The Ultimate Guide for Small Businesses to Combat Economic Espionage

For decades, the US has been a victim of economic espionage — a foe that is now costing American companies billions of dollars in lost revenue. From hacking government websites to infiltrating research institutions with spies, competitors and foreign governments are pulling out all the stops to steal trade secrets.

This scourge is no longer limited to large enterprises and government organizations, even small business owners need to watch out. Particularly, those who work with larger enterprises or government organizations. Such organizations often succumb to these attacks because of the lack of a strong counterintelligence mechanism.

This statement is purported by the fact that there has been a massive increase in the total number of supply chain attacks. This form of cyberattack is launched to gain access to a target through a third-party service provider. According to a report, the year 2020 has witnessed a 430% surge in next-gen supply chain attacks launched by injecting malware into open-source software applications. While the goal is generally the theft of trade secrets or intellectual property (IP), companies can also find themselves the victims of ransomware attacks and extortion.

Studies reveal that over 43% of cyberattacks target small businesses, which is mainly due to weak security protocols. Also, that one out of every six small businesses shuts down after a cyberattack emphasizes the magnitude of this menace. So, to help small businesses defend themselves in the digital world, we decided to discuss some proven cost-efficient tactics to avoid the theft or misappropriation of trade secrets or intellectual property.

Secure your Intellectual Property (IP) and Digital Assets

Also referred to as industrial or corporate espionage, economic espionage is a broad concept with technology at its epicenter. Since data is now stored electronically, the tactics used by state-sponsored enemies have also transformed, and so should your defense strategy.

So, it is inevitable for businesses to secure physical and digital forms of business assets such as intellectual property (IP). Also, business assets such as source codes, innovative designs, formulae, etc. must be adequately protected. Such assets have been stolen in the past and are now targeted more than ever before. After all, intellectual property accounts for over 6 trillion US dollars, which is roughly about 38.2% of the total US GDP. More importantly, it creates close to 45 million jobs, which are likely to be affected unless the IP is adequately protected. The most efficient way of doing this is by limiting access to such assets and using multi-factor authentication systems.

Defend Cyberattacks using Advanced Technologies

Just because small businesses cannot spend millions of dollars on setting up an in-house SOC doesn’t require them to remain vulnerable to security risks. A simple way forward is to hire the services of reliable managed SOC service providers. In doing so, pick one that is equipped with the best Artificial Intelligence (AI) and machine learning security solutions.

These tools constantly monitor your systems and shoot out alerts in case of anomalies, which lets you detect and respond to threats with no delay. By identifying changes in network traffic patterns, such tools easily track suspicious elements. With an increased reliance being placed on Internet of Things (IoT) devices, organizations cannot ignore such security measures.

So, hiring managed services works extremely well for small businesses because it eliminates the costs associated with security software licenses, cybersecurity professionals, training costs, etc. Depending on the size and volume of your business, such managed SOC service providers evaluate your needs and provide budget-friendly services. You can then upgrade these services when your business requirements increase.

Recruit Carefully

Competitive nations such as China and Russia are leaving no stone unturned to walk away with economic intelligence. In 2017, an IBM employee pled guilty for corporate espionage involving the theft of IBM’s source code. Although the employee worked in China, the trial went on in the New York District Court and ended in a guilty plea.

So, make it a point to perform thorough background checks and due diligence investigations before hiring professionals. Especially those who are likely to gain access to confidential data such as those having a technical background. Recently (in 2014) DuPont’s titanium dioxide formula was stolen by its Chemical Engineer, who was later convicted by the Californian Federal District Court. 

That explains how dangerous it can be for smaller businesses with fewer restrictions or oversight. Adopting ad hoc measures such as data segregation, followed by limited access based on job profiles, are important steps to safeguarding IP or trade secrets. When possible, businesses must also make use of CCTV surveillance for physical monitoring and screen recording for digital monitoring. Restricting digital devices with storage within the work area is also recommended.

Finally, small businesses must implement ongoing precautionary measures such as employee screen recording for employees at all levels. Back in 2013, Motorola’s ex-employee, who worked with the telecom giant for over 9 years was convicted by a Federal Court for stealing trade secrets. This helps explain why simply running a background during recruiting and then letting your employees loose can be fatal. Economic espionage affect businesses of all sizes, and training for smaller organizations can be a real challenge. What brings me to our next topic.

Train your Employees

Ever since cyber crime developed, phishing attacks have been extremely successful despite being easy to detect. A study reveals that one out of every eight employees ends up being a victim and sharing information with the wrong person. Over time, there’s a new variant of this form of cyberattack called the spear-phishing attack that has been making rounds. 

Did you know that over 95% of all attacks that targeted enterprise networks were launched through spear-phishing? This is an attack wherein the attacker deceives the recipient into disclosing sensitive information on the pretext of being someone the recipient knows, like a colleague or a customer.

For instance, if your bank asks you for your social security number, you are likely to oblige. Spear Phishers pretend to be such credible persons and steal data from employees. The only way to prevent this from happening is by creating cybersecurity awareness among your employees through regular training sessions and penetration testing


In the US, small businesses contribute to over 50% of the total GDP. So, if you are one out of the 27 million small businesses that support the world’s largest economy, competitors aren’t going to let that pass. Before things go wrong and you end up being a victim of economic espionage, consider implementing the above-mentioned security measures to defend your organization.

As always, if you think your organization may be threatened by economic espionage, our security experts are here to help. For over 30 years we’ve helped businesses anticipate and navigate risk before it becomes a crisis. If you would like to learn more about how we can help you protect what matters most, let’s talk.

Additional Resources

Posted by:


For industry-leading guides and analysis sign up for our blog below.

  • This field is for validation purposes and should be left unchanged.

Latest News

Vulnerability assessments and management in the new risk landscape. Threat assessment

What Achilles can Teach us About Threat Management

By Chesley Brown | January 12, 2021

By: Dell Spry There are numerous similar, seemingly inconsequential, soft targets scattered across our country unprotected by a single surveillance camera or even a strand of barbed wire. Is this issue getting the attention it…

Read More
The solarwinds supply chain hack represented by 6 locks, one of which is a different color

The SolarWinds Supply Chain Attack: What Businesses Need to Know

By Chesley Brown | January 5, 2021

What is the SolarWinds Supply Chain Attack? SolarWinds, the Austin-based cybersecurity firm, found itself in the middle of a catastrophe due to internal security lapses. The firm recently earned headlines for making it to the…

Read More
Picture of downtown Nashville Tennessee a dusk. Lessons learned from the nashville bombing

Lessons Businesses Must Learn from the Nashville Bombing

By Chesley Brown | December 30, 2020

The sound of gunfire punctuated the peaceful hush of Christmas morning. According to one witness, “It sounded like an automatic weapon.” About 10 minutes later she heard a second round of gunfire, then a third.…

Read More
Hallway camera in a school providing a safe and secure learning environment, How to optimize school safety for COVID-19

3 Simple Practices to Optimize School Safety During Covid-19

By Chesley Brown | December 17, 2020

Maximizing safety for students and employees If you’re anything like me, keeping your family safe is your number one priority. During the Covid-19 pandemic, this means minimizing social contact to reduce the chances of infection. …

Read More
a puzzle with a misisng piece revealing a dollar as a symbol of business impact analysis

4 Crucial Things To Know About Business Impact Analysis

By Chesley Brown | December 9, 2020

Risk is not optional. If you own a business, chances are, you will confront risks at some point. What’s more, as your business grows, potential business disruptions will increase in both frequency and harm potential.…

Read More
The 7 Step Guide for Building Business Continuity Plans that Work