“If a man keeps an idea to himself, and that idea is taken by stealth or trickery, I say it is stealing. But once a man has revealed his idea to others, it is no longer his alone. It belongs to the world.”
I want to start with a story of how China stole an entire aeroplane…In October 2018, ZDNet ran a story on how China’s efforts into establishing a foothold in the aviation industry by building its home-grown plane left a trail of hacks across the aviation industry.
Through a coordinated approach, “contractors” (such as hackers, cybercriminals) are hired and assigned the theft of particular interest. If they cannot gather intelligence, Chinese intelligence will recruit company insiders, or even coercing Chinese employees to aide their hacking efforts using blackmail or threats against families living at home.
According to the security firm Crowdstrike, the end goal was to acquire the needed intellectual property to manufacture all of the C919’s components inside China.
An accusation filed in California on October 25, 2018, charged 10 Chinese individuals with conspiring to steal aerospace trade secrets from 13 western companies, most of the U.S. based. The indictment also revealed that French aerospace manufacturer Safran was infiltrated when employees in its Suzhou, China office inserted malware into the Safran computer network. This malware gave Chinese agents access to Safran’s confidential files.
According to U.S. Trade Representative Robert Lighthizer, China’s IP theft costs the US between $225 billion and $600 billion each year.
What is Intellectual Property?
Intellectual property is the production of new ideas you create and own by your organisation that is critical in achieving its missions.
The type of intellectual property are varied:
What is insider theft of intellectual property?
It is defined when an insider steals proprietary information from the organisation.
Some known examples:
What is the impact of insider theft of IP?
The impacts of insider theft of IP can be devastating. Trade secrets worth billions of dollars have been lost to foreign countries, competing products have been brought to market by former employees and contractors, and invaluable proprietary and confidential information have been given to competitors.
The following list the five fallacies that business thinks about Intellectual Property Theft.
IP Theft Fallacy #1
Very few insiders ever steal intellectual property to sell it. Instead, they steal it for a business advantage either to take with them to a new job, to start their own competing business, or take it to a foreign government or organisation.
Here is an example: A Chinese EV startup Xpeng, have stolen some of Tesla intellectual property, but it’s not stopping the company from straight-up copying its website design too.
IP Theft Fallacy #2
There is a misconception that the IT administrators are the biggest threat.
Many people believe that because they hold the “keys to the kingdom”, that they would be the prime suspect for theft of IP. According to Insider Threat Division of CERT, there is no observable case in their database which shows IT administrators stole intellectual property.
Those that steal intellectual property are usually current employees who already have authorised access to that IP (around 75% according to the insider Threat division of CERT). Such as engineers, programmers, or salespeople.
IP Theft Fallacy #3
There is a misconception that organisation high-level security technologies such as SIEMS will be able to identify and prevent IP theft.
Technology is not able to recognise human behaviour from logs and system events. You cannot infer logs to reveal peoples intention and motivation.
Did you know, that “dissatisfaction” played a significant role in many of the IP thefts? Dissatisfaction notably resulted from the denial of an insider request, which in turn decreases the person’s desire to contribute and diminish loyalty.
Yet, machines are not able to recognise “negative emotions” as a risk and businesses regularly miss these “red flag” behaviour warnings.
Importantly, you cannot detect theft of IP until the information is in the act of being stolen. In other words, the window of opportunity can be quite small.
That’s why it is essential to pay close attention when you see potential physical behaviour indicators of heightened risk.
IP Theft Fallacy #4
The misconception that IP theft took place after hours and required sophisticated hacking.
Not so! Most of the IP was stolen during business hours and within one month of resignation using a variety of methods.
Most of these crimes tend to be quick thefts around resignation. But some of them stole slowly over time, committing their final theft right before departure.
“All of us have the right to change jobs, but none of us has the right to fill our pockets on the way out the door. “
US Attorney David L. Anderson
IP Theft Fallacy #5
There is a misconception that IP theft is only conducted by a single person.
IP theft can be initiated by a person that may not have access to the IP. Insiders can be recruited or coerced into providing the IP.
According to the Insider Threat Division of CERT, around 33% of IP theft were the benefit of a foreign government or organisation.
To prevent your intellectual property from walking out the door, consider the
following set of recommendations.
Review employee contract
Periodically review and adjust your access controls.
Monitor user anomaly activity.
Pay attention to physical behaviour
Are you concerned about the insider risk to your business?
Do you have critical intellectual property that you need protecting?
Have you been impacted by insider theft?
Do you need to comply with regulations showing that you have the right insider risk protection methods in place?
If so, reach out to Naked Insider – www.nakedinsider.com