Cyberespionage: Your intellectual property under threat

Cyberespionage conjures up nightmare scenarios for private and public organizations. For governments, it might involve the prospect of foreign agents filching details on a new missile system. For an auto company, it could be hackers stealing their blueprints for a next-generation auto. 

While the extent of cyberespionage is hard to calculate  intellectual property (IP) cybertheft has largely remained in the shadows with private companies and governments preferring not to publicly report losses  it has a major impact. A former head of the National Security Administration has described cyberespionage as “the greatest transfer of wealth in history. 

Attackers go after targets known to possess confidential data and trade secrets, such as business conglomerates or law firms. In some cases, security experts believe the perpetrators may even be working on behalf of business rivals seeking to gain a competitive edge. 

But it’s not just cybercriminals looking for a quick score. State-affiliated groups are also after trade secrets or other sensitive information for their patrons. 

Protect yourself

By 2020, the volume of data kept online is expected to be 50 times greater than it is today — a significant increase in the potential attack surface. So it’s up to IT to develop policies and procedures that will block or mitigate the inevitable attempts to steal their most closely-guarded data. 

Knowing what attackers are after is the easy part. Figuring out where the threat will come from is a lot harder. Unfortunately,  thieves don’t fit a single mold  the roster of possible perpetrators could include current and former employees, rival firms, cybercriminals as well as state-affiliated groups. But according to researchers at Villanova University, the groups nonetheless share common goals when it comes to the types of information they hope to steal: 

  • Internal data with details about operations, salaries, and research and development (R&D)

  • IP and closely-held information about top-secret projects

  • Customer information

  • Marketing and competitive intelligence 

While it’s true that every organization in the digital era has become a potential target, it doesn’t also mean cyberespionage attacks must necessarily end in tears. Not if organizations take care of the necessary blocking and tacklingWhen building a multilayered cyberdefense program, management should: 

  • Elevate the importance of IP cyberprotection by including it as a component of overall business strategy. 

  • Take inventory of IP to classify the relative importance of valuable assets, such as source code, R&D and customer information. 

  • Make sure monitoring and response systems are in place that can respond to traffic anomalies, particularly with respect to the company’s most important IP assets. 

  • Review possible attack scenarios and conduct regular threat reviews to identify new cyberthreats to IP. 

  • Stay current on patch updates that fix software and hardware vulnerabilities. 

  • Educate employees that they, too, have a role to play guarding valuable corporate secrets. 

  • Limit the number of employees who have access to the company’s IP to reduce the chance of it getting mishandled or used in unauthorized ways.

Success against cyberespionage doesn’t hinge upon discovering silver bullets that don’t exist. But taking proactive measures will help organizations respond rapidly to contain any damage if and when attacks do take place. That by itself can serve as an effective deterrent.

Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.