Story image

No company is immune from attacks: Protect your IP

30 Sep 15

With online threats becoming more ubiquitous and damaging, it may be time to re-think how you protect sensitive data such as intellectual property (IP).

Firming up network and system security weaknesses can go some way to protecting sensitive information, but employing data loss prevention techniques should also be considered to help protect data in the event that it is stolen or lost, according to BAE Systems Applied Intelligence.

The increasing list of significant breaches around the world has made companies aware they must take steps to mitigate the risks posed to their critical information assets.

IP, including creative content, saleable commodities and design details, now sits on corporate risk registers, having been identified as critical to ensuring organisations maintain consumer trust and stability in today’s uncertain economic climate, says BAE Systems.

Motivated groups looking for financial gain, including suspected state-sponsored groups, industry competitors and criminals, are carrying out online attacks aimed at extracting IP for their own gain or to disrupt competition.

No company, regardless of size or industry, is immune, BAE Systems says.

Adrian Blount, BAE Systems director cyber solutions ANZ, says, “IP theft can result in substantial commercial losses and, in some cases, may even put lives in real danger if critical infrastructure is compromised.

“The secondary impacts of data loss events, such as reputational damage, legal action or regulatory intervention, can continue to manifest themselves well beyond the incident response and clean-up period.”

However, despite the risks, few organisations consistently and effectively identify and protect all of their IP, the company says.

The commercial reality is that security controls cost money and companies must find the commercial balance between the cost of implementing a control and the consequences of a successful attack, according to BAE Systems.

Although there is no single solution to safeguarding IP, some security solutions and products are maturing and simplifying the task of tracking and controlling usage of digital assets, the company says.

BAE Systems says data is generally defined into three groups; data in motion (DIM) such as data being transmitted across a network or via email, data in use (DIU) such as data presented within an application, and data at rest (DAR) such as data stored in a database or file repository.  

While there are many examples of data loss in each of these groups, by far the most common is DIM, particularly data contained within emails.

Therefore email data loss prevention (DLP), involving content filtering policies and the blocking, encrypting or flagging of emails containing suspicious or sensitive data, is a necessary ingredient of any data protection strategy.

Companies can use DLP measures to prevent and detect the use and transmission of data such as financial information, sensitive documents or intellectual property.

From a compliance point of view, this can help companies comply with regulator requirements around credit card data transmission or protected health information, for example, BAE Systems says.

While trying to prevent the leakage or loss of sensitive data is important, it is a requirement of doing business that sensitive data is exchanged with business partners, customers, shareholders and a range of other entities.

The use of encryption technologies to protect these data transfers can ensure messages falling into the wrong hands doesn’t have to mean the content it is exposed, the company says.

“Email encryption ensures privacy of sensitive communications, meaning you can send sensitive data to trusted parties securely. New technology allows messages to be automatically encrypted based on policy, or on demand,” says Blount.

Historically email encryption has been cumbersome to implement; requiring complex public key networks to underpin it. This has limited its uptake due to the burden it places on end users, he says.

“To ensure ease of use doesn’t put people off using email encryption, it is important that both senders and outside recipients don’t need unmanageable keys, add-ons or external programs; allowing recipients to read and reply through a simple and secure web-based interface overcomes this,” he says.

“It is inevitable that we will see further attacks on, and new vulnerabilities in, the defences we put in place today.

“However, having systems in place to protect your data and flag suspicious activity, can go a long way to giving you peace of mind,” Blount says.

Dimension Data nabs three Cisco partner awards
Cisco announced the awards, including APJ Partner of the Year, at a global awards reception during its annual partner conference.
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
Why the adoption of SAP is growing among SMEs
Small and medium scale enterprises are emerging as lucrative end users for SAP.
Exclusive: How the separation of Amazon and AWS could affect the cloud market
"Amazon Web Services is one of the rare companies that can be a market leader but remain ruthlessly innovative and agile."
HPE extends cloud-based AI tool InfoSight to servers
HPE asserts it is a big deal as the system can drive down operating costs, plug disruptive performance gaps, and free up time to allow IT staff to innovate.
Digital Realty opens new AU data centre – and announces another one
On the day that Digital Realty cut the ribbon for its new Sydney data centre, it revealed that it will soon begin developing another one.
A roadmap to AI project success
Five keys preparation tasks, and eight implementation elements to keep in mind when developing and implementing an AI service.
The future of privacy: What comes after VPNs?
"75% of VPN users said they are seeking a better solution for cloud networks."