By Jim VanderMey
October 15, 2008
What is a thief? That word instantly conjures up an image of somebody breaking into an office or home, and then stealing something of value. In today’s world, a corporation’s greatest assets are not the physical objects in a factory or office, but rather the information and collective wisdom captured in electronic format and stored in computers. Computers, also known as information technology, have become the latest playground for corporate thieves.
Today I was speaking with one of our new employees. He had firsthand knowledge of a situation where a company was attending a trade show in China, and while their employees were wandering around the booths they found a piece of equipment from a new Chinese competitor. When they looked at the back of the device, they found that the casting actually had their logo imprinted on the equipment. The Chinese company had obtained detailed mold and equipment specifications and replicated it for their own use even down to the original company’s logo.
Thefts of intellectual property are usually not that obvious or blatant. But in the same way you would secure physical assets, IT assets require various degrees of protection. The equivalent of locking your front door would be the physical protection of the computers and laptops, and having secure external firewalls in place on Internet connections. This basic level of protection is necessary to avoid the most obvious break-in attempts.
Computer crime has evolved from the initial recreational forays into today’s sophisticated attacks. The first wave was relatively benign where people known as hackers attempted to access computer systems for fun, for the thrill of the chase or for curiosity. I have to admit that in my younger days (high school around 1980) I was successfully accessing some systems that I had no business getting into. But, it was only for the thrill of the attempt as an intellectual exercise. A second wave of computer crime began when people began to use systems that they infiltrated to achieve a secondary aim - mass emails of spam or denial of service attacks where systems were attacked by computer programs running with a specific purpose in mind. But now, with data being seen as more valuable, true computer criminals are involved as large scale attempts are being made to test a company’s defenses and probe for valuable data.
Intellectual property is at risk. It might be your engineering designs. It could be the credit card data given to you by your customers. Something as innocuous as consumer name and address data with some personal demographics can now be used for large scale identity theft. Organized rings of criminals will purchase data ranging from a few dollars for a thousand names to a larger amount for financial transaction data. Or, it could be the stealing of trade secrets such as engineering data and business processes and plans. These are now being sold or used to start up a new generation of competition. The flash drive that you use to conveniently carry personal files from home and office is now a liability if not encrypted. The need for outside contractors or outsourced manufacturing to access design data can expose your company to a new level of risk. The use of one of the new generations of secure clients may help limit that possibility.
Security risks are constantly changing and your company’s technologies are continually upgraded. When you are protecting your home or office, you don’t say that locking the door once last week is enough to keep you secure. No, you check the lock daily. In the constantly changing world of information security you need to regularly check your locks. When was the last time you checked yours? If you are not sure, I can guarantee that someone is turning the knob to see if they can get in.
Jim VanderMey is Chief Technology Officer for Open Systems Technologies in Grand Rapids. He can be reached at [email protected].