Friday, June 16, 2017

Why You Need a Technical Information Security Survey - Reason #413

Reason #413 - Yes, they are out to get you.

Here is a brief excerpt from an Entrepreneur Magazine article I read recently. It's entitled: 



3 Reasons You Should Spy on Your Competition 


"One of the best ways to thoroughly understand your market is to take a look at your competition. By not spying, you are at a significant disadvantage. 

 

Here are three reasons it’s a good idea to spy on your competition…
  1. Without spying, it’s impossible to know what you’re up against -- as a result, you can’t completely prepare.
  2. It’s easy to do. Don’t be discouraged from spying on your competition by assuming that it is daunting or resource intensive. 
  3. It would be wasteful to not spy. Speaking of wasted resources, without spying on your competition it’s very easy to waste time trying to find your ideal market and your reach."
Although the article does not advocate anything illegal, do you really think a budding entrepreneur ingesting this advice will stop after tasting (legal) low-hanging fruits of knowledge? No, forbidden fruit is even more nourishing. They will "ladder up."

Background

There have always been industrial espionage spies and business espionage tricks. Heck, the Industrial Revolution in the U.S. began this way. The Chinese lost their secrets of silk this way.

Spying as a method of getting ahead in business, was not encouraged by the media during most of the 20th Century. Children were taught entrepreneurial ideals, like: hard work, independence, persistence, and inventiveness.

So, how did we get to the point of, "Screw it, let's just spy!”

Corrosion of societal mores is an evolutionary process. Some of you will remember the days when kids had heroes who exemplified moral codes: The Shadow ("The weed of crime bears bitter fruit. Crime does not pay."), Joe Friday (Dragnet), Dan Matthews (Highway Patrol), The Lone Ranger, etc. Others may remember the glamorization of the "good" spy from TV shows like: Secret Agent Man, The Man from U.N.C.L.E., Mission Impossible, and The Prisoner.

These radio and TV shows still languish deep in digital tombs like YouTube; as forgotten as the Greek Chorus. On the bright side, at least these morality plays still exist.

1960’s spy shows spawned a huge market for children’s spy toys. The market remains strong today, and much more technically advanced.

For decades, children have grown up with spy toys. Spy toy manufacturers blatantly promote spying as cool and fun.

The morally strong TV heroes children used to look up to have disappeared. Today’s “Super Hero” has little connection with reality. The good vs. evil dividing line in the plots has become fuzzy. The super heroes themselves are confusing. Dark sides and moral cracks have infected the genre. Several generations of children have been desensitized to spying, and now, as adults, their moral compasses look like Batman fidget spinners.

Today’s Reality

The workplace is now filled with former children who have no compunction about spying. Almost everyone has a spy tool in their pocket that Maxwell Smart could only dream about. And, if one needs a thumb-sized bug that can be listened in on via a cell phone, from anywhere in the world… it can be purchased on eBay for less than $25.00.

Analysis of Business Espionage Today
   • Risk level: Low.
   • Reward level: High.
   • Why people spy in the workplace:
          - Money.
          - Power.
          - Sex
   • Surveillance Tools:
          - Inexpensive.
          - Readily available in spy shops and 
on the Internet.
          - Untraceable when purchased from 
foreign countries.

Other Contributing Factors…
  • The mores about eavesdropping and espionage have changed.
  • Increased competitive pressures placed on employees, consultants and businesses force ethics bending.
  • Media glorification presents spying as sexy and justifiable.
  • Since the 60's, spy toys and games have been actively promoted to children as being fun and acceptable. Children grow up.
“We don’t need a Technical Information Security Survey. We’ve never had a spying issue here.”

How would you know?
 

Spy Rule #1 - Stay undetected. 
By definition, successful espionage goes undetected, only failures become known.


If you ignore business espionage, or decide to take a “risk-assessment” gamble, you will never know if you’re bleeding information. (Parasites don’t alert their hosts.)

Business espionage can be forced to fail.
Actively look for:
  • evidence of information loss,
  • evidence of electronic surveillance: audio, video and data,
  • information loss vulnerabilities in: the workplace, your transportation, your home office, and at off-site meeting venues,
  • loopholes in your perimeter security,
  • decaying or broken security hardware, upon which you rely,
  • information security policies employees no longer follow,
  • information security vulnerabilities inherent in normal office equipment,
  • and, an independent security consultant, whose specialty is the Technical Information Security Survey, to do this for you.
Vigilant organizations conduct these surveys during off-hours, on a quarterly basis. Diligent organizations tend to have their surveys conducted biannually. Negligent organizations, well, they just have their pockets picked. The point is re-inspections limit windows-of-vulnerability. They also cost less.

An independent consultant’s report is proof of the organization’s due diligence, and may be very helpful in showing enhanced duty of care for trade secrets and other sensitive information in legal settings.

Considering what is at stake, a Technical Information Security Survey is very economical insurance, even better than insurance… it can prevent losses in the first place. Add it to your security program.