International espionage that targeted a large online business in SA saw hackers compromise its database and hand the details of 600000 customers to its rivals. The attack was instigated by a rival company in Australia that hired hackers in the US to hack the SA firm, which stored its data on servers in Canada.

The incident last year was hushed up to avoid bad publicity, and although the perpetrators were traced, the matter never went to court as the firm decided the cost of international litigation was not worth the time, expense and public exposure.

"The hackers broke in and stole the information. The firm’s IT team discovered it and traced the attack to the US," said Erik Laykin, a senior investigator with Pinkerton Consulting and Investigations.

"The hired hackers downloaded 60,0000 customer names. We eventually reverse-traced it, but it took several months, and by that time the customer list had been distributed and the damage was done. The stolen data was based on it being an online business, so the victim suffered real damage," said Laykin.

Lawsuits were filed, but when the cost of a prosecution involving multiple jurisdictions was weighed up with the fact that the damage had already been done, the company decided to settle, said Laykin. "It wasn’t able to get full compensation, but it reached a financial agreement."

The SA example was cited this week at an international conference hosted by software company Computer Associates, which is working with Pinkerton investigators to devise better ways of protecting corporate data.

The result is a technology that blends data from physical security systems, such as access control cards, with data about cyber events, such as who is logging into a computer or connecting to the corporate network from a remote location.

Tougher legislation as well as common business sense is driving the need to protect corporate data more stringently, said Ron Moritz, chief security strategist for Computer Associates. "Industrial espionage is happening more often than we think," he said.

If an attack similar to the one on the SA firm occurred in California, new legislation would force the company to tell its customers that their details had been compromised. Yet many firms did not even know their systems had been accessed until the attackers were long gone.

"We have to be responsive to new threats and reduce the business risks by integrating physical and cyber security," said Moritz. "You have detectives who do fraud investigation and look for criminals, and you have engineers. With a co-ordinated view of physical and cyber events, you can detect abnormal activities."

The Computer Associates software presents a 3D picture of information by using a variety of charts, text messages and physical diagrams of buildings, their floor plans and access points.

For example, a company could display a record of physical events carried out by each individual, such as the time they entered the building and which internal security points they passed. At the same time it could display details about when someone logged on to the computer network, any pornographic websites they visited, or whether they sent any e-mail to a rival organisation.

That combination of physical and cyber security data could help detect who was committing an offence, said Moritz. If the data showed that someone was making long international phone calls at the weekend, the system could show everyone who was in the building at the time. It could also flag a security breach if someone logged on to a secure database when the person whose password was used had already clocked out.

The new software is being tested by several companies, prior to a commercial launch planned for the last quarter of the year.

Business Day