Risks related to industrial espionage
The custom of confidential information has been practiced for centuries. A striking example of this is the leakage of the secrets of the production of Chinese silk. Sources indicate the date: 522 AD. Of course, this has happened before, but this incident is described most fully in history. Thanks to two Nestorian spy monks, China lost its monopoly on the fabric.
Industrial espionage now poses a greater threat to business than in historical examples. This is due to the increasing number of ways to obtain confidential information. And they, in turn, depend on the number of sources for keeping trade secrets. A larger number of employees now have access to classified data, including those who use this privilege for their personal interests.
In the first place are the risks associated with a huge number of technical components. This includes the means of communication. Business is almost always an advanced information technology-based system. And this:
- communication,
- personnel accounting,
- distribution system,
- procurement system,
- control of technological processes.
Communication
Communication is one of the most common channels where industrial espionage can be used. It can be a source of problems in all of the above-mentioned divisions, if by communication we mean the entire infrastructure, including the Internet, paper correspondence, and the oral transmission of orders. However, let us dwell on the telephony segment.
The damage from interception of telephone conversations is quite high. Conversations can be an obvious channel of information leakage or indirectly involve trade secrets.
Explicit espionage is when data is transmitted by voice over open channels. This is the case when the structure of the enterprise has an outlet to the outside world, and orders, discussions and any other information can be easily intercepted.
An indirect telephone leak involves the interception of information that can be used to link events and draw conclusions. An example would be a dialogue that is not directly related to the enterprise, but contains information that a competitor needs. Typically, this type of leak is not intentional and is due to the negligence of workers. These types of implicit industrial espionage are difficult to control and suppress.
Personnel accounting
The specialists working at the enterprise are often the sources of information "leaking". If business and production activities involve such risks, appropriate agreements on non-disclosure of commercial secrets are drawn up with employees. If there are fears that industrial espionage in personnel is serious enough, then the documents also stipulate the time interval for non-disclosure, for example, when an employee is fired. Depending on the degree of damage caused, liability is provided, up to criminal. Also, contracts are often clauses about liability for lost profit and its compensation. In this way, attempts to entice employees by competitors are suppressed.
Sales system
For the sale of finished products, it is possible to track the regions of supply and the enterprises to which goods are shipped or services are provided. Third-party logistics increase the chances of industrial espionage. After this information is leaked, competitors can offer existing customers more favorable terms, for example, goods at lower prices.
Therefore, all contractual relations must be protected: one of the ways to prevent the interception of the sales channel is long-term cooperation of partners, certified legally, with the presentation of financial claims for terminating the contract unilaterally.
Procurement system
From the transparency of procurement, an enterprise can pose a threat of interception of components and components used by production. The study of their quantity and quality by analytical methods makes it possible to reveal the compositions and technologies of production of products, the method of manufacturing which is a trade secret.
Technological processes
The presence of a unique product or service on the market immediately attracts attention. More and more manufacturers are rejecting outright fakes, but an exact copy with the same characteristics is a completely different level.
The risk of technology theft during production is always present. Another historical example of industrial espionage is the theft of the loom from Britain in 1789 by the Americans. Britain treasured the secret of production so much that it was strictly forbidden for specialists who understood the design of the loom to leave the islands. The situation was changed by a man who worked as a simple apprentice without technical education, but with a phenomenal visual memory. Having left for America without any problems, he reproduced the entire design from memory, and the first fabric factory started working on the shores of the New World.
The realities of today are dictated by technical progress. All industries that produce more than one unit of goods per day, one way or another, exercise control or management, using computer technology. Such systems are often targeted by hacker attacks.
Exchange of commands, temperature conditions, time frames of processes - all this is controlled and controlled according to publicly available industrial protocols. They are usually not encrypted and their specification is well documented. Intercepting the traffic of equipment will help you easily understand the manufacturing technology of something and reproduce it down to the smallest detail. It is easy to determine even the type of equipment used from the technical information obtained by interception.
Control at enterprises
Security systems can be another source of information for industrial espionage. For example, hacking of video surveillance systems at a production facility will provide an attacker not only with technical information, but also with a model for organizing work in the structure.
Access control equipment can serve as a source of employee information. Nowadays, all data is often stored in cloud storage and represents a potential risk of leakage. Information about an employee received by cybercriminals can influence him in real life. Where there is a lot of money, moral and ethical principles are not considered. It is possible both pressure and threats to take possession of some commercial secrets.
Insiders
Inside information is always most valuable. Unreliable insiders are ready to provide information to third parties in pursuit of material gain. An ordinary employee can become an insider against his will. A person who has no idea about production is quite capable of inserting a USB flash drive into a PC, peeping passwords. The fight against this type of industrial espionage can be carried out in the process of analyzing the behavior of employees, for example, using video surveillance.
Conclusions
Any activity, hacker or insider, is sufficiently developed in the field of information collection. There is no concept that it is impossible to hack something, there is a concept - is it profitable or not. If the information covers the costs of hacking, then any protection will be hacked. It is a fact.
Ensuring security is to make the process of obtaining data as unprofitable as possible. Well, fencing from external sources of invasion is also worth considering. This measure is quite effective in protecting against espionage. This is achieved by the autonomy of production, localization of information networks, limitation of the use of portable data storage (smartphones, laptops, cameras).
09.12.2020
