Data is the building block of the modern business. It is essential for daily operations and ongoing commercial operations, but more importantly, data is often what distinguishes companies in our modern digital economy. Data is so vital that its loss can destroy your business. Sadly, many have seen their company’s value erode when these building blocks are stolen. To some, this erosion is like the wind and rain that slowly converts solid rock into dust, but for others, it is like removing blocks from a Jenga tower, which collapses after losing several pieces.
According to the Microsoft Office Modern Workplace episode, “Information protection: Guarding your digital assets,” 80% of business value exists in a company’s proprietary information, trade secrets, and intellectual property. This percentage continues to rise with our increasing reliance and use of data in providing services or creating products. Hence, the cybersecurity solutions implemented today will have longstanding benefits to the organization. However, companies cannot solve the problem with a one-time investment. Protecting information requires continual vigilance and improvement.
To better understand this threat, let us consider who commits data theft, its impact, and some technical and societal challenges.
Data theft threats come from both inside and outside the organization. Inside threats may include employees coerced or complicit in stealing company information as well as compromised or malicious third-parties such as contractors, partners, or customers. Outside threats include competitors, foreign governments, or hacktivists.
Individuals may take data to bring to a competitor when they leave the company, or they may steal data to sell on the dark web. Some employees are coerced by blackmail or romantic charms to send data to an unauthorized party. Outsiders steal the information for their own gain. They may sell the information to others, use it to further their business or government interests, or use it to undermine companies or countries.
The motivations of these individuals and groups differ, but each results in the loss of valuable company information. The Commission on the Theft of American Intellectual Property estimates that IP theft alone costs US businesses an estimated 225 to 600 billion dollars per year. These losses take the form of lost sales through counterfeit goods, pirated software, or use of trade secrets as well as blackmail demands for non-disclosure of information.
Technical and societal challenges
Changes in the technology landscape and differing views on data ownership, privacy, and responsibility create particular challenges in protecting valuable data. Modern organizational data flows can be quite complex with data traversing across multiple cloud platforms, microservices, corporate datacenters, containers, and mobile devices. Techniques such as encryption, data loss prevention (DLP), digital rights management (DRM), and hardened systems and API architectures can help to manage these data flows securely. However, these technologies must be correctly designed and paired with governance and training to be effective.
In addition to technology, societal changes create challenges for securing data. Some employees have an incorrect concept of data ownership. Work product, data created in the course of performing your job duties, is company property, yet there is a growing misconception that this information is the property of its creator. This fallacy has led some employees to keep company data and use it for their own purposes or for competitors when they leave a company.
Privacy is also a struggle. Different generations have contrasting views on privacy with older generations generally more concerned about protecting privacy and younger generations more willing to sacrifice privacy for utility. For example, some might think it perfectly legitimate to discuss conversations they had with coworkers, customers, or patients on social media while others might disclose sensitive information for prizes or software use.
Privacy also differs in across the globe. The European Union’s General Data Protection Regulation (GDPR) establishes much more stringent rules on data privacy than the rest of the world. This comes out of fundamental differences in the European view on privacy. Companies need to recognize these differences and then establish both policy and training initiatives to ensure that company, employee, and customer data is sufficiently protected.
Wrapping it up
Data loss is a serious concern for companies and one that only increases with our reliance upon data to conduct business. Threats come from every direction, from employees to nation-states, and the challenge is real with complex technology and differing viewpoints on data ownership and privacy to deal with. Companies need solid direction and planning to solve the problem of data theft. Watch “Information protection: Guarding your digital assets” with Evan Anderson, CEO of INVNT/IP, Curt Dukes, Executive Vice President for the Center for Internet Security and former Director at The National Security Agency, and Andrew Ubel, General Counsel at CyberWorks, on the next Microsoft Office Modern Workplace to better understand how to protect your data.