Managing Director Insight Intelligence Group
You can’t go a day without some mention of cyber security or cyber risk. The costs are alarming. In 2015, the British insurance company Lloyd’s estimated that cyber-attacks cost businesses as much as $400 billion a year. These costs rarely tell the whole story. More specifically, in terms of what was the original source of the loss/cyber breech.
The business world is particularly bad at protecting its sensitive information in comparison to most government agencies.
One way or another people are often responsible for a loss, often inadvertently. Military intelligence has long used activities, often termed ‘social engineering’, to capture sources of information. These activities have since been adapted by both government intelligence organisations and corporate intelligence.
Social engineering is the art of manipulating people to obtain confidential information such as gathering data about a product, the financial position of the company, future projects and its development. This can be done in person or electronically and activities range from social media engagement, networking with employees, chatting at the gym, posing as a buyer or investor, contacting relatives or friends, looking at discarded documents or recovering data from old IT equipment.
Mario is the Founder and Managing Director of Insight Intelligence Group. He has over 20 years’ experience in diplomatic and military security intelligence and fraud. A natural leader, facilitators and negotiator with emerging strategies in providing best outcomes in investigative solutions.
Mario has authored three books relating to competitive business intelligence and counterintelligence.
Insight Intelligence is a privately owned Australian company founded in 2003. It provides both corporate and private investigative, surveillance and intelligence solutions.
The problem comes when the information gathered is used against you, as reported recently at Pelamis Wave Power. A robbery took place on 22 March 2011 and burglars specifically targeted some of laptops which contained classified information about a new product. Subsequently, after 17 years of development and 95 million pounds’ investment the company went into administration. The same product had been developed in China and the company had received a ‘networking’ visit from a Chinese delegation prior to the break in.
(source: The Guardian / Mysterious factory break-in raises suspicions about Chinese visit / 10 October 2016).
This is not to say that all networking type activities are bad, but people need to be aware of the risks. This can be particularly hard to manage when it comes to ex-employees talking about sensitive information.
The weakest link in the security chain is usually the human who accepts a person or scenario at face value and unwittingly becomes a source of information that no IT security measures will help you protect your blue prints, ideas and products.
At Insight Intelligence, we’ve found companies rarely spend 1% of their IT security budget on policies, procedures, awareness and education to improve people security. Some of the simplest elements of what we term a ‘human firewall’ to implement are:
- Educate people about phishing and other dangerous emails
- Only allow certain people access to sensitive information
- Train employees to be aware of questions at meetings/networking events that may be suspicious
- Reinforce company polices about safeguarding company information (and having a policy in the first place)
A human firewall should be one of your first defences. No matter how many thousands of dollars are spent on your IT security, this will significantly boost its effectiveness and help better protect your assets and the livelihoods of your employees.