Part III: Intellectual property
In the previous installments of this series, we covered the direct financial impact and reputational fallout—both for organizations and information security professionals—that can result from data breaches. A third and equally damaging result of a successful attack is the theft of intellectual property (IP).
In any industry where innovation, creativity and trade secrets are valuable (which includes most sectors), losing sole ownership of a developing plan or idea can be devastating. Unfortunately, attacks targeting (IP) are quite common; a recent survey of nearly 4,000 IT managers, for instance, found that more than one-fifth of manufacturers had fallen victim to this kind of cyberattack in the past year.
In the most recent version of its report on theft of American IP, the IP Commission estimated that losing sensitive trade secrets costs the American economy more than $300 billion annually—a figure equal to the entire value of U.S. exports to Asia each year. That number is disturbing enough on its own, but many experts on the subject believe that IP theft may cost organizations significantly more. These pundits argue that the scope of impact that losing ownership of a breakthrough plan or product is so vast and potentially enduring that measuring its true cost is extremely difficult, if not impossible.
IP theft is not limited to the private sector, either. Take, for example, the recent news that FireEye Intelligence experts now believe that a group of Chinese hackers backed by the Chinese government have been stealing governmental intelligence from other nations for at least a decade. In its report, the threat intelligence firm stated that the Chinese group, known as APT30 targeted, “regional political, military, and economic issues, disputed territories, and media organizations and journalists who report on topics pertaining to China and the government’s legitimacy.” Furthermore, the prospect of a terrorist organization or other radical group uncovering information about building weapons of mass destruction is extremely frightening.
The successful hacks of government agencies, large corporations and banks will likely embolden global cybercriminals moving forward. For that reason and because breaches can be so crippling when they occur, organizations simply can no longer afford to put information security in a box and view it as strictly an ‘IT’ issue. Rather, they must begin to consider it a critical aspect of its business operations. If you stop to think about the three areas we covered in this series it should become abundantly clear that information security represents a more significant risk to most businesses than almost any other factor.
Quality threat detection solutions have existed in the cyber security space for quite some time and automated incident response tools are hitting the market now as well. But solutions are only part of the security equation. Shielding your organization from today’s perilous threat landscape requires a change in thinking and attitude that should include critical steps like:
- Aligning the SOC with the C-suite to facilitate and encourage open collaboration between IT security teams and other industry stakeholders. Together, these decision makers can identify potential vulnerabilities and work collaboratively to close those gaps
- Standardizing security processes that can serve as a model for junior team members and new hires. Capturing and recording these crucial processes helps organizations retain human capital and institutional knowledge, even when staff turnover occurs.
- Thinking critically about what value security professionals can get out of a cyber security tools before adoption, thereby avoiding unnecessary expenditures, overlapping capabilities and added complexity.
- Working to secure organizational buy-in from every division and level of the organization. Educating employees about why cyber security is important to the well-being of the entire company and training them to recognize threats helps reduce overall risk.
Are looking for some additional perspective on the state of cyber security today? If so, please check out our previous series covering today’s most prominent cyber security drivers.
*** This is a Security Bloggers Network syndicated blog from Swimlane (en-US) authored by Cody Cornell. Read the original post at: https://www.swimlane.com/blog/managing-security-as-a-business-risk-part-3/