In the wake of increasing privacy concerns and the arrival of new regulations, protecting intellectual property (IP) has never been more critical to ensuring business survival. It’s what sets companies apart from their competition, framing the business, its purpose and growth potential. While losing customer data can damage a brand’s reputation, trust, and even bottom line, losing IP can threaten a company’s very existence. Therefore, preventing valuable corporate information from leaving the confines of the business and falling into the wrong hands is fundamental.
Just as identity theft represents a huge risk for individuals, organised groups of fraudsters are looking for new ways to exploit both public and private sector organisations. Business identity theft was up 46% year on year in 2017, according to the latest figures from Dun and Bradstreet, and research from KPMG Forensic reveals that business fraud rose by 78% in 2018, with most crimes perpetrated by employees and managers already inside the company. A prime example here is the Chinese-American engineer charged with stealing General Electric trade secrets to take to China – smuggling the data out via code hidden in a digital photo of a sunset.
Most cyber security firms can tell you when a breach or attack has taken place and data has been lost. But, its critical to be able to stop confidential data leaving company devices once the attack has taken place – especially when insiders are the perpetrators.
Company data being stolen – often unknowingly
The inherent mobility of today’s workforce makes it increasingly difficult for companies to keep track of what’s happening on every device. Also, a high proportion of device transactions take place in the background, without the user’s knowledge – often resulting in sensitive company data unknowingly being sent to unidentified servers in regions where high levels of cyber-attacks originate.
Hackers have become increasingly sophisticated and are attacking organisations from all directions. In fact, Avast research reported that mobile cyber-attacks grew by 40% in 2017 alone. Malicious actors profile employee behaviour as they browse the Web and use applications – collecting valuable data right across company networks, using spyware, phishing, ransomware, and malvertising to bait unsuspecting targets and then extract IP. And the Dark Web, used by over 80% of all ransomware, provides the perfect haven for illegal activity – facilitating anonymous access to content whilst preventing the identification of both the request and destination.
Detecting unusual behaviour and shutting it down
Despite the prevalence of security solutions that focus on intrusion detection systems such as Firewalls and Anti-Virus, together with Malware solutions that remove known infections, it seems inevitable that attackers will infiltrate the company network at some point. So, when hackers break into company networks, it’s critical that they are met with the next line of defence – preventing the transmission of data from one device or network to another and essentially blocking all outbound traffic.
Preventing data loss is only part of the security equation with organisations left vulnerable by what they can’t see. Companies need intruder intelligence across all devices and endpoints – being able to track attackers’ movements, in real-time, to see where they go and what confidential company data they’re attempting to take. And, with 77% of successful attacks now using fileless exploits, defence tools have their work cut out – continuously monitoring unusual behaviour before shutting it down. It’s rather like taking preventative medicine; simply installing the defence tool on every device prevents infection through immunisation.
One company benefiting from data loss prevention is IT consulting and solutions provider, CYANIT – blocking as many as 3000 threats per month and decreasing suspicious behaviour by 18%.
To ensure maximum protection of company IP, organisations need a multi-layer defence system that prevents data loss, as well as unauthorised data profiling and data collection. History tells us that cyber criminals will always find a way of getting into organisations to steal company credentials or that special formula that makes the company tick. Attackers must be stopped from removing or leaking confidential data, before it causes untold damage and potentially brings the company down.