Responding to Challenges
IP crime is traditionally viewed as counterfeiting (false branding) and piracy (illegal copying) but cybercriminals (& some State players) are increasingly coming to recognise the value of confidential data held by businesses, be it sensitive information about the business operation (trade secrets & know-how) or customer information such as passwords and credit card details (made even more topical with the imminent arrival of the EU General Data Protection Regulation 2016).
These attacks on confidential data are happening globally with increasing rapidity and ever more complexity. Zero-day vulnerabilities (where hackers have discovered and exploit a software security breach before a fix is available) are increasing exponentially.
In response IP Wales, an award-winning business support initiative operating out of Welsh Academia, has launched a new Online Initiative 2017-2020, the aim of which is to help SMEs to protect their IP online. For more information on the initiative, see www.ipcybersecurity.com
A Change of Focus
Traditionally the focus has been on protecting governments and large corporations, but what of smaller businesses? Hackers are increasingly targeting SMEs, as they typically represent an easier target. In the Digital Age, data is the prize for the cybercriminal and any data which is of value to your business is a worthwhile target, including:
- Technical & Scientific Data – formulas; software code; know-how details; product information relating to design/composition/performance; manufacturing information relating to raw materials; refining processes; specialised machinery
- Commercial Data – business plan; marketing strategy; contract terms; supplier arrangements; customer profiles/preferences/requirements; sales methods
- Financial Data – customer credit card details; internal cost structure; price lists; salaries
- Negative Data – dead-end research projects; failed manufacturing processes
How the Initiative Works
SMEs are particularly vulnerable to cyberattacks, with many taking little or no precautions against cyber threats in the mistaken belief that they are too small to attract the cybercriminal’s attention, or that they don’t possess any data worth stealing. Examples of cyberattacks on SMEs include:
- Theft of Intellectual Property (IP) from Innovative Businesses (i.e. trade secrets & know-how), the loss of which seriously undermines a company’s attractiveness to both investors and prospective buyers of the business
- Ransoming of Data, where the business is coerced into paying off hackers in order to retrieve or access stolen or frozen data
- Theft of Customer Data, including payment details, which exposes the business to lawsuits, regulatory fines for improper handling of personal data, and reputational damage
This website and guide are dedicated to helping SME Boards of Directors to better understand and better protect their business from the increasing threat of IP cybercrime. They do this in several easy to understand sections:
- The 'Cyber Threats' section gives a high-level overview of the cyberattacks SMEs are particularly vulnerable to, as well as some of the techniques hackers use
- The 'Protect the Business' section offers guidance on the steps your business can take to better protect itself from cyberattacks
- The 'Plan for the Worst' section provides a checklist of actions your business should undertake in the event of a successful cyberattack, and guidance on how to minimise the damage done.