Growing physical risks to high-tech personnel working in unstable countries around the world are going unreported, an industry expert has claimed.
The numbers of professionals, including engineers and technologists, kidnapped for ransom during client visits, or while working in territories with a risk of abduction, is not being accurately assessed because employers are surreptitiously paying ransoms for the return of their employees, according to Chris Phillips, head of physical security consulting at penetration testing and training provider 2-Sec, speaking at IP EXPO 2015 this week.
Foreign criminals are easily able to scan social media to find out when personnel from high-tech companies will be travelling abroad, Phillips said: “Organised criminal gangs and terrorists have become savvy to the opportunities social media provides in terms of alerting them to foreign nationals coming to meet client companies in their countries, or undertake prolonged work assignments.”
People who post online that they are travelling out to work in some exotic foreign location, giving the date of their arrival, and even their flight number, put themselves at serious risk, as potential kidnappers know when to expect them, added Phillips.
One ruse is to have a bogus driver waiting for them at their destination airport. “They enter the arrivals lounge to see someone holding up a sign with their name on it, and they assume that it is transport arranged by their hosts,” said Phillips. “In fact, the driver is an impostor intent on abducting them, and taking them to a place where they are held for ransom until their employer pays-up.”
The numbers of high-tech workers travelling to risky countries is increasing as UK and European companies form more international business relationships with clients in parts of Africa, South America, and the Middle East – commercial expansion that's often driven by government encouragement, Phillips told an IP EXPO audience.
He believes that the full-scale of high-tech personnel kidnapping is coming to light only because repatriated staff are bringing legal actions against employers for failing to show due diligence in apprising them of possible threats, and for not ensuring that they had adequate protection whilst abroad.
Employers should conduct a proper risk-assessment for overseas staff postings, and all staff travelling to work abroad should be briefed on any potential risk of being targeted for abduction, Phillips said, and have local support set-up to safeguard them against a range of hazardous eventualities.
Phillips warned that the risks to targeted employees and their employers may become heightened as kidnappers seek to exploit the value of intellectual property and other valuable enterprise data that abducted staff may have on the hard drives of their personal laptops, or be able to access remotely via password-protected VPNs.