Cybercriminals want to steal data, but not only the data you hold on your customers. IP theft attacks are being conducted with increasing frequency. Unfortunately, many companies have no idea that their intellectual property is being stolen.
Customer data must be protected at all times. Cybercriminals seek financial information such as credit card numbers, as well as personal information like Social Security numbers and insurance information. These data are extremely valuable. They can be used to commit identity theft and financial, medical, and tax fraud. Safeguards must be implemented to keep these data secure, but don’t forget your company’s most prized assets: Your intellectual property.
IP theft attacks are commonplace – In fact, your IP may have already been stolen and sold to your competitors!
It is a sad fact, but organizations’ prized information is being stolen under IT departments’ noses and many are not even aware that attackers have breached defenses and are stealing data. IP theft attacks are a very real problem, as revealed by the latest annual Data Breach Investigations Report (DBIR) from Verizon. The report highlights the extent of the problem. Who is stealing data, how they are getting in, and worryingly, how long it takes for cases of IP theft to be discovered.
Who needs to worry about IP theft attacks?
Intellectual property (IP) includes company secrets, copyrighted information, product designs, new product information, patent information, and trade secrets. IP also includes any data that your company stores that would benefit your organization’s competitors if they were to obtain it. Since all organizations store at least some IP, IP theft attacks should be a cause for concern for all.
Companies in the public administration and financial sectors are those most commonly suffering IP theft attacks. If competitors can obtain the data of rivals it can give them a wide range of strategic and competitive advantages. These industry verticals account for two thirds of reported IP theft data breaches according to the Verizon report. Verizon’s research also shows that IP theft attacks are not short-lived. They typically last for months or even years.
What are the main threat agents?
According to Verizon, threat agents can be split into three categories: external agents (hackers and other cybercriminals), internal agents (employees), and partners (Business associates and vendors). The majority of IP theft attacks are caused by external agents.
87% of IP theft attacks studied by researchers involved external agents. However, internal agents were involved in 46% of data breaches involving intellectual property theft. It does not take a genius to work out that external agents are therefore recruiting insiders to help them conduct IP theft attacks. (since you are probably wondering, partners were involved in 1% of attacks.)
Who is being recruited? While you may think that sys admins and IT professionals are the most likely individuals to be recruited due to the level of system privileges they are likely to have, they were actually the third most likely employees to be recruited. Account executives were in second place, but the most individuals were actually regular employees.
How are IP theft attacks taking place?
Even the most security-lax organization does not store its most valuable data in a location that is easy to attack. The type of information that is targeted usually resides deep within an organizations network. Successful IP theft attacks require a considerable amount of skill, and do not typically involve bored teenagers working out of their bedrooms.
IP theft attacks involve state-sponsored hacking groups, hacktivist groups, and organized criminal gangs. The main threat action is abuse of system access and privileges, which accounted for 45% of breaches. Next was the use of stolen login credentials at 34%, pretexting was third and involved in 32% of attacks, followed by good old fashioned bribery in fourth place, accounting for 28% of attacks along with embezzlement and skimming, also on 28%.
Timeline for IP theft attacks
Verizon analyzed the timeline for attacks, which revealed that cybercriminals act fast. They get in, steal data quickly, but they do not then get out. In fact, they stay there undetected and continue to steal IP for years. Alarmingly, most organizations do not know an attack has taken place until many months has passed.
The time between the initial attack and initial compromise is hours, not days. 77% of data breaches occur in seconds, minutes, or hours after the initial attack. When it comes to detection of IP theft attacks, in 31% of cases it is a matter of years later. 17% of attacks are discovered months down the line, 20% take weeks, and 19% take hours. No attacks were discovered less than an hour after the attack had taken place, which means that even in the case of quick discovery of an attack, 77% of organizations would have already had their IP stolen.
How can IP theft attacks be prevented?
Unfortunately, since attackers use a wide variety of means to obtain access to IP, there is not a single method that can be employed to prevent the theft of IP. Organizations must therefore employ a variety of measures to keep their networks and data protected. A common sense, evidence-based approach must be adopted. A full risk assessment must be conducted and all security vulnerabilities must be found and addressed.
When it comes to protecting your assets, a risk assessment is a good place to start. However, when it comes to the staff, it makes sense to start protecting your organization before any employee starts work. Conduct background checks on new members of staff before you give them any privileges, and then monitor all employees and conduct access audits. That means you will need a system that logs data access and someone must be given the task of checking access logs. You should also have an alarm system that flags any unauthorized data access attempts.
Secondly, make sure you conduct security awareness training. Phishing is commonly used by external agents to gain login credentials. Make sure all staff members know how to identify a malicious email attachment, phishing email, and a malicious website.
Phishing prevention strategies must be developed and implemented
Make sure employees know they need to report potential phishing attacks. They are often conducted on multiple members of staff at the same time. Speed is key to avoiding a successful phishing attack. If attempts are reported, action can be taken to prevent other employees from falling for the scam.
It is essential to prevent malware from being installed, so therefore important to run regular scans to identify it when it has been.
Conduct application testing and perform code reviews. Work with your application developers and help them to write more secure code.
IP theft attacks will occur, but the damage caused when they do can be limited. According to Verizon, “All too often, evidence of events leading to breaches was available to the victim but was neither noticed nor acted upon.” It is therefore essential to develop a security aware culture. Make sure staff members know to look for suspicious and anomalous activity and make sure they report it. Then investigate it immediately!