Intellectual property breaches plague 32 percent of surveyed companies

Reconnex announced the findings of a new a survey focusing on the importance of protecting Intellectual Property (IP). The research, conducted by the Enterprise Strategy Group and summarized in the brief titled “Intellectual Property Rules,” found that one-third of the enterprises surveyed acknowledged loss of sensitive data in the last 12 months, while another 11 percent were unsure whether a breach occurred.

IP protection, which goes beyond just securing private records, has become such a priority that 90 percent of companies queried plan to deploy new technologies to secure their IP in the next 12 months.  The epicenter of risk continues to be insiders who either act with malicious intent or are negligent.  

“Intellectual Property Rules,” which is based on a survey of personnel at enterprises that have from 1,000 to more than 20,000 employees worldwide, reveals some key findings:

      — One-third of organizations surveyed acknowledged data losses in the last 12 months.  

— 58 percent believe the biggest threat to their data is from the inside out, from malicious or negligent insiders.

 — One-third of companies’ sensitive data and IP exists in application databases where it can be centrally secured and managed. An additional 28 percent resides in file system. This is contrary to past reports that indicated e-mail is the number one source of confidential data.  

— About 70 percent of organizations review their data protection policies on a quarterly or monthly basis.  

Data Leak Prevention: Bigger Than Just Private Data

Over the last year, high-profile data breaches have highlighted the loss of Personally Identifiable Information (PII) such as credit card numbers, social security numbers, and personal health information.  But PII is just the tip of the iceberg for most companies when it comes to the full scope of their information assets. The survey found that the most common forms of IP, which require protection beyond PII, range from financial information, contracts and agreements, source code, and competitive intelligence to design specifications, internal research data, trade secrets, and more.

 Insider Threat Is Real yet Largely Unaddressed

The biggest threat to companies’ data is overwhelmingly internal, due either to malicious or negligent insiders or to faulty controls and oversight (80 percent).  While physical loss of laptops and USB devices-and the data they contain-remains a concern, this actually represents only a portion of total risk.  Indeed, many organizations believe that IP is likely to leak via traffic on the network such as email or the Web.  Ironically, there are still some organizations that do not inspect such obvious and well-documented leak points as Webmail and IM communications.   

Effective Data Protection Strategy Requires Comprehensive, AdaptiveApproach

IP assets are a challenge to protect because they are dynamic; companies continually add to and evolve their IP and other sensitive data during the course of doing business. The ‘set-and-forget’ policies often used for monitoring PII and finding fixed-format data such as credit card numbers are ineffective for protecting the broader moving target of IP.  As a result, according to the survey, about 70 percent of companies manually review their IP protection policies on a quarterly or monthly basis.

The ability to automate the detection of sensitive data in files, emails, databases, and shared servers is the first step to reducing the constant reviews of IP protection policies.  And since manual IP review is expensive, time consuming, and error prone, automated IP discovery will save money, free IT staff to perform other tasks, and be more accurate.  Many organizations surveyed feel that an automated IP protection solution must address both data at rest (resident in user directories or servers), as well as data in motion (as it traverses the network).  ESG believes that such a combined solution can help enterprises protect their PII effectively as well.  When all IP can be automatically discovered, organizations can more effectively apply all their access policies.