Confidential assets benefit from little legal protection in emerging countries. In this chapter, an introductory case study shows how easy it was for a Pakistani clerical worker to threaten a prestigious American hospital with publishing their confidential patient files on the Internet. Ultimately, the Pakistani worker could not even be sentenced for what she had done.
Potential targets of industrial espionage include data, source code, and business secrets, each of which has different dynamics and is thus analyzed separately in this chapter. There are a number of ways that confidential material can fall into the wrong hands, including server access, test data, access of the offshore liaison to the customer’s networks, an unreliable subcontractor of the vendor, professional industrial spies, criminal attacks against the vendor (e.g., forced entry into the office building), and vendors who are also working for the customer’s competitors.
Protection against espionage includes tight monitoring of human resources and understanding of the legal systems of the countries involved — to provide the necessary deterrence of adequate punishment in case the attacker is caught. Despite all precautions, watertight protection of confidential material in developing countries has been difficult, at least so far. For this reason, the customer has to assess carefully which risks its organization can afford and whether the cost advantage justifies the risk.