Lead Stories

Espionage threat

Economy | Security implications of the global financial crisis

As anyone with a stock portfolio knows, it is a rough time for the markets. With many portfolios down 50 percent or more, this large loss of equity and wealth has been very difficult on individuals and corporations. The problems, of course, have not been confined to the stock markets. With property values plunging and variable-rate mortgages ballooning, many homeowners are also caught in a bad situation-the number of homeowners behind in their mortgage payments has been increasing and the number of foreclosures has grown. Unemployment is also an issue. According to the Bureau of Labor Statistics, in January 2009 there were 2,227 mass layoff actions in the United States involving 237,902 workers.

Significantly, the financial crisis is not just restricted to the United States-it is a global event that is also having a severe impact on economies in Europe, Asia, and the developing world. Things are tough all over, and this financial strain will create some large security problems for corporations and governments.

Threats to the bottom line

During times of financial hardship, companies often have to make cuts like the aforementioned layoffs. When companies plan cuts, they often focus on eliminating those corporate functions that do not appear to be contributing to the company's profitability. And one of the first functions cut during tough times often is corporate security. A security department typically has a pretty substantial budget (it costs a lot for all those guards, access-control devices, cameras and alarms), and security is usually viewed as detracting from, rather than contributing to, the company's bottom line. The "fat" security budget is seen as an easy place to quickly reduce costs in an effort to balance the profit-and-loss statement.

We see you’ve been enjoying the content on our exclusive member website. Ready to get unlimited access to all of WORLD’s member content?
Get your risk-free, 30-Day FREE Trial Membership right now.
(Don’t worry. It only takes a sec—and you don’t have to give us payment information right now.)

Get your risk-free, 30-Day FREE Trial Membership right now.

This view of security is due to a number of factors. First, it must be recognized that there are certainly some security programs that are indeed bloated and ill-conceived that have consumed far too many corporate resources for the results they produce. Furthermore, there is a long tradition of corporate security directors who are not good communicators and who do not take the effort to educate upper management about ways their programs contribute to corporate goals. However, even when a security director has an effective program and is a good communicator, it can be very difficult to quantify the losses that the corporation did not suffer due to the presence of effective security measures. The lack of losses and incidents due to a robust security program can be interpreted by some to mean that there is no threat to guard against. Indeed, effective security can make it appear that there is no need for security, a paradox we have also seen in the historical pattern of U.S. government security funding-a pattern that has resulted in a number of disastrous attacks against U.S. embassies.

In times of economic hardship, the relentless focus on operating expenses and even corporate cutbacks can lead to definite security challenges. One of these problems is workplace violence, but during times when people are hurting financially, issues such as employee theft, fraud, and product theft by non-employees must also be carefully monitored.

However, while the theft of a tractor-trailer full of computers or flat-screen televisions can quickly get someone's attention, there is a far more subtle, and no less dangerous, threat lurking just under the surface. That threat is espionage-both corporate and state-sponsored.

The human-intelligence process

Espionage is always a problem corporations must face. Competitors, criminals, and even foreign governments often seek ways to gather proprietary information from companies, sometimes to boost their own operational capacities (e.g., to apply critical or emerging technologies to their weapons programs) and sometimes to sell on the open market.

Once a company has been identified as having the information sought, the first thing the human-intelligence practitioner will do is look for weak links in the targeted company's operations. If the required information is readily available, there is no need to undertake a time-intensive and costly operation to retrieve it. Indeed, it is shocking to see the amount of sensitive and critical information that is openly available on the internet and in research libraries, or that is freely given out at technical conferences.

When open source collection efforts fail, more invasive measures must be employed. Sometimes the required information can be obtained via technical surveillance. A faulty information technology system, for example, can expose the company's secrets via remote electronic intrusion conducted from a continent away. Other times, information can be obtained by eavesdropping on telephone calls made by corporate leaders or by using other technical surveillance measures.

Comments

You must be a WORLD member to post comments.

    Keep Reading

    Advertisement