Hacked: The Rising Threat of Intellectual Property Theft and What You Can Do About It

The same information systems that allow for information-sharing by distributed business teams also leave organizations open to the threat of intellectual property theft. Here's an explanation of the threat and how you can combat it.

1 2 3 4 5 6 7 8 Page 7
Page 7 of 8

“The thought process is no longer making sure nothing bad ever happens,” says DuBois. “There may be a bug in the Cisco code or someone might misconfigure a device. If [attackers] get at that chess piece we left unprotected, what will we do?” Microsoft has moved toward host-based controls, meaning they protect the data on a device or a network. “You have to protect everything, not just important data. Controls are more onerous than they need to be,” says DuBois. He wants to get more granular. His goal is to secure the data itself, not the hardware or applications in which it resides, with next-generation digital rights management tools.

Classifying Information

Over the years, Microsoft has sought to increase protection of its source code. But sometimes it has done too much. “We found a lot of places where we had too many controls around code we’ll actually give away for free on TechNet,” says DuBois.

The right level of protection can be difficult to pinpoint, however. Too often organizations apply the same standards of security for everything. That leaves some less valuable data overprotected and some more critical IP relatively exposed. Not only that, says Borg, but when CIOs think about what to defend first, they’ll often think of the company’s most-critical systems, like ERP or customer databases. However, he adds, “that’s usually not where the liabilities are created, because that’s not where the company creates the most value.”

Motorola has developed what it calls an enablement zone environment, which segments the network, allowing groups of systems and applications to share a set of targeted security controls. In this way, security controls are aligned with the risk to the information the systems contain, as well as with relevant regulations or contractual terms. The most intrusive security solutions—including digital rights management, virtualization of content (to prevent its propagation outside the controlled environment) and role-based identity management—“are only warranted on breakthroughs,” Boni says. He advocates revisiting the classifications often. “If eternal vigilance is the price of freedom,” says Boni, paraphrasing Thomas Jefferson, “continuous monitoring and preparation to respond quickly is the cost associated with global digital commerce.”

Your Incident Response Plan

Another layer of defense in depth is being prepared when intruders strike. “The IT model for dealing with a disruption is to get that server back online as fast as possible,” says Boni. But before that happens, he adds, ask yourself how important the contents of the system are, whether intruders saw any critical data and whether the attack might be meant to distract you from the real target.

1 2 3 4 5 6 7 8 Page 7
Page 7 of 8
NEW! Download the Spring 2018 digital edition of CIO magazine