← Back to all posts
Humans: And How to Handle Them in a World of Risk
Guest PostHuman RiskIntellectual Property Theft

Humans: And How to Handle Them in a World of Risk

Your New Best Friend

Imagine yourself at an exciting trade show, marketing your company’s solution to a challenging technical problem. You speak with an attendee who seems intrigued with your technology, but asks “what makes your solution different from others?” Eager to land the lead, you describe your company’s advantages. “That’s interesting” the attendee says, “does your company really have the science for that solution?” Not being sure what aspects of your technology are sensitive or proprietary, you proceed cautiously but still need to explain something – you’re there for marketing, after all. “Our engineers have found a truly unique solution . . .,” you tell your new contact. After your explanation the attendee nods, apparently impressed, and promises follow-up.

You’re satisfied, having landed a solid lead. Your new contact is satisfied too, and eager to follow up – because he’s working with one of your competitors, and you’re unwittingly helping them steal your intellectual property.

If the scene above seems unrealistic in today’s ultra-cyber era, think again. Trade secret and intellectual property (IP) theft are rising in the U.S. and Europe. Elicitation, as shown here, is the technique of surreptitiously gaining information without revealing a questioner’s intent – and it remains a favorite ploy.

With a little education, savvy companies can spot elicitation, respond appropriately, and avoid falling victim to such human risks.

Predators Aplenty

Adversary nations, competitors and criminals covet advanced technology as a shortcut through research and development and to overcome a lack of skilled workforces, among many reasons. This won’t surprise anyone who has seen the Russian robot that recently took a nose-dive on its debut.

paragraph visual

One method of gaining advanced technology is human intelligence, commonly known as old-fashioned spying, which is “more common than ever,” according to the FBI.

Cases of private sector trade secret theft in the U.S. rose by 15% in the first half of 2025.

Germany, Finland and Sweden are also experiencing rising human-oriented espionage by Russia and the People’s Republic of China.

And since 2022 Russian law no longer prosecutes companies that steal IP from a list of “unfriendly countries” that includes all 27 European Union members, the U.S., Canada, Switzerland, and more.

After over 30 years in Army and Defense counterintelligence (CI) and working with industry to protect technology, I know that elicitation by a wily adversary is all too easy to fall for – but also easy to thwart – if you know the signs and how to react.

How Its Done

Foreign intelligence entities, competitors or criminal actors won’t use a cloak and dagger to gain sensitive information. Trade shows, for example, where technology companies are eager to display their solutions, “are great venues for an intelligence officer from an adversary to collect information,” said the Army’s senior intelligence officer.

That’s one reason that U.S. Defense Department CI special agents fan out at technology events, including at the 2025 Paris Air Show alongside French security.

There are dozens of techniques to disguise elicitation in business conversations. They work by preying on human nature to be helpful, polite, appear competent, or authoritative.

Here are a few methods that your new contact might use if they’re digging for more a little more than you’re normally willing to share:

  • Volunteering Information: “We experienced similar problems but couldn’t figure out how to …” statements may lead you to offer technical knowledge.
  • Feigned Ignorance: “I don’t really understand how this technically works” could be an invitation for you to share detailed data.
  • Flattery: A phrase like, “Wow, you really understand the technical problems better than others” is nice to hear, but may be intended to build up your ego and share more information.
  • Criticism: Saying, “This kind of R&D takes so long,” or similar openings can be an inducement to reveal schedules, issues, or advancements.
  • Disbelief: as used by the questioner in our opening tableau. It can lead to offering correct but sensitive information.
paragraph visual

The knowledge that collectors seek may often appear to be harmless, but every piece of data helps them assemble a picture of your IP or company.

Responding Wisely

Of course, merely knowing the signs of elicitation is not enough. You can’t just stomp away in a huff. Most people want to remain polite, particularly if your questioner turns out to be a genuine potential customer. Here are some ways to delicately divert a difficult conversation, without burning any bridges:

  • Refer to Publicly Available Information: Websites, company literature. Offer to discuss in more detail another time.
  • Ask Your Own Questions: This can help you regain control of the conversation and even advance it.
  • Answer Vaguely: But be willing to follow-up.
  • Change the Subject: As with asking your own questions, it redirects the conversation to a more appropriate topic.

If in doubt, report the incident to your company security officer. They will know how to engage with a specialized organization for any further action.

The Benefits: Security

Now imagine another version of our opening scene. Properly educated, you spotted the elicitation attempt, protected sensitive information, and reported the incident to the company security officer. The company also fine-tuned its procedures for such encounters. Proactive protection prevented IP theft.

Countering elicitation also works best as part of a comprehensive company security plan guarding against evolving threats, including cyber risks, malicious insiders, and more. We’ll talk about those in future posts.

If you’re wondering about effectiveness, consider that a former Soviet KGB officer once told me, with a touch of chagrin, that during the Cold War it was educated, alert, and wary employees who really made his previous job tough.

With that in mind, companies can take heart and start today in improving their defenses to protect their interests.

Human-oriented risk is as old as time but not going away any time soon.

Norphluchs Guest Post

Written by: Michael Schellhammer