— -- Marla Suttenberg had a sinking feeling that a corporate spy was shadowing her.
In March 2008, the owner of Woodcliff Lake, N.J.-based Sapphire Marketing was preparing to give a longtime client a generous price cut on $134,000 worth of audio/videoconferencing equipment.
But before her sales rep could extend the offer, her chief rival, David Goldenberg, then regional vice president of sales for AMX, a Dallas-based conferencing systems maker, sent the client an e-mail disparaging Sapphire and offering a steeper AMX discount.
"I felt sick to my stomach," Suttenberg recalls. To pull that off, someone had to have infiltrated Sapphire's internal e-mail, she thought at the time.
She was right. A few days later, Goldenberg, 48, of Oceanside, N.Y., was arrested. He subsequently pleaded guilty to felony wiretapping for tampering with Sapphire's e-mail. He was sentenced last month to three months probation and ordered to undergo counseling. "There was nothing sophisticated about me getting into their e-mail," he said in an interview. "Honestly, I had no idea that it was illegal."
Corporate espionage using very simple tactics — much of it carried out by trusted insiders, familiar business acquaintances, even janitors — is surging. That's because businesses large and small are collecting and storing more data than ever before. What's more, companies are blithely allowing broad access to this data via nifty Internet services and cool digital devices.
"Having more sensitive information being seen by more people and accessed on more devices drives up risk significantly," says Kurt Johnson, vice president at Courion, a supplier of identity management systems.
The slumping economy doesn't help. "Mass layoffs have increased internal threat levels dramatically," says Grant Evans, CEO of ActivIdentity, which makes smart cards and security tokens.
Employees worried about job security face rising temptations to seek out and hoard proprietary data that could help boost their job performance, or at least make them more marketable should they get laid off, says Adam Bosnian, vice president at Cyber-Ark Software, another identity management systems supplier.
Of the 400 information technology pros who participated in a recent Cyber-Ark survey, 74% said they knew how to circumvent security to access sensitive data, and 35% admitted doing so without permission. Among the most commonly targeted items: customer databases, e-mail controls and CEO passwords.