Intellectual property (IP) represents one of the enterprise’s most valuable assets – an asset that is becoming increasingly vulnerable to compromise, thanks to the rapid escalation of digitalisation, says Jan van Vliet, VP EMEA at Digital Guardian.
With today’s hackers becoming increasingly sophisticated and more determined than ever, it has been projected that cybercrime will cost the world US$6 trillion annually by 2021.
For any enterprise confronting the harsh realities of a landscape where a cyberattack occurs every 39 seconds, taking steps to secure IP has become a mission-critical task.
Here are five ‘must have’ IP protection best practices that organisations should deploy in order to make it harder for attackers to access and abscond with digital IP.
1.Access control policies and procedures
Uncontrolled or poorly controlled access to data and business systems can lead to organisations finding themselves exposed to the activities of threat actors who are intent on accessing IP. Instituting a regular and comprehensive access review of all applicable systems represents an imperative first step for identifying potential access risks.
To implement a robust access control policy, organisations will need to determine what access restrictions to apply and undertake ongoing reviews of access levels. To ensure networks and data stay protected, the policy should also outline the controls that are to be utilised for both direct and remote access to computer systems.
2. Event logging
Event logging provides the visibility that is critical for understanding exactly what is happening in a company’s environment. Organisations will need to log and retain comprehensive records of events. Ideally, these records should include details of when these events occurred and where, the source of the event, the outcome, and the identity of any individuals or subjects that are associated with the event.
3. Monitoring and reporting
Utilising data analytics, security teams will be able to monitor these logs to identify any trends or transactions that are outside of norms or expectations. This will include pinpointing any unusual activities on the perimeter of the network to identify and prevent unauthorised access by external threat actors.
It will also provide insights on non-normal activities that occur on internal systems which could, for instance, indicate where an unauthorised employee is attempting to view confidential company data, or a disgruntled employee is potentially creating a back door to key data.
Any unauthorised use should be reported to the appropriate parties, and enforcement actions should start immediately.
4. User awareness and training
Information security awareness training that ensures users are made aware of the ways in which they might unintentionally expose IP is of extreme importance for both changing behaviours and bringing people up to speed with the organisation’s IT security procedures and policies.
To empower the workforce, and boost the security posture of the organisation, these education sessions should help people to understand the key principles of cyber security, recognise the primary attack vectors, and know exactly what actions to take – including how to report a potential threat.
5. Security by design
It is always much more expensive to retrofit security tools, so risk should always be considered at the design stage of any project to ensure that security capabilities are proactively included whenever new applications, programmes and infrastructures are implemented. Yet, according to a recent EY Global Information Security Survey, 65% of businesses admit they only considered cybersecurity after the fact – and it was already too late.
As organisations push ahead with new digital initiatives – such as AI and IoT initiatives – in a bid to modernise their systems and operations, it will be increasingly vital that appropriate data governance, identity and access management protocols are considered from the outset to protect the integrity of systems.
Final thoughts on preventing IP theft
Ultimately, securing digital IP is not a ‘one and done’ activity. Monitoring information security best practices, performing risk reviews and scaling security policies and controls will need to be continuously undertaken by any organisation that wants to keep ahead of emerging threats.
As part of this process, implementing a continuous improvement culture that prioritises periodic security evaluations will enable organisations to not only prevent IP theft. It will also help organisations ensure they continue to comply with the evolving requirements of international standards like HIPAA, GDPR and NIST.
The author is Jan van Vliet, VP EMEA at Digital Guardian.
About the author
The author is Jan van Vliet, VP EMEA at Digital Guardian. Jan is a seasoned senior executive with a proven track record of success in both emerging and mature markets. He is responsible for expanding Digital Guardian’s business and market share throughout EMEA, driving strategy and overseeing operations in both regions. Previously, Jan served as Vice President for EMEA Emerging Markets in the Intel Security Group. He was responsible for Strategy, business development, sales and operations in Russia, the CIS, the Middle East, Turkey, Israel and Africa, a region that encompasses 85 countries.
Jan successfully delivered continuous growth in market share and double-digit revenue growth every year. He tripled the Middle East Business in 5 years’ time and became market leader in Corporate IT Security. Jan joined McAfee in late 2007 from the acquisition of SafeBoot B.V., where he served as vice president for EMEA endpoint encryption sales. Earlier in his career, Jan was a managing board member at a Dutch IT consulting company and played a key role in its successful IPO in 1999.
Follow us and Comment on Twitter @TheEE_io