According to the CSI/FBI Survey, 50% of the information security professionals cited corporate espionage as a major motivating factor for corporate competitors. Next to security breaches caused by malicious code — often used for corporate espionage — is 'electronic scavenging'. Electronic scavenging involves rummaging through disposed magnetic media for retrieving sensitive data that is left behind on it.

Results from an MIT study, which was published in the January/February 2003 issue of IEEE Security and Privacy, suggests that the secondary market is awash with confidential information. More than 150 million disk drives were retired from primary service in 2002. The research indicates that computers, even those with "erased" disk drives, might harbor confidential information, such as Corporate Intellectual Property, credit card numbers, medical records etc. which can be easily retrieved.

Scavenging through the data retrieved from 158 used and formatted disk drives, the students at MIT's Laboratory for Computer Science found more than 5,000 credit card numbers, detailed personal and corporate financial records, numerous medical records, gigabytes of personal email and pornography. Out of the disk drives that were purchased for less than $1,000 from eBay and other sources of used computer hardware - only 12 were properly sanitized. On many disks, files that would typically be found in the "My Documents" folder had been deleted, but they could be recovered using a simple "undelete" utility. Undelete programs work because deleting a file does not actually overwrite the blocks on the computer's disk that are used to hold the file's information.

Today, corporates discard many floppies every month. They also upgrade a substantial portion of their PCs on an ongoing schedule. The common procedure is that the vendor who supplies the upgraded PC 'buys-back' the old one. Most corporates format the hard disks on the old PCs prior to disposal. Some security conscious corporates break the read-write head on the disk drives. But these are ineffectual measures at best. Formatting does not properly sanitize a disk. For instance, the Windows "format" command doesn't actually overwrite every block-the "format" command just reads every block to make sure that they still work. To properly sanitize the hard drive, you need to overwrite every block. Also, with technologies such a Scanning Tunneling Microscopy one can read information even from 'pieces' of the disk - what this means is that even if you 'shred' your floppies or pulverize your hard disks, there is a hole.

Corporates today can either incinerate their magnetic media, grind them, use acid to burn them, or degauss them. Of these measures 'degaussing' magnetic media prior to disposal is a viable solution. Degaussing, completely and irretrievably, erases the information stored on the magnetic surface.

Corporates must consider sanitization and secure disposal of media as an important component of its overall risk management strategy.