November 8, 2019 By Mike Elgan 4 min read

What comes to mind when you think of industrial espionage — or economic or corporate espionage? Is it something like foreign spies sneaking into a defense contractor facility to steal fighter jet technology?

Of course, that does happen. State-sponsored spying is responsible for the theft of billions of dollars of intellectual property annually, according to estimates. But many cyberattacks on industrial organizations don’t fit that mold.

Top 10 Corporate Espionage Fallacies

Here are the top 10 myths and misconceptions about the state of industrial espionage in 2019.

1. Industrial Espionage Is a New Phenomenon

Information being stolen for financial gain has been a reality for centuries, but it really picked up steam with the industrial revolution. Britain industrialized first, and everybody else wanted to steal their secrets. As a result, Britain banned both the export of industrial machinery and the emigration of skilled workers.

The American founding fathers were big fans of stealing Britain’s secrets. Alexander Hamilton and Benjamin Franklin called for Americans to steal British technology and for skilled workers to emigrate to America. One famous immigrant, Samuel Slater, built America’s first water-powered textile mill using stolen British technology — the English press even called him “Slater the Traitor.”

This trend of theft naturally continued through the 20th century. In the 1920s, visitors from the Soviet Union stole blueprints and parts for a tractor during a visit to a Ford factory in the U.S. In the 1990s, the Gillette razor company caught an employee from a partner company stealing designs. Because the thief sent the trade secrets via fax and email, he was also charged with wire fraud.

In short, industrial espionage is pretty old. What’s new is globalization, global travel and the universally used internet.

2. Industrial Espionage Only Occurs Through Hacking

All the usual methods for hacking and breaches are employed in espionage attacks, of course. Others, however, are laughably low-tech. Dumpster diving, crashing investor meetings, getting employees drunk at a bar — there are thousands of methods that don’t even involve computers.

3. Industrial Espionage Is Conducted Mainly by Spy Agencies

Many cyberattacks on industrial organizations are conducted by private companies, but others are conducted by universities or even employees. Unethical employees who realize the monetary value of information they have access to could try to sell that information to the highest bidder, or employees could be singled out and bribed.

4. Industrial Espionage Is Mostly Overseen by Foreigners

It also happens domestically between companies. It’s common to see lawsuits filed by one Silicon Valley company against another where the plaintiff alleges that an employee hired by the defendant brought company secrets with them to their new job.

One new opportunity for data theft arises from the growth of coworking spaces. It’s trivial for rivals to set up shop in the same spaces as some of your employees and either hack into the employees’ systems through the Wi-Fi there or physically compromise devices after hours.

5. Industrial Espionage Is Always Illegal

In the book, “Broker, Trader, Lawyer, Spy: The Secret World of Corporate Espionage,” author Eamon Javers notes that some companies use unexpected tools to steal company secrets from competitors. And some of these methods, while unethical, aren’t exactly illegal.

Among these are interviewing an employee for a job they have no intention of offering and using the interview to find out company secrets. Unscrupulous companies can also attend company parties undercover, hoping to extract information from intoxicated people who think they’re talking to a fellow employee.

6. Industrial Espionage About Your Company Is Conducted Against Your Company

Sometimes, actual corporate espionage efforts are targeted toward a third-party organization with information about your company. Your law or accounting firm, your partners or even journalists who cover your industry could be manipulated or tricked into giving up facts about your company.

7. Industrial Espionage Hacking Is Just Like Other Hacking

One quality of industrial espionage attacks that makes them different from, say, ransomware attacks, is that corporate spies try hard to make sure you never find out about them. That’s actually one reason why they often fly under the radar. So many companies have been stolen from and don’t know it, so they underappreciate the threat.

Your R&D lab may be under lock and key, but what about the contract manufacturer who makes your products, your patent lawyer’s office and your accounting consultancy?

8. Industrial Espionage Is Relatively Rare

The U.S. Department of Justice, the Canadian government, NATO and the U.N. all say that industrial espionage is on the rise. Studies conducted by the German Association for Information Technology found that more than half of all German companies were victimized by espionage, data theft or sabotage between 2016 and 2018, at a loss of $50 billion. And around 20 percent of all European companies have suffered spying attacks, according to the European Union (EU). As it turns out, industrial espionage is pretty common.

9. Industrial Espionage Always Involves the Theft of Intellectual Property

Many acts of industrial espionage do involve theft of intellectual property, especially in industries where the development of that property is difficult or expensive, like aerospace or pharmaceuticals. Other times, the aim is financial information, client or customer data or other sensitive information.

10. Most Companies Are Protected Against Industrial Espionage

Actually, the opposite is true. Most companies are exposed to the threat. While protecting against common cyberattacks can also help protect against espionage attacks, it doesn’t necessarily guard against theft by disgruntled employees or low-tech methods.

How to Protect Against Industrial Espionage

Now that we’ve clarified how threats can manifest, here are some steps you can take to protect your organization from industrial espionage attacks:

Industrial espionage is real, it’s common, and it can be very costly for your organization. Don’t fall for the myths around this serious issue — start preparing for the threat today.

More from Data Protection

Data residency: What is it and why it is important?

3 min read - Data residency is a hot topic, especially for cloud data. The reason is multi-faceted, but the focus has been driven by the General Data Protection Regulation (GDPR), which governs information privacy in the European Union and the European Economic Area.The GDPR defines the requirement that users’ personal data and privacy be adequately protected by organizations that gather, process and store that data. After the GDPR rolled out, other countries such as Australia, Brazil, Canada, Japan, South Africa and the UAE…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Data security posture management vs cloud security posture management

4 min read - “A data breach has just occurred”, is a phrase no security professional wants to hear. From the CISO on down to the SOC analysts, a data breach is the definition of a very bad day. It can cause serious brand damage and financial loss for enterprises, lead to abrupt career changes among security professionals, and instill fear of financial or privacy loss for businesses and consumers.According to an ESG report, 55% of data and workloads currently run or operate in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today