 |
 South African companies and businesses must accept that as they attempt to be more competitive in the global markets, that their products, processes, information and trade secrets may come under threat from adversaries and competitors. Regular eavesdropping detection surveys have become a standard business practice. Companies all have policies about such things as smoking, first aid, sexual harassment, drugs and alcohol abuse, etc., but most do not have policies regarding the protection of information. Information protection programmes should be designed to recognise the indicators that industrial and technical espionage could be affecting a company. There is no such thing as a coincidence when it gets to information leakage. No real statistics of reported incidents is available from any Government Department, nor does the South African Government assist or advise the corporate sector regarding the threats of illegal eavesdropping and industrial espionage.
As James Schweitzer puts it in ‘Protecting Business Information’: “If one waits until a threat is manifest through a successful attack, then significant damage can be done before an effective countermeasure can be developed and deployed. Therefore countermeasures must be based on speculation. Effort may be expended in countering attacks that are never attempted. The need to speculate and to budget resources for countermeasures also implies a need to understand what it is that should be protected, and why; such understanding should drive the choice of a protection strategy and countermeasures. This thinking should be captured in security policies generated by management; poor security often reflects both weak policies and inadequate forethought.”
|
