Discover the Weaknesses in Your IP Security



Ninth in a Series from Former DuPont CISO on Trade Secret Protection for Manufacturers

Even the most seasoned IT professional has more to learn, as the tools and techniques of cyber attackers are constantly evolving. Become a student of information security. Ongoing threat intelligence will help you understand the current indicators of compromise and stay a step ahead of the bad guys.

Cyber risk information is readily and publicly available from organizations such as CERT, SANS and antivirus vendors. Many have threat and vulnerability feeds to subscribe to. Collaborate with government and public institutions such as the Department of Defense DSIE, DHS Information Sharing, ISACs Council and FBI.

Form a small information sharing group with other trusted manufacturers. Learn to benchmark your organization’s approach against IP protection leaders with a mature program. Eventually, you may become a contributor of intelligence to aid our collective struggle!

The main lesson to learn from your pursuit of IP protection is that the business of IP protection is never finished. Continue to improve your capabilities as your organization matures in its understanding of the threats faced.

To get to the next level, relying on a little outside expertise is often a good thing. Skilled penetration testers are consultants that analyze your prevention, detection and response capabilities by mimicking the tactics of seasoned cyber attackers. These “white hat” hackers will target your system admins with benign phishing, drop “infected” USB drives and perform social engineering with key business users – among other ploys to gain privileged access. Sneaky.

To assess your program’s development, an overall security review by an unbiased third party should be considered. It will evaluate your overall security framework and architecture, outline major business risks and identify gaps in current controls, processes and resources.

Once these weaknesses have been identified, review the results with senior management to gain approval and funding of an improvement project to close the gaps. Prioritize fixes based on level of risk and difficulty to execute. Then wait a while and review the program again.

To summarize, follow this checklist to discover the weaknesses in your IP security:
□ Pursue ongoing threat intelligence to stay ahead of attacks.
□ Collaborate with external groups to share information.
□ Benchmark your performance against IP protection leaders.
□ Consider a security review to identify protection gaps.
□ Hire skilled penetration testers who mimic cyber attackers.

My e-book for download covers more IP protection recommendations based on the practical experience of Digital Guardian’s manufacturing industry customers.

Read the full series:

  1. The Threats to Your Trade Secrets are Real
  2. Why Offshoring Complicates IP Protection
  3. Calculating the True Cost of IP Theft
  4. Make the Case for Investment in Ongoing IP Protection
  5. How to Form an IP Risk Committee
  6. 7 Elements of a Holistic IP Protection Plan
  7. Defining Intellectual Property
  8. Lock up your IP and Control Access to it
  9. Discover the Weaknesses in Your IP Security
  10. Improve Your Ability to Detect Cyber-Attacks

 

Larry Brock

Dan Geer: The 5 Myths Holding Your Security Program Back

Dan Geer discusses how security teams of all sizes can get past common information security myths to more effective data protection and security.

View Now

Related Articles
7 Elements of a Holistic IP Protection Plan

Sixth in a Series from Former DuPont CISO on Trade Secret Protection for Manufacturers

Drug Development and Intellectual Property Theft

Competitive forces in the pharmaceutical industry have led to increased intellectual property theft. As this trend continues, pharmaceutical companies and manufacturers of all industries must focus on protecting the sensitive data that their competitive advantage is built on.

IBM Employee, Linux Kernel Hacker, Charged with Spying for China

The U.S. Department of Justice filed charges against a 30 year-old IBM employee who absconded with source code IBM uses to manage cloud software.

Larry Brock

Larry Brock (CISM) is the former global CISO at DuPont, a post he held for 11 years. He also served as CIO of DuPont’s Nylon Flooring business unit, as Information Security Officer in the U.S. Air Force and at the National Security Agency (NSA) for four years. Mr. Brock currently consults to companies helping them to improve their IP protection capabilities.

Please post your comments here