Do you know who is in charge of counter espionage issues within your firm? Head of IT, Head of security?
"It might shock you to know that neither of these people have in 99% of cases had training in counter espionage."
Most IT or security professionals have no or little idea; the subject of espionage is just not covered by most IT or Security courses, not even at Degree or Masters Level. The subject of countering espionage is one that falls through the gaps of both knowledge and responsibility.
The reality is that countering espionage in any organisation does not have to cost a lot. A good defence is mostly about having the basics right. Anyone looking to target your firm or organisation is going to look for the easy options first, the low hanging fruit. If things are too hard early on then there is a high possibility that they will move on. It’s about having your ducks in a row or at least some of them!
If your firm or organisation is being targeted, the chances are that the budget set to gain intelligence from you is not going to be in the Millions of Dollars, even in the larger cases we have seen the budget is incremental, based on results; so, make it hard early on and the chances are you will survive and limit any damage done and reduce the loss of information, the loss of information and maybe reputational and financial damage.
Espionage can be an expensive business; intelligence gathering even at entry level could run into hundreds of thousands of Dollars. So, the value of information/intelligence is relative, what is that information worth. A simple piece of information about a company, a Court case or a product in development might well be worth a lot; bid and tender information, well, some might pay more for that…
The key to any act of espionage is getting away with it and of course leaving the doors open to return time and time again for more information. Whoever is targeting you is nine times out of ten not going to want to “kick the doors in”; “hit and run”; they are going to want a softer approach, they are going to want to be able to return...
So, is an attack going to start with mobile telephone interception and email interception/hacking? No, in reality from the off the investigating company or individual is going to be looking at the very basics, what can they gain for nothing? Remember that these people are most likely getting paid for this, so it’s about “bang for buck”, what can they get that is not going to break the budget?
Is your company at risk of electronic eavesdropping?
A lot of companies do have this concern; the reality is that it’s far easier operationally to place a hi-tech GSM eavesdropping device (hardwired) than to hack a PC and to stay undetected. Remember though that any audio, just like any other intelligence gained needs to be reviewed, disseminate, reviewed and if needed acted upon. Only a professional Technical Surveillance Counter Measures (TSCM) Sweep/Survey will provide professional reassurance of sterile areas.
If this is a targeted attack as opposed to an opportunist or fishing exercise, they are going to have to report back first findings, try and increase the budget, this might be a show stopper at this stage, if the attackers come up against enough basic counter measures or strong security practices.
Corporate espionage is of course a business, a growing one. Everyone wants information that will give them the upper hand and if this can be brought at a low enough price with little risk, then why the hell not!
Weak points and assets – your staff!
Your People, your staff can either be a security risk or a security asset. Good security starts at the very bottom and goes to the very top. It is the responsibility of every individual and every team, from cleaner to C level.
You can either create an educated “aware” and responsible workforce, producing a resilient, dynamic organisation or just bury your head in the sand. That is down to you how much you want to invest into the core or your organisation and its security.
Have counter espionage on your agenda, talk about it, discuss possible internal and external risks; if someone is in charge of “countering espionage” in your firm or organisation, make sure that they have the tools, support and understanding to review and implement procedures.
International Intelligence Limited provides a sound service that will look at an organisation from the bottom up, looking for those very weaknesses that will be exploited at the early stages of an attack.
Intelligent Training International Limited, our sister company offers lectures aimed at business or security professional; bespoke training or lectures is also available for firms or organisations to belt improve the level of understanding and of course discuss worries and concerns across your firm.
Counter espionage services: https://www.international-intelligence.co.uk/counter-espionage.html
TSCM services: https://www.international-intelligence.co.uk/technical-surveillance-counter-measures.html
A guide to TSCM: https://www.international-intelligence.co.uk/tscm-sweep-guide.html
Counter espionage Lectures: