Corporate espionage on 'an industrial scale' targeting the UK

One company suffered £800m loss due to espionage, says MI5 head

Companies should not underestimate the level of corporate espionage – often backed by governments and their intelligence agencies – now taking place across the world.

That is the message of security specialists following the revelation by Jonathan Evans, the head of the UK's intelligence service, MI5, that one company suffered an estimated £800m loss as a result of the theft of its intellectual property.

Evans was speaking at the Lord Mayor's Annual Defence and Security Lecture about the security threats facing the UK and, in particular, the magnitude of cyber assaults now taking place, targeting corporate intellectual property.

"Vulnerabilities in the internet are being exploited aggressively, not just by criminals, but also by states. And the extent of what is going on is astonishing – with industrial-scale processes involving many thousands of people lying behind both state-sponsored cyber espionage and organised cyber crime," said Evans.

"This is a threat to the integrity, confidentiality and availability of government information, but also to business and academic institutions. What is at stake is not just our government secrets but also the safety and security of our infrastructure, the intellectual property that underpins our future prosperity and the commercially sensitive information that is the life-blood of our companies and corporations," he continued.

Evans claimed that one company had lost £800m as a result of a state-sponsored cyber attack.

"One major London-listed company with which we have worked estimates that it incurred revenue losses of some £800m as a result of hostile state cyber attack – not just through intellectual property loss, but also from commercial disadvantage in contractual negotiations. They will not be the only corporate victim of these problems," said Evans.

Corporate espionage on 'an industrial scale' targeting the UK

One company suffered £800m loss due to espionage, says MI5 head

No surprise
But the level of cyber attacks is only "astonishing" to the average person, said Graham Cluley, a senior technology consultant at security software vendor Sophos.

Exploring Evans' claim that one company suffered a loss estimated at £800m, Cluley suspects that it might have occurred as part of a competitive tender.

"I predict that they were bidding and were competing with an overseas company and, perhaps as a result of a cyber attack, the overseas bid did better than the British one did. It wasn't that they lost the money it was that they lost the business," said Cluley.

"If someone is working at that kind of level in that sort of organisation then they have to be careful because they don't want their overseas competitors getting help from their country's resources and finding out about a bid," he added.

Cluley urged organisations to educate their staff about the risk of cyber attacks, how best to avoid them and advised that the general public, too, ought to be aware that state-sponsored attacks are not necessarily a one-way street.

"While he's talking about attacks from foreign governments and state-sponsored attacks into the UK, we should not be naïve and imagine that Britain is not doing this as well. It would be extraordinary if British intelligence services weren't also hacking and spying on rivals from other countries," he said.

Cluley added that it is understandable that intelligence services might wish to spy on and hack organisations in other countries as this method is "often cheaper than the old fashioned, dangerous way in these hard economic times". But he also warned that such practices could spill over into dangerous territory.

"At the moment its cyber espionage, but we do not want it to become a cyber war. There are treaties and agreements on how we can participate in regular traditional conflict, but there is no real regulation on the internet and that is why it is going to be something that is very hard to reduce because it is so difficult to prove who was behind a particular attack," he said.