Apple and WikiLeaks Show How Vulnerable Companies Are

In seemingly separate stories, an Apple (AAPL) mid-level supply chain manager was accused of accepting more than $1 million in kickbacks from Asian iPhone component suppliers. At the same time, WikiLeaks, which has made a considerable name for itself by leaking secret documents, including what you might call this decade's Pentagon papers, has said that it won't be threatened by the Pentagon. But for corporate managers, they should be two sides of the same coin. Internal threats and data leaks are far more common than most would like to think, and can be damaging.

Cost of Data Breaches

However, put generalities aside and look at the Apple case. The company sells tens of millions of iPhones and iPods a year. A five cent a unit cost differential between what the company might have been able to negotiate, given no inside information in the hands of potential bidders, could easily mean millions a year.

As data loss goes, this was rather innocuous. What if the information was intellectual property like a previously unrevealed trade secret? Even a release date could allow a competitor to leak information to the media, which would then make it public, potentially tanking Apple's current sales as people knew of a new model coming out. Release your competing product in the window, and you could grab more purchases than otherwise might be the case.

Or look at the U.S. government and the information that WikiLeaks is making available. I'm not here to argue whether what the organization does is right or wrong. However, it has an impact on the government's brand, if you will, and its ability to influence the public to its advantage. The same could happen to a company. Look at the critical onslaught that Google (GOOG) has faced since the net neutrality proposal it co-authored with Verizon (VZ) came out. And that was a planned release.

Other possible types of information that a company could lose to its disadvantage include:

• supplier lists
• customer lists
• product marketing plans, including release dates and advertising campaigns
• employee directories
• trade secrets, including formulae, engineering designs, and prototypes

Inside Risks

Sometimes the help is deliberate, like the Apple employee who allegedly received kickbacks. Sometimes the internal problems are unintentional, like the person at the front desk who waves through the pizza delivery person, assuming that someone ordered in lunch, not that the delivery guy is actually a thief and will take valuable information out the door in the delivery bag. Or it could be social engineering, with employees tricked into giving away information. I've even heard of companies setting up fake conferences to get a competitor's employees onto a discussion panel to give insights you might not find in publicly-filed information.

Bigger Risks are Higher Up

Access and control of information means a commensurate amount of responsibility, power, and authority. When you hear of companies with major accounting irregularities, the people responsible aren't the clock-punching accountants, but, generally, the CEO, CFO, chairman of the board, or COO.

Unfortunately, many companies that otherwise talk a good game are effectively inactive when it comes to actually safeguarding information. Notice that the two examples in question are the federal government, which has extensive information security measures, and Apple, known for its secretive culture. If they can find themselves on the wrong end of information loss, what are the chances that the average company is immune?

Related:

• Hey Google, Enterprise Customers Want Full Security, Not Beta
• Apple iPhone, iPad Security Goes Into the Toilet and Down the Tubes
• U.S. Infrastructure Is Vulnerable to Cyber Attack, but No One Will Do Anything
• Apple and Google Mobile Security Pits Get Deeper