Even the most seasoned IT professional has more to learn, as the tools and techniques of cyber attackers are constantly evolving. Become a student of information security. Ongoing threat intelligence will help you understand the current indicators of compromise and stay a step ahead of the bad guys.
Cyber risk information is readily and publicly available from organizations such as CERT, SANS and antivirus vendors. Many have threat and vulnerability feeds to subscribe to. Collaborate with government and public institutions such as the Department of Defense DSIE, DHS Information Sharing, ISACs Council and FBI.
Form a small information sharing group with other trusted manufacturers. Learn to benchmark your organization’s approach against IP protection leaders with a mature program. Eventually, you may become a contributor of intelligence to aid our collective struggle!
The main lesson to learn from your pursuit of IP protection is that the business of IP protection is never finished. Continue to improve your capabilities as your organization matures in its understanding of the threats faced.
To get to the next level, relying on a little outside expertise is often a good thing. Skilled penetration testers are consultants that analyze your prevention, detection and response capabilities by mimicking the tactics of seasoned cyber attackers. These “white hat” hackers will target your system admins with benign phishing, drop “infected” USB drives and perform social engineering with key business users – among other ploys to gain privileged access. Sneaky.
To assess your program’s development, an overall security review by an unbiased third party should be considered. It will evaluate your overall security framework and architecture, outline major business risks and identify gaps in current controls, processes and resources.
Once these weaknesses have been identified, review the results with senior management to gain approval and funding of an improvement project to close the gaps. Prioritize fixes based on level of risk and difficulty to execute. Then wait a while and review the program again.
To summarize, follow this checklist to discover the weaknesses in your IP security:
□ Pursue ongoing threat intelligence to stay ahead of attacks.
□ Collaborate with external groups to share information.
□ Benchmark your performance against IP protection leaders.
□ Consider a security review to identify protection gaps.
□ Hire skilled penetration testers who mimic cyber attackers.
My e-book for download covers more IP protection recommendations based on the practical experience of Digital Guardian’s manufacturing industry customers.
Read the full series:
- The Threats to Your Trade Secrets are Real
- Why Offshoring Complicates IP Protection
- Calculating the True Cost of IP Theft
- Make the Case for Investment in Ongoing IP Protection
- How to Form an IP Risk Committee
- 7 Elements of a Holistic IP Protection Plan
- Defining Intellectual Property
- Lock up your IP and Control Access to it
- Discover the Weaknesses in Your IP Security
- Improve Your Ability to Detect Cyber-Attacks
Dan Geer: The 5 Myths Holding Your Security Program Back
Dan Geer discusses how security teams of all sizes can get past common information security myths to more effective data protection and security.
Related Articles5 Tips to Start Protecting IP and Trade Secrets
When the Justice Department issued indictments to five Chinese military officers on Monday it only reinforced the importance the Obama administration has placed on cyber security.How to Secure Intellectual Property from Loss or Compromise
28 data protection experts weigh in with tips on securing intellectual property in its many forms.You Can’t Protect What You Can’t See
Protecting Data in a Global Manufacturing Environment