March 12, 2015

Challenges to Securing Intellectual Property

IP Protection

Cyber attacks and data breaches of large corporations have increasingly become more common and more frequent. No longer confined to the retail segment, the world’s biggest data breaches (>30,000 records) now touch almost all major industries, including financial services, tech, gaming, government, healthcare, telecoms, military, and media. It’s not uncommon for cyber attacks that access sensitive IP to be related to blackmail and extortion threats. Data breaches can damage a company’s brand reputation and greatly reduce customer trust. It can also result in hundreds of millions of dollars of damages related to reduced sales, consumer credit monitoring services and legal fees.

Hindrances to Unified Security

Today’s product teams share and collaborate on a variety of assets and intellectual property. Their contributions might include source code, media (graphics, music and images), business docs (presentations, business plans and contracts), hardware design specs, environment artifacts and more.   

Software developers commonly use repositories for source code collaboration, where as marketers may use shared web portals for business docs and designers prefer less-complex cloud services to share media assets. Unfortunately, each system has its own authentication method for log-in and access control. This makes it difficult for security teams to centrally determine and track who has access to specific files and content, and detect unusual activity (e.g., sudden and large downloads from inactive projects) that may lead to potential data theft.

Corporate IP is often spread across many different systems, presenting multiple targets for cyber attackers to use phishing or other social engineering methods that obtain employee credentials. Many of these collaboration systems don’t provide detailed audit logs, making it difficult if not impossible for security teams to monitor access and protect mission-critical IP.    

To successfully protect critical IP, organizations must have a deeper understanding of what’s happening with their important data, so that they can see and understand what’s truly at risk. The key to detecting risk is to quickly identify the users, machines and projects associated with in anomalous behavior and then proactively address theft very early in the process.

In the next post of this series, I’ll cover the most common threats to intellectual property and the types of perpetrators.