Keeping companies secure
Executive Impact ( 0 )
TOKYO —
For over 35 years, Kroll has helped clients prevent, investigate and recover from fraud. With 65 offices in 33 countries and territories, Kroll offers a wide range of consulting and technology services such as business intelligence, investigations, forensic accounting, computer forensics, as well as data recovery, asset tracing and compliance monitoring.
Heading up the Tokyo office is Scott Warren, a licensed California attorney. Born in Pittsburgh, Warren grew up in Denver and lived in LA for about 10 years. He joined Kroll about three years ago.
Japan Today editor Chris Betros visits Kroll’s Tokyo office to hear more.
What is your background?
I am an attorney by trade. I was a litigator in LA for 8 years. I moved to Japan about 16 years ago and worked with a business consultancy company. During that time, I wrote the “Japan Employers Handbook.” Then I worked for 7 years for Sega Corp, ending as general counsel, handling their international commercial and litigation issues. I moved on to Microsoft to help get the Xbox launched in Japan and other Asian countries. I did all the licensing work for that as well as the anti-piracy work for Xbox worldwide. I also led Microsoft’s anti-counterfeiting work for all of its products for north Asia as well as a project called, Internet Safety, designed to help protect people from Internet-related risks.
Why did you join Kroll?
Kroll gave me the best opportunity to focus on some of the things I love best: protecting intellectual property and helping folks deal with digital evidence-related investigations and litigation.
How well known is Kroll in Japan’s executive boardrooms?
Kroll is not as well known a brand name in Japan as it is in the U.S. and Europe, although we have made a lot of inroads. One of the things we did about five years ago was start to penetrate Japanese companies. It would have been easy for us to stay in a niche and service multinationals who know us from abroad, but it is very important for us to establish relationships with Japanese companies, and we have done that.
How do you market Kroll in Japan?
We do some advertising at the American Chamber of Commerce in Japan (ACCJ) and in some Japanese magazines that are focused on our work. We tend to find that the more direct personal approach is the best, and we augment that with seminars on topics like computer forensics/eDiscovery, internal investigations, crisis leadership and the like.
What are your main services in Japan?
Due diligence, which is focused on reputation. For example, do the people you are considering business with, have negative social associations that could cause your investment to be less valuable? We also do a lot of business intelligence, helping companies figure out the market they are coming into, a lot of internal investigations on how a fraud occurred and who is responsible. We do a lot of intellectual property protection. Sometimes, we do investigations in China. Or perhaps you’re planning to have a R&D or manufacturing facility in China. We can help you do that in a way that keeps your intellectual property from walking out the door.
Elsewhere, we do quite a bit of litigation support in computer forensics and electronic discovery. For example, we have worked with a number of Japanese and multinational high-tech companies, getting sued in the U.S. for patent infringement, helping them deal with their duties to submit relevant electronic documents and email. Since there is no similar process in Japanese courts, much of our work is to bridge the legal, technical and cultural issues in order to reach the desired result.
What about asset searching?
We don’t do as much of that in Japan as we do overseas. Asset searching is always a challenge but it is not impossible. You might recall that Kroll gained a lot of fame by successfully searching for the assets of Saddam Hussein after the first Gulf War. We did a huge investigation on behalf of the Kuwaiti government.
What is the biggest challenge in dealing with Japanese clients?
I think the biggest challenge is that traditionally, Japanese companies have wanted to handle crisis management internally. In other countries, we find companies are more comfortable with an outside party coming in and helping them with its investigation and crisis management. The problem is that if you keep the investigation internal, the true facts often remain hidden even from management, whether by design of the people involved, or due to the lack of the specific skill set of the internal investigation group. True investigators are a curious breed.
How is Kroll’s business in Japan?
Our business is growing. I am quite bullish because companies here tend to have better cash backing than a lot of companies internationally which have money invested in lots of different stocks. So you have some very cash-strong companies here that are interested in increasing their IP and other portfolios of businesses, and once the downturn hits bottom, I believe there will be a lot of Japanese companies doing M&As. We get a lot of repeat work and about 50% of our clients are multinationals.
How is the economic downturn affecting business?
In a downturn, there is certainly greater incentive to commit fraud and cut corners, but sometimes, I think we tend to see more just because companies tend to look more carefully at their operations. In a booming company, companies are focused outwards. However, now companies are focused inward trying to cut costs or find out why they are losing money, and then they discover that money is leaking. They look into it a bit more and find out they have a fraud problem. A lot more companies are interested in finding out why they are bleeding, so we are seeing more fraud investigations and trade secret leaks.
Of course, Ponzi schemes can be anywhere, even in Japan, and can affect any willing investor.
Do people have this image of your business as being like espionage?
The hardest part for some people to grasp at first is the concept of what we do. Essentially, we help clients make better decisions by giving them the facts of what’s going on. That is not as glamorous as some people think, not like James Bond, but it is an interesting job. There is certain information that is open, available and legal to get and you need to follow the right rules to get it – which we do. That is completely different from corporate espionage.
How much information is actually out there on the Internet?
Without a doubt, there is a lot of information on the Internet. The amount is sometimes daunting. The real tough part is trying to figure out what is truth and what is fiction. Proving or disproving it is our bread and butter, and we use multiple sources to do that. We base our investigative reports on facts that we can verify.
What’s happening in the world of cyber-security?
Cyber-security used to be the province of kids who had time on their hands and who were doing it for kicks. Those kids eventually grew up and some of them found jobs doing this for more than kicks. A lot of cyber-crime issues emanate from the U.S., northern and eastern Europe, and China. Organized crime has changed the nature of the problem. One of the issues is that a lot of those people were focused on English language. Now, we are seeing more foreign language phishing attacks. I am on the executive board of the Society for Policing Cyberspace (POLCYB), which is a non-profit organization, made up of law enforcement, prosecutors, academics, government policy folk and corporations dedicated to helping the fight against cybercrime. We often conduct computer forensic training for law enforcement and prosecutors from around the world.
Who are your team?
We have a really broad mix of people from all different walks of life whom we work with over time. We have some ex-journalists, ex-police, lawyers, like me, and some from investment banking.
Are your staff ever in physical danger?
One of our priorities is to figure out the risk that a particular operation would entail and either find a way to reduce it, or if we feel it is too risky, we will not take the job.
What qualities should a good investigator have?
Attention to detail and the ability to look through convoluted facts and make sense of it. They should have a good sense of smell, so to speak, and a love of the hunt for the truth. Some are good at talking with people and getting information; others are good at looking through online sources and written data for the right information. It’s also important that they understand the situation from the client’s perspective so that our reports are understandable, as opposed to a series of unrelated facts.
How much of your work is field work and how much desk work?
I have a mix of field and desk work. I am spending a bit more time at my desk recently just in order to handle all the administrative duties needed to keep the office running smoothly.
Can you give us an example of computer forensics that you did for a client?
A company had a leak of information via a photograph taken internally, that was leaked to a competitor. We did a full investigation, lots of interviews and, through computer forensics, we found a copy of that photo within the deleted space of a computer – the unallocated file space where documents go to die after they’ve been deleted. We were able to match the photo to a mobile phone of an employee and further found out who else was working with that employee. That took us about a month.
Do you think some companies are still quite lax when it comes to information security?
Some are, yes. For example, a company we worked with was incredibly concerned about its security. I mean, they even put a sticker over the lens of our cell phone cameras before we could enter. However, when we were working in the facility, we noticed on the top of one of the office PCs, they had the password written in indelible ink. Companies are always approaching us after they have lost their IP or valuable information, like customer lists. We’ve done a lot of that work. But I’d much rather work on protecting the IP to begin with. Of course, that takes multiple disciplines including physical design security (such as carded entry systems and CCTV cameras), operational security (such as handling of such information within the entity) and even IT security (including how digital information can leave a company through an external or internal threat). We provide a holistic approach to our IP security assessments.
How do you change a client’s way of thinking on security?
Our process is to look at operational security, design and IT infrastructure. We break it down and outline solutions. That can go back up to senior management and give a framework for discussions throughout the company. The problem I found from my long stint in the corporate world is that it is very difficult for some companies to break through their silos because there is no clear ownership of the issue. Is it legal? Is it IT? Is it security?
What do you do yourself?
I’m running two pipelines of business which are intellectual property protection services and litigation support. Then I look at the overall Japan performance and figure out how we can improve it, better market ourselves and retain the right team.
What is a typical day for you?
I usually show up around 9 a.m. and am here until about 8 p.m. I go out to meet clients. A lot of times, it’s easier to get to know clients in a social setting. I travel overseas a bit, when I am working on a number of different projects.
How do you like to relax?
I try to keep weekends free. I’ve got three kids. That’s one hobby. I play trombone in an amateur jazz big band. We do 9-10 gigs a year in different places, like Jazz Spot J in Shinjuku. There is a thriving jazz band community in Tokyo.
For more information, visit www.kroll.com
0 Comments
Login to comment
Back to top