With the open borders that the internet presently enjoys, anything a company puts online is almost instantly vulnerable to attack. Any security expert will tell you that no device or network in the world is unhackable, given enough time. If you're the president of the Internet Advisers Security Group, you'll say "getting into 90% of businesses is so easy it's pathetic."
With the new age of connection, the world has enjoyed, most companies have done a surprisingly poor job at securing their private data. Whole companies can be driven into the ground thanks to revealing the wrong kinds of information to bad actors. Or worse still, letting those actors get access to said information knowingly or otherwise. Even with the knowledge of how the information is leaked, containing the fallout can almost literally be impossible.
Protecting intellectual property (IP) can be a daunting task, but the same should be treated like gold or any other physical assets owned by a company.
Industrial espionage is a big problem
An interesting change the modern world has experienced is the fact that spies are more likely to steal a company's data than nick military technology. Domestic thieves especially don't want to have to deal with the repercussions of being caught in what could easily be pegged for treason.
No organization in the world is too big to not suffer losses from substantial IP theft. Air Canada is known to have lost over $400 million after hackers stole undisclosed proprietary flight information in 2004 and even Ford lost about $6 million in 2009 after design specs and other software was leaked online.
Even famous studio houses like HBO suffered IP theft when the second half of its awarding 'Game of Thrones' was leaked online. What's worse, smaller firms tend to have much more woeful security measures in place.
An estimate by MacAfee puts the value of all US IP at $12 trillion, with a yearly loss of up to $12bn for businesses thanks to espionage. According to an FBI report, the number is about $100bn, meaning MacAfee may be generous in their estimation. The number could be higher still since a lot of the IP theft cases never see the light of day.
And yet, IP is often more valuable than its cost in R&D alone. Licensing can rake in millions for a company.
How sensitive data ends up in the wrong hands
The guise of 'competitive intelligence'
When it comes to IP theft, it's not always foreign actors out to steal your research findings as most people imagine. Usually, it's rivals, in your field, big and small, looking to gain market share and a competitive edge. This is usually dubbed 'competitive intelligence.'
About $1 million is spent on competitive intelligence by the average American company every year. This is usually done by former FBI and CIA employees who don't hesitate to resort to illegal means to get the information they need.
Revealing too much information
Most information a competitor needs can be easily found on your website already. Prices, department heads and what kinds of R&D your business is dealing with are often all the competition needs. As such, most businesses reveal too much information as is, without the need for being hacked.
Employees are pegged as the most common cause of IP theft, intentional or otherwise. The classic case of a former Google engineer that downloaded files on autonomous cars, which he later sold to Uber should come to mind.
Employees can also be social engineered into giving up information they don't know is secret, inadvertently helping a competitor. The most common way of intruding a company is through the HR department, for instance.
A spy dressed as an interviewee asks questions regarding company IP, another in the guise of a student doing research for a term paper or an anonymous caller identifying themselves as a reporter or investigator are all good examples. Phishing attacks are another prevalent form of social engineering that aims to infect target computers with malware.
How to minimize IP theft
Most times, preventing IP theft via cyber espionage comes down to preventing insiders from sending off sensitive data and warding off outsiders from accessing your network. There are several ways in which this can be achieved:
Understanding what IP you have
Intellectual Property is any of the creations of an individual's or a business' mind or intellect. A new product, idea or service you offer is considered IP, but there still exists a need for legal registration to ensure formal ownership.
There exists a very real need to carry out a data classification exercise to assess the sensitivity of your data, and what a competitor is likely to value. When the company is just starting off, most companies don't have ways of classifying their data.
As it grows, terabytes of uncategorized data end up accumulating together. Knowing data that's sensitive from that which can be publicized at this point is understandably difficult. Content access and restriction policies are a lot harder to employ in such cases.
To remedy such a situation, various data loss prevention (DLP) programs can be used.
Employ a DLP product
A DLP (Data Loss Protection, Data Loss Prevention, Data Leak Prevention) program is a versatile piece of software that does everything from preventing the sending of unauthorized files to automatically classifying them in terms of sensitivity for you. It does this by leveraging regex matching, cloud-based OCR and proximity analysis.
Regex is used to match text given a set of criteria, but its use cases aren't as wide as OCR (Optical Character Recognition). The latter of these can be used to turn written text into words for further processing and proximity analysis somewhat helps to put words in context so that it can reduce the number of false positives.
Modern DLP is so versatile, in fact, that it's able to handle both the classification, labeling and enforcement of administrator rules meant to control what kind of information who can transfer and how.
An interesting use case that would illustrate the need for DLP is information transferred over channels like email. Granted, the channel within which the information is transferred is encrypted. Thus, there's no means of eavesdropping, it would be impossible for a traditional human actor to possibly intercept such messages. DLPs were designed to take care of exactly that.
Use the newest, most stable technology
Having a DLP in place won't be of much use if the devices used in your workplace are compromised. One of the most common ways for malicious actors to get access to your network is through devices that run old versions of software.
Software that is no longer maintained, eg. Windows Vista or other deprecated software will very likely have some form of vulnerability that attackers can exploit and infect your machine.
It's always advisable to have a central control system that can be monitored by the security team and roll out important updates to all computers in the organization at once.
Use a firewall or antivirus
Individual machines are required to have an antivirus and firewall by default. Aside from which, the organization's network as a whole should also have a firewall set in place.
The system-wide firewall serves to block connections to certain countries or simply monitor them or restrict the use of VPNs.
Restricting the use of VPNs
The most common way for a rogue employee to transfer data to an outside party is to try and hide from the watchful eye of network administrators. The most common way to do this? Using their addresses using a VPN.
Blocking VPNs network-wide is admittedly a task that's easier said than done. It's normally achieved by blocking the most common ports that the VPNs use to connect, but this can be simply gotten around by connecting to a new one.
Most people aren't tech-savvy enough to be able to know how to do that, and most VPNs don't support it, either. This brings us to the alternative - monitoring.
Network monitoring and behavior analysis
If the objective is to find the rogue actor before the data can be transferred, automated behavior analysis is recommended.
Behavior analysis is an ML-backed (machine learning) endeavor that involves finding sudden or gradual changes in user behavior over the network. Something that could be flagged as suspicious is a remote connection via a certain port to an outside country or sending a certain amount of data to a third party unexpectedly.
Preventing information release
The first step to prevent the information from the release is to make sure that there is an organized business intelligence team. The team has to conduct a detailed risk analysis and assessment to ensure that there is an adequate security system.
Always use reliable third-parties for outsourcing the non-core work. For all your project writing, white papers and research reports, hire leading dissertation writing help as reliability plays a big role in where you outsource.
When carrying out the risk assessment, include threats, risks, and vulnerabilities. Train and sensitize the employees on the issues of cybersecurity and include work from home employees, outsource agencies and remote workers as well.
Conduct regular cybersecurity training sessions across the company and cyber audits should be a regular exercise in the company.
Restricting the use of personal devices
The final measure towards preventing infiltration by an outside actor is to prevent the use of personal devices on the network. If, for instance, one person has a virus on their phone or laptop and connects to the network, it's entirely possible for it to find its way to other devices on the network.
Additionally, these are a lot harder to monitor since they often don't support the right kinds of software and may use outdated software themselves. There's no way for a network administrator to force and upgrade such a device, either, leaving them and everyone else vulnerable to attack. It may seem drastic, but it's a measure that's very effective.
Cyber security attacks have become increasingly common in the modern internet, even though more and more security measures have been rolled out to counter them. These attacks are incredibly detrimental to systems, networks and users and the implications they pose are so dire that whole companies can be driven into bankruptcy.
There is a need to be able to predict how and where security loopholes are going to pop up and develop ways of dealing with them within an organization. Only once the most crucial factor - the human factor - is dealt with can a system be said to be secure. And even then, should these security measures be compromised, how will the fallout be handled?