Verizon recently released its 2013 Data Breach Investigations Report, and the outlook for organizations trying to protect their intellectual property is dire. Cyber-based corporate and industrial espionage has risen so dramatically in the last year that intelligence officials are asking boardrooms across the U.S. to be more vigilant against cyber-criminals who are motivated by financial gain to steal intellectual property and trade secrets. Former U.S. intelligence chief, John “Mike” McConnell stated that “unless urgent action is taken, the U.S. faces a ‘cyber’ equivalent of the World Trade Center attack.”
The Chinese and U.S. economies are so inextricably linked that China naturally is the main culprit for targeted theft of confidential business information and proprietary technologies. However, there are many other state-sponsored and political “hacktivist” groups that are actively stealing corporate digital assets. The proliferation of employee-owned mobile devices in the workplace, along with antiquated network systems, has allowed cyber-criminals to access corporate databases at unprecedented levels. Saudi Arabian oil producer, Aramco, was recently a victim of a massive cyber-attack where 30,000 desktop PCs were wiped in what some can only presume was designed to disrupt oil production. Additionally, JP Morgan Chase, Wells Fargo, and Bank of America were victims of a sustained distributed denial of service (DDoS) attack that appears to have been commenced overseas.
What frustrates investigators most when a breach of corporate data occurs is the lack of internal and external controls within the organization. While readily available technology allows organizations to address security issues, it is often a failure to properly train and educate employees that makes theft of intellectual property so easy for cyber-criminals to obtain. Technology alone will not prevent the theft of intellectual property. Organizations must have a tone at the top mentality when it comes to awareness training and policy creation around cyber-security.