Hacked: The Rising Threat of Intellectual Property Theft and What You Can Do About It

The same information systems that allow for information-sharing by distributed business teams also leave organizations open to the threat of intellectual property theft. Here's an explanation of the threat and how you can combat it.

1 2 3 4 5 6 7 8 Page 4
Page 4 of 8

Identify Your Critical Intellectual Property. Now.

You may think you know which pieces of your company’s intellectual property are most valuable—and therefore most vulnerable to intellectual property theft. But you’re probably wrong.

Even at Microsoft, which is known for zealously guarding its IP, “one of the hard things to do is to get business leaders to articulate what pieces of information are most valuable in running their businesses,” says Jim DuBois, general manager of information security and infrastructure services for Microsoft IT.

To capture the information you need to plan IP protection, ask questions, says Bill Boni, Motorola’s CISO. You might start by inquiring what information might let a competitor move ahead in the market or help a counterpart in a foreign company achieve personal gain. A good business intelligence department can use its data to help.

Once you’ve identified your company’s critical IP, which controls and counter­measures you put in place may come down to how much you want to spend defending certain know-how. Because there’s little accurate data available on the costs of IP theft, there aren’t any concrete cost-benefit models to work with. Boni uses Motorola’s own financial predictions. “You’ve already done a lot of financial analysis about the benefits of a product or service,” he says. “You can use those to estimate the damage if that IP is lost or stolen.”

The cost-benefit calculation comes down to the probability of IP theft times its consequences, says O. Sami Saydjari, president of Cyber Defense Agency, a security consultancy. “If there’s a decent probability that attacks could cost you $500 million, it might make sense to invest $5 million,” Saydjari says. “Without that expected loss, you can’t make the business case.”

Nevertheless, some companies are more exposed than others. Large, distributed organizations provide more opportunities for attackers to gain access to corporate networks, says Alfred Huger, vice president of engineering for Symantec Security Response. Historically, the biggest risk to IP has been from insiders. A few years ago, Motorola detected suspicious unauthorized activity on its network. Boni’s security team traced the activity to an employee workstation, which contained a directory populated with a complete hacker toolkit. Under questioning by investigators, the employee admitted that he’d been asked by a competitor to hack into Motorola’s systems to access sensitive IP; he was terminated.

In today’s global economy, the number of insiders within any organization has increased dramatically if you count external partners among them. “Organizations now have to deal with employees connecting from home offices, the local Starbucks and shady hotels,” says John Bumgarner, research director for security technology at the U.S. Cyber Consequences Unit. “They also have to deal with business partners and customers having access to their networks via VPNs, dial-up connections and Web portals, any of which can be used to compromise the organization’s resources.”

1 2 3 4 5 6 7 8 Page 4
Page 4 of 8
NEW! Download the Winter 2018 digital edition of CIO magazine