Hacked: The Rising Threat of Intellectual Property Theft and What You Can Do About It

The same information systems that allow for information-sharing by distributed business teams also leave organizations open to the threat of intellectual property theft. Here's an explanation of the threat and how you can combat it.

1 2 3 4 5 6 7 8 Page 2
Page 2 of 8

Suspected state-sponsored espionage against the U.S. government has received the most publicity, thanks to the investigation of a series of coordinated attacks on federal computers dubbed “Titan Rain.” The 2003 attacks may have been the work of a China-based cyberespionage ring that was trying to steal government information, according to articles published in The Washington Post and Time magazine in 2005. But companies in any industry may be vulnerable. As businesses increasingly collaborate with external partners and expand globally, they’re also increasing their exposure to criminals—and possibly foreign governments—who may have more on their minds than scoring some Social Security numbers.

“There’s a ceiling on how much money can be made by stealing identities,” says Scott Borg, director and chief economist of the U.S. Cyber Consequences Unit, an independent nonprofit institute set up at the request of the federal government to examine the economic and strategic consequences of cyberattacks. “You can actually steal the business—its processes, its internal negotiating memos, its merchandising plans, all the information it uses to create value. That’s a very large payoff.”

Unfortunately, most IT organizations approach the risk to IP the way they approach all IT security: focusing on the corporate perimeter and developing security tactics and policies from the system level up. Instead, CIOs must take a top-down approach. What’s required today is a counterintelligence mind-set that assumes someone, somewhere, wants your data, along with multiple layers of defense to thwart would-be cyberspies and respond when (not if) they get through your defenses. “There are wide-ranging attacks against commercial organizations,” says Bill Boni, CISO of Motorola. “It’s incumbent on organizations—be they governments or commercial enterprises or academic institutions—to understand what their crown jewels are and make sure they are protected commensurate with their value.”

The Global IP Threat Landscape

The most widely known cybercrimes have to do with the theft of customer information and credit card fraud. (For more about fighting financial fraud, read “How You Can Fight Cybercrime.”) But the cost of lost customer information could pale in comparison to the long-term damage done when a hacker targets a company’s critical IP, says Borg.

According to the 2006 Computer Crime and Security Survey by the FBI and the Computer Security Institute, theft of proprietary data and unauthorized access to information are among the four most common sources of loss due to cybercrime (along with viruses and hardware theft). Although the survey did not report any increase in losses due to IP theft, the authors note such costs are hard to measure accurately. Security experts assume, however, that the losses are significant.

1 2 3 4 5 6 7 8 Page 2
Page 2 of 8
NEW! Download the Spring 2018 digital edition of CIO magazine