Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

10/25/2016
09:45 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Growing Fear Of IP Theft Hits Power, Auto, Industrial Sectors Hardest

Survey finds 58% of respondents predict a rise in IP cyber theft and most feel inside employees are the greatest risk.

In a recent survey of nearly 3,000 professionals, Deloitte Advisory Cyber Risk Services discovered 58% of respondents believe intellectual property (IP) cyber theft incidents and attempts will increase in the upcoming year, fueling fears of tarnished brand reputations and uncertain business futures. 

The company defines IP theft as the theft of "trade secrets, drawings and plans, or proprietary know-how." IP can make up more than 80% of the value at a single business, Deloitte reports, so the growing concern of cyber theft comes as little surprise.

Fear of IP theft varied across industries. It was highest within the telecom and power/utilities industries, with 68.8% of respondents in each category expressing concern. Other top industries included industrial products & services (64.7%), and automotive (63.9%).

This fear of IP theft is not driven by an actual increase in IP theft, says Adnan Amjad, cyber threat risk management practice leader for Deloitte Advisory Cyber Risk Services. Only 12% of participants report their business has suffered an IP theft incident in the past 12 months. Nearly half (44%) say they have not suffered this type of attack; 32.6% were unsure.

"In our view, [the concern] is not necessarily because of increased activity, but more of an increased awareness that property is at risk," he explains. More businesses have become aware that the products they're creating could be stolen.

When asked about potential adversaries, 20.1% of respondents cited employees or other "insiders" as the most likely source of attack. Other commonly feared sources include competitors (16.3%), activist groups not sponsored by nation-states (12%), third-party businesses with which they engage regularly (11.7%), and nation-states (10.1%).

The number of employees putting data at risk is increasing over the years, says Amjad, and there are two types of workers who pose a threat. Some employees are malicious insiders who actively try to steal information; others have had their accounts compromised and are unaware they are risking corporate data.

When IP theft happens, 22.3% of respondents say the greatest challenge is managing investor and customer/client relationships. Other obstacles include assessing the impact of data loss (21.8%), recovering IP as soon as possible (12.4%), and modifying existing IP to minimize the impact of competitive advantage (10.7%).

"In a lot of cases, organizations don't have a good handle on the value of intellectual property," says Amjad. This makes it difficult to gauge the value of a specific incident. Some industries are exceptions to this trend; for example, life science and software companies are more aware of their IP value.

Businesses don't face as great a challenge when it comes to collecting data or monitoring and blocking apps, he continues. However, many struggle to act on information and enable an end-to-end process for protecting data across the organization.

As it stands, IT pros can do more to safeguard sensitive data. Only 16.7% of respondents say access to IP is very limited and on a need-to-know basis among employees. Most (36.1%) say they're working to strengthen security systems and protocols; 12% say they have no defined program to protect and monitor IP access.

Amjad has a few pieces of advice for organizations struggling with security.

"You should not try to protect every piece of IP," he says. "If you try to protect everything, you're not going to protect anything."

The first step for businesses, he says, is to distinguish the "crown jewels" of data within the organization. Which IP is the reason your business exists? The answer needs to be finite and specific to your organization.

Once this is identified, it's time to ensure the correct defensive processes and tools are in place to protect it. This includes ensuring sufficient legal protection and screening the employees who have access to the data.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23962
PUBLISHED: 2021-06-23
A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcement_gonggao" parameter.
CVE-2020-18657
PUBLISHED: 2021-06-23
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.
CVE-2020-18658
PUBLISHED: 2021-06-23
Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.
CVE-2020-18659
PUBLISHED: 2021-06-23
Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php
CVE-2021-29620
PUBLISHED: 2021-06-23
Report portal is an open source reporting and analysis framework. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to prevent XML external entity (XXE) attacks. This allows a user to import a specifically-crafted XML ...