Corporate Spying: Snooping, by Hook or by Crook

Corporate spies come in many guises, but they all have one thing in common: They want to use your company's secrets for competitive gain. This is a five-step guide to how snoops operate.

By Sarah D. Scalet

May 01, 2003 — CSO — If a thief tries enough doors, odds are good he'll eventually find the one that's been left unlocked. Consider the following examples.

In the week before one company released its quarterly report, employees in units that report to the CFO received some 200 calls from people claiming to be with a credit reporting agency that needed information about the earnings report prior to its release. Employees were instructed to transfer all such inquiries to the security office, but the calls kept coming. A research company hired by the competition was betting that eventually, someone would slip.

An engineer regularly had lunch with a former boss now working for a competitor, and he fancied himself a hero as he collected rewards from management for gathering competitive intelligence. Little did he know that the information he was giving up in return caused his employer, formerly the market leader, to lose three major bids in 14 months.

Immigrants from Eastern Europe who were working as scientists on an American defense project kept getting unsolicited invitations from their home countries to speak at seminars or serve as paid consultants. The invitations appealed to them as scientiststhey wanted to share information about their work with peers. The countries saw this kind of intelligence gathering as cheaper than research and development.

All of the previous stories are true. "People think that stuff doesn't happen, that it's all TV and movies, but the fact is that these things do happennot every day, but with regularity," says William Boni, vice president and CISO of Motorola and a former Army counterintelligence officer who coauthored Netspionage: The Global Threat to Information.

"I call it the death of a thousand cuts," Boni continues. "Because most organizations don't have a means of tracking the loss of proprietary information; they go on constantly hemorrhaging, constantly losing market share. Gradually it takes the vitality out of the organization because it's hard to invent and create things faster than people are leaking it or stealing it. It might be seen as, oh well, that's just bad luck in business."

But it's bad luck that adds up to billions of dollars each year for U.S. businesses, according to a survey done by the American Society for Industrial Security. The 138 companies that responded to the September 2002 survey reported that the loss of proprietary information, often in the form of research and development or financial data, cost them at least $53 billion in 2001 alone.