Cyber espionage — gaining access to confidential information without a company’s permission or knowledge — affects all businesses and industries, but tech companies have unique concerns in combating this threat.
While traditional methods of espionage have established norms (i.e., the “lines in the sand” that nation states agree not to cross), those norms have not been defined for cyberspace. Not just large defense contractors should be concerned with the theft of intellectual property; rather, any tech company poised to disrupt the industry also faces the significant threat of cyber espionage.
It is not unusual for nation-state investors to fund companies based on stolen proprietary information — a recent example of this is the 2016 indictment of five GlaxoSmithKline (GSK) employees who allegedly used stolen trade secrets to attract nation-state investors.
As a tech firm, your business model embraces the Internet by virtue of operating in cyber space. An ecosystem of technologies — including the cloud, APIs, and mobile — deepens connectivity to customers, suppliers, and third-party business partners.
With the cyber realm becoming a critical part of national security, how do you secure a technology-enabled network that supports disruptive innovation without becoming vulnerable to cyber espionage and the havoc caused by stolen intellectual property?
Having the appropriate systems, processes, and resources in place to help protect your environment must be integral to a tech company’s business strategy.
This requires a strategic view of how to intersperse information and security into the DNA of your environment so you can create implicit trust. Doing so can turn cyber security into a differentiator for a competitive advantage.
The focus on information security and cyber protection starts at the top. Senior management would set the tone to establish this as a priority.
What are some top cyber security considerations for executional excellence to support growth and achieve a competitive advantage?
- Risk Management. Make information and cyber security part of your overall risk, cost, and revenue model. Are you solving customer problems in a secure fashion? There’s increased customer scrutiny around this, so be ready for these discussions.
- Resiliency. If your solution is exposed to the Internet, what type of resiliency do you have? What happens if the Internet is unavailable? These risks should factor into your delivery strategy.
- People. Do you have the right people in place who not only understand your company’s processes but also your customers? It’s vital to know where you have in-house expertise and when to bring in external experts to bolster your efforts.
Evolving threat, ever-constant attention
Amid rapid technology advancements and the many protection tools available, choosing how to focus and invest becomes a daunting challenge. It’s mission-critical to ensure effective security practices are in place.
- Assume. Today’s advanced attackers may be posing as insiders. Your company not only must assume constant danger but also that it might already be compromised.
- Monitor. Dealing with malicious insiders requires continual monitoring and detection capabilities to thwart the outflow of information from your company. This includes identifying that a cybercrime is taking place.
- Test. Perfect practice makes perfect. Every company should plan ahead for how to deal with an event across all network participants and their interdependencies. It’s imperative to test your plans regardless of whether an actual incident has occurred.
Integral to your business strategy
Cyber espionage and the theft of research or intellectual property could be strategically and financially harmful for disruptive innovators.
Tech companies are aware of the urgency of protecting the intellectual capital that drives their market leadership and growth. Cyber security should be integral to any R&D devoted to developing solutions and enhancing the customer experience.
It’s difficult to decouple a tech company from security in today’s evolving threat landscape. The term “tech company” should almost be synonymous with cyber security.