated remotely, without the owner of the device knowing about it. Some hackers allow the data to be recorded and stored on the device itself and they retrieve that later when the device owner is sleeping or relaxing. While the device manufacturers and the app developers will give every assurance that their technology is safe and encrypted; its possible to be hacked if the device owners do not take appropriate measures to keep their devices safe from hacking, cracking, tracking, or being targets of data-mining.
Sardar Sanjay Matkar
Sardar Sanjay Matkar