What comes to mind when you think of industrial espionage — or economic or corporate espionage? Is it something like foreign spies sneaking into a defense contractor facility to steal fighter jet technology?

Of course, that does happen. State-sponsored spying is responsible for the theft of billions of dollars of intellectual property annually, according to estimates. But many cyberattacks on industrial organizations don’t fit that mold.

Top 10 Corporate Espionage Fallacies

Here are the top 10 myths and misconceptions about the state of industrial espionage in 2019.

1. Industrial Espionage Is a New Phenomenon

Information being stolen for financial gain has been a reality for centuries, but it really picked up steam with the industrial revolution. Britain industrialized first, and everybody else wanted to steal their secrets. As a result, Britain banned both the export of industrial machinery and the emigration of skilled workers.

The American founding fathers were big fans of stealing Britain’s secrets. Alexander Hamilton and Benjamin Franklin called for Americans to steal British technology and for skilled workers to emigrate to America. One famous immigrant, Samuel Slater, built America’s first water-powered textile mill using stolen British technology — the English press even called him “Slater the Traitor.”

This trend of theft naturally continued through the 20th century. In the 1920s, visitors from the Soviet Union stole blueprints and parts for a tractor during a visit to a Ford factory in the U.S. In the 1990s, the Gillette razor company caught an employee from a partner company stealing designs. Because the thief sent the trade secrets via fax and email, he was also charged with wire fraud.

In short, industrial espionage is pretty old. What’s new is globalization, global travel and the universally used internet.

2. Industrial Espionage Only Occurs Through Hacking

All the usual methods for hacking and breaches are employed in espionage attacks, of course. Others, however, are laughably low-tech. Dumpster diving, crashing investor meetings, getting employees drunk at a bar — there are thousands of methods that don’t even involve computers.

3. Industrial Espionage Is Conducted Mainly by Spy Agencies

Many cyberattacks on industrial organizations are conducted by private companies, but others are conducted by universities or even employees. Unethical employees who realize the monetary value of information they have access to could try to sell that information to the highest bidder, or employees could be singled out and bribed.

4. Industrial Espionage Is Mostly Overseen by Foreigners

It also happens domestically between companies. It’s common to see lawsuits filed by one Silicon Valley company against another where the plaintiff alleges that an employee hired by the defendant brought company secrets with them to their new job.

One new opportunity for data theft arises from the growth of coworking spaces. It’s trivial for rivals to set up shop in the same spaces as some of your employees and either hack into the employees’ systems through the Wi-Fi there or physically compromise devices after hours.

5. Industrial Espionage Is Always Illegal

In the book, “Broker, Trader, Lawyer, Spy: The Secret World of Corporate Espionage,” author Eamon Javers notes that some companies use unexpected tools to steal company secrets from competitors. And some of these methods, while unethical, aren’t exactly illegal.

Among these are interviewing an employee for a job they have no intention of offering and using the interview to find out company secrets. Unscrupulous companies can also attend company parties undercover, hoping to extract information from intoxicated people who think they’re talking to a fellow employee.

6. Industrial Espionage About Your Company Is Conducted Against Your Company

Sometimes, actual corporate espionage efforts are targeted toward a third-party organization with information about your company. Your law or accounting firm, your partners or even journalists who cover your industry could be manipulated or tricked into giving up facts about your company.

7. Industrial Espionage Hacking Is Just Like Other Hacking

One quality of industrial espionage attacks that makes them different from, say, ransomware attacks, is that corporate spies try hard to make sure you never find out about them. That’s actually one reason why they often fly under the radar. So many companies have been stolen from and don’t know it, so they underappreciate the threat.

Your R&D lab may be under lock and key, but what about the contract manufacturer who makes your products, your patent lawyer’s office and your accounting consultancy?

8. Industrial Espionage Is Relatively Rare

The U.S. Department of Justice, the Canadian government, NATO and the U.N. all say that industrial espionage is on the rise. Studies conducted by the German Association for Information Technology found that more than half of all German companies were victimized by espionage, data theft or sabotage between 2016 and 2018, at a loss of $50 billion. And around 20 percent of all European companies have suffered spying attacks, according to the European Union (EU). As it turns out, industrial espionage is pretty common.

9. Industrial Espionage Always Involves the Theft of Intellectual Property

Many acts of industrial espionage do involve theft of intellectual property, especially in industries where the development of that property is difficult or expensive, like aerospace or pharmaceuticals. Other times, the aim is financial information, client or customer data or other sensitive information.

10. Most Companies Are Protected Against Industrial Espionage

Actually, the opposite is true. Most companies are exposed to the threat. While protecting against common cyberattacks can also help protect against espionage attacks, it doesn’t necessarily guard against theft by disgruntled employees or low-tech methods.

How to Protect Against Industrial Espionage

Now that we’ve clarified how threats can manifest, here are some steps you can take to protect your organization from industrial espionage attacks:

Industrial espionage is real, it’s common, and it can be very costly for your organization. Don’t fall for the myths around this serious issue — start preparing for the threat today.

More from Data Protection

Vulnerability resolution enhanced by integrations

2 min read - Why speed is of the essence in today's cybersecurity landscape? How are you quickly achieving vulnerability resolution?Identifying vulnerabilities should be part of the daily process within an organization. It's an important piece of maintaining an organization’s security posture. However, the complicated nature of modern technologies — and the pace of change — often make vulnerability management a challenging task.In the past, many organizations had to support manual integration work to get different security systems to ‘talk’ to each other. As…

Cost of a data breach 2023: Geographical breakdowns

4 min read - Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic regions, and 17 industries. In the report, the top five costs of a data breach by country or region (measured in USD millions) for 2023…

Cost of a data breach 2023: Pharmaceutical industry impacts

3 min read - Data breaches are both commonplace and costly in the medical industry.  Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. The health industry’s place at the top spot of most costly data breaches is probably not a surprise. With its sensitive and valuable data assets, it is one of…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…