Using espionage methods for commercial or financial gain is known as corporate espionage, sometimes called industrial espionage, economic espionage or corporate spying. When we think of “espionage,” we usually imagine spies from one country attempting to obtain information about another. However, many of the same techniques — and even many of the same spies — are used in both realms.
In this blog post, we will discuss corporate espionage, the types of corporate espionage, how to prevent cyber espionage and more!
What is corporate espionage?
Corporate espionage is spying on corporate organisations to collect information that may be used to benefit another company. Both companies and individuals do this type of corporate spying, but it can be very costly if you are not careful.
Example of corporate espionage:
Apple and Samsung have been locked in patent lawsuits for years. In one such case, it was revealed that Samsung hired someone to steal trade secrets from Apple. This is an example of corporate espionage, as Samsung attempted to gain an advantage in the legal battle by stealing information from its competitor. Not all corporate espionage is considerable.
Types of corporate espionage:
There are two main ways corporate espionage can be conducted:
Physical corporate espionage
This type of corporate spying includes the art of dumpster diving and other physical means of collecting data, including bribery. Companies hire corporate spies or private investigators to spy on one another to gain an advantage over their competition.
For example, you may have a competitor that you suspect is hiring corporate spies to steal your trade secrets, intellectual property and proprietary information. You may also have employees taking confidential data from your company and passing it along to the competition.
Cyber corporate espionage
This type of corporate spying includes hacking, computer viruses and other means of obtaining information electronically. Corporate spies can gain access to sensitive data by hacking into the company’s network, email accounts and other electronic systems. They can also plant computer viruses to steal company data or shut down procedures.
Detailed types of corporate espionage include:
It might include anything from the theft of automobile or aerospace designs to the formula for new medicine—a recipe for fresh food or drink. Outsider criminals, foreign companies, or disgruntled employee insiders who see a chance to get hired or compensated by a rival for theft are all potential threats.
Another type of corporate espionage is breaking into the physical premises or files to steal corporate data. Insider workers or visitors who gain access to the assumptions may still have access to a surprising number of critical business assets in physical form.
Hiring away employees
Competitors frequently attempt to recruit workers from competing firms to obtain access to the information they have learned on the job. The vast majority of the time, employees’ knowledge acquired on the job is part of a trade and may legitimately be transferred; however, there are times when employees depart with valuable trade secrets, intellectual property and formulas in their heads that they can apply to their new companies. They can be a process controls engineer or someone knowing a private company’s trade secret, manufacturing methods or marketing strategies. Insiders learning trade secrets can transfer trade secrets to other companies as revenge from the company.
Wiretapping or eavesdropping on a competitor
In addition, portable devices that listen in or record specific conversations, such as private board meetings, are becoming increasingly common. This wiretapping may be legal and permitted in some situations, but it is illegal to listen for economic or strategic advantage in other circumstances.
Cyber attacks and malware
Disruptions of this sort, whether via a distributed denial-of-service assault or malware that corrupts a firm’s network or computer databases, are all attempts to disrupt one another by damaging daily operations and disabling their capacity to operate. This has become a concern for governments due to potential cyber-attacks by terrorist groups or hostile foreign governments.
Read our experience in legal sector cyber security domain here.
Is corporate espionage illegal?
Yes, corporate espionage is illegal. Corporate espionage laws vary from country to country, but in most cases, it is considered theft or fraud. Acquiring trade secrets and proprietary or operational information, such as customer data of private companies, can make you face criminal prosecution.
Is corporate espionage illegal in the U.K.?
According to U.K. law, corporate espionage is illegal. The official website of I.T. Governance Ltd states that corporate fraud and economic crime are considered offences.
Industrial espionage vs competitive intelligence:
Industrial espionage is corporate espionage. It refers to the practice of spying for commercial gain and has been around since at least 3000 BC when Babylonian merchants stole their competitor’s trade secrets by bribing ship captains. Foreign governments that focus on economic development, especially those where many businesses are state-owned, commonly use corporate spying.
On the other hand, competitive intelligence companies (CI) measure data that can be collected from public sources such as news articles, blogs, annual reports, new government regulations etc. The purpose of corporate intelligence is to gather intelligence and give a company an edge over its competition by providing them with information that it would not otherwise have access to. While corporate espionage may involve stealing data from a competitor, a competitive advantage does not require any unethical collection means and is perfectly legal.
Not only can governments collect information on commercial entities, but other organisations can also spy on them. Orchestrating espionage is also done by industrial spies. For example, a company may want to know the conditions of a government contract before bidding for it, and this is carried out by an industrial spy and can be a criminal act.
Is industrial espionage a crime?
Industrial espionage is corporate spying, and corporate espionage is a crime. Industrial espionage includes corporate intelligence on the part of companies and individuals and may even include bribery to obtain information that can be used against competitors or other organisations. In most countries, spying for commercial gain is considered theft.
Corporate spies may include corporate insiders and outsiders—a corporate insider transfers trade secrets from one company to another, such as trade secrets contractors. Corporate outsiders are individuals outside the organisation that work for their own commercial or financial purposes by stealing secrets from companies through espionage techniques such as wiretapping, technological surveillance or bribery.
What are trade secrets?
Trade secrets are confidential business information that gives a company an economic advantage over its competitors. This can include anything from the formula for a new product to the customer list of a rival company.
What are the origins of corporate espionage?
It is believed that corporate espionage first began when Babylonian merchants hired spies to steal company trade secrets from their competitors. In the 16th century, Italian merchants used similar tactics to gain an advantage over their rivals.
In the 18th century, as Britain became an industrial creditor, there were reports of corporate espionage between British and French companies. France made a concerted effort to steal British industrial technology on a large scale, and historical accounts of corporate espionage are already between them.
East vs West economic espionage became prevalent in the 20th century. Notably, Soviet industrial espionage was part of their more extensive spying operation throughout the 1980s. The Soviet Union often duplicated American companies’ CPU products.
What industries are common targets for corporate espionage?
Economic and industrial espionage are frequently linked to high-tech sectors such as:
- Computer software: corporate espionage involving the theft of software and business plans.
- Information technology: corporate espionage involves gathering information related to computer networks, telecommunications devices and data.
- Manufacturing industries: spying on crucial manufacturing processes to develop knock-off products or substituting materials can also be a problem.
- Pharmaceutical industry: corporate espionage includes stealing secrets, business plans, and sometimes the product itself.
- Hardware: corporate espionage in the technology sector also includes stealing or attempting to steal trade secrets related to new hardware products and designs.
- Biotechnology: corporate espionage involving spying on the biotechnology industry is also common.
- Aerospace: corporate espionage in the aerospace industry typically includes stealing secrets related to aircraft design, avionics, and other sensitive information.
- Telecommunications: corporate espionage in the telecommunications industry can include stealing trade secrets related to new products, services, and technology.
- Transportation and engine technology: corporate espionage in the transportation sector is also common, including stealing commercial secrets related to major corporate activities such as new product development.
- Automobiles: corporate espionage in the automobile sector involves corporate spying on secrets related to new car models and technologies.
- Oil: corporate espionage is also common in oil, gas, and energy industries involving corporate spying on new product designs, production processes or research findings.
- Construction materials: corporate espionage of a company’s construction material suppliers can lead to the development of knock-off products and the substitution of materials.
- Machine tools: corporate espionage involving the theft of machine tool designs can lead to a loss of competitiveness for the targeted company.
- Materials: corporate spying on corporate materials suppliers to learn about new technologies, production processes and product designs.
Corporate espionage in every industry is different. However, it always has the same goal – to gain an advantage over competitors by stealing corporate secrets and confidential information about their clients or product lines.
How to protect an organisation against industrial espionage?
Organisations can implement the following practices to help protect against espionage.
Stringent background checks and screening of new hires
H.R. executives are split on whether or not background and security checks should be done before hiring. Before employing people, companies should thoroughly screen them.
Monitor employee activities
Employee monitoring is now ubiquitous on virtually every network, hardware, and software platform that may track activity, such as access to specific data vaults, apps, and edge or portable devices. Suppose there is an illegal entry or unauthorised access taking place in a region of the country or world where it should not be permitted. In that case, this security monitoring software can generate an alert.
Secure physical premises and assets
A company’s headquarters buildings and field offices can be secured and maintained. An example is the limitation of third-party service providers to block their physical premises from doing business with the firm.
Secure digital assets
The network, computer, application, edge, and mobile device levels should be secured. The I.T. should ensure security updates are implemented as soon as possible and verify that third-party devices, such as routers and sensors, meet corporate requirements by checking the incoming security settings.
Fully patent company designs, inventions and discoveries
There is no one worldwide international patent, any business contemplating the sale or use of its items to foreign countries should apply for patents in those nations.
Use employee non-compete agreements.
Engineers, researchers, attorneys, and other individuals with access to sensitive data should be required to sign a non-compete agreement that bans them from sharing corporate information with a competitor for at least one year after they leave their employer.
Audit your security regularly
It is critical to hire an external audit firm yearly to review business physical and cybersecurity and worker policies and procedures.
These practices will help ensure that your company is doing everything possible to protect its assets from being stolen or compromised.
Five myths about corporate espionage
Some organisations may be caught off guard by industrial espionage dangers that can cause damage. Here are five common misconceptions about corporate espionage.
A U.S. patent serves as complete protection for your product ideas and findings.
There is no global agreement among countries to respect U.S. patent rights if your firm patents a product design, invention, or discovery in the United States. A business must file for patent protection in each nation it wants to utilise its I.P.
Employees can be trusted.
According to Comparecamp.com’s employee theft statistics, 95% of all firms had incidents of employee thievery in 2020, with 75% admitting to having stolen something from their coworkers at least once. Some of this thievery included sensitive information.
Cyber attacks are the primary vehicle for the most industrial espionage cases
While digital conduits are a popular vehicle for industrial espionage, not all of them occur this way. Even bad actors may break into physical locations to steal confidential information that isn’t digitalised.
Only bad actors commit industrial espionage
Employees continue to communicate information informally with others, such as at a backyard barbecue, in a restaurant, or during a sports event.
Networks and digital assets with state-of-the-art security are safe.
Even if a company has the most robust cybersecurity in the world, if its I.T. department and business users cannot keep up with the latest security updates and best practices, it is still an attack vector for a cyberattack.
A corporate espionage case study
In 2011, when corporate espionage in the corporate world was becoming a more serious issue than ever before. Yu Bingbing was caught stealing secrets from her employer and selling them to their competitors in China. GlaxoSmithKline PLC has employed her since 2002 as a quality control manager of the company. She had worked at the company for six years before she decided to take corporate secrets about their drugs.
She was caught when an anonymous source contacted GlaxoSmithKline PLC and told them that someone in the corporate espionage department of their competitor, Shanghai Roche Pharmaceutical Co., Ltd., where Yu Bingbing is currently employed, was receiving corporate secrets from her.
After an investigation, it was revealed that Yu Bingbing had sent emails to Roche containing confidential and exchanging secret information about GlaxoSmithKline PLC’s drugs for the past six years. She was arrested and charged with corporate espionage in 2011.
This case study is a perfect example of how severe corporate espionage can be. With corporate espionage cases on the rise, GlaxoSmithKline PLC took appropriate measures to ensure that they would not be a target for corporate espionage again in the future.
As it’s clear from the above article, this is one of the main attack vectors that corporates should be aware of. Whether an attacker’s intent is for commercial gains, competitive IP theft or financial gains, organisations must have prevention measures in place to contain such threats and incidents.
Get in touch to discuss any primary security concerns, and subscribe to our blog for constant updates.
Shahrukh, is a passionate cyber security analyst and researcher who loves to write technical blogs on different cyber security topics. He holds a Masters degree in Information Security, an OSCP and has a strong technical skillset in offensive security.