Has Your IP Been Stolen? The Hidden Threat May Come From Within

While companies need to take precautions to protect their IP from outside threats, it’s often insiders—employees and contractors—that do the dirty work, so they can’t be ignored

Jun 19, 2018
Mnet 193810 Cybersecurity
Larry ThompsonLarry Thompson

Everyone knows that American manufacturers doing business in places like China risk having stolen their most trade precious secrets—whether it’s source code, R&D reports, or blueprints. And it’s the rare case that a company like American Superconductor of Devens, Mass., can find satisfaction in court as it did in January, when accused customer Sinovel Wind Group of Beijing was found guilty of paying an American Superconductor employee $1.7 million to steal the source code for the company's electronic components. Whether Sinovel actually pays damages is anybody’s guess. Still, it’s easy to understand why intellectual property (IP) theft is at the center of the burgeoning trade war between the U.S. and China.

As this example shows, while companies need to take precautions to protect their IP from outside threats, it’s often insiders—employees and contractors—that do the dirty work, so they can’t be ignored

We know from Verizon’s Data Breach Investigations Report (2018), that 89 percent of such attacks in the manufacturing sector are highly targeted. Of those, at least half involve the theft of IP. A hardly negligible 13 percent of all breaches comes from company insiders.

A much starker view of internal risks emerges from the Insider Threat Report 2018, a survey of several different industries. Nine out of 10 of all organizations surveyed say they feel vulnerable to insider attacks; and 53 percent of them have suffered breaches in the past 12 months. Among the key risk factors: Nearly four in 10 people claim there are too many users with access privileges to sensitive data. Whether insider attacks are caused by malicious intent or inadvertent mistake, the result of copying, e-mailing, sharing, or printing sensitive IP can be a costly disaster.

Without an audit trail to trace the intrusion—from a company insider or a trusted subcontractor, partner, or supplier—a manufacturer can’t adequately protect itself to prevent future attacks on its IP.

So, what should manufacturing businesses do? At the very least, take these four steps:

  1. Form a risk SWAT team.
  2. Draw up a risk profile for every job in the organization.
  3. Deploy employee monitoring and user and entity behavior analytics (UEBA).

Let’s consider these one at a time.

First, select the key stakeholders in your company who need to create policies and procedures for protecting your IP—and for springing into action in the event of an insider breach. Put those folks in charge of appropriate use training and deciding who gets access to all intellectual properties. Often, the responsibility falls to someone in IT. But this isn’t enough. At a bare minimum, consider a team that consists of  the chief information officer, the chief information security office, the heads of R&D and of manufacturing, along with your legal counsel and the head of human resources.

Your CIO should develop and oversee a proactive approach to leveraging the people, processes, and technology in order to safeguard your IP from the point of view of both security and operations. The CISO needs a plan to evaluate and manage the risk of cyber threat as it relates to IP. While your R&D chief is essential for determining exactly what IP needs looking after, the head of manufacturing knows where that property resides and the people involved with all aspects of the manufacturing processes. Your legal counsel will guide you about what and whom you’re allowed to monitor. Why HR? Someone needs to be a clearinghouse of information on all employees and to help coordinate intelligence sharing among the different departments.

Second, assign risk levels to every job in your organization. Choose a scale of 1-10, with 10 as the highest risk, which corresponds to titles with the greatest access to critical, sensitive information. Or, use a system of Low, Medium, and High risk; Green, Yellow, and Red can serve the same function. The key thing is to have a current snapshot every employee’s role, as well as level of privileged access to pivotal information like IP. Clearly, the higher the risk, the greater the need to monitor someone in the organization.

Since I’ve introduced the subject of monitoring employees, let me break that into two very important ways to do so.

One is known as employee monitoring. This can pinpoint exactly when IP has been accessed—and what was done with it. The other is user and entity behavior analytics (UEBA), which sets a baseline of behavior for each employee and takes note of important variations or anomalies from that norm.

Employee monitoring provides a detailed video playback of activity before, during, and after someone taps into your IP. If a user, say, accesses a CAD drawing, takes a screenshot, copies and pastes it into a non-company e-mail account and sends it, employee monitoring can help determine the scope of the incident and the extent of the loss. It offers actionable intelligence for an immediate response.

UEBA algorithms alert an organization when an employee’s activities tied to his or her system credentials exceed the boundaries of normal use. Some systems also track users’ psycholinguistics, looking for aberrations from normal speech, tone, and word choices. These may indicate a shift in someone’s mood or thinking—key signs of depression or anger and early indications of a possible IP breach.

No safeguards are absolutely foolproof when it comes to IP theft by insiders. But having the right rapid-response team in place and assigning risk levels to all jobs and, therefore, which employees to monitor actively, is a start. Combining employee monitoring and UEBA can further head off disaster since one provides an early warning system for insiders who may be inclined to commit a nefarious act, the other an exact record of unusual activity or an actual breach.

Larry Thompson is President and CFO of Veriato, Inc.

Read Next
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
April 5, 2024
Latest in Cybersecurity
All-In-One Manufacturing Management
Sponsored
All-In-One Manufacturing Management
April 17, 2024
Financial Cyber
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
April 19, 2024
Industrial Cyber
Hexagon, Dragos Announce Partnership
April 18, 2024
Ransomware
Report Shows Updated Ransomware Concerns
April 18, 2024
Related Stories
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
I Stock 1251037786
Cybersecurity
What is Volt Typhoon?
This photo provided by the Municipal Water Authority of Aliquippa shows the screen of a Unitronics device that was hacked in Aliquippa, Pa., on Saturday, Nov. 25, 2023. The hacked device was in a pumping booster station owned by the Municipal Water Authority of Aliquippa. An electronic calling card left by the hackers suggests they picked their target because it uses components made by an Israeli company.
Cybersecurity
Congressmen Ask DOJ to Investigate Water Utility Hack
Intuitive and Flexible Manufacturing ERP
Sponsor Content
Intuitive and Flexible Manufacturing ERP
More in Cybersecurity
All-In-One Manufacturing Management
Sponsored
All-In-One Manufacturing Management
Acumatica looks to offer new solutions.
April 17, 2024
Financial Cyber
Cybersecurity
Alarming Trends Reinforced in Ransomware Attack of Semiconductor Mfr.
Experts assess the fallout from the Dark Angel attack on Nexperia.
April 19, 2024
Industrial Cyber
Cybersecurity
Hexagon, Dragos Announce Partnership
The team-up looks to "revolutionize OT cybersecurity."
April 18, 2024
Ransomware
Cybersecurity
Report Shows Updated Ransomware Concerns
Hackers are elevating the complexity of their attacks - making them harder to detect.
April 18, 2024
Cybersecurity In A Bubble
Cybersecurity
Responding to Emerging Risks and Attack Vectors
Insight on key hacker strategies, response plans and creating a culture that embraces cybersecurity.
April 18, 2024
Ep89
Video
Security Breach: Weaponizing Secure-By-Design
How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.
April 18, 2024
Siemens Image 1
Cybersecurity
An Automatic Cyber Response Solution
The platform works to isolate and quarantine the infected production equipment during an attack.
April 11, 2024
Financial Cyber
Cybersecurity
1 in 5 S&P 500 Companies Reported Breaches Last Year
Ransomware demands and supply chain targeting continues to escalate.
April 11, 2024
Soc
Cybersecurity
How Oversight Impacts Enterprise Level Cybersecurity
A new report examines the benefits being realized by higher-level cyber scrutiny.
April 11, 2024
Ep88tn2
Video
Security Breach: Over-Connectivity and Mobile Defeatism
The good, the bad and the ugly of mobile device security in the expanding OT attack landscape.
April 11, 2024
Ldra
Cybersecurity
Platform Offers Actionable Security Analysis & Reporting
New vulnerability heat maps help remediate critical issues sooner.
April 10, 2024
Zero Trust Maxxa Satori
Cybersecurity
Research Shows Increased Zero Trust Adoption In Industrial Sectors
The strategy is being implemented across IT and OT environments.
April 10, 2024
Container Ship At Port And Cargo Plane 000071988275 Large
Cybersecurity
Protecting Ships from Cyber Terrorism
Cargo ships feature a number of connected operational technologies - making them vulnerable to cyberattacks.
April 10, 2024
Cybersecurity
Cybersecurity
ZAG Technical Services Announces New Cybersecurity Offering
The safeguard minimizes the risk a harvest will be interrupted by cyber threats.
April 5, 2024
People Cyber Metamorworks
Cybersecurity
The Weakest Link in Manufacturing Cybersecurity
An organization can be equipped with state-of-the-art cybersecurity systems, but one significant vulnerability may remain.
April 4, 2024