Knowledge is power. Especially in the hands of your competitors.
Information about your company, its products and services, finances, sales, and marketing strategy is a weapon in the ruthless world of espionage in business. That’s why it’s important to ensure that your organization’s data is well-protected.
In this article, we reveal the meaning of corporate espionage and explain how to prevent industrial espionage. You will learn what measures can keep your business secrets safe and sound. The article will answer your questions:
- What is corporate espionage?
- How common is industrial espionage in cybersecurity?
- What examples of corporate espionage are there?
- What methods do corporate spies use to steal confidential data?
- How to prevent industrial espionage?
What is industrial espionage?
Legally gathering intelligence on your competitors can give you a leg up in the fight to increase your market share.
But sometimes, companies and governments want more.
Competitors and governments send agents to spy on critical information more often than you might think. According to NBC News, “The FBI opens a new China-related counterintelligence investigation every 12 hours on average.”
Unlike competitive intelligence, industrial espionage (also known as corporate espionage or business espionage) means embracing illegal and unethical methods of collecting corporate data to gain a competitive advantage. It involves the compromise of trade secrets and intellectual property theft.
How does industrial espionage affect businesses?
Unauthorized access to trade secrets, intellectual property, and other sensitive information can have a profound and far-reaching impact on your business. Potential negative consequences include:
- Loss of competitive advantage. Losing confidential information can cripple your company’s competitive edge. Competitors with access to stolen secrets can develop similar products or marketing strategies, making it difficult for your business to compete.
- Reputational damage. A successful business espionage attack can damage your organization’s reputation for innovation and security. This can erode customer trust and make it harder to attract investors and partners.
- Legal implications. Depending on the nature of the stolen information, you may face legal ramifications. These could include lawsuits from investors or partners who also suffered from the espionage attack on your organization.
- National security risks. In some cases, industrial espionage can have national security implications. Stolen information related to defense technologies or sensitive government projects could pose a threat to national security.
- Financial loss. The most common consequence of industrial espionage is the loss of intellectual property, which can lead to significant financial losses. Other consequences such as reputational damage and legal issues may also erode market shares and reduce profits. According to Mike Orlando, the director of the National Counterintelligence and Security Center, Chinese espionage alone could cost the United States up to $600 billion per annum.
The severity of the consequences depends on the type of information stolen and how it’s used. Ultimately, industrial espionage can harm any business, causing financial losses, hindering competitiveness, and damaging reputation.
Is industrial espionage illegal?
Whereas gathering non-confidential information by attending industry events or via open-source research is legal, stealing confidential information from competitors is not.
Depending on the severity of the offense and the laws violated, individuals involved in industrial espionage might face criminal charges such as theft, fraud, or economic espionage. Penalties could include imprisonment, fines, or both.
Laws and penalties for corporate espionage vary across different countries. As an example, the Economic Espionage Act of 1996 [PDF] in the US criminalizes the theft or misappropriation of trade secrets for economic benefit. Penalties can include up to 15 years in prison and fines up to $500,000. Similarly, the Trade Secrets Directive (2016/943/EU) standardizes the legal protection of trade secrets throughout the European Union.
Unfortunately, detecting and proving industrial espionage and holding perpetrators accountable can be challenging, especially when it involves intangible information like trade secrets.
Types of industrial espionage
There is some ambiguity around types of industrial espionage. R. E. Wagner distinguishes two: industrial espionage itself (which can also be referred to as corporate and commercial espionage) and economic espionage. The main difference lies in who the mastermind behind the espionage campaign is.
While industrial espionage is conducted by and benefits private companies, economic espionage is committed by foreign states.
Here’s where things get tricky:
The interests of governments and companies frequently overlap, making it hard to distinguish between these two types of espionage. Consequently, we will be using “industrial espionage” and “corporate espionage” interchangeably as generic terms in this article unless we are specifically discussing economic espionage.
Forms of corporate espionage
Corporate espionage takes many forms, but they all involve stealing a competitor’s confidential information. Here’s a breakdown of the most common forms of industrial espionage, considering the types of data at risk:
- Trade secret theft. A trade secret generally refers to sensitive information about existing products or those under development. If stolen, this data may help your rivals gain a competitive advantage.
- Client information theft. Data about your clients, including their financial information, can be exploited to lure your clients over to a rival company. Another possible scenario is exposing illegally acquired data to the public, thus damaging your company’s reputation.
- Financial information theft. Your company’s financial data can be used to offer better deals to your clients and partners, win bids, and even make better offers to your valuable employees.
- Marketing information theft. With this information, competitors can prepare a timely response to your marketing campaigns and render them ineffective.
Now, let’s see what organizations are most at risk of becoming a target for industrial spies.
Insider Threat Management with Syteca
Targets of industrial espionage
Is your company at risk?
Industries that rely heavily on research and development (R&D) — including the computer hardware manufacturing, IT, automotive, energy, aerospace, and chemicals sectors — should be extra cautious. R&D often involves innovative solutions and technologies that are costly to develop, making them a desirable target for spies.
Retail, financial, and public sectors are among the most targeted industries by cyberattacks. Industrial espionage is also common in these industries, as they are highly competitive and often suffer from a lack of investment in cybersecurity.
Sectors commonly targeted by industrial espionage
Computer hardware
Spies may steal cutting-edge chip designs, manufacturing processes, and hardware specifications to gain a competitive advantage in the high-tech market.
IT
Innovative software solutions, cybersecurity protocols, and cloud computing technologies are all valuable assets that rivals might seek to steal.
Financial
Financial institutions hold a wealth of sensitive data, including customer information, investment strategies, and trading algorithms, making them prime targets for financial espionage.
Energy
Efficient energy production methods, alternative energy sources, and next-generation power grid technologies are highly sought-after by competitors and foreign governments.
Aerospace
Rival aerospace companies might be looking to acquire trade secrets for cutting-edge aircraft designs, avionics technology, and advancements in propulsion systems.
Automotive
Spies are always on the lookout for technological advances in innovative engine design, increased fuel efficiency, autonomous driving software, and future vehicle concepts to gain an edge in the global automotive market.
Biotechnology
Groundbreaking research in areas like gene editing, pharmaceuticals, and medical devices are prime targets for industrial espionage, allowing competitors to capitalize on revolutionary discoveries and inventions.
Chemical
Secret formulas, efficient production processes, and proprietary chemical compounds in the chemical industry are all targeted by industrial spies.
Public
Spies can target government agencies to steal classified information on national security strategies, defense capabilities, or fragile negotiations.
Retail
Customer data, marketing plans, and future product rollouts are critical assets for retailers. Spies might also look for intellectual property related to logistics and supply chain management.
Methods of industrial espionage
How does industrial espionage affect your business? Spies can breach your security and illegally obtain data in the following ways:
Cyber attacks
Cyber attacks are hostile attempts to steal, compromise, change, or destroy information by gaining unauthorized access to an organization’s computer systems.
Hackers or external attackers are frequently involved in industrial espionage. They can gain access to your sensitive data by exploiting known and zero-day vulnerabilities.
Most common cyber techniques for corporate espionage
Hacking & malware
Deploying malware or hacking into existing software to gain access to sensitive data
Phishing
Sending emails to trick employees into disclosing confidential information by clicking a malicious link
Eavesdropping
Imitating a trusted server to track valuable information or gain data through the transmission network
Man-in-the-middle attack
Positioning oneself in the network between a user and an application to intercept information
SQL injection
Embedding malicious code into applications to interfere with internal commands and exploit a database
Exploiting poor security practices
Using weaknesses in network security to gain access to critical data
How to detect cyber espionage
The majority of companies have up-to-date malware protection and network security, but only a few think about incident response plans, control of storage devices, and formal policies.
Moreover, cyber breaches are often preceded by physical access that makes them possible. That’s why even sophisticated anti-malware protection and firewalls are not enough when insider and cyber threats are linked.
Insider threats
Competitors can send their spies to your company to act as your regular employees while secretly gathering intelligence for their actual employer.
Competitors can also approach your trusted employees who have privileged access, asking them to trade your corporate secrets and other valuable information and offering them money or blackmailing them into cooperation.
In both cases, the illegal actions of such employees are much harder to detect than hackers, making insider attacks a safer bet for malicious actors.
If you’re thinking, “Well, my employees aren’t like that…”
Workers can also carry out or aid in corporate espionage inadvertently. Various social engineering techniques can be used to gather secret information or extract credentials from employees.
Take this as an illustration:
A USB stick left in a hallway for a curious employee to pick up and insert into a corporate computer can initiate a massive data breach and cost your company a lot of money.
Former employees are another source of danger. A disgruntled employee looking for a way to get back at the company — or simply a trusted insider leaving for a competitor — could easily take an organization’s sensitive data with them.
But it gets worse:
Corporate espionage has become even easier to commit after many companies had to switch to remote and hybrid work models. While telecommuting gives employees flexibility, it also introduces new cybersecurity risks.
Explore the power of Syteca!
Discover how Syteca can help you manage insider risks.
Why does industrial espionage often go unnoticed?
Industrial espionage is hard to detect and even harder to prove.
You might have heard about sensationalized espionage cases in the news. The truth is:
They’re just the tip of the iceberg.
Industrial espionage is an illegal yet widespread practice. If it hasn’t affected your company, it’s only a matter of time.
There are several reasons why most companies do not report cases of industrial espionage:
- Industrial espionage is hard to identify. Most malicious actions by insiders remain indistinguishable from normal everyday activities. Even your most valuable employee with access to sensitive data may act as a double agent without you noticing for a long time.
- It’s hard to hold perpetrators accountable. Laws on trade secrets and industrial espionage vary across the globe. If you have detected an international spy, it may be very hard to hold foreign companies and governments accountable. And even if the perpetrator is domestic, they can prolong legal procedures to the point where it’s not feasible for your company to continue pursuing the case.
- It may harm your stock price. The value of your company’s stock may fall if it becomes publicly known that your security has been breached. Such knowledge may undermine the trust of your investors and customers.
- It can be seen as a violation of IT compliance requirements. A company is responsible for ensuring the security of its customers’ sensitive data. In many countries and industries, if this data is leaked or stolen by industrial spies, the company will be fined.
All of these factors compel companies to keep cases of espionage to themselves and conduct internal investigations. It’s an organization’s responsibility to establish effective detection and response procedures. Building an insider threat program and taking effective prevention measures are the best ways to deal with industrial espionage.
3 high-profile industrial espionage cases
Even industry giants can fall victim to industrial spies.
Although most companies try to hide instances of corporate spying to protect their reputation, some cases have become known to the public.
Let’s take a look at some examples of industrial espionage that have been made public:
Monsanto
In 2018 Chinese scientist was charged with stealing trade secrets from biotech giant Monsanto. In January 2022, Haitao Xiang pleaded guilty to trying to commit economic espionage. The sensitive information he was planning to sell to the Chinese government contained a software algorithm for helping farmers collect field data and increase productivity.
Working as an imaging scientist at Monsanto, Xiang managed to commit his theft by simply transferring secret data to a memory card. In April 2022, he was sentenced to more than two years in prison and fined $150,000.
Samsung
In a South Korean case highlighting the nation’s fight against industrial espionage, a former Samsung Electronics executive, Choi Jinseog, was granted bail. Prosecutors accused Choi, a chip expert, of stealing confidential information from Samsung. Allegedly, Choi was going to use the stolen information to help his client establish a chip factory in China.
Choi has denied the charges. Though details are scarce, court records confirm that Choi was released on bail in November 2023. This case sheds light on South Korea’s efforts to curb industrial espionage and slow China’s advancements in chip manufacturing.
NVIDIA & Valeo
In 2023, a German software developer Mohammad Moniruzzaman was accused of stealing trade secrets from his former employer, Valeo Schalter und Sensoren. Valeo, a leading automotive technology company, claims Moniruzzaman stole their parking and driving assistance software source code in April 2021.
In October 2021, Moniruzzaman joined NVIDIA, a chipmaker new to the automotive industry. During a video call in March 2022, he accidentally shared his screen, revealing Valeo’s code. Valeo believes NVIDIA used this stolen information to develop its own parking assistance software, saving them millions in development costs. Moniruzzaman was convicted and Valeo is suing NVIDIA, seeking to bar them from using the stolen trade secrets and recoup financial damages.
7 best practices to detect and prevent industrial espionage
Anti-malware protection is just one measure of defense in the fight against industrial espionage. Further actions are required to strengthen the overall security posture of your organization. Follow the anti-espionage best practices we provide below and learn more about how to prevent corporate espionage and detect insider threats.
1. Conduct a risk assessment
What corporate data is the most valuable to your company?
Find potential targets. You need to know what trade secrets and other valuable data your company possesses and how desirable they are to your competitors. You can evaluate the attractiveness of your trade secrets by comparing them with products already available on the market or with the known assets of your competitors.
Once you’ve identified your most valuable data, you can make informed predictions about who might want it. By knowing possible threats and potential attack vectors, you can detect vulnerabilities in your defenses.
Risk assessment is one of the keys to a risk-based security approach, which should be part of every organization’s security strategy. You should also work out a cyber incident response plan. This will help you ensure a fast and effective response in case of a data breach to minimize its impact on your business.
2. Secure your infrastructure
Create a barrier to guard against external threats.
Establishing a secure perimeter around your company’s network is one of the pillars of cybersecurity.
To prevent corporate espionage, enhance your security at multiple levels. A layered approach provides a more complex solution against a variety of possible threats at different levels, making your security a lot harder to penetrate.
Make sure to separate your valuable data from your corporate network and limit access to it. Protect your border routers and establish screen subnets.
In addition, consider implementing a zero trust model within your corporate network. The core idea of this approach is that every time any user tries to access critical resources, they must verify their identity. The zero trust model also emphasizes the importance of limiting privileged access and validating devices. One possible tool to implement this approach is two-factor authentication.
Keep in mind that following the zero trust approach still allows for conventional corporate cybersecurity software, such as firewalls and antivirus software. Coupled with multilevel security, it ensures an effective defense against industrial espionage via hacking and malware.
3. Establish an effective security policy
Mitigate possible insider threats.
Establish a set of rules that will minimize the risks of industrial espionage, and formalize these rules in a clearly written cybersecurity policy.
Build the rules based on the risks you’ve identified.
While composing your cybersecurity policy, consider rules covering the following topics:
- Network security — Include guidelines for computer network access, describe the architecture of your network security environment, and explain how security rules are implemented within it.
- Security awareness — Describe measures aimed at informing your personnel about your security procedures and mechanisms.
- Employee onboarding/termination — Define procedures for proper employee onboarding and termination in terms of security.
- Password management — Establish strict rules on how passwords must be created, stored, and managed in your organization.
- Access management — Specify procedures for providing access to various categories of data and systems for regular, privileged, and remote users.
- Audit and accountability — Describe how your system activity is monitored, analyzed, and investigated.
- Incident response — Develop a plan for what your personnel will do if a cybersecurity incident is detected.
Make sure all your employees and third parties know and follow the security rules you have developed.
Take a look at the NIST security guidelines. Depending on the type of organization you are, these guidelines will help you meet security requirements such as those found in NIST 800-53, FISMA, HIPAA, and PCI DSS. Complying with these standards and laws is crucial if you wish to run a business in a specific market or industry, such as the financial industry.
4. Address security risks among your employees
The people you work with are crucial for sustaining a healthy and secure environment in your company. Whether it’s intentional or not, it’s frequently someone on an organization’s staff who’s responsible for industrial espionage.
As a responsible employer, you should hold yourself accountable for the trustworthiness of your personnel and eliminate all human-related risks.
Educate employees on cybersecurity risks
Your people can become your strongest line of defense.
Make sure your employees know what insider threats are and what dangers they pose. Constantly perform cybersecurity awareness training and tell your employees about the potential consequences of insider threats for your organization. Make employees aware of the role they play in the organization’s cybersecurity and the ways they can help you improve it.
Organize regular training sessions and teach your employees about simple security practices they can use in their daily workflow. You can start with practices that will keep them safe from social engineering attacks and help your business avoid data leaks.
Conduct employee background checks
Do you know who really works for you?
Before hiring someone, HR usually conducts a background check. This minimizes the risk of letting a spy infiltrate your organization.
It can be helpful to repeat these checks once in a while — especially for employees with privileged access — to ensure they don’t become spies. A sudden increase in standard of living, taking unexpected trips, or paying off large amounts of debt are among potential causes for concern.
Create a proper termination procedure
Are you sure your ex-employees can’t access your company’s data?
In many cases, industrial espionage is performed in the last couple weeks of an employee’s work, or even after termination. This often happens because the credentials of a terminated employee remain active, enabling them to freely access the organization’s sensitive data without anyone noticing.
Create and implement a proper employee termination procedure to protect your company from potential acts of industrial espionage by former workers.
5. Monitor employee activity
What are your employees doing during their work time?
Monitoring user activity is the most common and effective measure for preventing corporate espionage. You can never know whether your employees are acting maliciously on purpose or inadvertently unless you monitor their work activity.
It’s especially important to keep an eye on privileged users, such as system administrators and upper management. They can easily gather intelligence while performing their normal tasks and explain any abnormal behavior as a mistake.
Employee monitoring makes all employee actions fully visible, allowing you to identify corporate espionage attacks and respond to them in a timely manner. In case a cybersecurity incident happens, you can use the records for your investigation.
Syteca is a universal insider risk management platform specifically designed to combat insider threats, including industrial espionage.
By deploying Syteca, you can monitor every action of every user of a protected endpoint, regardless of their level of access privileges. This will allow you to control the actions of system administrators and all users with access to trade secrets and financial information, promoting accountability and helping you conduct a corporate espionage investigation if needed.
Syteca provides you with the following user activity monitoring capabilities:
- Screen video recording. Watch user sessions in a convenient YouTube-like player and filter them by username and IP. Videos are indexed with layers of text metadata, including visited URLs, typed keystrokes, and names of opened apps.
- Search by key episodes. Advanced session analysis allows investigators to search episodes by various parameters.
- USB device monitoring and management. Monitor and control connections of all USB devices, including storage devices and other USB equipment such as modems and keyboards. Automatically allow or block USB devices according to customizable rules, blacklists, and whitelists.
Syteca can serve as a government cybersecurity software solution to help you comply with a wide range of government-endorsed IT standards that will benefit your company’s security.
6. Manage data access wisely
Who has access to critical data? Do they really need it?
Many companies provide all their employees with access to critical data and infrastructure by default. But while it may be convenient, this approach is not secure.
You can begin by choosing a suitable access control model for your organization. For example, you can choose between mandatory access control (MAC) and discretionary access control (DAC). Learn about the advantages and disadvantages of MAC and DAC before deciding which model works best for your organization.
Consider implementing the principle of least privilege and prohibiting access to all data unless necessary. This principle entails giving users only privileges that are essential to perform their work. Provide access to important information only to employees who really need it.
If non-privileged users occasionally need to work with confidential information, you can provide them one-time access or limit their time working with critical resources.
By limiting the number of people with access to critical data, you significantly reduce the risks of your competitors obtaining this data. Additionally, proper access management is one of the third-party risk management best practices.
The PAM functionality in Syteca can help you implement the above principles with ease, enabling you to:
- Granularly manage access rights of privileged and regular users
- Limit the time for which access is granted
- Automate and secure password management
7. Develop a reliable incident response plan
What should you do when a security incident happens?
Design a plan for what your employees will do in case your company detects an incident. An incident response plan (IRP) describes who should do what when responding to a detected incident. Strict procedures will help minimize damage caused by a spy.
Syteca takes incident response to the next level. Our platform can help you proactively detect threats at the very moment they happen.
With an automated incident response system, you will be able to detect an incident and respond to it in real time:
- An actionable alert system identifies a suspicious event and notifies your security team so they can react immediately. You can choose from a collection of alert templates, or set your custom alert rules based on any suspicious event (opened URL, process name, connected USB device, etc.).
- Automated incident response acts immediately by blocking a user or showing them a warning message, terminating a suspicious process, or blocking an unapproved USB device.
Moreover, Syteca allows you to export all monitoring data related to a particular incident in an immutable format for further investigation and analysis.
Conclusion
Whether performed by a malicious insider or a skilled hacker, industrial espionage can severely damage your company’s reputation and hinder opportunities for growth. Motivated by greed or the desire to win in a competitive race, opposing companies — and even governments — illegally use spying as their tool of choice.
To protect your business, follow the best practices discussed in this article. Start with assessing your risks, then develop and follow a robust cybersecurity policy. Combined with effective employee management and a reliable infrastructure defense, an efficient insider risk management platform like Syteca can give you a helping hand in reducing the chance of industrial espionage in your organization.
Request a free 30-day trial of Syteca
and test its capabilities in your IT infrastructure!