Intellectual Property In Hackers' Crosshairs

Intellectual Property In Hackers' CrosshairsIntellectual property, often shortened to IP, is often one of a firm's more valuable assets. To an increasing degree it may be a firm's single most valuable asset. And, also to an increasing degree, IP is being targeted by hackers. Such targeting may be in the form of cyber-espionage, organized or at least supported by state intelligence agencies. Or it may be done by freelancing commercial hackers.

Which makes protecting IP a leading data security concern.

According to Gary Loveland of PricewaterhouseCoopers, "targeting of IP is increasing." At one time, notes Loveland, most hackers were motivated primarily by a sort of self-expression. They broke into corporate systems mainly to show that they could.

Then came identity theft, carried out unabashedly for profit. And now, more and more, hackers motivated by gain are stealing intellectual property. Security firm Symantec has detected and reported on some 50 hacking attacks directed at IP. Another security firm, McAfee, reported 72 cyber-attacks targeting IP last summer.

Many of these IP-targeting attacks are launched from countries with emerging economies. China is seen as a leading culprit, due to sheer size, a sophisticated tech community, and an opaque, authoritarian, and mercantilist-minded government. The attacks reported by Symantec were traced to China, as was a major IP attack on the Chamber of Commerce.

To be sure, hacking is not the only source of vulnerability for firms' IP. Employees may reveal valuable IP to friends or outside colleagues, whether maliciously or – as is often the case – unwittingly. Business partners may forget about nondisclosure agreements signed long ago. Social networking technology has vastly increased the scope for such cyber-blunders.

Unlike user accounts and similar identity-theft targets, IP data often tends to be unstructured, taking such forms as memoranda, studies, and other documents. This, along with the regular need for employees to consult these documents, makes protecting them a trickier business.

Don't let your company's valued IP slip out the door while you aren't looking.

The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: "Security is not a product, but a process."