I'm an IT security pro for a business that brings in most of its revenue based on formulas and other unique corporate intellectual property (IP). A recent survey showed cybercriminals are increasingly targeting corporate IP. We have most of the major threat mitigation technologies in place -- encryption, two-factor authentication, IDS/IPS -- but I was wondering if you thought there were any important emerging technologies/strategies that could be particularly useful for combating IP theft?
Criminals will go where they can find easy money. The value of credit card data and Social Security numbers (SSNs) has been decreasing as the supply of the compromised data increases, so criminals are targeting higher-value data, like the unique intellectual property at companies like yours. Unfortunately, many are finding IP may not be as protected against hacker theft as credit card or SSNs.
This asymmetry of protection is likely the result of a focus on compliance over information security protections. Attackers will target the low-hanging fruit first, and the recent laws and requirements regarding credit card and Social Security numbers may mean such information is no longer the easiest to get. This increase in IP theft could also be the result of cybercrime maturing and becoming more organized to target crimes with a higher payout.
The major threat-mitigation technologies you mention are valuable, and it's important that they are implemented and operated securely in your environment. You didn’t mention firewalls, SEIM/logging, or some form of network access control (NAC), which could be extended to provide more in-depth analysis of the activities on your network. None of these are new or emerging though.
Figuring out how to protect intellectual property involves enforcing strong access controls -- including the concept of least privilege -- so access is limited to only the minimum data necessary for the minimum time necessary. You should also understand where the unique corporate intellectual property is located on your network, so you can apply the most protections to data rather than trying to lock down the complete network. These protections could include digital rights management (DRM) or limiting access to the data to only approved and secured devices. While all of these technologies can limit the risk and seriousness of an incident, keep in mind that a rogue employee with legitimate access to data could bypass all of your controls by using a digital camera to take pictures of documents, for instance, to copy the data off your network, so you may need to also re-evaluate your physical security controls.
In sum, protecting unique intellectual property is much like protecting any other sort of data, and the process utilizes many of the same technologies. Thus, assuming you have an information security program in place, it will be a matter mostly of making sure the program is fully extended to your IP, something too many companies fail to do.
This was first published in August 2011