The number of intellectual property (IP) cyber theft incidents in the next 12 months is expected to increase, according to 58 percent of respondents to a recent Deloitte poll. When asked which category of potential adversary they believe is most likely to attempt theft of their organizations' IP, the prevailing percentage of respondents (20.1 percent) answered "employees or other insiders." Yet, only 16.7 percent of respondents said access to IP is very limited, on a need-to-know basis only.
"While many of us know — or have experienced firsthand — how a cyberattack can severely disrupt business, loss of an asset as critical as IP can be crippling for most organizations," said Don Fancher, principal, Deloitte Financial Advisory Services LLP, national leader, Deloitte Forensics & Investigations and Deloitte Forensic leader, Deloitte Global. "Managing risks to trade secrets, drawings, plans or proprietary know-how that drive your organization's revenue and competitive advantage often includes quantifying how loss of that IP would impact the business, preparing to identify and pursue adversaries, and building a defensible chain of data custody to counter future IP cyber theft threats."
As cited in the Deloitte Review article, "The hidden costs of an IP breach: Cyber theft and the loss of intellectual property," IP can constitute more than 80 percent of a single company's value today. And yet, 44.1 percent of respondents to the Deloitte poll collectively feel that assessing the impact of IP loss and managing relationships would be the largest challenges faced by their organization. Sectors expecting a higher than average increase in IP cyber theft in the next year included: power and utilities (68.8 percent); telecom (68.8 percent); industrial products & services (64.7 percent); and automotive (63.9 percent). Those sectors expecting higher than average insider IP theft attempts included: automotive (32.2 percent); oil & gas (27.2 percent); and real estate services (26.2 percent).
Tips for assessing the potential impact and protecting against intellectual property loss include:
Define the critical assets (e.g., facilities, source code, IP and R&D, customer information) that must be protected and the organization's tolerance for loss or damage in those areas.
Validate that any partners or suppliers involved in IP creation or utilization collaborate with the cyber risk program.
Evaluate whether exposing some IP in the public domain may make the organization more subject to attack.
Consider whether the competitive landscape points to new cyber threats to IP protection.
Improve cyber resilience to manage brand impact and market position in the event of IP theft.
Taking a holistic approach toward cybersecurity isn't just about balancing technical expertise with information technology investments, or about contingency planning. Organizations need to define their cyber risk, up front, in conjunction with their strategic priorities when making decisions on protecting their most critical assets because they recognize what the adverse consequences would be otherwise.
Adnan Amjad, cyber threat risk management practice leader for Deloitte Advisory Cyber Risk Services and partner at Deloitte & Touche LLP added, "Predicting IP data theft is tough, as adversaries don't fit one specific mold. A robust insider threat mitigation program leverages a broad set of stakeholders to define potential insider threats and risk appetite, establish appropriate policies, procedures, controls and training and utilizes the combination of business knowledge, virtual and non-virtual data and technology to more effectively safeguard vital information."
Here are key considerations for building an insider threat mitigation program:
Define your insider threats: Don't be surprised if your organization hasn't defined what an insider threat is.
Trust but verify: Establish routine and random auditing of privileged functions, which are commonly used to identify insider threats across a broad spectrum of threats in a variety of industries.
Connect the dots: By correlating precursors or potential risk indicators captured in virtual and non-virtual arenas, your organization can gain insights into micro and macro trends regarding the high risk behaviors exhibited across the organization.
Stay a step ahead: Insiders' methods, tactics and attempts to cover their tracks will constantly evolve, which means that the insider threat program and the precursors that it analyzes should continuously evolve as well.
Set behavioral expectations: Define the behavioral expectations of your workforce through clear and consistently enforced policies.
"As the cybersecurity conversation begins to shift from a focus on technology to a broader discussion involving all essential business functions, an organization's insider threat program should evolve in a similar way," concluded Amjad.