Archives for cybersecurity

It’s Time to Take action Against IP Theft

Recently, Tesla CEO Elon Musk was forced to admit that his company was the victim of sabotage by one of its own employees. That employee, frustrated over recently being passed up for promotion, applied damaging code to the company’s manufacturing system and shared large amounts of sensitive data with third parties.

Given the company’s desperate need to make progress following a string of negative announcements, the timing couldn’t have been worse.

Tesla’s situation, though perhaps one of the highest profile cases, is not new or unheard of. Companies quietly monitor their workflows and processes for any signs of IP theft or sabotage by disgruntled or even misinformed employees. Very often, it’s simply a case of those employees taking the work product that they created, believing that they have ownership. In other cases, an employee may copy large contact lists hoping to maintain and divert relationships to a new employer.

Whatever the theft, and whatever the motivation behind it, this particular crime is common and can cause a company not only financial loss, but the potential for serious reputation damage and even litigation.

Roughly 50 percent of employees will take work product when they leave a company, and close to 40 percent will attempt to leverage that work product on behalf of their new employer.

But what can we do about it?

Most companies leverage commonplace strategies, such as blocking employees from using online storage sites such as Dropbox, or disabling USB ports so that files cannot be moved to USB storage devices. The fact is that these methods are only a minor stumbling block for an employee intent on taking work product.

In the past, to determine whether information was stolen, companies needed to do forensics work, costing a lot of money, time, and resources.  It is hard to measure an ROI for a process like this because you cannot assess the value of an event that may have been prevented, and you cannot assume the result before you commit the resources.  Many companies struggle to see the value in building processes that protect their IP in the face of committing resources to R&D, service line launches, shareholder rewards, or employee benefits.

Understanding this challenge and leveraging its forensics expertise, RVM created a tool – Tracer – to analyze computers and identify activities that might be affiliated with potential IP theft. It is designed to look for user behaviors (online and offline) that may indicate an employee’s ill intentions. The tool can sweep through the user’s actions looking for files and actions and can draw attention to troubling patterns to guide an employer’s decisions.

But, technology alone may not be enough to overcome the problem.  Leveraging experts that can properly assess the problem and collaborate with a company to right-size the solution is a powerful next step.  The best way for companies to protect their IP is to ask the hard questions regarding its value and be prepared to take action.

Tesla is a strong company with a stable revenue stream, and will likely weather this storm. Other companies may not be so fortunate.

Learning from Equifax: Preparing for a Cybersecurity Breach

by Danielle McGregor

 

data server bankOn March 1, Equifax announced that its 2017 data breach affecting over 140 million Americans had actually affected over 2 million MORE than previously reported. The initial breach took place on July 29, 2017, but wasn’t made known to the public until September 7, over a month later. For a month, information such as driver’s license numbers, birth dates, and social security numbers were exposed without their knowledge, and as a result Equifax and its reputation were excoriated.

Unfortunately, data breaches like this are not uncommon, and, in fact, might be becoming a norm rather than an exception. We need to ask ourselves what have we done to prepare for a data breach and do I have access to technologies that will allow me to respond quickly and efficiently?

Earlier this month, The Sedona Conference released an Incident Response Guide that addressed this scenario. Their guidance was for every company to have an Incident Response Plan in place for handling data breaches. This plan should be broad enough to cover any scenario, but provide key actionable details so that should the unthinkable happen in the middle of the night, everyone knows who to call first. The first step in the plan is to identify what format of data the organization has (e.g., digital, or paper) and where it is located.

RVM recommends that any protocol include three basic steps to minimize the risk to the public as well as mitigate any potential public relations fallout.

Step 1 – Determine the nature of the breach and fix it! This is easier said than done. The company’s IT department or technology experts have to determine what vulnerabilities may have given outsiders access to their information and plug the hole. This is important from a business perspective, but also very helpful when assuring the public that the problem will not be repeated in the future.

Step 2 – Engage a Data Forensic Team that can isolate the affected systems and collect the images of the breached data for your review and analysis. This will help to determine the extent of the damage of the breach by identifying affected parties, data sources, and the sensitivity of the information that was stolen.

Step 3 – Consult with legal counsel to determine what the law states in regards to a duty to notify and who should be notified. Determining what type of information was accessed will provide guidance for who outside of the governmental entities will need to be notified. While transparency may open you up to scrutiny, it will also help to establish a level of trust with the authorities and the general public.

Most states require that notice be given “without unreasonable delay.” For example, New York State requires that consumer notice be given in the “most expedient time possible and without unreasonable delay.” (N.Y. Gen. Bus. Law § 899-AA, N.Y. State Tech. Law 208) However, some states have a specific date limitation. Vermont requires that consumer notice be made “in the most expedient time possible and without unreasonable delay, but no later than 45 days after discovery.” (9 V.S.A. § 2435)

With so much on the line, time is of the essence, so it is critical to identify the affected information/data as quickly as possible. This is where analytics comes into play.

Doing simple linear review in these cases can take a lot of time, especially if the amount of data breached is large. Leveraging a large variety of processes, analytics can help narrow down the data or help to identify what is in the data.

After a data breach, analytics can help a company determine whether personally identifiable information (PII) was exposed and identify the documents in which this information is held. This is possible through the use of fact first, the idea of prioritizing what is known. What types of sensitive information could be accessed? What information is the most damaging?

RVM’s analytics team typically starts by identifying standard PII, which includes social security numbers, bank card numbers, etc. With the use of technology and our analytics experience, we can quickly identify documents that contain social security information and isolate those documents for review. After the breached data is identified, the next step is to determine whether it contained trade secrets or privileged information. When you know what you are looking for, analytics can help shorten the time spent on the search.

A large-scale data breach can be a scary event for any organization, no matter the size. However, by adequately preparing for this likelihood and applying sound analytics, it is possible to mitigate the damages and maintain a positive relationship with stakeholders. In particular, companies with large volumes of sensitive data may do well to work with an advisor capable of developing a plan and implementing it.

While no company wishes to go through this ordeal, the important thing is to take the proper steps to minimize the likelihood of it happening again.