Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/21/2016
11:30 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Majority Of Companies Say Trade Secrets Likely Compromised

About 60 percent of companies in a survey by Ponemon and Kilpatrick Townsend say at least some of their trade secrets are likely in the hands of rivals

A surprisingly large proportion of security executives appear to believe that at least some of their company’s trade secrets and intellectual property have already been compromised and are in the hands of a rival.

The Ponemon Institute and Atlanta law firm Kilpatrick Townsend’s cybersecurity, privacy and data governance practice recently conducted a survey of 600 executives familiar with their organization’s approach to protecting and managing intellectual property and knowledge assets.

A startling 60 percent of those who responded said they believed that at least one or more pieces of their knowledge assets was in the hands of a competitor. Some 74 percent said it was likely their organization had failed to detect a data breach involving a loss or compromise of a key knowledge asset.

Barely three in 10 of the survey respondents said their company had a way to classify data based on value of the data to the organization, while just 28 percent expressed confidence in their ability to detect and block theft of their organization’s knowledge assets by a malicious insider or external attacker.

For the purposes of the survey, the researchers described knowledge assets as information such as trade secrets, customer data, and confidential corporate information -- including product design documents, pricing plans, and other non-public information like partnership or merger plans. Typically, the loss or compromise of such data do not trigger state breach disclosure laws, which usually pertain only to loss of personally identifiable data and financial information.

“The big takeaway for enterprises is that the data that has been the focus of protection has been chosen based on compliance requirements rather than on strategic risk assessments,” says Jon Neiditz, a partner at Kilpatrick Townsend and co-leader of the firm’s cybersecurity and privacy practice. “The most critical data is in dire need of better protection.”

For instance, more than half of those who participated in the Ponemon and Kilpatrick Townsend survey admitted that a loss of knowledge assets would impact their ability to continue as a business. Even so, senior management appeared far more concerned about protecting data covered by breach regulations such as credit card information, Social Security Numbers and other personally identifiable information. Less than one-third said management appreciated the security risks facing their knowledge assets.

Cyberespionage and hacktivism were cited as the two biggest threats to knowledge assets, by the survey respondents, says Neiditz. About 50 percent believed they are being targeted by nation states while many others believed cyberespionage was being carried out against them by rivals as well.

The survey showed that the cost to remediate an attack involving knowledge assets in the past 12 months was around $5.4 million. The overall costs to organizations from theft or loss of intellectual property and other knowledge assets ranged from $100 million to $150 million.

Generally, the costs associated with the theft or compromise of knowledge assets tend to be highly variable based on industry and the type of data that is involved, Neiditz says.

For example, the cost associated with the theft of secrets pertaining to a major weapons system would be significantly different from the theft of retail or financial data. “The key point is that in the survey the respondents were asked to estimate the costs to their organizations, in their industries,” Neiditz said. “Even though we’re just diving into this huge new area of need, I doubt we’ll ever have universal components of costs across industries.”

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .