The Hidden Costs of an IP Breach: How to Analyze, Plan and Protect Priceless Digital Assets & Secrets
By: Orhan Yildirim
Corporate networks are breached for many reasons, but among the most frightening to the C-Suite and Board of Directors are attacks that target the theft of intellectual assets.
For a government lab, it could be foreign agents stealing blueprints for a new weapon system; at a biopharmaceutical firm, adversaries may take confidential data on the latest COVID-19 vaccination, which can be worth billions of dollars. Film studios have had their upcoming movie trailers stolen, gaming companies have had their code taken, and often due to the nature of these “quiet attacks,” companies may not be aware of the breach for months or even years.
In our increasingly digital world, Intellectual property (IP) is the heart of the 21st-century company, driving innovation, competitiveness, and growth. Depending on the business, IP can form the majority of a company’s valuation.
According to US Intellectual Property Enforcement Coordinator Danny Marti, “Advancements in technology, increased mobility, rapid globalization, and the anonymous nature of the Internet create growing challenges in protecting trade secrets.”
Advancements in technology, the use of mobile devices, the tectonic shift to “work from home” spurred by the pandemic in 2020, and overall rapid globalization create growing challenges in protecting trade secrets.
While government agencies in the US and globally are working every day to recommend and mandate protections, businesses play the most significant role in addressing the growing challenges of protecting trade secrets. The first line of defense against trade secret theft is often the existence of robust and well-implemented cybersecurity and data management/protection strategy, along with contingency planning in the event of a material event.
With better information about the risks surrounding IP, its potential loss, and the impact this loss could have on the company, executives and their board members, who are responsible for protecting business assets, can understand the full ramifications of IP theft, enabling better alignment of their cyber risk program with the company’s IP management and strategic priorities.
IP theft has a history of disgruntled or opportunistic employees stealing and sharing documents – in the early days, using thumb drives, computer disks, or physical (paper) copies. Inside, bad actors with direct physical access to perpetrate the crime and extract the trade secrets are sometimes shown in films as the individual with the briefcase. The small number of people with physical access limited the pool of suspects, increasing the risk and, therefore, the deterrent.
In an increasingly digital world, IP thieves can operate from anywhere and often anonymously, making the pool of suspects massive. Bad actors can include current and former employees, competitors, criminals, and foreign-nation state players.
When being first to market can decide market winners in our digital world, stealing or buying IP on the black market can be much faster and cheaper than investing to innovate from scratch. With research and development costs escalating, high barriers to creating a new virus might provide a quicker path to a quick profit.
What assets are at risk?
- Trade secrets
- Proprietary business information
- Copyrighted data
- Software code for data analytics
- Software-based products and services
While the financial impact of breaches of personal, customer information is well documented because so many incidents of stealing secrets have gone unreported, many of those costs are hidden and therefore difficult to identify and quantify.
They include not only expenses associated with regulatory compliance but public relations services also to fix reputational damage, attorneys’ fees, and intangible costs that stretch out over months or even years, including revoked contracts and lost future opportunities.
Given their importance to growth, market share, and innovation, IP and cyber risk fit hand-in-glove and should be perceived and acted upon by leaders who should invest in the right cybersecurity solutions to curtail risk, including a “zero trust” posture and adoption of Privileged Access Management software.
Basics of a strong program include:
- Reducing the number of people with access to IP
- Identifying the “data supply chain” in handling and protecting IP
- Integrating PAM into the overall data management/protection platform
- Monitoring to detect threats, especially against the company’s most strategic and valuable IP
- Ensuring third-party ecosystems are also protected with policies and access solutions that extend beyond traditional corporate borders
- Training researchers and developers in the proper sharing, storage, data management, and retention policies, combining a technical solution with HR and employee and partner awareness
While improved security can improve the odds of preventing theft, a zero-trust, and zero-touch prevention approach is now possible. How well an organization responds to a breach can mitigate a multi-billion-dollar risk.
When IP is a driver of growth and competitiveness, as more companies have their digital transformations well underway, understanding the full impact of a potential loss helps guide the analysis for the ROI on investing in automated and advanced systems.
The benefits of using Linux Servers are well known, and the advantages of leveraging a more open operating system and software that can be loaded onto any “bare metal” server have driven adoption of Linux-based solutions across large enterprises and organizations in every industry.
Server operating system, also called Server OS, is a software layer on top of which other software programs, or applications, can run on the server hardware. The Server OS traditionally facilitates Web server, mail server, file server, database server, application server, and print server.
Keeping Microsoft Servers Protected and Accessible Only to Privileged Users: A New Ironsphere Solution Brief
Today we introduced our latest solution brief, illustrating how Ironsphere ensures control and protection of Microsoft servers, with privileged access security capabilities based on a man-in-the-middle architecture to prevent credential theft of super-user accounts.