Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/21/2016
11:30 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Majority Of Companies Say Trade Secrets Likely Compromised

About 60 percent of companies in a survey by Ponemon and Kilpatrick Townsend say at least some of their trade secrets are likely in the hands of rivals

A surprisingly large proportion of security executives appear to believe that at least some of their company’s trade secrets and intellectual property have already been compromised and are in the hands of a rival.

The Ponemon Institute and Atlanta law firm Kilpatrick Townsend’s cybersecurity, privacy and data governance practice recently conducted a survey of 600 executives familiar with their organization’s approach to protecting and managing intellectual property and knowledge assets.

A startling 60 percent of those who responded said they believed that at least one or more pieces of their knowledge assets was in the hands of a competitor. Some 74 percent said it was likely their organization had failed to detect a data breach involving a loss or compromise of a key knowledge asset.

Barely three in 10 of the survey respondents said their company had a way to classify data based on value of the data to the organization, while just 28 percent expressed confidence in their ability to detect and block theft of their organization’s knowledge assets by a malicious insider or external attacker.

For the purposes of the survey, the researchers described knowledge assets as information such as trade secrets, customer data, and confidential corporate information -- including product design documents, pricing plans, and other non-public information like partnership or merger plans. Typically, the loss or compromise of such data do not trigger state breach disclosure laws, which usually pertain only to loss of personally identifiable data and financial information.

“The big takeaway for enterprises is that the data that has been the focus of protection has been chosen based on compliance requirements rather than on strategic risk assessments,” says Jon Neiditz, a partner at Kilpatrick Townsend and co-leader of the firm’s cybersecurity and privacy practice. “The most critical data is in dire need of better protection.”

For instance, more than half of those who participated in the Ponemon and Kilpatrick Townsend survey admitted that a loss of knowledge assets would impact their ability to continue as a business. Even so, senior management appeared far more concerned about protecting data covered by breach regulations such as credit card information, Social Security Numbers and other personally identifiable information. Less than one-third said management appreciated the security risks facing their knowledge assets.

Cyberespionage and hacktivism were cited as the two biggest threats to knowledge assets, by the survey respondents, says Neiditz. About 50 percent believed they are being targeted by nation states while many others believed cyberespionage was being carried out against them by rivals as well.

The survey showed that the cost to remediate an attack involving knowledge assets in the past 12 months was around $5.4 million. The overall costs to organizations from theft or loss of intellectual property and other knowledge assets ranged from $100 million to $150 million.

Generally, the costs associated with the theft or compromise of knowledge assets tend to be highly variable based on industry and the type of data that is involved, Neiditz says.

For example, the cost associated with the theft of secrets pertaining to a major weapons system would be significantly different from the theft of retail or financial data. “The key point is that in the survey the respondents were asked to estimate the costs to their organizations, in their industries,” Neiditz said. “Even though we’re just diving into this huge new area of need, I doubt we’ll ever have universal components of costs across industries.”

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15570
PUBLISHED: 2020-07-06
The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file.
CVE-2020-15569
PUBLISHED: 2020-07-06
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.
CVE-2020-7690
PUBLISHED: 2020-07-06
It's possible to inject JavaScript code via the html method.
CVE-2020-7691
PUBLISHED: 2020-07-06
It's possible to use <<script>script> in order to go over the filtering regex.
CVE-2020-15562
PUBLISHED: 2020-07-06
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.