Who are the data thieves targeting?
If you think your company is not a likely target of electronic spying, don't be so sure. Although military systems and government contractors will always be major targets, services that carry information for many types of organizations are also extremely attractive because a single intrusion can provide information about a large range of targets, Kocher says. For example, Webmail services, telephone networks, shippers' databases, and social networking sites are all likely targets.
Any company with advanced intellectual property or sensitive research and development data is of interest to spies, notes Paul Kurtz, COO of Good Harbor Consulting and a recognized cyber security and homeland security expert who has served in senior positions on the White House's National Security and Homeland Security Councils.
"Adversaries will look up the supply chain too in order to gain access to more sensitive data, so those organizations supporting sensitive government and private sector groups should also monitor for espionage activity," Kurtz says.
What risks do you face?
What's at risk for your organization if it doesn't at least look into whether it's being spied upon electronically? Quite a bit.
"It's the worst-case scenario at stake: the loss of competitive advantage," says PricewaterhouseCooper's Lobel. For instance, a government entity that's doing the spying could hand over intellectual property to one of your biggest competitors. This could allow the competitor to avoid the research and development cost and time that your company has spent, or tip them off to future products in your pipeline.
Kurtz says private-sector firms have the most to lose today, as the federal government is doing little to help them and they are "hemorrhaging intellectual property, which will lead to loss in market share, investor confidence, and ultimately their ability to compete and survive as a company."
Organizations need to not only fear the loss of propriety information, but the public backlash from lost personal data as well. The 2007 security breach suffered by retailer T.J. Maxx, in which data from millions of customer credit cards was stolen, "was a PR nightmare," says corporate investigator Gregg.