• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Brand Quest
• The New Manager
• BL Club
• Smartbuy
• Books

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth
• Events 2007

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

In times like these when you have no job or no more furniture to sell, what do you do? Sell sensitive information from your company, if you are the unscrupulous kind!

The McAfee Unsecured Economies report, conducted with researchers from Purdue University, released in January 2009 has interesting insights on such incidents happening the world over. The study of cyber crime experts and 800 CIOs g lobally reveals that sensitive corporate information is becoming a highly saleable asset for employees and criminals. Kartik Shahani, Regional Director-McAfee Inc, sheds more light.

What exactly is intellectual property? How does its loss affect business?

One of the key findings that emerged from our recently released research report, Unsecured Economies: Protecting Vital Information is that companies lost, on an average, $4.6 million worth of intellectual property in 2008.

Any data or information that is exclusive to an individual or an organisation as a result of its origination from that individual or organisation’s effort can be referred to as their intellectual property. For example, for an individual his intellectual property may be his artistic work or the music he has created, whereas for an organisation it will be business plans, financial information, product innovations, product information, patents and technology, among others. A single breach or loss of vital corporate information such as intellectual property can impact the bottom line, share price and customer confidence virtually overnight. In the current economic downturn, the demand for illicitly gained intellectual property or other sensitive information will only increase as companies look to strip every possible cost for R&D and speed up time to market of goods and services and cyber criminals look to improve their profits.

The report speaks of the emergence of “cyber moles” as a threat to intellectual property. Who are cyber moles? How do they operate?

As part of their focused efforts at stealing intellectual property, cyber criminals have been actively identifying people who can be used to move data or information out from an organisation. They use cyber moles. Cyber moles act as conduits for the cyber criminals within the target organisations to steal intellectual property. The cyber criminals would normally communicate with the cyber mole remotely (different geographic location), which makes it difficult to trace a crime trail back to them, even if the crime is identified.

How can companies keep tabs on them?

There are some best practices that can help enterprises stay on top of data loss. These include:

Locating and classifying sensitive data: Confidential information — such as customer records, trade secrets, product specifications — can be found just about anywhere in most organisations and in databases that reside on central servers, on laptops, in e-mail inboxes, and even on USB drives. Enterprises need to know where their data is.

Taking control of corporate data: Organisations must implement tools that can scan data according to where it lives and what type of data it is. Based on this information, they must set appropriate controls on how the information is used and who is allowed to use it.

Monitoring endpoints: In today’s mobile world, data travels far and wide on laptops that have remote access, USB drives, CD-Roms, and even MP3 players. Agent-based security solutions must be deployed that maintain a constant vigil on desktops, tracking and blocking sensitive data.

Keeping an eye on data flow: Data must be monitored coming from and where it is going in the normal course of daily business with gateway and host solutions. It is critical to find out what information is leaving the network via e-mail, instant messaging, Webmail, and FTP. Gateway tools issue alerts when they detect sensitive data that is about to leave the network and can go a step further by blocking or encrypting it.

Enforcing policies: Staff must be trained and educated on a regular basis on the importance of data leakage prevention through classes and distribution of updated best practices and security policies. Employees who have been given notice must be tracked and thoroughly debriefed at exit interviews before they walk out the door for the last time. And employees must be made aware that there will be disciplinary action for infractions of policy.

Storing critical data in a central location: Work with the IT departments to create a secure repository for confidential information on a central server with airtight, permission-based access. By storing key data in a central location, it is easier to monitor its whereabouts with centralised management solutions that provide detailed reporting and monitoring.

Which countries are perceived as the biggest threats to intellectual property and why? What can these countries do to prevent such crimes?

Survey respondents cited China, Pakistan and Russia as the worst-rated countries when it comes to the protection of digital assets.

Pakistan, China and Russia, in that order, were also perceived to have the worst reputations for pursuing or investigating security incidents.

Respondents cited corruption among law enforcement and the legal systems as well as poor skills among law enforcement as top reasons for the reputation rating.

Where does India stand in this threat landscape? What can India specifically do to prevent such theft?

India has been ranked fourth in terms of perception of threat to sensitive data and intellectual property by respondents in the Unsecured Economies report findings.

India’s reputation as a less-favoured place for storing and/or processing data may be due to the attention-grabbing headlines when they began increasing their outsourcing operations for many countries. These headlines have undoubtedly made many companies nervous.

With such headlines, certainly, cases do exist in which companies have opted not to do business in India: a Canadian mobile weighing machine company refused a request from an Indian company to manufacture and market the product in India primarily because of intellectual property concerns. India has the legal regulations in place to counter intellectual property-related crimes. However, we need to work hard at strengthening the law enforcement mechanism for cyber crime and intellectual property-related crimes.

paromita.pain@gmail.com

More Stories on : Interview | Security | Human Resources

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Copyright © 2009, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line