Hacked: The Rising Threat of Intellectual Property Theft and What You Can Do About It

The same information systems that allow for information-sharing by distributed business teams also leave organizations open to the threat of intellectual property theft. Here's an explanation of the threat and how you can combat it.

By
Mon, July 30, 2007
. What's this?

CIO — The call to Bob Bailey, an IT executive with a major government contractor, came on an otherwise ordinary day in October 2003. “Why are you attacking us?” demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey’s company had launched a denial-of-service attack against his network.

Bailey (not his real name), deputy CIO in charge of IT operations, was thrown. He spent the next several hours reviewing logs and profiling systems. He discovered that someone had taken over one of the company’s servers and was using it to launch attacks against other companies in the valley.

MORE ON CIO.COM
How to Fight Cybercrime

After conducting a forensic review of the drives, Bailey learned that intruders had been lurking on two of his company’s servers for almost a year. These hackers, who were traced to a university in Beijing, had entered the company’s extranet through an unpatched vulnerability in the Solaris operating system. As far as Bailey could tell, they hadn’t accessed any classified information. But they were able to view mountains of intellectual property, including design information and product specifications related to transportation and communications systems, along with information belonging to the company’s customers and partners.

“It was such a sobering experience,” Bailey says, not least because three years earlier he had conducted a network security audit and patched every hole. But he hadn’t done the same with the extranet.

Bailey will never know who hacked his servers. China’s poorly defended servers are often used to launch attacks. He likes to believe that the culprits were a couple of students who launched the DoS attacks out of boredom, grew bored with that and went on their ways. But he knows that comforting scenario may be wrong. It’s just as possible that the intruders were after his company’s IP. And they easily may have gotten it.

(CIO agreed to Bailey’s request for anonymity in order to protect the identities of his company’s business partners.)

Exposed
According to cybercrime experts, digital IP theft is a growing threat. Although precise numbers are hard to come by, the U.S. Department of Commerce estimates stolen IP costs companies a collective $250 billion each year. And that number does not include hacked or hijacked information that goes unnoticed or unreported. The economic costs on a nationwide scale are impossible to quantify just yet.

Suspected state-sponsored espionage against the U.S. government has received the most publicity, thanks to the investigation of a series of coordinated attacks on federal computers dubbed “Titan Rain.” The 2003 attacks may have been the work of a China-based cyberespionage ring that was trying to steal government information, according to articles published in The Washington Post and Time magazine in 2005. But companies in any industry may be vulnerable. As businesses increasingly collaborate with external partners and expand globally, they’re also increasing their exposure to criminals—and possibly foreign governments—who may have more on their minds than scoring some Social Security numbers.

How Vulnerable Are You to IP Theft?

If your intellectual property is digital, you’re at risk for online IP theft. But there are varying degrees of exposure. “It has to do with how valuable a target you present and how well-defended you are,” explains O. Sami Saydjari, president of security consultancy Cyber Defense Agency.

The types of organizations that currently face the highest risk include:

  • Large, globally distributed organizations
  • Small to midsize businesses in niche markets
  • Companies with foreign partners or that sell directly in foreign markets
  • Organizations with decentralized IT
  • Military or government organizations that rely heavily on contractors and suppliers
  • Industries like telecommunications that supply critical national infrastructure
  • Organizations lacking executive sponsorship of security issues, technical enforcement of security policies, adequate security monitoring or process/preparedness for dealing with security breaches

External partners, locally and globally, are a major source of risk. “You can spend millions on your own defenses,” says John Bumgarner, research director for security technology at the U.S. Cyber Consequences Unit. But attackers may find a way in through weak spots in the systems of customers or suppliers. As intruders’ sophistication increases, however, all organizations may face similar vulnerabilities. “With new hacking methods, if the information is not encrypted and it is very valuable, it’s at high risk,” says Alan Paller, research director for the SANS Institute.

Similar to this Article

Continue Reading

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
Bring Your Own Device eGuide
As more and more CIOs are beginning to see significant benefits from letting employees choose the device they use to get their jobs done, the Bring Your Own Device (BYOD) trend is spreading. According to the Computerworld Consumerization of IT Study, about half of the 604 respondents said their organizations allow employees to do work using their own devices either away from the office or at work. Whether these devices are smart phones, tablets, or laptops that are used in the office or while working remotely, companies that embrace this trend are finding their employees are more productive and experience greater job satisfaction. What's more, enterprises can significantly reduce up front costs and allow for flexible work hours by letting employees use their device of choice anytime, from anywhere.
Enabling Remote Employees with High Quality Video
In this paper, we analyze the delivery of live and on-demand mobile video content. It focuses on specific ways in which organizations can follow best practices to ensure the experience of video communication is maximized for viewers, while keeping corporate networks running smoothly.
Business Video Empowers Social Media
There's no denying that the wisdom of a company resides in the heads of those directly responsible for the non-routine work of the organization. There's also no denying that management teams are looking to find better employee communications solutions and reduce costs. This is coupled with increased demand to better manage projects, customer service, product launches, training, and sales by workforces that are separated by time zones and using mobile devices. This need for wide-scale communications at lower cost is fueling recent organizational demand for scalable, affordable enterprise video and employee generated video content or "EGC"
A "YouTube-like" Experience For Employees
The wave of video in the enterprise will continue to rise as the communication medium and the enabling technologies become ubiquitous in our daily personal and business lives. Businesses must be fully aware of the challenges and requirements of deploying an enterprise video solution. With a proper approach, adequate preparation, and skilled analysis, your organization will be able to accurately build an effective, scalable YouTube for the Enterprise framework that leverages your existing IT infrastructure and is aligned with your business goals.
Generation Gmail: How are you dealing with "work-around email" workers?
This whitepaper aims to identify those users, the reasons they exist and to outline what your organization can do about them.
The CFO Guide to Budgeting Software
A mid-sized business needs the same financial performance control and measurement capabilities as a large corporation, but in a solution that's affordable, easy to implement and scalable. This guide simplifies the search by helping CFOs understand the 10 must-have characteristics of today's best financial performance management solutions.
Webcasts »
Live CIO Roundtable: How to Cut Out-of-Control SAP and Oracle Maintenance Costs
Enterprise software maintenance and upgrade costs consume huge chunks of IT budgets, with little money left over for innovation. Hear interactive discussion from two experienced, forward-looking CIOs on how they made big cuts in the cost to run and maintain their mission-critical SAP and Oracle systems with third-party support.
Operational Analytics - Changing the Competitive Dynamics of the Business
Date/Time: June 5, 2012, 11:00 a.m., EDT, 4:00 p.m. BST / 3:00 p.m. UTC

Please join us for this webcast, as Dr. Barry Devlin, Founder and Principal, 9sight Consulting, describes what operational analytics can do for your business and reviews an architectural approach that will enable you to make it a reality.
Introduction to Virtualization
Have you been thinking about what it would take to start using virtualization? Or do you know the basics and want to find out more? No problem. This webcast is designed for anyone with little to no knowledge of virtualization technology. Attend this webcast to learn:

-A basic overview of the business value of the technology and some key capabilities that make virtualization so valuable to IT and the businesses you serve.
-The basics for creating virtual machines and the key choices that can be made along the route to deployment.
Cloud-based Contact Center: Is it Right for Your Business?
View this on demand webcast to learn if moving business communications to the cloud is right for your business. Featured industry experts DMG Consulting LLC president, Donna Fluss, Frost & Sullivan principal analyst, Michael DeSalles, and Interactive Intelligence senior vice president, Joe Staples discuss this topic and help you answer your pressing questions at the conclusion of this web event.
Must have Tools and Techniques to Optimize the Sales Pipeline and Win more Deals
In this webcast, Vantage Point Performance's Michelle Vazzana will reveal how to coach your reps to better performing pipelines.
Sales Effectiveness in the New Sales Paradigm - A Webcast Featuring the Latest Forrester Research Study
In this webcast produced by the Sales Management Association (SMA), Forrester's Scott Santucci will explore the new sales paradigm and discuss how businesses must transform their selling models into dynamic, communications-intensive systems, empowering individual sellers to define, create and deliver value to customers.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Bring Your Own Device eGuide

Enabling Remote Employees with High Quality Video

Business Video Empowers Social Media

A "YouTube-like" Experience For Employees

Generation Gmail: How are you dealing with "work-around email" workers?

The CFO Guide to Budgeting Software

Better Cash Flow Management: Recession-Proof Your Business

Centage/IOMA Budgeting Survey: Benchmarks and Issues

Case Study: Audi-Volkswagen Improves Procurement Control

AIIM Market Intelligence: The paper-free office, dream or reality?

Discover Options for Improving Supplier and Customer Integration

How much security do you really need?

How to Justify the Cost of a TMS by Automating Freight Audit & Payment

Message Maps: Blueprints for Pandemic Preparedness

Broker-Dealer Case Study: Reduced Compliance Burden with Perimeter's Message Archive

Comparing Free Trial and Freemium Models

CSO Insights: Improving Sales Effectiveness In a Buyer's Market

Creating New Business Models Where Digital Meets Physical

Business Execution Buyer's Guide

"IPv6 for Dummies" - A Basic Guide to the Inevitable!
Sponsored Links

High performance. Delivered. Click to see Accenture's client successes

Complimentary Gartner Report on BYOD: Media Tablets & Beyond. View Now

Elevate storage agility and efficiency with HP 3PAR storage.

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Connect with global CIOs now at Enterprise CIO Forum

Click to see how Accenture has delivered high performance to clients

Connect with IT leaders redefining mobility at the Enterprise Mobile Hub

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Resource Center
buy a link »
Ads by TechWords