In a world where business moves at the speed of the IOT, and where data and passwords are more readily available online, entrepreneurs have a new obstacle to address: the protection of their intellectual property.
While corporations have the resources to hire top cyber security teams and implement software solutions that protect their collateral, criminals are increasingly taking an interest in small and medium sized businesses. The new targets have equally marketable data, designs and digital information that have value for criminals, and for foreign governments.
The question to ask: is your business at risk?
The technology industry and foreign policy
In 1986, China began a program that has been loosely referred to as “shadow innovation” and formally identified as “Program 863”. Many experts believe that the era of entrepreneurial espionage actually began thirty-years ago and evolved into a significant concern for international brands and small businesses, particularly through the escalation of hacking and other illegal methods of resourcing.
“Program 863” encouraged citizens to ‘acquire’ products, patents and designs (including technology and software) that were proprietary to other countries. Unlike many other countries, China has been charged with illegal acquisition of American technologies.
The country has also developed both a reputation and history of encouraging private individuals (not governmental agencies) to procure information, products and other sensitive intellectual property. Russia, France and Israel also share a historical reputation for accepting the practice of industrial or trade espionage.
In 2013, the Global Intellectual Property Center stated that the net annual loss due to intellectual property (IP) theft costs American businesses more than $300 billion dollars annually. Some of the most highly targeted niche industries are:
Software and applications
Motion picture and film
Music and entertainment
Pharmaceutical and medical devices
Digital storage and file sharing have exposed small businesses, designers and large corporations to both domestic and international loss through intellectual property theft. In the first half of 2014, “500 million unique IPs shared files globally, accounting for more than 17 billion downloads and $275 billion dollars of unmonetized demand.”
What kinds of cyber exploits impact businesses?
One of the most common and effective exploits is called a “watering hole” attack. In this scenario, trying to gain access to a website through the main domain (where security protocols are in place) is too difficult. Instead, the perpetrating hacker makes some educated guesses on the other websites or cloud destinations that the business may use, including apps, partner organizations, etc.
The hacker then infects the partner domain with malware, seeding the cloud with viruses that have a probability of being injected when the victim organization uses the partner sites.This allows for “backdoor access” that frequently bypasses firewalls and other security monitoring and software.
One very high-profile example of a “watering hole attack” was the hack of Forbes Magazine website in November 2014. Two zero-day vulnerabilities in both the Microsoft Internet Explorer browser and the Adobe Flash Player were exploited. The malware infected visitors to the site, when they clicked on the “Thought of the Day” page. As you can imagine, infecting Forbes may have been a gateway to gaining access to a limitless number of sites, which use the magazine as a daily resource.
The cyberespionage campaign was later attributed to the “Codoso Team or the Sunshop Group”, which is an internationally known Chinese hacking organization. Read more: “Top 10 Web Hacking Techniques of 2015”.
Why size doesn’t really matter
Many companies assume that intellectual property (IP) or data theft is only a concern for large brands, or international organizations. Increasingly however, as large companies allocate more resources to cyber security, it is the small and medium sized businesses, and solopreneurs who are most vulnerable to copyright or data theft.
The PwC (Price Waterhouse Cooper) Global State of Information Security Survey 2015 revealed some alarming facts:
Theft of intellectual property increased by 56% in 2015
There were 38% more security incidents reported in 2015 compared to 2014
Employees remain the main source of data breach
22% of IP theft or compromise involved a business partnership or partner organization
SME’s reduced security spending by 5% in 2015, due to profit loss and budget
What can a small or medium sized business on a tight budget do to protect intellectual property? First, recognize that being a small business does not exempt you from being a victim of hacking and digital theft. Hire a security professional to evaluate your digital collateral (starting with your website) to determine areas of risk that may be susceptible to malicious code and exploitation by cyber criminals. This small investment is more than worth it to protect your business and IP.
What measures do you have in place to secure your business and IP?