Saryu Nayyar | Forbes.com »
Intellectual property (IP) theft is a hot topic and ongoing concern. You may have heard about the 2018 case of Hongjin Tan, a scientist who worked in R&D for Phillips 66 on new battery technology. Using a simple flash drive, Tan stole IP worth $1 billion from the petroleum company. Fortunately, in this case, the FBI was able to discover the theft and bring Tan to justice.
One In Five Companies Admits To Suffering IP Theft
Unfortunately, many, perhaps most, IP thefts never get reported or discovered until it’s too late, and the problem is more prevalent than one might think. In 2019, 20% of the companies on the CNBC Global CFO Council said China had stolen their IP within the past year. According to the United States Trade Representative, Chinese theft of American IP currently costs between $225 billion and $600 billion annually. Although China is a leader in state-sponsored theft of IP, it’s not the only one. Russia, Iran and North Korea also are known for theft in this area. There’s domestic IP theft as well, as companies seek any advantage in competitive markets.
What are they after? Covid-19 vaccine secrets, software/source code, military and weaponry plans, engineering plans, manufacturing methods, know-how and business ideas from nearly every industry are just some of the targets. Once this IP is obtained, it can be sold for profit or used in-house as a competitive advantage.
Whether it’s product designs, inventions or trade secrets, the loss of a company’s intangible assets can be devastating. A competitor can bring a similar product to market first. The victim company can suffer the loss of customers and market share as well as decreased business growth. It can result in serious financial damage to a company that’s made large investments in its IP.
The theft of intellectual assets has been going on for decades, but today’s digitalization of everything makes the problem worse. It’s easy for a malicious insider to copy, download, transfer or email assets in the blink of an eye. Theft can occur from the other side of the world with little effort. For example, a cyberattack involving ransomware may not only encrypt a company’s files but also steal them for competitive interests.
IP can easily go out the door (or off the network) without a company even knowing the theft has occurred—that is, until the receiving organization starts using the information in some way. By then, it’s too late, especially if the attack is sponsored by a nation-state that doesn’t observe U.S. protections for IP. This was a key sticking point in the Trump administration’s trade war with China.
Basic Steps To Create Safeguards
It’s important for companies with business or industrial trade secrets to anticipate that they may be a target and implement risk mitigation tactics. Here are some basic steps every company should take.
- Catalog all critical data assets, including IP. For manufacturers, this includes data on the operational side as well as the business side. (This is a compliance requirement for NERC CIP for critical infrastructure businesses.)
- Know who’s authorized to access that data/information. Eliminate excessive or unnecessary access.
- Consider putting sensitive information in a zero-trust environment where it’s hidden from all unauthorized users. Even authorized users must be continuously authenticated for access.
- Have a robust data security policy and make sure every worker knows the policy. It helps to require an official signature from every employee annually to remind them of the policy.
- Educate/train employees on social engineering tactics and other means for them to become unwitting vectors for data theft.
- Implement comprehensive data security solutions that can prevent or at least detect intrusions that can lead to data theft. It’s especially important to consider insider attacks. Typical tools include data loss prevention (DLP), analytics-driven security information and event management (SIEM), endpoint protection and user and entity behavior analytics (UEBA).
Monitoring User Behavior Can Prevent Losses
UEBA is especially well suited to prevent IP theft because it watches what people are doing rather than wrapping protection around data. This type of solution creates a baseline of typical behavior for every person and entity (such as an IoT device) on the network. In addition, the behavior of each person or entity is compared to the behavior of others in a peer group. Anomalous behavior is then risk-ranked, and if it appears suspect, it can trigger an alert or an automated response, such as disconnecting the person/entity from the network until further investigation can be done.
IP theft costs North American industries hundreds of billions of dollars each year. It can mean multimillion-dollar losses for individual companies. Make sure your company deploys the strategies and tactics that will protect its intellectual assets and preserve the business’ well-being.
Protect Your Intellectual Property
Protect Your Intellectual Property