wp-hero-compliance-manufacturing

Protecting and Securing Manufacturing Intellectual Property

Introduction

The theft of intellectual property is likely at the top of your list of concerns. The manufacturing industry generally shares your concern – intellectual property theft is considered the #1 cyber threat facing manufacturers today, as well as being the top data protection concern . With 90% of data breaches in the manufacturing industry involving intellectual property1, the focus on intellectual property is justified.

A material 39% of manufacturing organizations experienced a breach in the last 12 months 2 with 38% of organizations affected incurring losses of more than $1 million. While breaches aren’t necessarily related to intellectual property, 35% of executives stating they believe intellectual property theft was the primary motive for the cyberattacks experienced by their company 2.

So, what’s needed is a means to have complete visibility into every action performed by anyone interacting with intellectual property – every application used, webpage visited, record copied, file saved, print screen generated, and page printed. Only then will the organization truly know whether their intellectual property is secure.

Challenges

Ensuring the security of intellectual property isn’t just a technical battle; it’s as much a responsibility of operations as it is of IT. It takes working together to create policies and procedures, in conjunction with agreed upon technology, to see that users receive appropriate use training, access to intellectual property is correctly granted, and that use and processing of intellectual property is appropriate and can be demonstrated.

Most organizations see a member of IT as the person responsible for protecting intellectual property. But, in many organizations (42%), this responsibility falls to a position within operations 2 demonstrating the need to have both parts of the business working together. Below are the challenges faced by the four most common positions responsible for intellectual property 2:

  • CIO– Needs a proactive approach leveraging people, processes, and technology that ensures the protection of intellectual property from both a security and operations perspective.
  • CISO – Wants a plan to evaluate and manage cyber risks related to intellectual property.
  • Head of R&D – More concerned with creating intellectual property than protecting it, but desires to keep it secure by relying on IT.
  • Head of Manufacturing – Is aware of where intellectual property resides, and how it is used – and, generally, by whom - in the manufacturing process. May be overwhelmed by the task of trying to keep intellectual property secure given the complexity of the people and process involved in manufacturing.

What’s needed is a technology that cost-effectively addresses IT’s need for intellectual property security and Operation’s need to maintain the efficiency of the manufacturing process. It should monitor any activity involving intellectual property, aligning with established policy and processes, providing visibility into how intellectual property is used or misused. In the case of misuse, it should also provide context in determining the scope of a breach.

How Do We Help

Veriato helps manufacturing organizations of all sizes assess risk related to intellectual property, ensure safeguards are in place, demonstrate access is appropriate, and providing context should a breach occur. It does so by recording and providing access to detailed user activity data – both within applications used to access and utilize intellectual property, as well as in any other application – combined with robust screen recording and playback.

All of Veriato’s activity data is searchable, making it easy for key stakeholders, an auditor, security teams, or IT to find suspect actions, with the ability to playback activity to see before, during, and after the activity in question. Reports can be produced in minutes – typically a fraction of the time needed – and don’t require pulling critical resources from other tasks.

Veriato assists with every facet of intellectual property protection, utilizing its detailed visibility into specific user actions related to accessing and processing intellectual property. The following sections breakout how Veriato can assist with ensuring the security of your organization’s intellectual property.

Intellectual Property Management

Inventory, Classify, and Maintain IP and Corresponding Assets

Before you can protect your IP, you need to have an understanding of what is considered IP, where it resides, how it’s used, and who has access to it, whether its distributed and, if so, to whom. This provides critical details to help the organization determine how it should be protected and who should have access to it.

Below are some examples of how Veriato can assist in addressing the managing of IP:

  • Where IP Exists – Veriato can use keyword searches (representing project names, products, etc.) to identify when these IP assets are accessed, which applications are used to interact with it, and where files containing IP reside.
  • Who Accesses IP – Veriato’s powerful reporting can quickly identify all users that interact with IP. Activity detail can also be reviewed to understand how the data is shared (e.g. via email, using cloud-based collaboration, cloud storage, etc.) and to whom.
Intellectual Property Protection

Implement Security and Operational Safeguards

Once you know where your intellectual property is and how it’s being used, the next step is to implement safeguards that fall into two distinct areas - cyber security and operational security. Cyber security falls on IT – preventing external attacks, network intrusions, etc. leveraging technical safeguards. Operational security is generally the responsibility of Manufacturing, R&D, and other operations-focused departments and involves establishing employee and contractor policies and procedures for handling intellectual property. The two also work together to define functional roles within the organization in relation to the ownership of and access to intellectual property. Doing so establishes appropriate risk levels with each role and ensures accountability between both groups setting up safeguards

Below are some examples of how Veriato can assist in addressing the protecting of intellectual property:

  • Review Appropriate Use - Upon establishing roles and access, it’s critical to review use to ensure the definitions are correct and do not allow for improper access. Veriato’s reporting can identify who is accessing specific IP, providing the ability to drill down into activity data, if needed.
  • Analyze User Behavior - Veriato can look for leading indicators of insider threat activity by analyzing shifts in users behavior and communications, alerting security teams to the potential.
  • Delegate Visibility - Those in charge of operational security may desire to review the activity of employees and contractors themselves, rather than waiting or relying on IT. Veriato makes it easy to delegate the ability to review subsets of monitored users, providing complete visibility into the actions of delegated users
  • Monitor for Inappropriate Use - Veriato can alert security teams of abnormal activity – such as copying of data, sending of large emails, use of specific keywords, etc. - based on established thresholds to begin the process of investigating a potential breach.
Incident Response

Manage Intellectual Property Loss Incidents

It’s a statistical probability that your organization will experience an intellectual property data breach. When that happens, it become critical to immediately move into action to minimize the impact of the breach. Understanding what actually transpired brings clarity to determining an appropriate response.

Below are some examples of how Veriato can assist in responding to a breach involving intellectual property:

  • Understand the Context of the Breach Understanding the means by which an intellectual property asset has been compromised is critical, as it will help determine your remediation efforts. Veriato can pinpoint when intellectual property has been accessed and what was done with it. If a user opens a CAD drawing, takes a screenshot, pastes it into a personal webmail account and sends it off, Veriato is there to see it all happen. Detailed video playback provides visibility into what happened before, during, and after the accessing of intellectual property  to help you understand the who, what, and why around the breach.
  • Determine the Scope of Loss Establishing the extent of loss and its severity is key. Was it a single document or all of the organization’s intellectual property? Activity logging, along with playback can provide you with the answers necessary to ascertain the scope of the loss.

Conclusion

Intellectual property in manufacturing is somewhat unique, in that it’s shared with so many entities and individuals around the globe in order to create a product. But, even so, it’s reasonable for a manufacturing company to desire to take appropriate steps to ensure intellectual property remains as secure as is possible. As long as the only access to and use of intellectual property is performed by someone who both has a legitimate need and only uses that information for the purposes of the organization, your intellectual property is safe.

But, because users with access to intellectual property utilize that data every day, it becomes nearly impossible to tell if and when your organization’s may be used inappropriately. Add to that the fact that, while the access to intellectual property may seem appropriate, the cutting and pasting of information into a Word doc saved up on a cloud drive certainly isn’t – which means your organization needs to be monitoring and recording all user activity, regardless of application.

Veriato assists with safeguarding intellectual property by providing those in IT and operational security teams with complete visibility into every action taken by the organization’s users – and without impacting the operational ability of the manufacturing process. Veriato solutions help to analyze risk; test safeguard policies, procedures, and measures; and review user activity – all in an effort to ensure intellectual property remains protected and to assist with the response when intellectual property data is breached.

1 Verizon, Data Breach Investigations Report (2017)
2 Deloitte, Cyber Risk in Advanced Manufacturing Report (2016)