Beware: IP Theft Is Often an Inside Job

A new report released by Verizon Information Technologies that examines incidents of intellectual property (IP) theft at companies in several industries, including the high tech, financial, and manufacturing sectors, offers sobering news to the electronics industry as it seeks to electronically protect its patents -- the very thing that brings value and competitive advantage to a company's business.

DBIR Snapshot: Intellectual Property Theft is a report that examined 85 confirmed data breaches over the last two years resulting in the theft of intellectual property. The findings are based on breaches investigated by Verizon's Research Intelligence Solutions Knowledge (RISK) Team or one of its partner organizations, which include the Australian Federal Police, the Dutch National High Tech Crime Unit, the Irish Reporting and Information Security Service, the Police Central e-Crime Unit, and the United States Secret Service.

The data shows that while most of the breaches originate from external entities that often use malware and hacking methods to steal IP data, even more troubling is that 46 percent of employees are participating in the theft of intellectual property information. The research also shows that efforts to combat system penetration will have to focus on several aspects of data security as adversaries rely on multiple methods of attack to successfully penetrate a company's knowledge assets.

The study outlines several ways that an attack occurs, including:

• An external agent sends a phishing email that successfully lures an executive to open the attachment
• Malware infects the executive's laptop, creating an entry into accessing sensitive data
• An external agent accesses the executive's laptop, viewing email and other valuable data
• A system administrator misconfigures access controls when building a new file server
• An external agent accesses a mapping file server from the executive's laptop and steals intellectual property

Listing the top three methods an attacker uses to carry out IP theft, the research found that 45 percent of data penetration occurred via abuse of system access or privileges, another 34 percent occurred as a result of using stolen login credentials, and 32 percent were the result of pretexting, which is the act of using false information to trap individuals into divulging privileged information that can be used to penetrate data systems.

When managing security in a modern high-tech supply chain, Wade Baker, managing principal for Verizon's RISK team, said the links between supply chain partners such as component suppliers, contract manufacturers, and distributors operating across the globe opens up the electronic manufacturing enterprise to many new security threats.

"If I have three other partners who I depend on to send me information so that I can do what I need to do for my business, and if a supply chain partner sends me information [with a computer virus attached], or if my information is compromised, the impact spreads," said Baker, who is also the principal author of the report.

While the report offers several recommendations to protect IP theft, the report concludes that:

There is no silver bullet that can guarantee protection against IP theft. The diversity, complexity, and ingenuity of tactics preclude a one-size-fits-all solution. As our findings have shown, however, there are several common factors across successful attacks that warrant attention. Insider abuse—whether premeditated or requisitioned through trickery—is a favored method of filching IP. And if an insider won't cooperate, stealing their credentials will work almost as well. Short of that, brute-forcing or using SQL injection against web applications stands a good chance of success.

The report also lists a number of recommendations to protect against IP theft, which include:

• Privileged users: Use pre-employment screening to eliminate the problem before it starts. Don't give users more privileges than they need and use separation of duties. Make sure they have direction (they know policies and expectations) and supervision (to make sure they adhere to them).
• Training and awareness: Increase awareness of social engineering: educate employees about different methods of social engineering and the vectors from which these attacks could arise. In many of our cases, we see users clicking on links they shouldn't and opening attachments received from unidentified persons.
• Stolen credentials: Keeping credential-capturing malware off systems is priority number one. Consider two-factor authentication where appropriate.
• Secure development: Focus on application testing and code review. While SQL injection attacks are the most common, cross-site scripting, authentication bypass, and exploitation of session variables contributed to many of the network-based attacks.

If there's anything that IT security executives at high-tech manufacturing companies can learn from the report's findings, it is that as their extended supply chains rely on networks that manage sensitive company information, they need to continue to develop policies and procedures that will prevent these attacks. Certainly, the time, effort, and resources committed to mitigating IP theft is a worthwhile endeavor.