The threat to America’s trade secrets—and to our national security—is real, whether it comes in the form of international spies, hackers probing online security systems, or disgruntled employees out for revenge.
The biggest threat to U.S. industry comes from East Asia. This region accounts for 43% of the reported cases for industrial espionage this past year1. Despite what you may think however, the majority of the threats come from commercial entities seeking unclassified technology, not state-sponsored espionage targeting military secrets. The primary means they use to gain information is through exploitation of a company’s computer network. This could be through deliberate hacking attempts, introduction of a virus or, the easiest, successful phishing attempts where users give them access by providing logins and passwords. Besides giving away trade secrets to a potential competitor, this “free” technology allows them to bypass the costly research and development phase and go directly to production. This gives the foreign company an unfair advantage in the market place as they can underbid U.S. companies that are paying for the R&D.
So, what can we do to reduce the threat?
- Recognize there is an insider and outsider threat to your company.
- Identify trade secrets and implement a plan for safeguarding them.
- Secure physical and electronic versions of your trade secrets.
- Confine intellectual knowledge to a need-to-know basis.
- Provide training to employees about your company’s intellectual property plan and security.
- Do not store private information vital to your company on any device that connects to the Internet.
- Use up-to-date software security tools. Many firewalls stop incoming threats but do not restrict outbound data.
- Educate employees on e-mail tactics such as spear phishing. Establish protocols for quarantining suspicious e-mail.
- Remind employees of security policies on a regular basis through active training and seminars. Use signs and computer banners to reinforce security policies
If you feel you are or have been the target of an attempt to gain sensitive information, classified or unclassified, REPORT IT! Contact your Facility Security Officer, the FBI, Defense Security Service or local law enforcement. These agencies depend on this reporting for much of the beginning phases of the investigation process. The threat is real and the economic health of the United States is at risk.
1Data taken from Defense Security Service Report: Targeting U.S. Technologies 2012 – A Trend Analysis of Reporting from Defense Industry