 |
Billions of dollars and thousands of jobs are lost due to theft of trade secrets. Corporate America needs to acknowledge the reality of this risk and develop more efficient countermeasures to safeguard survival in a competitive market. It
is easy to seek comfort in the hope that this problem won’t
affect your company. Unfortunately reality looks different. Companies
need to develop proactive measures to protect their trade secrets.
There are reasonably specific, inexpensive, and intuitive steps
that can be taken to address these problems. Economic and Industrial Espionage present a series of challenges to many American companies. Take the example of Intel. Just in September one man pled guilty to copying trade secrets as defined under the Economic Espionage Act of 1996--the first case of its kind in Northern California. The US Attorney’s office there revealed that a certain Say Lye Ow, a 31 year old originally from Malaysia, copied sensitive information on Intel’s first 64-bit processor when he left the company in 1998. In some ways Intel was fortunate. The information, key to the operation of what Intel calls “the engine inside the Internet economy,” was reportedly never sold to any of Intel’s competitors. They succeeded to address the breach before the consequences grew beyond their control. Other companies were not quite so lucky. A survey conducted by PricewaterhouseCoopers and the American Society for Industrial Security (ASIS) revealed Fortune 1000 companies lost more than $45 billion in 1999 due to theft of their proprietary information alone. These losses, the survey contends, hit the manufacturing industries particularly hard. Since the R & D expenses for manufacturing companies are costly, some companies, foreign or domestic, are tempted to catch up unfairly. The study finds that “although manufacturing reported only 96 incidents, the acknowledged losses of manufacturing companies accounted for the majority of losses reported in the survey, and averaged almost $50 million per incident.” What is perhaps more alarming than these statistics is the cumbersome response of companies. The report concludes “The majority of companies responding to the survey have not effectively met the challenge of providing a framework in which to safeguard proprietary information.” They are failing to address the threat. At the end of the Cold War several intelligence agencies needed to develop a new raison d’être. These agencies often turned their skills toward economic espionage. Dismantled intelligence agencies in Eastern Europe left many skilled agents who were available to offer their services to interested parties in the private sector. Experts even believe some of the governments of America’s closest allies actively spy on companies to gain a competitive advantage. The alert company
must guard against threats from a variety of “info
thieves.” Foreign Intelligence Services (FIS), “mercenary” intelligence
agents, and even foreign and domestic corporations all seek to exploit
unprepared companies. Not all organizations play by the rules. Many
companies will use a variety of methods, some legal, some gray, and
some clearly in violation of the law, to obtain trade secrets. Some
businesses have whole departments devoted to this end, called “business
or competitive intelligence units.” These units may resort
to a range of collecting information so varied as to include bribery,
searching through garbage (“dumpster diving”) to scams
to trick unsuspecting workers (“social engineering”).
For example, as is well known, a large proportion of Japanese companies
have well-established units for this purpose, though American companies
tend not to have these offices. For both defensive and legitimate
information gathering purposes, there may be clear advantages to
closing this gap. As Bernard Esambert, a President of the Pasteur
Institute, once said “Today’s economic competition is
global. The conquest of markets and technologies has replaced former
territorial and colonial conquests. We are living in a state of world
economic war and this is not just a military metaphor... the companies
are training the armies and the unemployed are the casualties.' Here are some simple steps to help prevent information leakage. Companies must
first gauge what information is sensitive and classify it as such.
Though some
information such as technological innovations
or new market strategies may be easily identified as “sensitive,” other
information, such as customer complaint data, may be as valuable
if it falls into the hands of a rival. Information breaches are taking place and are costing companies substantial sums of money. Companies, regardless of their sizes, must address these issues. These risks are only enhanced by the looming recession. Not only are companies more tempted to cheat, but potential victims are less willing to fund counter measures. “User education” is often quick to be abolished. This is a risky move, as security is as strong as its weakest link. Therefore, security precautions should be seen not as a dispensable budget expense. Rather it must be regarded as a business enabler. Links ‘The Awareness of National Security Issues and Response (ANSIR) Program is the FBI's National Security Awareness Program. It is the "public voice" of the FBI for espionage, counterintelligence, counterterrorism, economic espionage, cyber and physical infrastructure protection and all national security issues. See http://www.fbi.gov/hq/nsd/ansir/ansir.htm Employees' Guide to Security Responsibility. A brilliant resource with lots of information dedicated to education of users. http://www.smdc.army.mil/SecurityGuide/Home.htm Trends in Proprietary Information Loss 1999. PricewaterhouseCoopers & American Society for Industrial Security (ASIS) Survey. http://www.asisonline.org/spi.pdf IWS welcomes suggestions
regarding site content and usability. Please use our contact
form to submit your comments. |
