Telecom and Logistics Associates 

new6.gif (1031 bytes) TLAalert    Security Service 
Translate this page from:  publication: Christian ALT 
  Save Time and Money

TLAnews: Security NEWs Service

 30.6.2000 SecurityInternational espionage in high-tech companies
According to a study by the American Society for Industrial Security and consulting firm PricewaterhouseCoopers, Fortune 1000 companies sustained losses of more than $45 billion in 1999 from the theft of proprietary information

En français: L'espionnage international dans les entreprises "high-tech"
 Selon une étude de "American Society for Industrial Security  et l'entreprise de "consulting" PricewaterhouseCoopers, 45$ millards ont été perdus en 1999 par les entreprises "Fortune 1000" par perte d'information propriétaire.

Home
Consulting
Tech Doc
FW-1 FAQ
Training
Products
TLAnews
Archive
Advertising
 

TLAnews.com
Information for security concerned people

 
Register to TLAnews letter
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
English version
According to a study by the American Society for Industrial Security (ASIS) and consulting firm PricewaterhouseCoopers, Fortune 1000 companies sustained losses of more than $45 billion in 1999 from the theft of proprietary informationThe average Fortune 1000 company reported 2.45 incidents with an estimated loss per incident in excess of $500,000. More troubling: Forty-four of the 97 companies that participated in the ASIS survey reported a total of more than 1,000 separate incidents of theft.

Tech companies reported the majority of those incidents. The average tech firm reported nearly 67 individual attacks. The average theft was pegged at $15 million in lost business.

High-tech booty
What are spies after? Customer lists from high-tech companies are the No. 1 stolen item--making dot-com start-ups, software firms and Internet service providers, which typically keep extensive customer lists in their marketing departments, prime candidates for espionage.

Financial data, research and development work, merger and acquisition plans, unannounced product specifications, and prototypes round out the ASIS list of hot commodities.

Experts say the message of this study and others is simple: 

The average tech company has too many leaks and needs to batten the security hatches.

Illegal espionage attacks penetrate the average Fortune 2000 company two to three times per year. But most companies are completely unaware of the pillage. When competitors come out with a similar product, service or production method, victimized companies often chalk it up to fierce competition or dumb luck.
Résumé en français
Selon une étude de "American Society for Industrial Security (ASIS) et l'entreprise de "consulting" PricewaterhouseCoopers, 45$ millards ont été perdus en 1999 par les entreprises "Fortune 1000" par perte d'information propriétaire.

Cela va vous interesser car la France figure parmis les cinq pays constatant une augmentation de l'espionnage industriel, avec les Etats-Unis, 

Le message de cettte étude est simple:

L'entreprise moyenne du domaine "high-tech" a trop de possibilités de pertes d'information. Elle doit par conséquent combler rapidement ces fuites.

Ce sont les entreprises du secteur "high-tech" qui en subissentle plus avec en moyenne 67 incidents de ce type par années

Que recherche les espions? Ce n'est pas une suprise de trouver la liste des clients des entreprises "high-tech", en premier. Cela est le cas pour les entreprises de logicils et des operateurs Internet(ISP) qui conservent des base de données de leurs clients dans les départements de "marketing".

D'autres enjeux sont les données fianncières, les plans d'acquisition et de fusion d'entreprises, les produits non encore annoncés, les résultats de recherche et développement, ainsi que les prototypes.

L'étude estime que 1à 2 cas de vols d'information se passse dans les entreprises des "Fortune 2000", chaque année en moyenne par entreprise.

 

 

Most companies don't have the ability to detect when information leaks outside

What It Is?

Why It Is Happening in Your Company?

What You Must Do About It?

Companies have got to go ahead and do the basic security things. Keep audit logs when people access computers and sensitive information. Keep important information on a need-to-know basis. Require employees to change passwords frequently.

 

Spies on the rise
Experts pinpoint several reasons for heightened spy activity.

The rise of email as the de facto means of sending messages across companies and the world has heightened the danger. Hackers can intercept email on the Internet more easily than they can tap into a phone call, and skilled spies can even penetrate a company's intranet.

"Now we're seeing more virtual corporate espionage...Rather than someone (breaking) into a physical building and (prying) open a file cabinet and (taking) out documents, the new challenge is for someone to break into an intranet and steal documents that are being sent back and forth in the company."

International security hot spots
The increasingly global world of commerce means that more tech companies are setting up shop in places such as China and Japan. ASIS says the "weakest link" in security is often the small sales office in a foreign country, where employees enjoy easy access to the company intranet but have little face-to-face contact with or loyalty to top executives.

According to ASIS, the top five countries cited as security risks are the United States, China, Japan, France and the United Kingdom. Mexico and Russia, meanwhile, have the highest increase in spy activity.

Another factor: The tech industry is increasingly becoming an industry of contractors--hired guns who write software or set up Web sites for three months to a year before moving to the next job, often at a rival firm. ASIS found that roughly 20 percent of workers at Fortune 1000 companies are temporary or part-time workers.

Although companies often require regular employees to sign non-compete clauses, in which employees promise not to work for a direct competitor for a year or more after they quit, contractors sometimes fall under the legal radar. ASIS found that few companies do thorough background checks on temps, yet most have no qualms assigning them to work with sensitive data.

Despite alarming statistics, some tech workers say espionage fears are overblown. The vast majority of companies respect the trade secrets of their rivals, they say.

Intel spokesman Chuck Mulloy didn't deny that many companies rely on defectors from rivals to determine competitors' plans. There is no specific law forbidding questions about a worker's current employer in a job interview.

Reference: Trends in Proprietary information Loss

Related articles: Oracle spying on Microsoft allies

 
Author information.
Copyright © [Telecom and Logistics Associates Sàrl]. All rights reserved.
Revised: juin 30, 2000 .

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the facts of the particular situation.