November 8, 2019 By Mike Elgan 4 min read

What comes to mind when you think of industrial espionage — or economic or corporate espionage? Is it something like foreign spies sneaking into a defense contractor facility to steal fighter jet technology?

Of course, that does happen. State-sponsored spying is responsible for the theft of billions of dollars of intellectual property annually, according to estimates. But many cyberattacks on industrial organizations don’t fit that mold.

Top 10 Corporate Espionage Fallacies

Here are the top 10 myths and misconceptions about the state of industrial espionage in 2019.

1. Industrial Espionage Is a New Phenomenon

Information being stolen for financial gain has been a reality for centuries, but it really picked up steam with the industrial revolution. Britain industrialized first, and everybody else wanted to steal their secrets. As a result, Britain banned both the export of industrial machinery and the emigration of skilled workers.

The American founding fathers were big fans of stealing Britain’s secrets. Alexander Hamilton and Benjamin Franklin called for Americans to steal British technology and for skilled workers to emigrate to America. One famous immigrant, Samuel Slater, built America’s first water-powered textile mill using stolen British technology — the English press even called him “Slater the Traitor.”

This trend of theft naturally continued through the 20th century. In the 1920s, visitors from the Soviet Union stole blueprints and parts for a tractor during a visit to a Ford factory in the U.S. In the 1990s, the Gillette razor company caught an employee from a partner company stealing designs. Because the thief sent the trade secrets via fax and email, he was also charged with wire fraud.

In short, industrial espionage is pretty old. What’s new is globalization, global travel and the universally used internet.

2. Industrial Espionage Only Occurs Through Hacking

All the usual methods for hacking and breaches are employed in espionage attacks, of course. Others, however, are laughably low-tech. Dumpster diving, crashing investor meetings, getting employees drunk at a bar — there are thousands of methods that don’t even involve computers.

3. Industrial Espionage Is Conducted Mainly by Spy Agencies

Many cyberattacks on industrial organizations are conducted by private companies, but others are conducted by universities or even employees. Unethical employees who realize the monetary value of information they have access to could try to sell that information to the highest bidder, or employees could be singled out and bribed.

4. Industrial Espionage Is Mostly Overseen by Foreigners

It also happens domestically between companies. It’s common to see lawsuits filed by one Silicon Valley company against another where the plaintiff alleges that an employee hired by the defendant brought company secrets with them to their new job.

One new opportunity for data theft arises from the growth of coworking spaces. It’s trivial for rivals to set up shop in the same spaces as some of your employees and either hack into the employees’ systems through the Wi-Fi there or physically compromise devices after hours.

5. Industrial Espionage Is Always Illegal

In the book, “Broker, Trader, Lawyer, Spy: The Secret World of Corporate Espionage,” author Eamon Javers notes that some companies use unexpected tools to steal company secrets from competitors. And some of these methods, while unethical, aren’t exactly illegal.

Among these are interviewing an employee for a job they have no intention of offering and using the interview to find out company secrets. Unscrupulous companies can also attend company parties undercover, hoping to extract information from intoxicated people who think they’re talking to a fellow employee.

6. Industrial Espionage About Your Company Is Conducted Against Your Company

Sometimes, actual corporate espionage efforts are targeted toward a third-party organization with information about your company. Your law or accounting firm, your partners or even journalists who cover your industry could be manipulated or tricked into giving up facts about your company.

7. Industrial Espionage Hacking Is Just Like Other Hacking

One quality of industrial espionage attacks that makes them different from, say, ransomware attacks, is that corporate spies try hard to make sure you never find out about them. That’s actually one reason why they often fly under the radar. So many companies have been stolen from and don’t know it, so they underappreciate the threat.

Your R&D lab may be under lock and key, but what about the contract manufacturer who makes your products, your patent lawyer’s office and your accounting consultancy?

8. Industrial Espionage Is Relatively Rare

The U.S. Department of Justice, the Canadian government, NATO and the U.N. all say that industrial espionage is on the rise. Studies conducted by the German Association for Information Technology found that more than half of all German companies were victimized by espionage, data theft or sabotage between 2016 and 2018, at a loss of $50 billion. And around 20 percent of all European companies have suffered spying attacks, according to the European Union (EU). As it turns out, industrial espionage is pretty common.

9. Industrial Espionage Always Involves the Theft of Intellectual Property

Many acts of industrial espionage do involve theft of intellectual property, especially in industries where the development of that property is difficult or expensive, like aerospace or pharmaceuticals. Other times, the aim is financial information, client or customer data or other sensitive information.

10. Most Companies Are Protected Against Industrial Espionage

Actually, the opposite is true. Most companies are exposed to the threat. While protecting against common cyberattacks can also help protect against espionage attacks, it doesn’t necessarily guard against theft by disgruntled employees or low-tech methods.

How to Protect Against Industrial Espionage

Now that we’ve clarified how threats can manifest, here are some steps you can take to protect your organization from industrial espionage attacks:

Industrial espionage is real, it’s common, and it can be very costly for your organization. Don’t fall for the myths around this serious issue — start preparing for the threat today.

More from Data Protection

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today