The threat to industry trade secrets is real. Cybercriminals are smart, nimble and more financially motivated than ever before. They won’t stop until they reach their target - the sensitive data, which includes a firm's intellectual property (IP).
Trade secrets are a coin of the realm. Manufacturers invest billions into research and development to produce IP, which then becomes the newest, most marketable products. Nearly four percent of all manufacturing net sales are reinvested in research innovation, which is the highest of any industry. Despite this, a barrier remains to furthering market expansion, and it’s driven by a lack of information technology.
Companies lose $300 billion annually due to IP theft, and financial damage isn’t the only consequence that comes with the loss of trade secrets. It can also lead to material damages, including loss of market advantage, missed opportunities, a damage to reputation and brand loyalty, and lawsuits.
Organizations must protect their crown jewels – the IP – to survive. The following actionable tips will provide a solid foundation to achieve this:
1. Make the case for investing in IP protection.
It’s a challenge to get attention regarding IT security from C-level executives, who often prioritize other business initiatives. Obtaining funding for IT security is a process of enterprise-wide education and advocacy, which requires a thought-out plan.
Your case for IP protection should include as many details and industry statistics as possible. For example, does the C-suite know that 66 percent of reported data breaches took months – or years – to discover? Think of what a hacker can do with that amount of time and quality of information.
For maximum impact, use real-life examples of security incidents when your own trade secrets were under direct threat. Address internal questions from the onset – such as how IP defense will drive global expansion; how it will support key business initiatives; and how ROI will be demonstrated.
2. Establish a holistic IP protection program.
The best IP protection programs take a holistic approach, where senior leadership takes ownership but everyone in the organization – from the CEO down to the interns – has a stake in its success.
In addition to articulating this point across the business, it’s also important to establish written policies. These rules should clearly outline what is required of all employees, outsourcers, suppliers, contractors, consultants and other third parties when accessing, utilizing and handling company secrets. Compliance with these policies must be a condition of employment, contracting and procurement by the corporation.
Once the rules are established, it’s important to audit, monitor and report on them – are the policies being followed? Is there room for improvement or correction? This reoccurring audit ensures policies are being followed throughout the course of several weeks, months and even years.
3. Identify and protect your crown jewels.
Every manufacturer files patents to protect their inventions, industrial designs and plant processes – but trade secrets can include plans, prototypes, in-process research, names and codes. Any tangible information, even employee ideas, is worthy of protection.
The process of identifying and classifying enterprise IP isn’t easy. What are your most cherished crown jewels, and where are they stored? Are they hidden in free cloud services that may not be authorized by company policy? Determine the IP and locate it immediately.
Once identified, consider using an automated data protection platform to classify each asset based on distinct levels of sensitivity. Then, define specific rules or tags for each level. Crown jewels need to be protected throughout the entire IP lifecycle, from lab idea to shipping product, and require various security identification levels.
Lock up your crown jewels in electronic “vaults” where strong multi-factor authentication and robust account management restrict access by user role. Technologies such as data loss prevention (DLP) provide data encryption and export restriction capabilities, ensuring sensitive data isn’t in the wrong hands.
4. Discover your security weaknesses and address them.
The techniques of cyber attackers are constantly evolving. Ongoing threat intelligence will help your firm stay ahead of the vulnerabilities.
IP protection is never finished. Continue to improve your capabilities as your organization matures in its understanding of threats faced. Rely on outside expertise to discover your business’ weaknesses. Skilled penetration testers can analyze prevention, detection and response capabilities by mimicking the tactics of seasoned cyber attackers. These (hired) “hackers” will target your system admins with benign phishing, drop “infected” USB drives and perform social engineering with business users, all to help determine your weak spots.
Protecting sensitive data is a journey; not a destination. It requires an ongoing process of prevention, detection and response, which is continuously measured and improved over time. IP is the most valuable asset within any manufacturing firm today. As an industry, manufacturers must collaborate to protect common interests against those looking to do harm.
About the Author
Salo Fajer is Chief Technology Officer at Digital Guardian, driving the company’s strategic vision and core innovation efforts while also overseeing product management, product marketing and product content development. He has over 25 years of experience in the industry, having held diverse technical leadership roles in product management, operations, consulting, and sales engineering.