Protecting Intellectual Property (IP) – The Inside Track

In the wake of increasing privacy concerns and the arrival of new regulations and attack vectors, protecting intellectual property (IP) has never been more critical to ensuring business survival. It’s what sets companies apart from their competition, framing the business, its purpose and growth potential. While losing customer data can damage a brand’s reputation, trust, and even bottom line, losing intellectual property or IP can threaten a company’s very existence. Therefore, preventing valuable corporate information from leaving the confines of the business and falling into the wrong hands is fundamental.

Just as identity theft represents a huge risk for individuals, organised groups of fraudsters are looking for new ways to exploit both public and private sector organisations. Business identity theft was up 46% year on year in 2017, according to the latest figures from Dun and Bradstreet, and research from KPMG Forensic reveals that business fraud rose by 78% in 2018, with most crimes perpetrated by employees and managers already inside the company.  A prime example here is the Chinese-American engineer charged with stealing General Electric trade secrets to take to China – smuggling the data out via code hidden in a digital photo of a sunset.

Most cyber security firms can tell you when a breach or attack has taken place and data has been lost. But, its critical to be able to stop confidential data leaving company devices once the attack has taken place – especially when insiders are the perpetrators.

The inherent mobility of today’s workforce makes it increasingly difficult for companies to keep track of what’s happening on every device.  Also, a high proportion of device transactions take place in the background, without the user’s knowledge – often resulting in sensitive company data unknowingly being sent to unidentified servers in regions where high levels of cyber-attacks originate.

Hackers have become increasingly sophisticated and are attacking organisations from all directions. In fact, Avast research reported that mobile cyber-attacks grew by 40% in 2017 alone. Malicious actors profile employee behaviour as they browse the Web and use applications – collecting valuable data right across company networks, using spyware, phishing, ransomware, and malvertising to bait unsuspecting targets and then extract intellectual property or IP.  And the Dark Web, used by over 80% of all ransomware, provides the perfect haven for illegal activity – facilitating anonymous access to content whilst preventing the identification of both the request and destination.

Despite the prevalence of security solutions that focus on intrusion detection systems such as Firewalls and Anti-Virus, together with Malware solutions that remove known infections, it seems inevitable that attackers will infiltrate the company network at some point. So, when hackers break into company networks, it’s critical that they are met with the next line of defense – preventing the transmission of data from one device or network to another and essentially blocking all outbound traffic.

Preventing data loss is only part of the security equation with organisations left vulnerable by what they can’t see.  Companies need intruder intelligence across all devices and endpoints – being able to track attackers’ movements, in real-time, to see where they go and what confidential company data they’re attempting to take. And, with 77% of successful attacks now using fileless exploits, defense tools have their work cut out – continuously monitoring unusual behaviour before shutting it down. It’s rather like taking preventative medicine; simply installing the defense tool on every device prevents infection through immunisation.

To ensure maximum protection of company intellectual property or IP, organizations need a multi-layer defense system that prevents data loss, as well as unauthorised data profiling and data collection.  History tells us that cyber criminals will always find a way of getting into organisations to steal company credentials or that special formula that makes the company tick. Attackers must be stopped from removing or leaking confidential data, before it causes untold damage and potentially brings the company down.