






A new report released by {complink 5927|Verizon Information Technologies} that examines incidents of intellectual property (IP) theft at companies in several industries, including the high tech, financial, and manufacturing sectors, offers sobering news to the electronics industry as it seeks to electronically protect its patents — the very thing that brings value and competitive advantage to a company's business.
DBIR Snapshot: Intellectual Property Theft is a report that examined 85 confirmed data breaches over the last two years resulting in the theft of intellectual property. The findings are based on breaches investigated by Verizon's Research Intelligence Solutions Knowledge (RISK) Team or one of its partner organizations, which include the Australian Federal Police, the Dutch National High Tech Crime Unit, the Irish Reporting and Information Security Service, the Police Central e-Crime Unit, and the United States Secret Service.
The data shows that while most of the breaches originate from external entities that often use malware and hacking methods to steal IP data, even more troubling is that 46 percent of employees are participating in the theft of intellectual property information. The research also shows that efforts to combat system penetration will have to focus on several aspects of data security as adversaries rely on multiple methods of attack to successfully penetrate a company's knowledge assets.
The study outlines several ways that an attack occurs, including:
- An external agent sends a phishing email that successfully lures an executive to open the attachment
- Malware infects the executive's laptop, creating an entry into accessing sensitive data
- An external agent accesses the executive's laptop, viewing email and other valuable data
- A system administrator misconfigures access controls when building a new file server
- An external agent accesses a mapping file server from the executive's laptop and steals intellectual property
Listing the top three methods an attacker uses to carry out IP theft, the research found that 45 percent of data penetration occurred via abuse of system access or privileges, another 34 percent occurred as a result of using stolen login credentials, and 32 percent were the result of pretexting, which is the act of using false information to trap individuals into divulging privileged information that can be used to penetrate data systems.
When managing security in a modern high-tech supply chain, Wade Baker, managing principal for Verizon's RISK team, said the links between supply chain partners such as component suppliers, contract manufacturers, and distributors operating across the globe opens up the electronic manufacturing enterprise to many new security threats.
“If I have three other partners who I depend on to send me information so that I can do what I need to do for my business, and if a supply chain partner sends me information [with a computer virus attached], or if my information is compromised, the impact spreads,” said Baker, who is also the principal author of the report.
While the report offers several recommendations to protect IP theft, the report concludes that:
- There is no silver bullet that can guarantee protection against IP theft. The diversity, complexity, and ingenuity of tactics preclude a one-size-fits-all solution. As our findings have shown, however, there are several common factors across successful attacks that warrant attention. Insider abuse—whether premeditated or requisitioned through trickery—is a favored method of filching IP. And if an insider won't cooperate, stealing their credentials will work almost as well. Short of that, brute-forcing or using SQL injection against web applications stands a good chance of success.
The report also lists a number of recommendations to protect against IP theft, which include:
- Privileged users:
- Training and awareness:
- Stolen credentials:
- Secure development:
Use pre-employment screening to eliminate the problem before it starts. Don't give users more privileges than they need and use separation of duties. Make sure they have direction (they know policies and expectations) and supervision (to make sure they adhere to them).
Increase awareness of social engineering: educate employees about different methods of social engineering and the vectors from which these attacks could arise. In many of our cases, we see users clicking on links they shouldn't and opening attachments received from unidentified persons.
Keeping credential-capturing malware off systems is priority number one. Consider two-factor authentication where appropriate.
Focus on application testing and code review. While SQL injection attacks are the most common, cross-site scripting, authentication bypass, and exploitation of session variables contributed to many of the network-based attacks.
If there's anything that IT security executives at high-tech manufacturing companies can learn from the report's findings, it is that as their extended supply chains rely on networks that manage sensitive company information, they need to continue to develop policies and procedures that will prevent these attacks. Certainly, the time, effort, and resources committed to mitigating IP theft is a worthwhile endeavor.
Ofcourse in organizations that have strong firewalls and IT procedures if there is a IP theft, it is an insiders job.That results in patents war eventually becuase someone has stolen it or mishandled it.
I would expect most high tech theft involves insiders. More often that not it takes someone familiar with the IP to make sense of the data so raw data is likely to be useless to an outsider unless it is packaged properly to be usable along with all other associated essential data.
Hi Nicole: Did the report say whether the internal hackers used the IP for monetary gain, or were they just malicious?
Sometimes a resigning staff may copy out some important stuff and bring it over to the new company. I know some japanese companies even adopt laptops without storage, that is everything is from the company cloud server. Plugging in an unauthorised thumbdrive will be rejected.
Dear Barbara,
No, the report did not say how the attackers who succeeded at intellectual property theft used the information, or if there was a monetary gain for them.
The report did say that the most compromised areas of an enterprise are the databases and file servers, which is where most organizations store internal data and knowledge.
The report went on to say that “This serves as a reminder that when we lock down file servers storing IP, we can't neglect to lock file drawers too.” I'm sure this is good advice.
Thanks for reading my article.
Nicole
…the human factor of course.
No matter what type of cryptographic algorithms and security systems are in place, the weakest link of any security system in the world is the human beings who are targets of social engineering attacks. The bigger the incentive of attacking a system, the more creative and hence more successful such social attacks can become.
Stealing IP can be a very profitable attack for thieves. Therefore, the human factor that has any involvement with such IP matters should be trained and regularly updated to be aware of new types of potential threats. It will also be useful if ethical hacking methods and penetration tests are applied randomly to test how well the people are defending the system based on th training they receive.
I think so too, human factor plays a role in all these thefts. Staff have to be trained on the risks if they involve in any of these activities and protection measure to take.
It's such a difficult thing to achieve but the article pin-pointed one good measure to do this. There should be level of involvement for every employee in organizations – who and who should have access privilege rights to some organizations' data. Even though, organization would still be worried about some self -acclaimed indispensable employees.
Yes, i agree with that but it also has to be a periodically conducted exercise. After sometimes management of most organizations do relax on this until intranet or their local network systems get compromised.
@ t.alex – I would expect this (resigning employee theft) to be one of the primary issues. Opportunity and motive would both be present.
@Wale good point. It's important to remain vigilant and not let your guard down.
Hi Ariella & Wale,
I agree with you both. Nicole's article did point out that,
'There is no silver bullet that can guarantee protection against IP theft. The diversity, complexity, and ingenuity of tactics preclude a one-size-fits-all solution'.
Like you said Ariella, it's important to remain alert.
Dear Anna, Ariella & Wale,
It's always good to be vigilant with regard to implementing practices and procedures that will protect sensitive data, especially since the electronics supply chain expands into Asia, Europe and other parts of the world where it's arguably more difficult to secure critical data.
Thanks for your insightful comments.
Nicole
Interesting thoughts. I saw an Ipad Mini commercial that demonstarted that the Mini could be held in such as way as to free the thumbs up for the familiar texting move. I have a third generation Ipad and thumb prestidigitations are obsolete without a doubt, but I think with the new, larger phones and smaller tablets, we may see a resurgance of thumbnastics.
I also saw a video on you tube where teeenagers from korea or china were using their smartphones keypads so fast. It was amazing. Well the teenagers today got access to smartphones so early in their life that they live their entire day on it.
Anyone tried the Swype typing method for android ? It's pretty creative use of the thumb for speedy fast typing.