Large-scale data breaches that expose consumers to identity theft and end up in the headlines regularly capture the public’s attention. Yet, for businesses, a potentially bigger threat is from cyber espionage instigated by underworld players who steal trade secrets, industrial information and other intellectual property (IP).
The U.S. economy thrives on innovation and advances in product development, manufacturing and production protected by patents, trademarks and copyrights. The U.S. Patent and Trademark Office found 81 industries to be IP-intensive, and these industries directly and indirectly account for 30% of all U.S. employment.
IP theft, also known as economic or cyber espionage, can be a quicker and cheaper way for unethical companies to bring new products to market. This short cutting of the traditional research and development process gives shady players an unfair competitive advantage. Trade secrets, copyrighted information and proprietary business data are the IP assets most at risk.
Business sectors at greatest risk
The stakes are high: IP can account for more than 80% of a company’s value. For this reason, many security experts, consultants and corporate leaders believe cyber espionage is increasing. The business sectors at greatest risk include telecommunications, industrial products and services, utilities and power, and automotive.
Today’s connected digital world enables IP theft to originate anonymously from anywhere. Perpetrators include crime syndicates, nation states, competitors, suppliers, counterfeiters and recreational hackers. IP is most often stolen for profit, either for use by a competitor, a manufacturer of counterfeit merchandise, or for sale to the highest bidder.
Steps to reduce the threat
In the past, IP theft was usually perpetrated by a disgruntled current or former employee, a trusted consultant or supplier, or other insiders. The interconnectedness of the internet, rapid globalization, advances in technology and increased mobility have made companies vulnerable to external threats, which increases the complexity of protecting trade secrets.
Outside threats often enter through a social media attack such as spear phishing or by circumventing weak data protection protocols. Once cyber thieves gain entry into a company’s network, they can take advantage of system vulnerabilities to access IP and other proprietary company data.
- Keep a central list of IP assets throughout the company and update it regularly, especially after acquisitions, mergers, net patent filings or other major company events.
- Conduct a data classification review to assess the sensitivity of IP data the company holds, and identify which data assets would be most valuable to competitors or cyber thieves.
- Review data protection protocols and establish higher levels of security controls for the most sensitive IP data.
- Ensure all network system and application software patches are current. Keep anti-virus software updated on all systems used by employees, and check systems and devices monthly to ensure compliance.
- Identify potential insider threats and establish a threat mitigation program, including access controls, as part of the company’s overall network and data security program and protocols.
- Continually educate employees on cybersecurity practices and protocols, with special emphasis on email and social media threats. Stress the risks that lax security practices can pose to the company’s overall well-being.
- Use a security information and event management (SIEM) system or other similar system to monitor continuously for unusual cyber activity or events. Maintain logs, review them regularly to spot unusual patterns and alarms, and conduct security investigations promptly.
We provide links to external web sites for convenience. Hancock Whitney Bank do not endorse and are not responsible for their content, links, privacy or security policies.