As it becomes more and more frequent that the private-owned enterprises are faced with espionage cases, they seek advice from the information security consultants whose earnings from business are continuously increasing. Paulius Petretis, Director of VORAS Consulting, engaged in provision of information security consultations for five years said to the Lietuvos Žinios (literally: News of Lithuania) daily newspaper that in recent years, commercial espionage represented an ever-growing challenge in the Lithuanian market.
Supposedly, the root causes of this problem are people working with the company who cannot resist the temptation of leaking information they can access to competitive companies for a definite fee.
“I will not disclose the names of clients who have suffered from the so-called in-house commercial spying, but can give you an example of one of the most commonly occuring cases: a bank or a communication company is preparing for presentation of a new product or service, when suddenly it turns out that their strong competitor has already presented a similar idea to the clients. The question arises as to whether it is merely a coincidence or the work of the in-house spy? The answer to this question is to be found by commom efforts”, says Director of Consulting Company.
According to P. Petretis, no one company in Lithuania, whether it is small or large, can avoid the risk of commercial espionage. However, small companies are not always in a position to discover the information leakage. As to large-scale companies, they simply have their own information security specialists.
Take care when speaking!
When asked, what to do to mitigate the risks related to commercial espionage, an information security expert proposed to the businessmen not to discuss business issues in restaurants or cafés that offer an Internet access service. “It is also insecure to use unencrypted e-mailing and most instant messaging programs during discussion of business issues or to talk close to gimmicky phones as the majority of them may have the illegally installed tracking programs and so on”, Paulius Petretis expresses his reservations.
The income of Consulting Company for the previous year reached LTL 2 million. This year, hopefully, twice the money will come from private clients while next year, the increase in revenues is expected from the government sector.
“Private business is wary of commercial spying while public industry faces some other problems: how to present an order to the IT implementor in such a way as to make the IT solution safe and to keep the project budget within the limits of the financial resources available”, P. Petretis pointed out.
By the way, the IT projects from the public sector will soon come in showers. It has been reported in the Lietuvos Žinios newspaper that the 2014-2015 period is expected to be the most active one: payment of amount of about LTL 513 million for the information community development projects financed through the European (EU) Structural Funds. After implementation of these projects, the Lithuanian citizens will be able to execute the majority of necessary documents in electronic form.
Creation of IT professionals
As explained by Paulius Petretis, his company has used in its work with clients COBIT (Control Objectives for Information and Related Technologies) IT governance tool provided by the members of the International Information Systems Audit and Control Association, ISACA in one document for five years. The headquarters of ISACA International are located in the United States. Its members are individual IT professionals not companies. The Association has founded the Lithuanian ISACA Chapter marking its 10th anniversary this year. According to Petretis’ estimate, ISACA has over 100 members in Lithuania.
The international standard ISO 27001 specifying requirements for the information security management systems and international standard ISO 20000-1:2005 for the IT service management have been established in Fermentas by VORAS Consulting . The above mentioned COBIT framework helps to reach the security level provided for by these standards. Today, the Consulting Company that uses this tool takes part in implementing projects for government institutions and business enterprises.
“And still, the translation into the Lithuanian language of the world-wide known and widely applicable COBIT framework is our most significant contribution to the country’s IT governance. It raised the interest in COBIT in the IT market of Lithuania”, Paulius Petretis states with confidence.
According to the company Director, in Lithuania, the National Audit Office is considered to be almost the best in mastering this tool. This institution began to use it as early as in 2002, when together with the supreme audit institutions of the Netherlands, Spain, Slovenia, Switzerland and Norway, it proceeded to preparation of the self-assessment methodology for IT governance.
“Such important points as goverment assistance, accidental coincidence and opportunity of working together with the most competent foreign colleagues generated our interest in this tool. A report of Erik Guldentops, Executive Professor at the Antwerp University Management School, one of the COBIT framework ideologists and authorities, at the Regional Seminar of the European Union Audit IT Working Group held in Vilnius in 2005 was strongly impressed on my memory. We fully realized that COBIT was a very efficient tool that could assist not only at the IT service management level, but also at the strategic enterprise management level“, Dainius Jakimavicius, Director of Information Systems and Infrastructure Audit Department of the National Audit Office of Lithuania and Research and Standards Coordinator at ISACA Lithuanian Chapter, shares his impressions.
According to IT professionals, COBIT tool is easily accessible and embraces the IT project management practice of a great number of world-class professionals specializing in various areas. Moreover, it is connected with the related information security, business management and finance standards and methodologies; it is easily applicable as straightforward procedures facilitate the control of the enterprise IT management ranging from enterprise business and IT compatibility to delivery of the quality IT services.
D. Jakimavicius underlined that currently, the biggest IT problem is that the rapid development of information technologies runs ahead of the enterprise business; therefore, IT technologies begin to dominate over the business processes. “So far, the executives of not all establishments, especially the governmental ones, know how to match the enterprise business processes and the benefits provided by IT. If the detailed described enterprise business processes are available, their weakeness are detected and the objectives and risks are identifed, it is relatively not too difficult to move all these to the IT process environment and solve the problem using the well-known tools”, he said.
It is not safe to communicate on business issues using:
- unencrypted email;
- most instant messaging programs;
- in talks in restaurants and cafes that offer an Internet access service;
- talking close to gimmicky phones as the majority of them may have the illegally installed tracking programs
Source: Lzinios.lt, 07-01-2013