A Kaspersky study of IT managers across 27 countries found that 21% of manufacturers were hit by intellectual property theft in a single year. Another study found that software piracy alone cost American manufacturers 42,220 jobs and $239.9 billion in revenue during a 10 year period. There’s been a lot of ink spilled, money spent and laws drafted trying to confront the problem, yet it’s as bad as ever.
Infrastructure Attacks Take Attention Away From IP Security
Part of the problem may be priorities. Intense coverage of Industrial Control System (ICS) attacks may be overshadowing the need for better intellectual property security in manufacturing. Since the 2010 Stuxnet virus that targeted and destroyed Iranian nuclear centrifuges, manufacturers have been acutely aware of the damage attackers can do, and many have prioritized physical security over manufacturing data security.
And the threats have gotten even more serious since then. In a 2016 report, The Industrial Control System Cyber Security Response Team (ICS-CERT) — an organization within the U.S. Department of Homeland Security dedicated to coordinating industry and government cyber security for critical infrastructure — saw a dramatic increase in reported attacks against critical infrastructure, from 232 in the 2014 calendar year to 303 in 2015. Many of these attacks were the result of ICSs that were connected directly to the Internet without sufficient controls, allowing hackers to infiltrate the control systems.
In 2016, there’s been even greater cause for concern, with the growing threat of poorly secured IoT devices. There were massive distributed denial of service attacks, exploiting vulnerabilities in common connected devices like routers, printers and IP cameras. Although manufacturers haven’t generally been the targets, these attacks show just how vulnerable the IoT is, which should worry manufacturers both as producers of these devices and potential future targets.
Intellectual Property Security Is Every Bit as Important
Attacks that could weaponize your devices and destroy your machinery make good stories, because they’re terrifying, but most hackers are still in the game to make money by stealing your stuff. While manufacturers need to carefully protect themselves against attacks targeting connected devices, they also need to prioritize data loss protection and other techniques to safeguard intellectual property security.
In a manufacturing podcast released with the Verizon 2016 Data Breach Investigation Report (DBIR) Bryan Sartin, Executive Director of Verizon Global Security Services calls denial of service attacks and cyber espionage “unquestionably the greatest threats” to manufacturing. Sartin emphasizes that cyber spies exploiting web applications are currently causing the most damage. The spies are after “anybody who has trade secrets
intellectual property in large quantities.” And when they do attack OT, it’s often through the same vectors they use to steal data.
Intellectual Property Security Needs to Focus On the Data Itself
Endpoint security is important in manufacturing, but it’s insufficient to secure business data or IP. Your company has a huge amount of valuable IP and operational data, which travels between multiple organizations. From brainstorming, testing and developing new products to monitoring production and refining business processes, data passes through a huge network of designers, engineers, business efficiency experts, auditors and others who have access to sensitive data, giving hackers ample opportunities to intercept it.
Data-centric encryption tools like Virtru provide a way to safeguard intellectual property security by protecting IP across its entire journey. Data is encrypted before it leaves your computer and is only decrypted when the recipient actually reads it. If a hacker intercepts the data while it’s traveling across the open Internet, they’ll have no way to read it, since they will have no access to the decryption key.
Virtru protects files, emails and attachments using the sender and recipient’s existing email accounts, which makes it more convenient than traditional solutions like secure portals. It installs in less than a minute, and can send messages securely to nearly any recipient — even if they haven’t installed Virtru themselves.
This convenience also improves intellectual property security — particularly in manufacturing, where short tech cycles require rapid communication and flexible logistics. Even if you switch suppliers or outsource part of the process to a new consultant, you can communicate safely, using the Virtru Secure Reader. That means you’ll never have to choose between risking sending an unencrypted email and waiting for your partner to install, configure and learn your portal.
Intellectual Property Security Shouldn’t End When You Hit “Send”
Encrypting data keeps it safe along its journey, but by itself, it doesn’t prevent it from being compromised by a user. If you accidentally type in the wrong address, or your recipient forwards sensitive documents to the wrong party, it can cause substantial damage to your organization.
Short product life cycles and inadequate legal protection and enforcement in manufacturing exacerbate the dangers of both hackers and insider threats. A trusted partner can leak plans, or a rival can hack an employee’s computer with impunity. Even seemingly innocuous data like an inventory list can give a competitor valuable insight into your production process or R&D efforts.
Manufacturers can greatly reduce these intellectual property security risks by using technologies that allow them to track and control where their data goes. Virtru provides read receipts, which show the sender if the recipient has opened the email, who they have forwarded it too, and if those forwarded messages were opened. Virtru Pro users can also recall an email with a click, preventing the recipient from opening the email or file in the future.
Virtru provides granular control beyond revoking emails. Users can disable forwarding to prevent the sender from sharing an email, or set a message to expire automatically, reducing the window during which it’s vulnerable to a potential attack.
Virtru Pro PDF Watermark is particularly useful for intellectual property security, because it makes it holds recipients accountable for improperly sharing data. Protected PDFs are displayed in the Virtru Secure Reader, allowing recipients to read them but preventing local downloading. This means a recipient can’t continue to read a local copy of the file once access is rescinded.
Additionally, PDF watermarking tags the PDF with the recipient’s email address, allowing you to hold leakers responsible. PDF watermarking also limits recipients to one round of forwarding by default, and can be used with Disable Forwarding to disallow any resharing.
You Need an Enforceable Intellectual Property Protection Strategy
Ultimately, hackers always take the easiest way in they can find. More often than not, that involves exploiting human error. Users let hackers in by clicking suspicious links, setting poor passwords, and failing to use common sense to enforce intellectual property security.
Preventing these vulnerabilities requires a combination of sound policies and good business data protection technology to supervise and correct human behavior. For example, your organization should use password administration programs to set minimum strength, and require multi-factor authentication to prevent hackers from gaining access with breached passwords.
These intellectual property security rules must be enforced with a data loss prevention program. Virtru DLP monitors employee emails, triggers rules to stop IP breaches, and alerts administrators to noncompliant behavior. For example, you can prevent users from sending attachments outside of a list of whitelisted recipients, automatically encrypt messages with sensitive data such as CAD files, warn users when a message violates rules, and even BCC managers on certain emails.
Your IP Is Your Most Valuable Commodity
Virtru allows manufacturers to protect intellectual property security not just within your own landscape, but anywhere your data goes. This allows your organization to move beyond worrying about the next attack, allowing your business to focus on growth instead of security.
Contact us to learn how Virtru is already giving manufacturers intellectual property security.