Cyber criminals are not trying to steal your IP

By Donal O’Connell

The headlines:

“Valuable intellectual property targeted by cyber attacks”

“Cyber Crime – Intellectual Property Theft”

“IP theft is ‘most damaging’ cyber-crime for UK businesses”

“Intellectual Property Cyber Theft: Get Real”

“Protecting companies intellectual property from cyber crime”

These are just some of the attention grabbing headlines of recent times,

However, I would suggest that these headlines are wrong. Allow me to explain.

Patents:

Patent information is readily available for free. Patent data is readily available on patent applications as well as granted patents at all of the national and regional patent offices, allowing anyone to basically gather information on a company and their patents, such as patents by country, by region, by technology fields plus much more.

Powerful search engines and big data analytics tools are available to make it relatively easy to discover such information.

Detailed reports on the patent activities of companies are often published by the various Patent Offices as well as various patent data service providers. I especially like the annual WIPO IP Facts & Figures reports with its comprehensive data.

The cyber criminals do not need to launch a cyber-attack to find out what patents a company possesses. So relax, the cyber criminals are not trying to steal your patents.

Trademarks:

Trademark information is readily available from the various Trademark Offices as well as various Trademark service providers. Trademark data is readily available on trademark applications as well as registered trademarks by all of the national and regional trademark offices, allowing anyone to basically gather information on a company and their trademarks.

Powerful trademark search engines allow details such as the trademark owner to be identified easily. These search engines all allow searching by keywords, phrases and images.

Detailed reports on the trademark activities of companies are often published by the various Trademark Offices as well as various trademark data service providers.

So relax, the cyber criminals are not trying to steal your trademarks.

Registered designs:

Registered design information is readily available for free. Design data is readily available on design applications as well as registered designs at all of the national and regional intellectual property offices, allowing anyone to basically gather information on a company and their registered designs.

Powerful search engines and big data analytics tools are starting to become available to make it relatively easy to discover such information.

Detailed reports on the registered design activities of companies are often published by the various Intellectual Property Offices as well as some IP data service providers.

The cyber criminals do not need to launch a cyber-attack to find out what registered designs a company possesses. So relax, the cyber criminals are not trying to steal your registered designs.

Copyrighted material:

I fully accept that copyright material is not registered but if published, then it is relatively easy to locate. Google’s search engine is a good place to start.

Others search engines exist that are more research focused, such as ScienceDirect and Google Scholar. Other search locations also exist which provide better filtered results, and “depending on the subject” can be more productive.

The ‘Wayback’ machine should also be considered. The Wayback Machine is a Web site that enables anyone to see what a particular Web site looked like at some time in the past – from 1996 to the present. This enormous archive of the Web’s past requires hundreds of terabytes of storage and contains almost 500 billion Web pages at present.

Also meta data search engines exist that are low cost but let you only enter the terms once, but search a list of sub search tools, and can be more focused. They often hold the results so that you can go back to them as often as you like.

The cyber criminals do not need to launch a cyber-attack to find out what published copyright material a company possesses. So relax, the cyber criminals are not trying to steal your published copyrighted material.

Domain names:

Domain name data is also readily available. Tools such as the ‘whois’ search engine allow the user to enter a domain name and find out the registration information of that domain.

Domain tools offer a service to identify the domain names registered to a company for a fee. Alternatively, you can do a Google search “Registrant: company name”.

So relax, the cyber criminals are not trying to steal your domain names.

Trade secrets:

The cyber criminals are really only interested in one particular form of intellectual property, namely trade secrets.

The cyber criminals are after any trade secrets that can be harvested and monetized. They are not seeking to steal what is on the menu in the company canteen. They do not want to know what colour paint is on the wall of the offices of the CEO. They are not after information which has already been put into the public domain by the company. Rather, these cyber criminals are after the trade secrets of the company, the confidential business information which provides an enterprise with a competitive edge.

The cyber criminals leverage a variety of different approaches and techniques to identify the vulnerabilities in the IT network of the company and then attack.

The cyber criminals may leverage backdoors into the IT network. They may try a denial-of-service attack or even a direct-access attack. They may try eavesdropping, spoofing, and even tampering directly with the IT network of the company. The cyber criminals may use privilege escalation, phishing, clickjacking or social engineering techniques. In some cases, they create a false environment of stealing non-pertinent data, diverting the attention of incident responders only to exfiltrate trade secret data residing elsewhere on the network. Regardless of what, where and how they attack, they are after the trade secrets of the company.

Let’s change the headlines:

I would argue that we should change the headlines to reflect this

“Valuable trade secrets targeted by cyber attacks”

“Cyber Crime – Trade Secret Theft”

“Trade secret theft is ‘most damaging’ cyber-crime for UK businesses”

“Trade Secret Cyber Theft: Get Real”

“Protecting companies trade secrets from cyber crime”

If the cyber criminals are to be stopped from stealing the trade secrets within companies, it requires that the IT folks and the Legal & IP folks work together as both advanced computer and network security as well as proper trade secret asset management are required.

[This post originally appeared at LinkedIn Pulse.]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: