The Cold War is long over, but World War III is an economic war. Competition is now global and there are more competitors than ever before.
Business ethics are not what they used to be. Personal reputation and accountability cannot carry you too far. The pressure is on as never before and in a crowded business community questionable illegal and immoral practices are cloaked in anonymity.
Today’s business environment is rife with incidents of industrial espionage. Knowledge is no longer just power, it is money too. BIG MONEY! Tapped phones, bugged offices, covert recordings, undercover employees, phony repair people, car phone monitors, fax intercepts, dumpster divers, competitive intelligence professionals etc. are terms related to business and yet one would have never heard of them. They are related to information security and that is a subject not taught yet in business schools.
Many executives, even corporate directors, never saw all these as part of their job description. Yet, keeping business information where it belongs is now not only their major concern but their responsibility. Information is where the money is. Information theft is an easy, safe and lucrative ‘business’ proposition.
Eaves dropping laws are in their nascent stage and difficult to enforce. Also, advancements in electronics and optoelectronics have made communication interception easy and cheap. Corporate security heads are at their wit’s ends while dealing with information leaks and thefts. It could be their fear of looking silly while dealing with an invisible monster or it may be the unfamiliarity with the mechanics of dealing with espionage. Business community is fast awakening to the fact that if information has a monetary value or power value, it is a potential target. Eventually, someone will try and take it.
This has led to a new term “industrial espionage” being coined. It is different from the original term ‘espionage’ used to describe spying indulged in by governments for national security. Industrial espionage is conducted for purely commercial purposes both by governments and by private organizations.
Corporations have been known to spy on their competitors to gain a competitive advantage. Spying may involve the theft of trade secrets or removal, copying, recording of confidential and valuable information. It also includes sabotage of a competitor as an accepted practice.
Industrial spies steal only the information which is sold for what it is worth. An industrial spy also manages to sell the same information many times over. Every competitor is a potential customer of the stolen data.
It is important for an organization to protect its intellectual property in view of the extremely competitive and unsafe business scene. Despite an increasingly sophisticated technology and ongoing research, there is no magical solution to this threat to IP. An effective multilayered protection programme must include:
1. Identifying your intellectual property or trade secrets.
2. Making an estimate as to how much is your IP worth. This will change over a period but it is important to update it and put appropriate protections in place. It will also help in prosecution in event of a real theft.
3. Ranking trade secrets according to their value as well as threat, vulnerabilities and resulting risks.
4. A comprehensive education and awareness programme for the employees, contractors and partners.
5. Defining programmatic compliance and operational scales to measure the performance of your IP protection against key indicators to help gauge how effectively you are protecting your IP.
Even after the security procedures are put in place, there is a strong possibility of an intrusion or a theft. The spies are technically updating themselves everyday and are finding increasingly ingenious methods to defeat your protection programme. They often leave no tell-tale signs of their handiwork.
This is where!b> “intrusion detection” has a role to play. Intrusion detection is a type of security management system for computers and networks. It gathers and analyses information from various areas within a computer or a network to identify security breaches which include both intrusions and misuse.
Digital forensics is used after an intrusion has been detected. It is the application of computer investigation and analyses techniques to gather evidence suitable for presentation in the court of law. The goal of digital forensics is to perform a structured investigation while maintaining a chain of evidence to find out exactly what happened and who was responsible for it. It goes a long way in not only getting the guilty punished, securing apt compensation from them but also in learning a lesson and deterring any future attempts.
Article Directory: http://www.articletrunk.com
James Walsh is a freelance writer and copy editor. For more information on computer crime and Computer Forensics see www.fieldsassociates.co.uk
Please Rate this Article
Not yet Rated