There is a recognised acceptance by national bodies that electronic surveillance attacks are on the increase. It is becoming a more realistic proposition within organised crime and is a threat not only to national infrastructure but also to commercial entities. To assess an organisation's ability to manage this risk, key questions are worth raising:
- How many security incidents have been logged over a given period, and what type are they?
- Is the threat from electronic surveillance or attack entered on your risk register?
- Are you monitoring or testing your own information systems?
- Do you have a security strategy, aligned to your business plan?
Competitors and criminals can make use of near or 'on site' technical surveillance equipment to gain valuable information and data. Such equipment includes:
- GSM 'bugs' - using mobile phone technologies
- Concealed radio transmitters or audio recorders
- Telephone tapping equipment
- Directional audio listening devices
Competitors and criminals can operate electronic intrusion/attack remotely to gain valuable information via the internet. Methods include:
- Vulnerability: an executable program, e.g. trojan horse/bug, lodged in a computer program that may be exploited to gain privileges on a computer network
- Exploit: a program or strategy to exploit vulnerability. An exploit may be either local or remote, social and/or technical
The mitigation options include an assessment of the threat, introduce business processes and responsibilities, but also some specific proactive security services:
Electronic and Physical Search – It involves the physical search and electronic use of counter-surveillance equipment to protect the client and their assets.
Virtual Penetration Test – It involves the virtual analysis and testing of the client's electronic profile and vulnerabilities. This service is a service delivered in collaboration with the business IT department to safely test the systems involved.