Hacked: The Rising Threat of Intellectual Property Theft and What You Can Do About It

The same information systems that allow for information-sharing by distributed business teams also leave organizations open to the threat of intellectual property theft. Here's an explanation of the threat and how you can combat it.

By Stephanie Overby
Mon, July 30, 2007

CIO — The call to Bob Bailey, an IT executive with a major government contractor, came on an otherwise ordinary day in October 2003. “Why are you attacking us?” demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey’s company had launched a denial-of-service attack against his network.

Bailey (not his real name), deputy CIO in charge of IT operations, was thrown. He spent the next several hours reviewing logs and profiling systems. He discovered that someone had taken over one of the company’s servers and was using it to launch attacks against other companies in the valley.

MORE ON CIO.COM

How to Fight Cybercrime

After conducting a forensic review of the drives, Bailey learned that intruders had been lurking on two of his company’s servers for almost a year. These hackers, who were traced to a university in Beijing, had entered the company’s extranet through an unpatched vulnerability in the Solaris operating system. As far as Bailey could tell, they hadn’t accessed any classified information. But they were able to view mountains of intellectual property, including design information and product specifications related to transportation and communications systems, along with information belonging to the company’s customers and partners.

“It was such a sobering experience,” Bailey says, not least because three years earlier he had conducted a network security audit and patched every hole. But he hadn’t done the same with the extranet.

Bailey will never know who hacked his servers. China’s poorly defended servers are often used to launch attacks. He likes to believe that the culprits were a couple of students who launched the DoS attacks out of boredom, grew bored with that and went on their ways. But he knows that comforting scenario may be wrong. It’s just as possible that the intruders were after his company’s IP. And they easily may have gotten it.

(CIO agreed to Bailey’s request for anonymity in order to protect the identities of his company’s business partners.)

Exposed
According to cybercrime experts, digital IP theft is a growing threat. Although precise numbers are hard to come by, the U.S. Department of Commerce estimates stolen IP costs companies a collective $250 billion each year. And that number does not include hacked or hijacked information that goes unnoticed or unreported. The economic costs on a nationwide scale are impossible to quantify just yet.

Suspected state-sponsored espionage against the U.S. government has received the most publicity, thanks to the investigation of a series of coordinated attacks on federal computers dubbed “Titan Rain.” The 2003 attacks may have been the work of a China-based cyberespionage ring that was trying to steal government information, according to articles published in The Washington Post and Time magazine in 2005. But companies in any industry may be vulnerable. As businesses increasingly collaborate with external partners and expand globally, they’re also increasing their exposure to criminals—and possibly foreign governments—who may have more on their minds than scoring some Social Security numbers.

How Vulnerable Are You to IP Theft?

If your intellectual property is digital, you’re at risk for online IP theft. But there are varying degrees of exposure. “It has to do with how valuable a target you present and how well-defended you are,” explains O. Sami Saydjari, president of security consultancy Cyber Defense Agency.

The types of organizations that currently face the highest risk include:

Large, globally distributed organizations
Small to midsize businesses in niche markets
Companies with foreign partners or that sell directly in foreign markets
Organizations with decentralized IT
Military or government organizations that rely heavily on contractors and suppliers
Industries like telecommunications that supply critical national infrastructure
Organizations lacking executive sponsorship of security issues, technical enforcement of security policies, adequate security monitoring or process/preparedness for dealing with security breaches

External partners, locally and globally, are a major source of risk. “You can spend millions on your own defenses,” says John Bumgarner, research director for security technology at the U.S. Cyber Consequences Unit. But attackers may find a way in through weak spots in the systems of customers or suppliers. As intruders’ sophistication increases, however, all organizations may face similar vulnerabilities. “With new hacking methods, if the information is not encrypted and it is very valuable, it’s at high risk,” says Alan Paller, research director for the SANS Institute.

1 2 3 4 5 6 7 8 next page »

More from CIO

You are here: Business/Management Topics » Risk Management » Feature

Most Recent Risk Management Stories

White Papers »

Safeguarding the Corporate Brand amidst the Perfect Storm of Innovation

In this paper, we'll explore the impact of those technology trends, the role of insurance in risk mitigation and how the CIO can bring it all together.

To Build or Buy: Key Decision Points for Choosing the Best Billing Solution

Successful companies with recurring revenue models, the "build vs buy" convo must be strategic and thoughtful. Advanced and flexible billing solutions have shifted from an operational necessity to an important element in business planning.

Business Intelligence Shows its Smarts

Today's Business Intelligence (BI) tools provide a new way to think about data with self-service capabilities and user-friendly analytics that can be used by nearly everyone.

Harness IT -- An Introduction to Business Intelligence Solutions

Learn the key selection criteria required to provide your organization with the capability to address structured data, unstructured data and mobile demands so that employees can view and manipulate data on their own, from virtually any location.

Inquiry Spotlight: Consumer-Facing Identity

The challenges of consumer-facing identity management, access management, and authentication differ in ways subtle and dramatic from those of the employee-facing variety.

Time for a Fresh Look at Your Document Management Strategy?

Four costly challenges necessitate a change in your PDF solution

Webcasts »

Seven trends to shape your digital business - Accenture Technology Vision 2013

Technology is now intertwined with nearly every aspect of business. Information technology is not only pervasive; it is fast becoming a primary driver of market differentiation, business growth, and profitability.

Seven trends to shape your digital business - Accenture Technology Vision 2013

Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs

SAM: A must have IT tool to help reduce costs and minimize business and legal risks.

Building a Business Case for Service Management & Automation

As an IT infrastructure and operations (I&O) leader you understand the business and IT impact of service management and automation (SMA).

Hitting Your Targets with Service Catalog

Providing a good online shopping experience starts with understanding customer needs and expectations in order to deliver suitable goods and services. Employees expect a similar experience with a Service Catalog.

Firm Foundations - Picking the Best Platform for Custom Enterprise Apps

Every enterprise relies upon multiple custom applications - to do things that you just can't get packaged solutions to do and, in some cases, to provide competitive advantage.