Is cyber-security the IP of the 21st century?
In the changing online world, new measures must be put in place to protect intangible assets, says Margee Abrams.
In valuing intangible assets one often includes assets such as people, their relationships and the knowledge generated as a result of their interactions. The protection of such knowledge often falls under the category of intellectual property (IP). IP enables businesses to treat these goods as physical objects, protecting owners' rights. However, data governance – the organisational focus that helps to ensure confidence around data and how it is defined, is becoming gradually more important to businesses. The same discipline that companies use to protect innovation, should be applied across these programmes today.
In essence, companies need to redefine the scope of what they considers IP and define policies for within their organization and supply chain to achieve this. Updating cyber-security measures and educating customers about protecting their expanding intellectual properties is an essential step to succeed in this.
Tools such as software, business websites, social media channels and/or business delivery trackers can ensure a safe, effective customer experience while also helping to effectively run a business. To ensure these tools deliver, each of them requires vigilant 24/7 protection infrastructure in place.
When eBay's customer data was compromised last year, it illustrated the detrimental effects on a business without adequate cyber-security. Specifically, the theft of user contact details including usernames, passwords and phone numbers impacted over one hundred million users.
eBay suffered a loss of $41 million (£27 million), compared to the profit of $2.85 million (£1.9 million) a year before the incident (2013). The eBay compromise (as well as the widely publicised financial industry breaches during 2012), exemplifies the cost of inadequate protection of businesses intangible assets.
One of the lessons businesses can learn from this incident is that servers are as valuable and vulnerable to threats as any other intangible asset traditionally recognised and protected under intellectual property rights. The need for immediate protection as soon as a company's server comes online is as pronounced as the need for IP protection when an idea or invention is introduced to the market.
Even for the protection of new ideas and inventions, IP and legal action are not enough. An example of this is in countries that are notorious for officially-sanctioned hacking. One of the biggest causes of concern in this respect is the online piracy and rising theft of trade secrets and rules aimed at fostering the local technology industry at the expense of foreign suppliers.
China remains on a priority watch list for lax rules on copyright, trade sanctions and other IP rights violations, as stated in an annual review of trading partners published by the US Trade Representative in March.
The internet is arguably the most powerful globalisation enabler, which makes it difficult to manage from a legal standpoint. Relying on laws alone is an insufficient measure of protection, especially as legal rules and sanctions differ from country to country. We have to accept that cyber-criminals will attempt to steal from enterprises that offer something they want. As such, a stronger safety net is needed – a form of cyber protection to help mitigate the damage caused by hackers internally within businesses.
To do this, companies need to plan for how to cope with a targeted attack, understanding the scope of potential damages that can be caused as a result. To help raise the cost of an attack by cybercriminals, deterrents such as strong encryption, distributed data source and compartmentalisation of customer data are a necessity. Businesses must also ensure measures and systems are in place to detect these attacks as soon as possible and act immediately. Finally, rehearsing planned responses to attacks can help businesses to train and ensure that the reputation of the company is well protected in the event of an attack.
Intangible assets such as databases, websites and all other server-based devices and programs are a crucial part of everyone's business but cannot be protected in the same way as other intangible assets. IP – designed to protect some intangible assets – is becoming a less effective tool for achieving the aims it was originally designed for.
As we evolve into a world of globalisation, where everything and everyone is connected and accessible through the internet, new measures must be put in place to adapt to this new approach to protecting intangible assets.
Contributed by Margee Abrams, director, security services product marketing, Neustar, Inc.