FREE online courses on Corporate Espionage - What is Corporate Espionage - The
Risk Equation
If
Mt. Everest or Nanda Devi were easy to climb, if it wasn't risky, you or I might
try to scale it. Since its very risky, few climbers attempt it and settle for
easier targets. So it is with information: the harder you make it for someone to
steal, the lower the chances of its loss.
An
auto parts (light bulbs) manufacturer who had successfully introduced halogen
bulbs was well prepared to block attempts by rivals to breach his security. It
was his high level of preparedness, covering all known vulnerabilities that
repulsed a determined attack. But the secret is:
ETERNAL VIGILANCE – and you can only do that if your PEOPLE ARE AWARE OF THE
PROBLEM. You cannot do it alone.
RISK =
Vulnerability x Value
x Threat
Precautions of (Countermeasures)
The high VALUE of your information and low level of preparedness to protect
it, multiplies the threat, and results in a certain level of risk, as
illustrated:
It
is composed of six elements:
- Monetary value: Which is the
market value, or resale value of the item Ex. Your car.
- Hidden value: This
translates into its usefulness to you. Your car gets you quickly and safely
to a business meeting where you clinch a deal with good profit potential.
- Integrity value: How
good your car is. If its been sabotaged or tampered with, it can let you
down – its usefulness has been severely compromised, endangering your life,
business and your employees' futures.
- Availability value: If your
son is always driving off in it just when you need it, its availability is
low, and so is its value, in real terms, to you.
- Confidentiality Value:
The less well known your car / registration number is, the higher
your anonymity, and, therefore, lower your chances of being followed,
observed or worse. President Clinton travels in one of six identical cars in
a motorcade, so no one really knows which car he is in. When he flew in to
Bangladesh in March 2000, he did not go in AIR FORCE ONE (his official jet)
but in an unmarked, smaller aircraft.
- Adversary (Competitor) Value: How valuable is your
car (or your company information) to your opponent? He can disable or
seriously inconvenience/embarrass you by getting your car stolen. He can
even use your car at another location, both options profiting him vastly.
Hackers have been known to redirect sales orders on e-Business websites to other
websites who take the orders (and profits). Information, which is intercepted by
another, means lost business for you. When hackers attacked the websites of the
Indian parliament, of the Ministry of Information Technology, of banks, firms,
newspapers – they not only damaged their image, credibility and functioning –
they also severely affected morale, and overall value of the websites. Since
these websites were maliciously altered, with anti-India slogans and abuses, we
can only believe that the culprits were from a hostile nation(s) or militant
Islamic fundamentalist factions that have declared a ‘Jehad' on India.
These websites were, therefore, of value to adversaries, in inflicting damage on
the target country. (To reduce value to the adversary, the website could have
been better fortified against intrusion and equipped with infiltration
detectors).
Precautions/counter – measures would have made the websites very hard to hack
and risk of detection would have been high. Hence, the RISK WOULD HAVE COME DOWN
PROPORTIONATE TO THE DANGER/ EFFORT PERCEIVED BY THE HACKERS. The same holds
true for hijackers, saboteurs and espionage agents.
