From: InfoSec News (alertsinfosecnews.org)
Date: Mon Jul 10 2006 - 01:02:35 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.nydailynews.com/business/story/433677p-365292c.html

BY JONATHAN LEMIRE
DAILY NEWS STAFF WRITER
July 8, 2006

Background checks, fingerprint scans and government-trained security
agents manning the doors - welcome to Corporate America 2006.

Roughly $60 billion a year is lost to industrial espionage because all it
takes is one successful spy to alter the fate of a company or even an
industry, security experts told the Daily News.

"Something like 70% of a company's value is tied up in proprietary
information and it's also where a company is at its most vulnerable," said
John Villines, an Atlanta-based security consultant. "Today, if we had a
threat level assigned to this problem, it would be 'red.' "

Last week's arrests of a 28-year-old Bronx man and two alleged accomplices
- including an administrator at Coca-Cola - for trying to sell the
soft-drink giant's secrets to Pepsi underscored the risks that even the
most successful companies face.

In the Coke case, Ibrahim Dimson allegedly convinced one of his
accomplices to stash secret documents in a Girl Scout cookie box. They
then requested $1.5 million from PepsiCo to see the confidential files,
authorities said. Rather than pay, Pepsi executives called the FBI.

Unlike Dimson, the accused thieves are not always caught.

In February 2005, hackers stole the personal information of 145,000
customers at ChoicePoint, a major supplier of ID and credit verification
services. The theft caused ChoicePoint to lose business and pay $26.4
million in fines and legal fees.

"Espionage is an ever-present problem," Villines said. "And it's not just
people hacking in, but current employees, former employees, contractors
and vendors who pose the biggest risk."

To prevent a mole from leaking information, consultants urge corporations
to set up elaborate background checks that include thorough interviews
with former employers. Experts also counsel executives to be mindful of
disgruntled workers.

"Corporations should profile their employees to determine who could be the
biggest threat," said James Dallas, president of Dallas Security
Investigations, based near Philadelphia. "The most important factors are
their length of service and if they believe they have been mistreated."

Impressive physical security is encouraged. Visitor passes embedded with
ID chips, laptops with sophisticated encryption systems and other modern
technology are a powerful weapon in combatting thieves.

"If we're talking a formula, like in the Coke case, that is the lifeblood
of a company, it must be handled like a piece of gold," Dallas said. "It
must be locked in a safe place - or better yet divided into pieces and put
in several safe places.

"No assistant should even see it, only the top executives should have
access."

Some companies even hire teams of experts, usually ex-FBI agents, to act
as "sneakers" who try to steal the company's own information or assets as
the ultimate test of the corporation's defenses. The teams then report
their findings and security adjustments are made.

"No measure is too drastic," Villines said. "The bad guys keep adapting
and companies need to too."

_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]