November 8, 2019 By Mike Elgan 4 min read

What comes to mind when you think of industrial espionage — or economic or corporate espionage? Is it something like foreign spies sneaking into a defense contractor facility to steal fighter jet technology?

Of course, that does happen. State-sponsored spying is responsible for the theft of billions of dollars of intellectual property annually, according to estimates. But many cyberattacks on industrial organizations don’t fit that mold.

Top 10 Corporate Espionage Fallacies

Here are the top 10 myths and misconceptions about the state of industrial espionage in 2019.

1. Industrial Espionage Is a New Phenomenon

Information being stolen for financial gain has been a reality for centuries, but it really picked up steam with the industrial revolution. Britain industrialized first, and everybody else wanted to steal their secrets. As a result, Britain banned both the export of industrial machinery and the emigration of skilled workers.

The American founding fathers were big fans of stealing Britain’s secrets. Alexander Hamilton and Benjamin Franklin called for Americans to steal British technology and for skilled workers to emigrate to America. One famous immigrant, Samuel Slater, built America’s first water-powered textile mill using stolen British technology — the English press even called him “Slater the Traitor.”

This trend of theft naturally continued through the 20th century. In the 1920s, visitors from the Soviet Union stole blueprints and parts for a tractor during a visit to a Ford factory in the U.S. In the 1990s, the Gillette razor company caught an employee from a partner company stealing designs. Because the thief sent the trade secrets via fax and email, he was also charged with wire fraud.

In short, industrial espionage is pretty old. What’s new is globalization, global travel and the universally used internet.

2. Industrial Espionage Only Occurs Through Hacking

All the usual methods for hacking and breaches are employed in espionage attacks, of course. Others, however, are laughably low-tech. Dumpster diving, crashing investor meetings, getting employees drunk at a bar — there are thousands of methods that don’t even involve computers.

3. Industrial Espionage Is Conducted Mainly by Spy Agencies

Many cyberattacks on industrial organizations are conducted by private companies, but others are conducted by universities or even employees. Unethical employees who realize the monetary value of information they have access to could try to sell that information to the highest bidder, or employees could be singled out and bribed.

4. Industrial Espionage Is Mostly Overseen by Foreigners

It also happens domestically between companies. It’s common to see lawsuits filed by one Silicon Valley company against another where the plaintiff alleges that an employee hired by the defendant brought company secrets with them to their new job.

One new opportunity for data theft arises from the growth of coworking spaces. It’s trivial for rivals to set up shop in the same spaces as some of your employees and either hack into the employees’ systems through the Wi-Fi there or physically compromise devices after hours.

5. Industrial Espionage Is Always Illegal

In the book, “Broker, Trader, Lawyer, Spy: The Secret World of Corporate Espionage,” author Eamon Javers notes that some companies use unexpected tools to steal company secrets from competitors. And some of these methods, while unethical, aren’t exactly illegal.

Among these are interviewing an employee for a job they have no intention of offering and using the interview to find out company secrets. Unscrupulous companies can also attend company parties undercover, hoping to extract information from intoxicated people who think they’re talking to a fellow employee.

6. Industrial Espionage About Your Company Is Conducted Against Your Company

Sometimes, actual corporate espionage efforts are targeted toward a third-party organization with information about your company. Your law or accounting firm, your partners or even journalists who cover your industry could be manipulated or tricked into giving up facts about your company.

7. Industrial Espionage Hacking Is Just Like Other Hacking

One quality of industrial espionage attacks that makes them different from, say, ransomware attacks, is that corporate spies try hard to make sure you never find out about them. That’s actually one reason why they often fly under the radar. So many companies have been stolen from and don’t know it, so they underappreciate the threat.

Your R&D lab may be under lock and key, but what about the contract manufacturer who makes your products, your patent lawyer’s office and your accounting consultancy?

8. Industrial Espionage Is Relatively Rare

The U.S. Department of Justice, the Canadian government, NATO and the U.N. all say that industrial espionage is on the rise. Studies conducted by the German Association for Information Technology found that more than half of all German companies were victimized by espionage, data theft or sabotage between 2016 and 2018, at a loss of $50 billion. And around 20 percent of all European companies have suffered spying attacks, according to the European Union (EU). As it turns out, industrial espionage is pretty common.

9. Industrial Espionage Always Involves the Theft of Intellectual Property

Many acts of industrial espionage do involve theft of intellectual property, especially in industries where the development of that property is difficult or expensive, like aerospace or pharmaceuticals. Other times, the aim is financial information, client or customer data or other sensitive information.

10. Most Companies Are Protected Against Industrial Espionage

Actually, the opposite is true. Most companies are exposed to the threat. While protecting against common cyberattacks can also help protect against espionage attacks, it doesn’t necessarily guard against theft by disgruntled employees or low-tech methods.

How to Protect Against Industrial Espionage

Now that we’ve clarified how threats can manifest, here are some steps you can take to protect your organization from industrial espionage attacks:

Industrial espionage is real, it’s common, and it can be very costly for your organization. Don’t fall for the myths around this serious issue — start preparing for the threat today.

More from Data Protection

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today