Industrial espionage is the covert and sometimes illegal practice of investigating competitors to gain a business advantage. The target of investigation might be a trade secret such as a proprietary product specification or formula, or information about business plans. In many cases, industrial spies are simply seeking any data that their organization can exploit to its advantage.
An industrial spy may be an insider threat, such as an individual who has gained employment with the company with the purpose of spying or a disgruntled employee who trades information for personal gain or revenge. Spies may also infiltrate through social engineering tactics, for example by tricking an employee into divulging privileged information.
Spies sometimes physically breach the target organization and investigate the premises. In that case, a spy might search waste baskets or copy files or hard drives of unattended computers. Increasingly, the intrusion is through the corporate network. Typically, a targeted attack is conducted to gain initial network access and then an advanced persistent threat (APT) is carried out for continued data theft. The capacity of cell phones to record and transmit can also be exploited by leaving a phone in a boardroom, for example, and monitoring a meeting remotely. Recording devices are also secreted in a variety of items including eyeglasses, pens and USB sticks.
Industrial espionage is distinct from competitive intelligence (CI), which is confined to the gathering of publicly available information.