Over the last several weeks we have been engaged more and more for insider threat engagements. These engagements are a priority in the tech industry because of the risk of loss of proprietary processes and other legal considerations in patent law, ITAR restrictions and other areas of concern.
With more technology the risk of being targeted increase exponentially as new developments are realized in the tech industry.
It is estimated that 20 billion in US dollars are lost annually as a direct result of corporate espionage and grave harm is done with Government information leaks and violations of security regulations around classified data.
Jigsaw Security can help secure and detect theft of information utilizing our Jigsaw Mitigation approach. Below are a few examples of cases we have been involved in and how the espionage was detected.
Theft of Proprietary Hardware
While working for a State organization we were working with proprietary hardware devices. From day 1 of the program there was concern that the hardware would be stolen because it was not patented. To ensure that we could track any hardware in the clinical trial period we decided to program a beacon. A beacon is a piece of software that will call home and provide information such as GPS location, network connection information or other data that could used to locate the device.
At the time, late 2010, a common network intrusion detection system (Snort) was in use at the organization. We setup a snort rule to alert us if a beacon every occurred from outside the network. Within 2 weeks we received our first hit in the Snort console indicating that someone had removed the hardware from the State approved network and had connected the device elsewhere. Upon researching, we discovered that an employee had taken the device and sold it to a third party.
A legal case was then initiated the a successful recovery and prosecution of the individual commenced.
Theft of Proprietary Information
In another recent case, threat intelligence data that was only available to us started showing up in a competitors threat feeds. In order to find out how this was occurring we started publishing our threat intelligence with specific tagging that we could detect when it left our network. Within minutes of tagging the threat intelligence, a customer was detected downloading the information. Within an hour our competitor had the information. Only this single customer downloaded the data in the hour it was made available. We had our leaker very quickly.
In order to prevent this we have customized this users data to prevent against loss of proprietary information. Now this customer only receives our level 2 feed instead of the main level 1 data which protects them but they no longer are authorized to receive TLP:RED data.
Risk vs Cost
It is always costly to provide insider threat training, technology and exercises to out those stealing our intellectual property. Companies spend years perfecting methods and technology to become successful and profitable. If these ideas are then stolen by competitors or restricted countries, competition will cause future loss of profit that could have been avoided.
With shorter patent lifespans, it also means companies lose out on their development of technologies as patented items can be used more quickly than in the past by those other than the companies that have developed the technology. In effect patents are not as good these days because in some cases it may take more than the lifespan of a patented idea to become fully developed. Understand that companies must protect their own processes that make the patent valuable.
Companies interested in patent technology will monitor filing and send in others to learn the processes that make the patented idea valuable. It's rare that companies will file for patent infringement even though it does occur. To protect processes companies are better suited to protect their own policies, processes and procedures than to use the legal system to protect proprietary information. The cost of protecting a patent or filing a infringement suit, is in many cases more than costly and time consuming than coming up with alternate methods of protecting the information in the first place. The loss of revenue and competition however are more hurtful to the businesses that developed the technology and in some cases cause companies to go out of business, even large and well established ones.
About Jigsaw Security
Jigsaw Security operates under the Jigsaw Threat Mitigation Model (sm) which allows us to provide protective services to corporations that are worried about loss of proprietary data loss. Our security specialist are very successful in tracking, uncovering and removing those attempting to commit corporate or Government espionage activities.