Breach calling: Data thieves turn to IP for financial motive

Billy Austin

The latest trend for data thieves is to bypass perimeter protection by using automated attack code to support their financial motives.

Most businesses survive on trade secrets and the intellectual property (IP) they develop. In one recent example, documents containing baseball player trade information were compromised, exposing possible transactions. As a result, the theft of one sensitive document has the potential to destroy the morale of players, employees and fans, not to mention the embarrassment, brand and competitive bargaining.

"I wonder if that affected anyone's batting average?"

Today, it is more than credit card and social security data at risk; it is intellectual property and trade secrets. Smart devices, home workers and laptops on and off the network are prime targets. While data protection is on the top of many executives' priority list, we have been releasing a series of dashboard widgets, exposing the type of data at risk in conjunction with the liability exposure in dollars.

For organizations accepting or transmitting payment card data, one idea for your next Security Ops Review or Board meeting - include statistics for both unprotected data at rest and the liability exposure in dollars. 

PaymentData.jpg

The type of data to be discovered varies from one organization to another. We've developed the Data Breach Prevention Lifecycle to help organizations build repeatable process around dealing with unprotected data and security threats to prevent data breaches. For the purpose of this blog consider the first two phases of the lifecycle:

1. Know what you don't know by discovering unencrypted PII, cardholder, trade secrets and intellectual property on all endpoints.

2. Detect security threats on devices where unencrypted sensitive data is discovered.

While these two phases are important, they're overshadowed by one that's even more critical to those preventing data breaches: How can we leverage these to include Combined Intelligence to prioritize and streamline our efforts? That's the question we will dive deeper in the next post, expanding upon the stages of the data breach lifecycle.

Here are some pointers to begin both your preparation and pilot for preventing a data breach:

  • Goal - Preventing a Data Breach
  • Devices and departments assessed - For your pilot, we recommend a mix from mobility and computing from various departments
  • Data assessed - start by selecting a data type to discover, e.g. Credit Cards, Trade Secrets, Intellectual Property

As employees continue the adoption of cloud file sharing technologies along with BYOD and mobility, the risk and impact of breaches is destined to grow. The time for investing in data breach prevention is imminent. It’s time to say goodbye to data theft and begin watching your security and compliance initiatives improve along the way.