Intellectual Property: mitigating threats through loss prevention
Intellectual property (IP) can often be described as the heartbeat of an organisation; in fact, in many cases it can be the business’s most valuable assets. How can organisations keep these sensitive materials safe?
Intellectual Property (IP) materials such as copyrights, patents, and trade secrets can often be business critical, with a company’s very existence hinging on the success of its trademark or the IP of a best-selling product.
And just like its physical company counterparts, such as machinery, laptops or hard drives, IP is just as vulnerable to loss or even theft, which is why it’s important for organisations to ensure the security of these intangible assets. So, what potential threats do organisations need to look out for when ensuring the safety of their intellectual property?
Recognising the threat profiles
When it comes to protecting company intellectual property, it’s important that organisations can identify their vulnerabilities and potential threats. This is due to the nature of intellectual property loss as it can easily be stolen or accidentally be leaked by the IP owner(s), and ‘taken’ opportunistically.
So, for example, if an individual happens to misplace a new business plan or a new product design on public transport – there is a realistic chance that this could fall into the hands of someone else that may use this material and benefit from this either commercially or personally. Conversely, that doesn’t mean that IP is only made available through the accidental leaking of sensitive materials. There is also a very real risk of it being purposely stolen through cyber-hacking or physical theft.
These threats include:
- Whistle-blowers – whilst these individuals reveal insider information on activity that is deemed illegal, unethical, or immoral, the concept of leaking information for good reasons can often be misused by individuals leaking the wrong type of information for self-serving acts of revenge to discredit their existing or former employers
- Insider threats – involves an individual within an organisation that has access to valuable company information, either officially or on an unauthorised basis, and is seeking to steal these company assets for personal or competitive gains
- Corporate or state-level espionage – this is the most nefarious and sophisticated of all the threats to IP. It typically involves individuals from outside the organisation using highly technical spyware solutions and capabilities to support the theft of assets for external organisations.
Given the various motives and methodologies for committing IP theft, as well as the risk of accidental leaks, businesses must prioritise preventative actions to protect organisations against these risks.
Staying vigilant – the importance of an effective IP loss prevention strategy
Due to the highly valuable nature of IP, its theft or accidental loss should be an integral part of every company’s risk management and wider business strategy. Practices such as identifying, monitoring, and treating risks, alongside implementing robust incident management controls, and establishing a culture of security vigilance can be pivotal in IP loss prevention.
Additionally, organisations should also be implementing measures such as strict company IT security policies, and stronger access controls such as two-factor authentication and zero-trust practices to combat the issue of accidental leakage of company assets.
An effective strategy can help organisations to identify specifically which important information needs to be protected or is at the highest risk of potential theft, the type of protection needed and to what level.
Initial risk assessments are designed to figure out existing threats and whether these are from competitors or insiders; however, in isolation; they’re not adept at telling how effective an organisation’s current strategies are in relation to these threats. This is where a subsequent review is needed to further evaluate existing security strategies, procedures, and practices from a security intelligence perspective.
The outcome of these reviews will then help establish a set of practical recommendations that prioritise areas for improvement. These include (although are not limited to) the following:
- Wireless intrusion detection systems (WIDS) that continuously monitor for foreign devices entering networks and flagging any unusual connections
- In-Place monitoring system (IPMS) that can instantly detect and intercept any suspect radio frequency (RF) signals from outsiders
- Technical surveillance counter measures (TSCM) programs designed to deliver counter-espionage best practices and strategies
- Shielded environments designed to physically secure an organisational environment from the effects of electromagnetic interference (EMI)
- A stringent education and training programme designed to promote greater awareness of the variety of threat actors.
Security threats are an ever-present threat to IP and whilst many organisations may feel that they have considered every eventuality and type of threat for the risk of IP loss, there is always more to be done. It is paramount for organisations to have a good baseline of security vigilance in addition to having an effective security policy.
This includes cybersecurity, physical security and adequate protection against IP theft to allow a fighting chance to proactively identify bad actors and minimise risks from the offset.
Joey Hills
Head of Intelligence
Security and Business Services
