Threats

Share

Share this page with the external widget:

  • Delicious
  • Digg
  • Reddit
  • StumbleUpon
  • Email

Espionage

The threat from espionage (spying) did not end with the collapse of Soviet communism in the early 1990s. The UK has been and remains a high-priority target for a number of countries looking to obtain information and technologies to help advance their own military, technological, political and economic interests.

Both traditional and cyber espionage continue to pose a threat to British interests, with the commercial sector very much in the front line.

The threat against UK interests is not confined to the UK itself. A foreign intelligence service operates best in its own country and some may therefore find it easier to target UK interests at home, where they can control the environment and where UK travellers may let their guard drop.

Though in the past espionage activity was usually linked with political and military intelligence, in today's high-tech world interest has moved towards commercial information in the fields of communications, IT, genetics, aviation, electronics and many others

Information of interest could extend from manufacturing processes and research programmes through to negotiating positions, financial transactions and longer-term strategy developments. All of which can help provide other countries with an economic advantage or enable foreign companies to establish a market lead using UK innovation.

But espionage is also a technique applied by threats that can be based closer to home. Previous incidences of the theft or release of sensitive information have been instigated by competitors, media organisations, activist groups, past employees and even existing staff - the consequences of which are no less costly, embarrassing or disruptive to the organisation that was targeted.

Example techniques

Insider

An ‘Insider' refers to any individual who plans to use their legitimate access to an organisation for unauthorised purposes. This includes the release of commercial / sensitive information, the theft of equipment or even the sabotage of routines and procedures.

An insider could be a full-time member of staff, a temporary contractor or even someone employed within important support services such as catering, onsite security or cleaning. Anyone with the right level of access could potentially be in a position to obtain sufficient knowledge of a business and its routines that could help the planning of a malicious act.

Manipulation

Attempts to access an organisation have also been made by using techniques to manipulate unsuspecting staff (sometimes described as 'social engineering').

Particularly vulnerable are any customer-facing staff who are trained to be helpful and informative, for example those who work in reception or on an internal support helpdesk Though approaches can appear entirely innocent – people presenting themselves as new/former employees, exchanging gossip and advice, casual requests for help (eg. lost password) etc - even a slow, patient collection of minor detail can build a valuable profile of an organisation, its staff and its procedures.

Though simple in theory, in practice the techniques used are becoming more and more sophisticated. Some organisations have responded by providing specific training to frontline and customer facing staff, such as to stay alert to requests for sensitive or restricted information from unlikely sources, or unfamiliar contacts who refuse to give further details or identification.


Share

Share this page with the external widget:

  • Delicious
  • Digg
  • Reddit
  • StumbleUpon
  • Email