In the article, Patrick Smith and Kevin Barrows write:
Stealing confidential information or valuable intellectual property no longer requires hours of surreptitious photocopying or the smuggling of overstuffed briefcases past building security. Corrupt employees need not even transfer data to a disk. Any employee with access to the Internet can copy and upload data to Web-based e-mail services with a few simple keystrokes and mouse clicks.
Among the most common acts of corporate espionage is the theft of personal data regarding individuals for the purpose of engaging in identity theft schemes. These are often inside jobs: It is estimated that as much as 50 percent of companycomputer security breaches are perpetrated by insiders.
The theft of confidential information is by no means limited to identity theft schemes. Organizations are also at risk of having their current employees paid off by others to steal valuable proprietary information and intellectual property that is then used against the organization in the marketplace. Or, perhaps a former employee steals the information prior to leaving in an effort to jump start his or her own business venture.
For the full story, link here.
Reading this made me think - with all the unresolved data breaches we've seen recently - could the true intent have been to steal inside information rather than commit "identity theft?"
Take the recent series of laptops stolen from Ernst and Young - which were stolen during audits - and contained a lot of information from numerous companies. In at least one instance cited, the laptops were stolen from a meeting room; while the auditors lunched. Not sure, but I would imagine that the building where they were taken from was at least somewhat secure.
The sad truth is since most of these data intrusions are never solved, we will probably never know.
Then there was the scandal in Israel about a year ago, where private investigators were hired to steal information via a Trojan put into various computer systems. The scandal was pretty widespread and with the "global economy" had worldwide implications.
No matter how you look at it, corporate espionage can be added to the list of reasons why it is important to protect "electronic information." As "technology" continues to grow the potential for information to be exposed to criminals, terrorists and even "corporate spies" is a very real threat.
All too often, we look to technology fixes - when in fact - no technology created to date can defeat the human mind and until we address the "social" aspects of this problem, it will continue to be a major issue.