Theft of manufacturing company’s intellectual property (IP) is costing US organisations an estimated $300 billion according to the National Science Foundation.
“Manufacturers should assume both malicious insider and cyber-attacks are already occurring and take appropriate”.
That is the advice from Digital Guardian, who provide IP managed services in the US.
Manufacturers spend more of their net sales on research innovation than any other industry (3.9% per annum is reinvested according to the Brookings Institute), it is vitally important that manufacturing companies protect their valuable IP assets internally and externally, especially when you consider they are the most likely industry to be targeted for espionage attacks being committed on manufacturing are more likely than any other industry (33%) according to the Verizon Data Breach Incident Report 2013:
- 76% of network intrusions exploited weak or stolen credentials
- 15% of incidents were perpetrated by insiders or business partners
- Over half of the insiders were former employees taking advantage of old accounts or back doors that weren’t disabled
- And maybe not surprisingly, over 70% of IP theft cases committed by internal people took place within 30 days of them announcing their resignation
What about some practical tips for protecting your IP?
Digital Guardian has developed five top tips based on their experiences with manufacturing companies in the US.
Make the case for investment in ongoing IP protection
In some cases, it can still be difficult to get buy-in from C-Level executives within an organisation, especially when the organisation runs on the IBM i. Yes, the operating system is rock solid and yes, it does have many inherent security features, but it does not mean that it is not vulnerable to both insider and external threats. It is therefore important to make the case for investment in security, explaining the consequences of a breach and how adequate security helps to achieve regulatory compliance (HIPAA, PCI, SOX, ITAR, etc.) faster and more effectively.
Establish a holistic approach
Although senior management within an organisation takes ownership of an IT security programme, it is ultimately everyone in the organisation who should take an equal part in the protection of business-critical data and systems.
Protect your organisation from insider threats and cyber attacks
In their white paper, ‘IBM I on Power Systems for Enterprise Businesses’ International Technology Group (ITG) reports that their an estimated 600 – 800 million malware (Trojans, worms, spyware, rootkits, backdoors and assorted hybrids) variants currently, with the number expected to pass one billion within the next two years.
Costs of data breaches are becoming prohibitive to many organisations and simply can’t be ignored. Especially when we consider that the average cost of a data breach is between £96 and £191 per record and we see that cyber-attacks on JP Morgan Chase involved 76 million records, eBay 145 million and Vodafone two million.
In the US, the increased exploitation and disruption to computer networks from insiders prompted the Federal Bureau of Investigation (FBI) and the Department for Homeland Security (DHS) to warn that ‘disgruntled and former employees pose a significant threat to US businesses due to their authorized access to sensitive information and the networks businesses rely on’. The FBI estimates that insider threats are costing organisations $3,000 to $3,000,000 (£1,841 to £1,841,110).
Discover the weaknesses in your security and address them
It always pays to understand where the weaknesses in your infrastructure are. If you are operating your organisation on the IBM i, we are able to provide a free assessment of your operating system to establish areas for improvement. Contact us for more information.
Improve your ability to detect insider threats and cyber attacks
Having the right tools to protect your organisation is an essential part of the cybersecurity process, and in the case of the IBM i, you simply can’t rely on its inherent security features.
Raz-Lee Security provides a complete suite of products for the prevention, application security, auditing and compliance.
Posted by Paul on 27th November 2014.