Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/21/2016
11:30 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Majority Of Companies Say Trade Secrets Likely Compromised

About 60 percent of companies in a survey by Ponemon and Kilpatrick Townsend say at least some of their trade secrets are likely in the hands of rivals

A surprisingly large proportion of security executives appear to believe that at least some of their company’s trade secrets and intellectual property have already been compromised and are in the hands of a rival.

The Ponemon Institute and Atlanta law firm Kilpatrick Townsend’s cybersecurity, privacy and data governance practice recently conducted a survey of 600 executives familiar with their organization’s approach to protecting and managing intellectual property and knowledge assets.

A startling 60 percent of those who responded said they believed that at least one or more pieces of their knowledge assets was in the hands of a competitor. Some 74 percent said it was likely their organization had failed to detect a data breach involving a loss or compromise of a key knowledge asset.

Barely three in 10 of the survey respondents said their company had a way to classify data based on value of the data to the organization, while just 28 percent expressed confidence in their ability to detect and block theft of their organization’s knowledge assets by a malicious insider or external attacker.

For the purposes of the survey, the researchers described knowledge assets as information such as trade secrets, customer data, and confidential corporate information -- including product design documents, pricing plans, and other non-public information like partnership or merger plans. Typically, the loss or compromise of such data do not trigger state breach disclosure laws, which usually pertain only to loss of personally identifiable data and financial information.

“The big takeaway for enterprises is that the data that has been the focus of protection has been chosen based on compliance requirements rather than on strategic risk assessments,” says Jon Neiditz, a partner at Kilpatrick Townsend and co-leader of the firm’s cybersecurity and privacy practice. “The most critical data is in dire need of better protection.”

For instance, more than half of those who participated in the Ponemon and Kilpatrick Townsend survey admitted that a loss of knowledge assets would impact their ability to continue as a business. Even so, senior management appeared far more concerned about protecting data covered by breach regulations such as credit card information, Social Security Numbers and other personally identifiable information. Less than one-third said management appreciated the security risks facing their knowledge assets.

Cyberespionage and hacktivism were cited as the two biggest threats to knowledge assets, by the survey respondents, says Neiditz. About 50 percent believed they are being targeted by nation states while many others believed cyberespionage was being carried out against them by rivals as well.

The survey showed that the cost to remediate an attack involving knowledge assets in the past 12 months was around $5.4 million. The overall costs to organizations from theft or loss of intellectual property and other knowledge assets ranged from $100 million to $150 million.

Generally, the costs associated with the theft or compromise of knowledge assets tend to be highly variable based on industry and the type of data that is involved, Neiditz says.

For example, the cost associated with the theft of secrets pertaining to a major weapons system would be significantly different from the theft of retail or financial data. “The key point is that in the survey the respondents were asked to estimate the costs to their organizations, in their industries,” Neiditz said. “Even though we’re just diving into this huge new area of need, I doubt we’ll ever have universal components of costs across industries.”

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-2319
PUBLISHED: 2019-12-12
HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM84...
CVE-2019-2320
PUBLISHED: 2019-12-12
Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ805...
CVE-2019-2321
PUBLISHED: 2019-12-12
Incorrect length used while validating the qsee log buffer sent from HLOS which could then lead to remap conflict in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdra...
CVE-2019-2337
PUBLISHED: 2019-12-12
While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device to shutdown in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ809...
CVE-2019-2338
PUBLISHED: 2019-12-12
Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastruc...