Types of industrial espionage

There is some ambiguity around types of industrial espionage. R. E. Wagner distinguishes two: industrial espionage itself (which can also be referred to as corporate and commercial espionage) and economic espionage. The main difference lies in who the mastermind behind the espionage campaign is.
While industrial espionage is conducted by and benefits private companies, economic espionage is committed by foreign states.
Here’s where things get tricky:
The interests of governments and companies frequently overlap, making it hard to distinguish between these two types of espionage. Consequently, we will be using “industrial espionage” and “corporate espionage” interchangeably as generic terms in this article unless we are specifically discussing economic espionage.

Methods of industrial espionage 

How does industrial espionage affect your business? Spies can breach your security and illegally obtain data in the following ways:
Cyber attacks
Cyber attacks are hostile attempts to steal, compromise, change, or destroy information by gaining unauthorized access to an organization’s computer systems. Hackers or external attackers are frequently involved in industrial espionage. They can gain access to your sensitive data by exploiting known and zero-day vulnerabilities.

How to detect cyber espionage 

The majority of companies have up-to-date malware protection and network security, but only a few think about incident response plans, control of storage devices, and formal policies.
Moreover, cyber breaches are often preceded by physical access that makes them possible. That’s why even sophisticated anti-malware protection and firewalls are not enough when insider and cyber threats are linked.

Insider threats 

Competitors can send their spies to your company to act as your regular employees while secretly gathering intelligence for their actual employer.
Competitors can also approach your trusted employees who have privileged access, asking them to trade your corporate secrets and other valuable information and offering them money or blackmailing them into cooperation.
In both cases, the illegal actions of such employees are much harder to detect than hackers, making insider attacks a safer bet for malicious actors.
If you’re thinking, “Well, my employees aren’t like that…”
Workers can also carry out or aid in corporate espionage inadvertently. Various social engineering techniques can be used to gather secret information or extract credentials from employees.
Take this as an illustration:
A USB stick left in a hallway for a curious employee to pick up and insert into a corporate computer can initiate a massive data breach and cost your company a lot of money.
Former employees are another source of danger. A disgruntled employee looking for a way to get back at the company — or simply a trusted insider leaving for a competitor — could easily take an organization’s sensitive data with them.
But it gets worse:
Corporate espionage has become even easier to commit after many companies had to switch to remote and hybrid work models. While telecommuting gives employees flexibility, it also introduces new cybersecurity risks.

Why does industrial espionage often go unnoticed?

Industrial espionage is hard to detect and even harder to prove.
You might have heard about sensationalized espionage cases in the news. The truth is:
They’re just the tip of the iceberg.
Industrial espionage is an illegal yet widespread practice. If it hasn’t affected your company, it’s only a matter of time.
There are several reasons why most companies do not report cases of industrial espionage:
● Industrial espionage is hard to identify. Most malicious actions by insiders remain indistinguishable from normal everyday activities. Even your most valuable employee with access to sensitive data may act as a double agent without you noticing for a long time. ● It’s hard to hold perpetrators accountable. Laws on trade secrets and industrial espionage vary across the globe. If you have detected an international spy, it may be very hard to hold foreign companies and governments accountable. And even if the perpetrator is domestic, they can prolong legal procedures to the point where it’s not feasible for your company to continue pursuing the case. ● It may harm your stock price. The value of your company’s stock may fall if it becomes publicly known that your security has been breached. Such knowledge may undermine the trust of your investors and customers.●  It can be seen as a violation of IT compliance requirements. A company is responsible for ensuring the security of its customers’ sensitive data. In many countries and industries, if this data is leaked or stolen by industrial spies, the company will be fined.
All of these factors compel companies to keep cases of espionage to themselves and conduct internal investigations. It’s an organization’s responsibility to establish effective detection and response procedures. Building an insider threat program and taking effective prevention measures are the best ways to deal with industrial espionage.

3 high-profile industrial espionage cases 

Even industry giants can fall victim to industrial spies.
Although most companies try to hide instances of corporate spying to protect their reputation, some cases have become known to the public.
Let’s take a look at some examples of industrial espionage that have been made public:
Monsanto
In 2018 Chinese scientist was charged with stealing trade secrets from biotech giant Monsanto. In January 2022, Haitao Xiang pleaded guilty to trying to commit economic espionage. The sensitive information he was planning to sell to the Chinese government contained a software algorithm for helping farmers collect field data and increase productivity.
Working as an imaging scientist at Monsanto, Xiang managed to commit his theft by simply transferring secret data to a memory card. In April 2022, he was sentenced to more than two years in prison and fined $150,000.
Samsung
In a South Korean case highlighting the nation’s fight against industrial espionage, a former Samsung Electronics executive, Choi Jinseog, was granted bail. Prosecutors accused Choi, a chip expert, of stealing confidential information from Samsung. Allegedly, Choi was going to use the stolen information to help his client establish a chip factory in China.
Choi has denied the charges. Though details are scarce, court records confirm that Choi was released on bail in November 2023. This case sheds light on South Korea’s efforts to curb industrial espionage and slow China’s advancements in chip manufacturing.
NVIDIA & Valeo
In 2023, a German software developer Mohammad Moniruzzaman was accused of stealing trade secrets from his former employer, Valeo Schalter und Sensoren. Valeo, a leading automotive technology company, claims Moniruzzaman stole their parking and driving assistance software source code in April 2021.
In October 2021, Moniruzzaman joined NVIDIA, a chipmaker new to the automotive industry. During a video call in March 2022, he accidentally shared his screen, revealing Valeo’s code. Valeo believes NVIDIA used this stolen information to develop its own parking assistance software, saving them millions in development costs. Moniruzzaman was convicted and Valeo is suing NVIDIA, seeking to bar them from using the stolen trade secrets and recoup financial damages.

7 best practices to detect and prevent industrial espionage

Anti-malware protection is just one measure of defense in the fight against industrial espionage. Further actions are required to strengthen the overall security posture of your organization. Follow the anti-espionage best practices we provide below and learn more about how to prevent corporate espionage and detect insider threats.

1. Conduct a risk assessment

What corporate data is the most valuable to your company?
Find potential targets. You need to know what trade secrets and other valuable data your company possesses and how desirable they are to your competitors. You can evaluate the attractiveness of your trade secrets by comparing them with products already available on the market or with the known assets of your competitors.
Once you’ve identified your most valuable data, you can make informed predictions about who might want it. By knowing possible threats and potential attack vectors, you can detect vulnerabilities in your defenses.
Risk assessment is one of the keys to a risk-based security approach, which should be part of every organization’s security strategy. You should also work out a cyber incident response plan. This will help you ensure a fast and effective response in case of a data breach to minimize its impact on your business.

2. Secure your infrastructure 

Create a barrier to guard against external threats.
Establishing a secure perimeter around your company’s network is one of the pillars of cybersecurity.
To prevent corporate espionage, enhance your security at multiple levels. A layered approach provides a more complex solution against a variety of possible threats at different levels, making your security a lot harder to penetrate.
Make sure to separate your valuable data from your corporate network and limit access to it. Protect your border routers and establish screen subnets.
In addition, consider implementing a zero trust model within your corporate network. The core idea of this approach is that every time any user tries to access critical resources, they must verify their identity. The zero trust model also emphasizes the importance of limiting privileged access and validating devices. One possible tool to implement this approach is two-factor authentication.
Keep in mind that following the zero trust approach still allows for conventional corporate cybersecurity software, such as firewalls and antivirus software. Coupled with multilevel security, it ensures an effective defense against industrial espionage via hacking and malware.

3. Establish an effective security policy 

Mitigate possible insider threats.
Establish a set of rules that will minimize the risks of industrial espionage, and formalize these rules in a clearly written cybersecurity policy.
Build the rules based on the risks you’ve identified.
While composing your cybersecurity policy, consider rules covering the following topics:
● Network security — Include guidelines for computer network access, describe the architecture of your network security environment, and explain how security rules are implemented within it. ● Security awareness — Describe measures aimed at informing your personnel about your security procedures and mechanisms.● Employee onboarding/termination — Define procedures for proper employee onboarding and termination in terms of security.● Password management — Establish strict rules on how passwords must be created, stored, and managed in your organization. ● Access management — Specify procedures for providing access to various categories of data and systems for regular, privileged, and remote users. ● Audit and accountability — Describe how your system activity is monitored, analyzed, and investigated. ● Incident response — Develop a plan for what your personnel will do if a cybersecurity incident is detected.
Make sure all your employees and third parties know and follow the security rules you have developed.
Take a look at the NIST security guidelines. Depending on the type of organization you are, these guidelines will help you meet security requirements such as those found in NIST 800-53, FISMA, HIPAA, and PCI DSS. Complying with these standards and laws is crucial if you wish to run a business in a specific market or industry, such as the financial industry.

4. Address security risks among your employees 

The people you work with are crucial for sustaining a healthy and secure environment in your company. Whether it’s intentional or not, it’s frequently someone on an organization’s staff who’s responsible for industrial espionage.
As a responsible employer, you should hold yourself accountable for the trustworthiness of your personnel and eliminate all human-related risks.

Educate employees on cybersecurity risks
Your people can become your strongest line of defense.
Make sure your employees know what insider threats are and what dangers they pose. Constantly perform cybersecurity awareness training and tell your employees about the potential consequences of insider threats for your organization. Make employees aware of the role they play in the organization’s cybersecurity and the ways they can help you improve it.
Organize regular training sessions and teach your employees about simple security practices they can use in their daily workflow. You can start with practices that will keep them safe from social engineering attacks and help your business avoid data leaks.
Conduct employee background checks
Do you know who really works for you?
Before hiring someone, HR usually conducts a background check. This minimizes the risk of letting a spy infiltrate your organization. It can be helpful to repeat these checks once in a while — especially for employees with privileged access — to ensure they don’t become spies. A sudden increase in standard of living, taking unexpected trips, or paying off large amounts of debt are among potential causes for concern.
Create a proper termination procedure
Are you sure your ex-employees can’t access your company’s data?
In many cases, industrial espionage is performed in the last couple weeks of an employee’s work, or even after termination. This often happens because the credentials of a terminated employee remain active, enabling them to freely access the organization’s sensitive data without anyone noticing.
Create and implement a proper employee termination procedure to protect your company from potential acts of industrial espionage by former workers.

5. Monitor employee activity 

What are your employees doing during their work time?
Monitoring user activity is the most common and effective measure for preventing corporate espionage. You can never know whether your employees are acting maliciously on purpose or inadvertently unless you monitor their work activity.
It’s especially important to keep an eye on privileged users, such as system administrators and upper management. They can easily gather intelligence while performing their normal tasks and explain any abnormal behavior as a mistake.
Employee monitoring makes all employee actions fully visible, allowing you to identify corporate espionage attacks and respond to them in a timely manner. In case a cybersecurity incident happens, you can use the records for your investigation.
Ekran System is a universal insider risk management platform specifically designed to combat insider threats, including industrial espionage.
By deploying Ekran System, you can monitor every action of every user of a protected endpoint, regardless of their level of access privileges. This will allow you to control the actions of system administrators and all users with access to trade secrets and financial information, promoting accountability and helping you conduct a corporate espionage investigation if needed.
Ekran System provides you with the following user activity monitoring capabilities:
● Screen video recording. Watch user sessions in a convenient YouTube-like player and filter them by username and IP. Videos are indexed with layers of text metadata, including visited URLs, typed keystrokes, and names of opened apps. ● Search by key episodes. Advanced session analysis allows investigators to search episodes by various parameters. ● USB device monitoring and management. Monitor and control connections of all USB devices, including storage devices and other USB equipment such as modems and keyboards. Automatically allow or block USB devices according to customizable rules, blacklists, and whitelists.
Ekran System can serve as a government cybersecurity software solution to help you comply with a wide range of government-endorsed IT standards that will benefit your company’s security.

6. Manage data access wisely 

Who has access to critical data? Do they really need it?
Many companies provide all their employees with access to critical data and infrastructure by default. But while it may be convenient, this approach is not secure.
You can begin by choosing a suitable access control model for your organization. For example, you can choose between mandatory access control (MAC) and discretionary access control (DAC). Learn about the advantages and disadvantages of MAC and DAC before deciding which model works best for your organization.
Consider implementing the principle of least privilege and prohibiting access to all data unless necessary. This principle entails giving users only privileges that are essential to perform their work. Provide access to important information only to employees who really need it.
If non-privileged users occasionally need to work with confidential information, you can provide them one-time access or limit their time working with critical resources.
By limiting the number of people with access to critical data, you significantly reduce the risks of your competitors obtaining this data. Additionally, proper access management is one of the third-party risk management best practices.
The PAM functionality in Ekran System can help you implement the above principles with ease, enabling you to:
● Granularly manage access rights of privileged and regular users ● Limit the time for which access is granted ● Automate and secure password management

7. Develop a reliable incident response plan 

What should you do when a security incident happens?
Design a plan for what your employees will do in case your company detects an incident. An incident response plan (IRP) describes who should do what when responding to a detected incident. Strict procedures will help minimize damage caused by a spy.
Ekran System takes incident response to the next level. Our platform can help you proactively detect threats at the very moment they happen.
With an automated incident response system, you will be able to detect an incident and respond to it in real time:
● An actionable alert system identifies a suspicious event and notifies your security team so they can react immediately. You can choose from a collection of alert templates, or set your custom alert rules based on any suspicious event (opened URL, process name, connected USB device, etc.). ● Automated incident response acts immediately by blocking a user or showing them a warning message, terminating a suspicious process, or blocking an unapproved USB device.
Moreover, Ekran System allows you to export all monitoring data related to a particular incident in an immutable format for further investigation and analysis.

Conclusion 

Whether performed by a malicious insider or a skilled hacker, industrial espionage can severely damage your company’s reputation and hinder opportunities for growth. Motivated by greed or the desire to win in a competitive race, opposing companies — and even governments — illegally use spying as their tool of choice.
To protect your business, follow the best practices discussed in this article. Start with assessing your risks, then develop and follow a robust cybersecurity policy. Combined with effective employee management and a reliable infrastructure defense, an efficient insider risk management platform like Ekran System can give you a helping hand in reducing the chance of industrial espionage in your organization.