IT DRILLDOWN
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion

 CIO Consumer IT

 CIO Leader

 CIO Enterprise

 CIO Insider

More Newsletters | Edit Profile
 

RSS Feeds »

 
 
LEADERSHIP
 

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 

CIO Executive Council

Public Teleconferences

Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
 * Youth in IT: How CIOs Can Engage the Next Generation
 June 10
 * Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 

Are you involved in setting the direction for your company's IT budget or strategy?


Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

Reprints »

 
 

Feature

 

Hacked: The Rising Threat of Intellectual Property Theft and What You Can Do About It

The same information systems that allow for information-sharing by distributed business teams also leave organizations open to the threat of intellectual property theft. Here's an explanation of the threat and how you can combat it.
 

By Stephanie Overby

July 30, 2007CIO — The call to Bob Bailey, an IT executive with a major government contractor, came on an otherwise ordinary day in October 2003. “Why are you attacking us?” demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey’s company had launched a denial-of-service attack against his network.

Bailey (not his real name), deputy CIO in charge of IT operations, was thrown. He spent the next several hours reviewing logs and profiling systems. He discovered that someone had taken over one of the company’s servers and was using it to launch attacks against other companies in the valley.

MORE ON CIO.COM
How to Fight Cybercrime

After conducting a forensic review of the drives, Bailey learned that intruders had been lurking on two of his company’s servers for almost a year. These hackers, who were traced to a university in Beijing, had entered the company’s extranet through an unpatched vulnerability in the Solaris operating system. As far as Bailey could tell, they hadn’t accessed any classified information. But they were able to view mountains of intellectual property, including design information and product specifications related to transportation and communications systems, along with information belonging to the company’s customers and partners.

“It was such a sobering experience,” Bailey says, not least because three years earlier he had conducted a network security audit and patched every hole. But he hadn’t done the same with the extranet.

Bailey will never know who hacked his servers. China’s poorly defended servers are often used to launch attacks. He likes to believe that the culprits were a couple of students who launched the DoS attacks out of boredom, grew bored with that and went on their ways. But he knows that comforting scenario may be wrong. It’s just as possible that the intruders were after his company’s IP. And they easily may have gotten it.

(CIO agreed to Bailey’s request for anonymity in order to protect the identities of his company’s business partners.)

Exposed
According to cybercrime experts, digital IP theft is a growing threat. Although precise numbers are hard to come by, the U.S. Department of Commerce estimates stolen IP costs companies a collective $250 billion each year. And that number does not include hacked or hijacked information that goes unnoticed or unreported. The economic costs on a nationwide scale are impossible to quantify just yet.

Suspected state-sponsored espionage against the U.S. government has received the most publicity, thanks to the investigation of a series of coordinated attacks on federal computers dubbed “Titan Rain.” The 2003 attacks may have been the work of a China-based cyberespionage ring that was trying to steal government information, according to articles published in The Washington Post and Time magazine in 2005. But companies in any industry may be vulnerable. As businesses increasingly collaborate with external partners and expand globally, they’re also increasing their exposure to criminals—and possibly foreign governments—who may have more on their minds than scoring some Social Security numbers.

How Vulnerable Are You to IP Theft?

If your intellectual property is digital, you’re at risk for online IP theft. But there are varying degrees of exposure. “It has to do with how valuable a target you present and how well-defended you are,” explains O. Sami Saydjari, president of security consultancy Cyber Defense Agency.

The types of organizations that currently face the highest risk include:

  • Large, globally distributed organizations
  • Small to midsize businesses in niche markets
  • Companies with foreign partners or that sell directly in foreign markets
  • Organizations with decentralized IT
  • Military or government organizations that rely heavily on contractors and suppliers
  • Industries like telecommunications that supply critical national infrastructure
  • Organizations lacking executive sponsorship of security issues, technical enforcement of security policies, adequate security monitoring or process/preparedness for dealing with security breaches

External partners, locally and globally, are a major source of risk. “You can spend millions on your own defenses,” says John Bumgarner, research director for security technology at the U.S. Cyber Consequences Unit. But attackers may find a way in through weak spots in the systems of customers or suppliers. As intruders’ sophistication increases, however, all organizations may face similar vulnerabilities. “With new hacking methods, if the information is not encrypted and it is very valuable, it’s at high risk,” says Alan Paller, research director for the SANS Institute.

 
 
 
 
 
 
Loading...
 
 
ABCs
 

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Case Study: 24 Hour Fitness turned to SEPATON

BPM Done Right: 15 Ways to Succeed Where Others have Failed

3 Reasons to Invest in Integration Technology Now

Survival of the Fittest: Disaster Recovery Design for the Data Center

Building a Foundation for Pragmatic Service Management White Paper

Strategies for centralizing data backup

The Best IT Strategy for a Company with Global Operations

The PCI Data Security Standard

Tuning ERP and the Supply Chain for Profitable Growth

How Plug-in Integration with Global Suppliers Quickly Multiplies the Value of SAP Investments

White Paper: Transportation is a prime opportunity to reduce costs

Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services

A Solution for Remote Data Replication

2008 Annual Google Communications Intelligence Report

This white paper highlights best-of-breed solutions being built on the Microsoft platform

IT Service Management: Metrics That Matter

TCO Comparison Report: Reducing Costs in the Data Center

Guidelines for Energy Efficient Data Centers

Drive More Effective Business Processes with SOA

Fuel the Responsive Enterprise Through Oracle Fusion Middleware

Today's Enterprise Workforces: Remote But Not Isolated

E-Discovery: Why Archiving Your Web Presence is a Business Necessity

Webcast: Learn how organizations are overcoming productivity declines

Uniting IT with Business through ITSM

Unified IT Strategy Playbook - A Must Have!

The Forrester Wave & Trade: Enterprise Open Systems Virtual Tape Libraries

The New Growth Paragidm: Multi-Enterprise SOA

Enterprise Service Bus: A Definition

Helping IT Become a Service Provider White Paper

Extending PCI Compliance to the Mobile Workforce

Wide-area data services enable todays global enterprise

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

ITCi White Paper: Challenges and Opportunities of PCI

Compliance by the numbers- addressing requirements with online document management and collaboration technology

White Paper: IDC Analysts Discuss Open Text

Business Transaction Management: The Evolution of IT Management

Case Study: CitiStreet achieves complete disaster recovery protection

Webcast: Learn how Accenture, Avanade and Microsoft are helping organizations overcome productivity declines

Comparing Google and Other Leading Messaging Security Solutions

Secure your virtual and physical environments with the same software.

Research Report: The State of Data Protection in Today's Enterprise

A Must Read on Data Protection Strategies!

Taneja Group Report - The Greening of the Data Center

Balance Your Innovation and Efficiency Platforms for Competitive Advantage and Responsiveness

LIVE Webcast - The Mainframe is Dead...Long Live the Mainframe?

Putting Windows Server and Citrix to Work in the Enterprise

Knowledge Management Best Practices: Get Proven Tips and Techniques

Oracle 9i Database Upgrade Management Services - Upgrade with Confidence

How to Support Your IT Environment - Important Factors

Learn how to communicate the business value of IT