(Updated on 11/04/2020)
Let’s start with a story of how China stole an entire airplane.
According to ZDNet, China's efforts to build a plane to compete with the likes of Boeing and Airbus left a trail of hacks across the aviation industry. Through a coordinated approach, “contractors” such as hackers and cybercriminals were hired and tasked with infiltrating target networks at aviation companies of interest. If they couldn’t gather intelligence, Chinese intelligence recruited company insiders, or coerced Chinese employees to aid their hacking efforts using blackmail or threats against their families living at home.
According to the security firm Crowdstrike, the end goal was to acquire the needed intellectual property to manufacture all of the C919's components inside China.
An accusation filed in California on October 25, 2018, charged 10 Chinese individuals with conspiring to steal aerospace trade secrets from 13 western companies, most of them U.S. based. The indictment also revealed that French aerospace manufacturer Safran was infiltrated when employees in its Suzhou, China office inserted malware into the company’s computer network. This malware gave Chinese agents access to Safran’s confidential files. According to U.S. Trade Representative Robert Lighthizer, China’s intellectual property (IP) theft costs the U.S. between $225 billion and $600 billion each year.
What is Intellectual Property?
According to the World Intellectual Property Organization, intellectual property refers to creations of the mind, including inventions, literary or artistic works, designs, and symbols and names used in commerce. Some examples of IP include:
- Patents for inventions, such as Google’s software algorithm or Tesla’s battery
- Trade secrets, such as KFC or Coca-Cola’s recipes
- Copyrights used to protect artistic and literary works such as books or music
- Trademarks, such as those used to distinguish brands’ goods or services
Often trusted insiders – such as employees, third-party contractors, or vendors–attempt intellectual property theft. The impacts of IP theft can be devastating. Trade secrets worth billions of dollars have been lost to foreign countries, competing products have been brought to market by former employees and contractors, and invaluable proprietary and confidential information has been given to competitors. However, many organizations misunderstand the motivations behind intellectual property theft, as well as how to prevent it. Here are five biggest fallacies about insider IP theft.
1. Insiders steal intellectual property to sell it
Very few insiders ever steal IP to sell it. Instead, they steal it for a business advantage either to take with them to a new job, to start their own competing business, or to take it to a foreign government or organization.
For example, a Chinese EV start-up Xpeng, has stolen some of Tesla’s intellectual property, as well as its website design – in attempts to capture potential buyers.
2. IT administrators are the biggest threat
Many people believe that because they hold the “keys to the kingdom,” that IT administrators would be the prime suspect for intellectual property theft. According to the Insider Threat Division of CERT, there is no observable case in their database which shows IT administrators stole IP.
3. High-level security technologies such as SIEMs will identify and prevent IP theft
Technology is not able to recognize human behavior from logs and system events. You cannot infer enough from logs to reveal people’s intentions and motivations.
Did you know that dissatisfaction plays a significant role in many cases of IP theft? Dissatisfaction often results from the denial of an insider request, which in turn decreases the person's desire to contribute and diminishes loyalty. Yet machines are not able to recognize negative emotions as a risk, and businesses regularly miss these red flag behavior warnings. Perhaps most importantly, you cannot detect intellectual property theft until the information is in the act of being stolen. In other words, the window of opportunity can be quite small. That’s why it is essential to pay close attention when you see potential behavioral indicators of heightened risk.
4. IP theft takes a long time and requires sophisticated hacking
Not so! Most IP is stolen during business hours and within one month of resignation, using a variety of methods. Most of these crimes tend to be quick thefts around resignation. But some insiders steal slowly over time, committing their final theft right before departure.
5. IP theft is only conducted by a single person
Intellectual property theft can be initiated by a person that may not have access to the IP. Insiders can be recruited or coerced into providing the IP to third parties. In fact, according to the Insider Threat Division of CERT, around 33% of IP theft cases were conducted to benefit a foreign government or organization.
What can you do to mitigate IP theft?
To prevent your IP from walking out the door, consider the following set of recommendations.
Review employee contracts
- Employees sometimes bring competitive (and possibly stolen) information with them from their previous employers. Be aware that your organization may be liable for the theft. As part of your IP agreement that new employees sign, include a statement attesting to the fact that they have not brought in any IP from any previous employer.
- It is inevitable that many of your employees leave at some point in time. As soon as a person turns their resignation, you need to be prepared to act. Identify the information they are accessing. Identify movement of that information 30 days’ prior to resignation and 30 days’ post-resignation.
- Establish consistent exit procedures that should include access termination procedures. Ask departing employees to sign a new IP agreement reminding them of the contents of their original IP agreement when they give notice. It’s also important to regularly review your termination policies and processes.
Periodically review and adjust your access controls
- Many insiders at the time of stealing information had access above and beyond what their job description required.
Monitor suspicious user activity
- Monitor online and social media actions. These sites allow employees to easily share information about themselves as well as sensitive company information. Establish a social media policy that defines the acceptable use of social media and information that should not be discussed or shared online.
- Monitoring of data movement caused by unusual activities, such as sending large attachments thorugh email, printing sizable documents, and copying or downloading certain information.
- Track all documents copied to removable media.
- Prevent or detect emails to competitors.
- Employ targeted monitoring of users when they give notice of resignation.
Pay attention to physical behavior
- Dissatisfaction, disgruntlement, or an argument with a peer or manager may lead an insider down the path of IP theft.
To learn more about how your organization can protect critical IP and comply with regulations for insider risk protection, visit CommsNet and download their free ebook on the subject.
Subscribe to the Proofpoint Blog