Industrial espionage is the illegal practice or covert acts of carrying out investigations in a competitor’s operations to achieve a competitive business advantage. Masterminds of such acts usually target client information, trade secrets, marketing, and financial information. However, disgruntled employees are even posing an even more significant threat to companies since such individuals tend to have authorized access to company information, which they may decide to sell or give to competitors when fired. This is even made worse by the fact that cloud computing has increased the amount of information an employee can access; hence this paper provides insights an organization can detect employee espionage and methods of prevention (Bhatti & Alymenko, 2017).
Detection of Industrial Espionage
For a company to detect a case of insider data theft, such as that of David, data auditing is paramount. This can be done proactively and at specific intervals. An audit, for instance, would tell the average number of times an employee like David accesses specific Data. However, when the average moves from the number range, for example from 30 to 100 times a day, such would warrant an investigation. The key to data auditing is to help detect a change in employee behavior and intensity and aggressiveness towards receiving and handling company data. In the same vein, an audit would indicate whether an employee has been accessing company data from home, especially information that is only allowed on company devices. Apart from data auditing, the company could equally utilize the advanced cyber intrusion detection (ACID) tool which operates by behavior-based detection and signature engine means. The device detects any hazardous anomalies, malware among other risks in the network traffic (Vashisth & Kumar, 2013; Bhatti & Alymenko, 2017).
Steps to be taken to prevent from perpetrating the offense
Preventing insider espionage mainly relies on the monitoring and analyzing employee access by using behavior analytics, which provides insights as to who is accessing what, why, when and where. It is then coupled up with policies that help keep employees against any information that they are not allowed to access. The first step in preventing insider industrial espionage, therefore, is conducting a risk (RA) assessment (Bhatti & Alymenko, 2017; Vashisth & Kumar, 2013). The risk assessment enables the company to determine what sensitive information they have, and who has the rights towards such information. This way, they can monitor user activity, and discover who is trying to access what they are not allowed to. This is then followed by the creation and implementation of a data access policy. This policy determines who has access to what and why. Employees are made aware that a breach of such policies will have dire consequences. Finally, the company may set additional protective measures such as different passwords for all employees and disabling USB ports thereby preventing copying sensitive data.
Bhatti, H. J., & Alymenko, A. (2017). A Literature Review: Industrial Espionage. Halmstad: Halmstad University.
Vashisth, A., & Kumar, A. (2013). Corporate espionage: The insider threat. Business Information Review, 30(2), 83–90.