The Ultimate Guide for Small Businesses to Combat Economic Espionage

For decades, the US has been a victim of economic espionage — a foe that is now costing American companies billions of dollars in lost revenue. From hacking government websites to infiltrating research institutions with spies, competitors and foreign governments are pulling out all the stops to steal trade secrets.

This scourge is no longer limited to large enterprises and government organizations, even small business owners need to watch out. Particularly, those who work with larger enterprises or government organizations. Such organizations often succumb to these attacks because of the lack of a strong counterintelligence mechanism.

This statement is purported by the fact that there has been a massive increase in the total number of supply chain attacks. This form of cyberattack is launched to gain access to a target through a third-party service provider. According to a report, the year 2020 has witnessed a 430% surge in next-gen supply chain attacks launched by injecting malware into open-source software applications. While the goal is generally the theft of trade secrets or intellectual property (IP), companies can also find themselves the victims of ransomware attacks and extortion.

Studies reveal that over 43% of cyberattacks target small businesses, which is mainly due to weak security protocols. Also, that one out of every six small businesses shuts down after a cyberattack emphasizes the magnitude of this menace. So, to help small businesses defend themselves in the digital world, we decided to discuss some proven cost-efficient tactics to avoid the theft or misappropriation of trade secrets or intellectual property.

Secure your Intellectual Property (IP) and Digital Assets

Also referred to as industrial or corporate espionage, economic espionage is a broad concept with technology at its epicenter. Since data is now stored electronically, the tactics used by state-sponsored enemies have also transformed, and so should your defense strategy.

So, it is inevitable for businesses to secure physical and digital forms of business assets such as intellectual property (IP). Also, business assets such as source codes, innovative designs, formulae, etc. must be adequately protected. Such assets have been stolen in the past and are now targeted more than ever before. After all, intellectual property accounts for over 6 trillion US dollars, which is roughly about 38.2% of the total US GDP. More importantly, it creates close to 45 million jobs, which are likely to be affected unless the IP is adequately protected. The most efficient way of doing this is by limiting access to such assets and using multi-factor authentication systems.

Defend Cyberattacks using Advanced Technologies

Just because small businesses cannot spend millions of dollars on setting up an in-house SOC doesn’t require them to remain vulnerable to security risks. A simple way forward is to hire the services of reliable managed SOC service providers. In doing so, pick one that is equipped with the best Artificial Intelligence (AI) and machine learning security solutions.

These tools constantly monitor your systems and shoot out alerts in case of anomalies, which lets you detect and respond to threats with no delay. By identifying changes in network traffic patterns, such tools easily track suspicious elements. With an increased reliance being placed on Internet of Things (IoT) devices, organizations cannot ignore such security measures.

So, hiring managed services works extremely well for small businesses because it eliminates the costs associated with security software licenses, cybersecurity professionals, training costs, etc. Depending on the size and volume of your business, such managed SOC service providers evaluate your needs and provide budget-friendly services. You can then upgrade these services when your business requirements increase.

Recruit Carefully

Competitive nations such as China and Russia are leaving no stone unturned to walk away with economic intelligence. In 2017, an IBM employee pled guilty for corporate espionage involving the theft of IBM’s source code. Although the employee worked in China, the trial went on in the New York District Court and ended in a guilty plea.

So, make it a point to perform thorough background checks and due diligence investigations before hiring professionals. Especially those who are likely to gain access to confidential data such as those having a technical background. Recently (in 2014) DuPont’s titanium dioxide formula was stolen by its Chemical Engineer, who was later convicted by the Californian Federal District Court. 

That explains how dangerous it can be for smaller businesses with fewer restrictions or oversight. Adopting ad hoc measures such as data segregation, followed by limited access based on job profiles, are important steps to safeguarding IP or trade secrets. When possible, businesses must also make use of CCTV surveillance for physical monitoring and screen recording for digital monitoring. Restricting digital devices with storage within the work area is also recommended.

Finally, small businesses must implement ongoing precautionary measures such as employee screen recording for employees at all levels. Back in 2013, Motorola’s ex-employee, who worked with the telecom giant for over 9 years was convicted by a Federal Court for stealing trade secrets. This helps explain why simply running a background during recruiting and then letting your employees loose can be fatal. Economic espionage affect businesses of all sizes, and training for smaller organizations can be a real challenge. What brings me to our next topic.

Train your Employees

Ever since cyber crime developed, phishing attacks have been extremely successful despite being easy to detect. A study reveals that one out of every eight employees ends up being a victim and sharing information with the wrong person. Over time, there’s a new variant of this form of cyberattack called the spear-phishing attack that has been making rounds. 

Did you know that over 95% of all attacks that targeted enterprise networks were launched through spear-phishing? This is an attack wherein the attacker deceives the recipient into disclosing sensitive information on the pretext of being someone the recipient knows, like a colleague or a customer.

For instance, if your bank asks you for your social security number, you are likely to oblige. Spear Phishers pretend to be such credible persons and steal data from employees. The only way to prevent this from happening is by creating cybersecurity awareness among your employees through regular training sessions and penetration testing

Takeaway:

In the US, small businesses contribute to over 50% of the total GDP. So, if you are one out of the 27 million small businesses that support the world’s largest economy, competitors aren’t going to let that pass. Before things go wrong and you end up being a victim of economic espionage, consider implementing the above-mentioned security measures to defend your organization.

As always, if you think your organization may be threatened by economic espionage, our security experts are here to help. For over 30 years we’ve helped businesses anticipate and navigate risk before it becomes a crisis. If you would like to learn more about how we can help you protect what matters most, let’s talk.

Additional Resources

• The Future of Work: Protecting Trade Secrets (Blog)
• Chesley Brown Group Corporate Investigative Services
• Corporate Counter Espionage (Podcast)
• Electronic Countermeasures (Podcast)