• United States




Protecting intellectual property against cyberattack

Jan 02, 20185 mins
CyberattacksData and Information SecurityIntellectual Property

The news is full of data breaches that hold hostage or expose customer information. But attacks targeting intellectual property (IP) can do great damage as well. What do we know about the characteristics of IP attacks, and how can IP theft be mitigated?

software intellectual property.jpg
Credit: Thinkstock

Intellectual property (IP) covers a wide variety of corporate capital, including customer information, business plans, trade secrets, creative work products such as scripts, and proprietary software or hardware. Hackers, corporate competitors and nation states are all potential IP thieves. Scripts and video from the hugely popular Game of Thrones television show were recently leaked online. Earlier this year, Forrester Research admitted that it was the victim of a cyberattack. While no confidential client data was stolen, hackers gained access to content intended for exclusive use by clients. “We recognize that hackers will attack attractive targets—in this case, our research IP,” said George F. Colony, CEO of Forrester.

Corporate insiders can negligently open the door to IP theft – or intentionally steal the data:

  • Accenture data regarding its enterprise cloud offering was exposed recently on an unsecured cloud server.
  • Jawbone is suing Fitbit and five former employees in California state court over the alleged theft of trade secrets.

Insights into IP theft

To get a good picture of the threat actors and targets around IP theft, let’s look at some recent findings:

The insider and IP theft

When investigating theft of IP cases in their database, CERT found that very few insiders steal intellectual property in order to sell it. Rather, they steal it to take with them to a new job, to start a competing business, or to take to a foreign government or organization. It’s relatively easy for insiders to steal IP during normal working hours because, in many cases, these insiders already have authorized access. This can make it challenging to distinguish between access for legitimate purposes and access with intent to steal.

Symantec conducted a review of literature on insider theft of IP and found:

  • Insider IP thieves are more often in technical positions, such as engineers or scientists, managers, salespersons, and programmers.
  • Typically, insider IP thieves already have a new job: about 65% of employees that commit insider IP theft had already accepted positions with a competing company or started their own company at the time of the theft.
  • Fifty-six percent of insiders studied stole data within a month of their departure.
  • Over two-thirds of the attacks lasted less than a month, consistent with their need to take the information on their way out and use it at a new job or business.
  • There were six channels through which insiders stole this information — email, removable media, printed materials, remote network access, file transfer, or downloads to laptops.

I’ve written before about the observable behaviors of malicious insiders; these behaviors may be noticeable in cases of IP theft.

Protecting IP against insider attacks

When it comes to insiders and the corporate crown jewels, organizations can take several steps to help protect their IP:

  • Identify your IP, confirm the right people have access to your IP, and take steps to compartmentalize your IP.
  • Ensure that information security plans include procedures and policies on the proper protection of IP.
  • Establish procedures to ensure cloud storage security, train anyone setting up storage in the cloud on these procedures, and monitor adherence.
  • Extend security measures to plug any holes that could result if employees have remote access to your IP. The use of encryption and requiring additional authentication can help to ensure hackers don’t exploit employees working remotely.
  • If partners or suppliers contribute to your IP – or have access to IP – vet the security practices of these organizations.
  • Have employees acknowledge IP agreements by regularly re-signing, especially when leaving the organization. Periodic reminders and training can also help employees identify signs of IP theft risk in coworkers. Failure to show effective employee indoctrination and training on IP theft policies and practices can weaken any legal remedy to address violations.
  • Use monitoring software to watch actions taken on IP data, including file transfer tracking and email transfers.
  • Partner with HR to ensure proper offboarding of employees. As mentioned earlier, most insiders steal data within a month of departure. Chemours was able to determine theft of IP by an insider due to offboarding and forensic efforts put in place after giving the employee a termination notice. They monitored the insider’s activity on the network, and detected confidential documents sent to the individual’s personal email account.

Isaac Kohen started his career in quantitative finance developing complex trading algorithms for a major Wall Street hedge fund. During his tenure at Wall Street and his subsequent experience securing highly sensitive data for large multi-national conglomerates, he identified the market need for a comprehensive insider threat and data loss prevention solution. And so, Teramind was born.

The opinions expressed in this blog are those of Isaac Kohen and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.