|
All organizations, even those for whom secrecy is paramount, leak information to various degrees. If this were not true, the police would be completely powerless to stop drug smugglers or paedophiles, secret agents would be out of a job and military intelligence would truly be an oxymoron. Nevertheless, modern society continues to develop in this sea of information. But how much information leakage is acceptable? What are the actual consequences and what can be done about it anyway?
“Competitive Intelligence” is a term for legitimately gathering and analysing publicly available information on competitors, markets, products etc. Like most commercial organizations, we use legitimate and entirely above-board Competitive Intelligence techniques to track our competitors, partners and potential customers. We also advise clients on how to make better use of information available to them, and how to implement the information management systems internally to coordinate and direct the sources of information to greatest effect.
Common examples of the sources of Competitive Intelligence include:
-
Information of all sorts available on the Internet, including informal sources such as bulletin boards or discussion groups and job advertisements
-
Official publications including annual accounts, marketing brochures, press releases, white papers, the European Journal, product brochures, user guides, training materials etc.
-
Information on suppliers and competitors collected by Procurement staff, customer relationship managers etc. going about their normal business
-
Information on customers, markets, competitors and products collected by Marketing and Sales staff
-
Information on suppliers, competitors and customers collected by HR staff during the course of interviews, or by staff from casual conversation with colleagues in other companies
-
Various other sources of intelligence such as industry conferences, training courses, professional associations and personal relationships
Of course, not everything you read is true. Deliberate creation and disclosure of false or misleading information is one of the more proactive “information warfare” countermeasures we can discuss with your senior management. Conversely, of course, the possibility of competitors and adversaries taking such an approach clearly demonstrates the need to be wary of information integrity in all high-risk situations.
We help clients design and implement appropriate information security controls to limit the unintentional leakage or intentional theft of information through industrial espionage, malicious or naive insiders, and casual disclosure or loss. Given the sheer amount of information washing around in most organizations, it is important to focus the security effort carefully - we therefore normally assess the overall extent of information leakage and undertake an impact assessment to identify the most important high risk areas before moving into a classical architectural design phase.
For more information on IsecT’s consultancy services relating to information leakage and information security, contact us. Information security awareness is an extremely important control against this threat.
|
