With many British retailers having trading ties and ambitions to break into the Chinese market in their own right, they are likely to be on the radar of these tech-savvy spooks.
Much of the attention around IT security has tended to focus on securing customer data. With news coming out on a daily basis of payment card details and even PIN numbers being offered for sale on the web, there is clearly a need for retailers to make sure that they are not the weakest link.
However, the intervention of M15 suggests that companies should be taking a similarly guarded stance with their own precious corporate data.
Databases and other systems that may hold sensitive customer or trading data increasingly benefit from multiple layers of security and encryption. But is this where the spies are looking?
Thinking about any business and a lot of the detail on interesting developments is available by e-mail. It’s where deals will be discussed, tactics honed and plans made. All too often e-mail replaces conversations that might have been had in person a few years ago, creating a paper trail of senior management’s thoughts.
Many firms provide remote access to e-mail via a web browser. Then all it takes is for usernames to be guessed and passwords to be cracked for much of a company’s private information to be gleaned.
MI5 is reported to have asked KPMG to lead a group to monitor cases of industrial espionage and co-ordinate information between the UK’s leading companies. It will assess threat levels – in the same way as for national security – and warn businesses of imminent danger.
So the IT department adds international espionage to the list of criminal and user security threats that it must attempt to stay one step ahead of. At least it may make the finance director sit up and listen to budget requests if he thinks the Chinese have access to his inbox.