COMPETITIVE INTELLIGENCE
While corporate espionage is technically illegal — the US law dates back to 1996 and Canada’s as-yet-unused anti- corporate-spying provision seems to be based on the American statute — most companies need to keep abreast of key competitors, and some do it by hiring so-called “competitive intelligence” consultants. Jonathan Calof, a professor at the Telfer School of Management at the University of Ottawa and a fellow of the Strategic and Competitive Intelligence Professionals (SCIP) who has written extensively on this topic, says these researchers gather a wide range of publicly accessible information to provide clients with clues about the competitive environ- ment, including their rivals’ activities.
The data gathering and evaluation includes all the
obvious sources and many that are less so, such as help- wanted ads, which, he says, can reveal a lot about where a company is at in its product development life cycle (e.g., is
the consumer product giant had set up a special operations team in a Cincinnati safe house. The team’s mission: to surrepti- tiously collect information, including unshredded documents leſt in Unilever dumpsters, about the firm’s hair-care products. As a Dartmouth business school case study of the ensuing lawsuit noted, “P&G had their competitive intelligence opera- tives misrepresent themselves to Unilever employees, claiming that they were market analysts, journalists, and students — although P&G denied this accusation.” In Canada, the most notorious example involved a sustained
cyber espionage attack on Nortel that extended over a period of at least 10 years, and only surfaced publicly when the lead inter- nal investigator revealed that the company had been hacked. Brian Shields, the whistleblower, recalls that senior Nortel man- agement either ignored or downplayed the incursions, which began in 2000 and saw hackers infiltrating the company’s net- works through seemingly secure accounts belonging to C-suite executives, directors and other employees and later staff in Nortel’s Chinese division. Shields went public, he says, aſter he learned that Nortel hadn’t revealed the security breach to a company planning to buy some of Nortel’s assets after the telecom firm entered bankruptcy proceedings. “This should have been a board of director’s item,” says Shields, who is now a cybercrime analyst with the US Postal Inspection Service. “We never got them out of the network.” (Juneau-Katsuya says CSIS viewed Nortel’s refusal to act as evidence of a high-level mole, but concedes that the agency could never prove the allegation.) Those who work in network security know that almost all
firms today have multiple vulnerabilities: open Internet access for company computers, employees who use their own mobile devices for off-site work, and sloppy workplace cybersecurity practices, such as employees ignoring warnings about reusing unsecure flash drives or failing to update soſtware, and clicking on links or opening attachments in so-called “spear-phishing”
the firm looking for technologists or salespeople?). Competitive intelligence consultants can also gather plenty of useful information at trade shows or during the Q&A portion of industry seminars. But the members of SCIP are sensitive about ethics, so
Calof points out that the industry’s code of conduct requires members to go about their work “legally and ethically,” which means disclosing what they’re doing and who they’re working for; being truthful; and avoiding information that arrives in dubious ways, such as an internal memo inadver- tently left by the coffee urns at a professional conference. For chatty CEOs who like to go to such events and give talks about what their firms are doing, Calof offers up the 21st-century equivalent of the old wartime saw about how the walls have ears. As he says, “I’d be hard pressed to say that there’s anything wrong in using information that’s just out in the open.”
— JL
emails from hackers posing as colleagues, friends or employees. “You never know what that email is capable of doing,” says Freddie Martinez, a former employee of NATO’s technology group who is now manager of infrastructure technology for Alberta-based tire retailer Fountain Tire and a member of the CIO Association of Canada. Hackers and cyber spies use such incursions to quietly gain
knowledge about, and then access to, network architecture with an eye to stealing customer lists, files containing key intellectual property and other strategic information. Such viruses may be “keystroke loggers” that allow remote hackers to gain access to passwords. These can be used to set up “backdoors” that allow cyber spies to use corporate accounts to download critical files. “Some of the victims aren’t even aware they’ve been hacked,” observes Kevin Lo, a managing director at Froese Forensics, based in Toronto. It’s a highly strategic undertaking. Security experts point out
that those involved in industrial espionage — whether they be freelancers, rival companies or foreign governments — will begin by collecting a large amount of corporate information across a range of sectors. One technique, known as the “water- ing hole,” involves infecting locally popular websites — a local TV station, for example — with malware that can spread to the computers of visitors and begin to transmit hard-to-detect digital signals (a.k.a. “beacons”) back to the hacker team. That technique provides entry points to a large number of firms within a given region. Another tactic is to steal the customer lists of professional services firms, private health insurers or other suppliers as a means of gaining access to larger corporate clients. The attack on the Panamanian law firm Mossack Fonseca, which reportedly yielded files on more than 200,000 shell companies set up for private clients taking advantage of that country’s tax havens, might not have been carried out with cyber espionage in mind, but the tactic is similar. The most
MARCH 2017 | CPA MAGAZINE | 39
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72