Light Dark
December 7, 2015 By Christopher Burgess 3 min read
CISO

Today’s CEOs, be they from large multinational enterprises or smaller shops, need to think about the effects economic espionage may have on their companies. Their own intellectual property, trade secrets and personnel are all of interest to others. In addition, data provided to and received from customers, clients and employees may prove to be the most sensitive.

The option to ignore espionage risks is no longer a viable option. You may think you have nothing to steal, but you’re wrong. We previously spoke of the presence of nation-state actors, unscrupulous competitors and the insider in a global setting. Add organized criminal elements to the mix, and we have the makings of a perfect storm.

Where Does Organized Crime Thrive?

We are living and working in an era of fragile geopolitical realities. Over 50 percent of countries are identified within the “2015 Fragile States Index” as warranting a warning or alert status. The perception of fragility is further bolstered by the “Corruption Perception Index 2014,” which noted 69 percent of the countries received a score of less than 50 out of 100 — so did 53 percent of the G20 countries.

Fragile states are also where we find corrupt business practices tend to be the norm. With one feeding the other, we end up with a robust, fertile environment for organized criminal elements to operate, oftentimes with impunity. The Global Initiative Against Transnational Organized Crime recently issued its conference report, which highlighted the resilience of the organized criminal elements in fragile environments.

When one reviews the economic realities of a given environment, especially in those nations where the gross national production (GNP) is tied to one specific industry or sector, the likelihood of a nation-state supporting the local companies vis-à-vis a competitor is easily understood. This provides a different dynamic for economic espionage — one that may not necessarily be tied to the national security interests of a given country. One has only to review the U.S. Trade Representatives’ “2015 Special 301 Report,” which identifies 37 countries that have been placed on a watch list, with 13 on a priority watch list.

How Economic Espionage Works

The 301 Report detailed how intellectual property and trade secrets are stolen and exploited within the identified countries. In many cases, a counterfeit of an original work is created. Even though the illicit version of a given product is manufactured using inferior components and with little or no quality control, the product proves to be sufficiently similar to find its way into legitimate supply chains.

In every instance, the rightful owner of the technology or design is deprived of a sale, and reputation is at risk when the unwitting customer’s newly purchased item fails or otherwise compromises systems or networks. A high-profile instance occurred in 2012, when the Senate Armed Services Committee released a report citing 1,800 cases of counterfeit electronic parts in critical military weapons systems. The total number of counterfeit parts found in the supply chain exceeded 1 million.

The Perfect Storm Builds

The aforementioned conditions create an ideal climate for building a perfect storm of activity for the unprepared and unknowing target company.

The hypothetical may look like this: A nation-state requires an industrial sector to be robust and successful in order to continue to provide employment, generate tax revenue, support the national infrastructure or enhance the nation’s capabilities with respect to national security. This starting point now places all companies (outside of the nation’s borders) in the identified sector ripe for economic espionage. The appropriate agency, ministry or department is engaged to conduct a competitive intelligence analysis to determine how best to help its sector succeed.

The Storm Hits

The target company is selected and the planning begins. Within those nations where corrupt business practices are prevalent, contact with criminal elements is the norm. In others, it’s not hard to imagine the ease with which a connection can be made on behalf of the state.

The criminal entities are tasked by the nation-state to:

  • Collect personal/professional information on key individual decision-makers and their families;
  • Identify and map the supply chain as well as fulfillment chain for the company;
  • Manipulate insiders or technical vulnerabilities to steal intellectual property, trade secrets or other sensitive data.

The nation-state provides the collected information, coupled with information obtained via other means, to their indigenous company (your competition). It may also recommend and fund the acquisition of key personnel from the targeted company. This is a tactic designed to weaken the bench of the targeted company that then causes it to step back and reassess during a period of disruption.

If the activity is compromised or otherwise percolates to the surface, the nation-state has full and complete plausible deniability. The refrain, “These criminal actions will be investigated,” can be expected.

 |  |  | 
Christopher Burgess
CEO at Prevendra

More from CISO
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 2, 2024

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature