IP theft is big business, and carries big rewards. Commercially sensitive information commands a high price – and potential rewards that could incentivise an employee to share company secrets.
There are other motivations, too. In 2018, Elon Musk disclosed that a disgruntled employee had hacked company computers to try to disrupt the manufacturing process, changing code in the Tesla Manufacturing Operating System and using false names to export “large amounts of Telsa highly sensitive information to unknown third parties.”
And some IP leaks may be accidental and a result of human error. Ferrari team principal Maurizio Arrivabene expressed concern in October that sensitive information about Ferrari’s technology (a unique dual battery layout) had leaked into the public domain, after the FIA conducted analysis on Ferrari’s power unit, to make sure it was legal. He stated that he would take any further leaks extremely seriously.
In 2017, hackers threatened to release script information from a cable network, in an attempt to extort money (Bitcoin) from the network.
The 2018 Study on Global Megatrends in Cybersecurity by the Ponemon Institute and Raytheon found that “Cyber warfare and breaches involving high-value information will have the greatest negative impact on organizations over the next three years.” IT security practitioners are more pessimistic about their ability to protect their organizations from cyber threats. The report also found that disruptive technologies – including the use of cloud services – increased the likelihood of a security incident.
There’s a pattern here. Industrial espionage and IP theft is the new frontier of cybercrime. Hackers “have recognized the tremendous value in IP and sensitive information as well as the ease by which it can be acquired illicitly,” according to a report by Willis Towers Watson, a risk management and insurance brokerage firm.
If your employees were involved in IP theft, would you know? Data secreted from the organisation, messages carried on personal devices, sharing sensitive information files externally, documents saved to a personal cloud storage platform – it can be hard to track. Organisations are so focused on external threats, that it can be easy to underestimate the threat within. Minimising these risks in 2019 is a clear priority for technology teams.