Exposed
According to cybercrime experts, digital IP theft is a growing threat. Although precise numbers are hard to come by, the US Department of Commerce estimates stolen IP costs companies a collective $US250 billion each year. And that number does not include hacked or hijacked information that goes unnoticed or unreported. The economic costs on a nationwide scale are impossible to quantify just yet.
Suspected state-sponsored espionage against the US government has received the most publicity, thanks to the investigation of a series of coordinated attacks on federal computers dubbed "Titan Rain". The 2003 attacks may have been the work of a China-based cyberespionage ring that was trying to steal government information, according to articles published in The Washington Post and Time magazine in 2005. But companies in any industry may be vulnerable. As businesses increasingly collaborate with external partners and expand globally, they're also increasing their exposure to criminals — and possibly foreign governments — who may have more on their minds than scoring some personal details.
"There's a ceiling on how much money can be made by stealing identities," says Scott Borg, director and chief economist of the US Cyber Consequences Unit, an independent non-profit institute set up at the request of the US federal government to examine the economic and strategic consequences of cyberattacks. "You can actually steal the business — its processes, its internal negotiating memos, its merchandising plans, all the information it uses to create value. That's a very large pay-off."
Unfortunately, most IT organizations approach the risk to IP the way they approach all IT security: focusing on the corporate perimeter and developing security tactics and policies from the system level up. Instead, CIOs must take a top-down approach. What's required today is a counterintelligence mind-set that assumes someone, somewhere, wants your data, along with multiple layers of defence to thwart would-be cyberspies and respond when (not if) they get through your defences. "There are wide-ranging attacks against commercial organizations," says Bill Boni, CISO of Motorola. "It's incumbent on organizations — be they governments or commercial enterprises or academic institutions — to understand what their crown jewels are and make sure they are protected commensurate with their value."