Data theft in Switzerland: One-third of companies have been victims of industrial espionage

Swiss CXOs, more often than not, brush incidents of data theft assuming secrecy would protect the brand.

Silence is the name of the game

Marriott, Facebook, Instagram, First American Financial Corp, Capital One, Zoll Medical, Georgia Tech, Federal Emergency Management Agency (FEMA), so on and so on. Thanks to the media, the world is aware of these victims of data theft.

However, the fact remains that most companies do not reveal data loss for fear of resultant backlash on the brand and business. They remain silent. Unfortunately, victim companies too remain silent. This seems especially true in Switzerland.

A recent article published in Luzerner Zeitung [1] reveals a research study conducted by the University of Bern, commissioned by the Swiss secret service (NDB). The study states that a third of Swiss companies (that have participated in the research study) reveal that they have been the victims of industrial espionage at least once in their operational history.


How do you secure IP from theft? If you use Azure Information Protection, here’s how.


The real threat is… inside!

Industrial espionage can occur in multiple ways – through innocuous technology such as emails, as visitors or business prospects, vendors and suppliers, consultants and even own employees. Interestingly, the article states that Switzerland has faced all these scenarios.

However, the greatest danger is from those well entrenched within the system – the employee. Various studies state that insider threat (threat from people within the company or who have access to critical data, such as vendors) could be as much as over 40% of all threat vectors creating serious consequences.

Size doesn’t matter

Really, it doesn’t. Whatever the industry – telecommunications, life sciences, mechanical engineering, pharmaceuticals, logistics – data is the crown jewel. Thus, data theft in Switzerland isn’t just limited to large companies but have also targeted small and medium businesses too.

Switzerland is relatively poorly prepared

The primary reason for data theft in Switzerland is unsafe practices – for example many, if not most employees communicate between different locations via email without encryption. It is well known that reading unencrypted emails is easy.

Switzerland has low level of trained institutional and human resources when it comes to dealing with industrial espionage in comparison to other countries. Thus, as a fundamental step, it is important for Swiss companies to raise awareness and publicize existing support services in dealing with espionage and data theft.

Management is at the core

At the core of the problem is top management. Security has no easily proven cost benefit analysis. For instance, how do you calculate the cost of data theft that has not happen (due to good security governance) if the investment in security is X? CEOs focus on easily calculated cost and benefits such as production cost reduction or overhead cuts.

The CIO and CISO often are stressed to explain why more funds should be invested. Why make their lives miserable if the CEO or CFO resist increase in investment in security measures vis-à-vis business processes? Security managers must push much harder to assure that sensitive data are secure.


Are you an SAP user? How do you ensure that your data is safe even outside SAP? Click to watch


Bridging the last mile

Now here is a question for you.

Consider this. On a regular basis, the users of data storage and processing platforms, such as SAP, export sensitive data from such ERP applications to generate reports, spreadsheets, PDFs, and other documents. The information is then downloaded and stored on devices, such as USB thumb drives and local hard disks, or, increasingly, on mobile devices and in cloud storage solutions, such as Dropbox and Microsoft OneDrive. Such data often end up in places beyond your control, such as on the file share of an untrustworthy partner or the inbox of a competitor. Even on trusted employee devices, with the increase in sophistication of malware and Trojans, the risk of data loss has never been higher.

How do you close the window of ‘least concern’?

If you are an SAP user, have you thought about HALOCORE®? HALOCORE is a unique technology that protects intellectual property and other sensitive information extracted from SAP systems. By integrating directly with SAP, HALOCORE protects data with automated classification, blocks unauthorized reports, and helps generate fine-grained access policies. This innovative approach allows enterprises to maintain a high level of control and security over sensitive documents extracted from SAP throughout their lifetime, even if these have been shared via email, downloaded to a recipient’s PC, or printed as PDF.

For more information, visit our HALOCORE page.

Reference

[1] Bisher verschwiegen: Jede dritte Schweizer Firma wird ausspioniert

[2] AOL, Ebay, Uber, Facebook: These were the biggest data leaks in the past 15 years

Related Reading

[1] Management Musings 1: Pay attention to all data-centric security

[2] The Biggest Data Leaks in the Past 15 Years

[3] How to Secure your Design IP in your PLM environment