Browse Definitions :
Definition

industrial espionage

Contributor(s): Ivy Wigmore

Industrial espionage is the covert and sometimes illegal practice of investigating competitors to gain a business advantage. The target of investigation might be a trade secret such as a proprietary product specification or formula, or information about business plans. In many cases, industrial spies are simply seeking any data that their organization can exploit to its advantage.

An industrial spy may be an insider threat, such as an individual who has gained employment with the company with the purpose of spying or a disgruntled employee who trades information for personal gain or revenge. Spies may also infiltrate through social engineering tactics, for example by tricking an employee into divulging privileged information. 

Spies sometimes physically breach the target organization and investigate the premises. In that case, a spy might search waste baskets or copy files or hard drives of unattended computers. Increasingly, the intrusion is through the corporate network. Typically, a  targeted attack is conducted to gain initial network access and then an advanced persistent threat (APT) is carried out for continued data theft. The capacity of cell phones to record and transmit can  also be exploited by leaving a phone in a boardroom, for example,  and monitoring a meeting remotely. Recording devices are also secreted in a variety of items including eyeglasses, pens and USB sticks. 

Industrial espionage is distinct from competitive intelligence (CI), which is confined to the gathering of publicly available information. 

This was last updated in October 2012

Continue Reading About industrial espionage

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCompliance

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

SearchSecurity

SearchHealthIT

SearchDisasterRecovery

  • call tree

    A call tree is a layered hierarchical communication model that is used to notify specific individuals of an event and coordinate ...

  • Disaster Recovery as a Service (DRaaS)

    Disaster recovery as a service (DRaaS) is the replication and hosting of physical or virtual servers by a third party to provide ...

  • cloud disaster recovery (cloud DR)

    Cloud disaster recovery (cloud DR) is a combination of strategies and services intended to back up data, applications and other ...

SearchStorage

Close