In a digital era where intangible assets often hold more value than tangible ones, intellectual property theft (also known as IP theft) emerges as a significant challenge. Virtual assets like product designs, source code, and other trade secrets play a vital role in the economic success of a business, and cloud services and the internet have led to a surge in IP theft. The damages from IP theft are substantial, with the estimated costs being billions of dollars – emphasizing the need to safeguard these assets.
This guide defines intellectual property theft, how it may occur, and best practices business should follow to prevent it from happening.
What is intellectual property theft?
Intellectual property theft, or IP theft, is the appropriation of unique ideas, inventions, or other information by parties without permission to borrow or reuse it.
With the world moving into a knowledge-worker-based economy, companies derive less and less value from widgets and more from the processes, ideas, and innovations they create — their IP.
IP doesn’t live in static databases. It’s what your marketing teams create daily, what your product designers are mapping, and what your engineers are building. It lives on endpoints and in various cloud applications and may include source code, go-to-market plans, customer lists, and CAD drawings.
Is IP theft a crime?
Intellectual property theft is a serious crime. Most cases fall under federal jurisdiction, making them federal crimes. Companies that catch IP theft can take legal action, leading to penalties like fines, imprisonment, license suspension, and more.
The history of IP theft
IP theft traces back a few centuries when the Copyright Act of 1709 laid the groundwork for patents and copyrights. While Thomas Edison may not have been the first to invent the phonograph, but he secured the patent before Charles Cros – which made all the difference in defining history. IP theft has transitioned from stealing manufacturing processes during the industrial revolution to modern-day cybersecurity risks, showcasing the fluid nature of intellectual property theft.
Types of intellectual property theft
Whichever way IP theft occurs, the damage to your company will likely be the same. That’s why businesses must understand the types of information employees and others could expose through IP breaches, then take steps to protect it.
There are four primary types of IP:
Copyrighted material
Copyrighted material encases the creative expressions and innovations that differentiate your brand from the competitive market. These can include anything from written documents, such as reports and marketing materials, to source code and multimedia content.
Unauthorized use of copyrighted material, like sharing confidential reports online without permission, can lead to theft of intellectual property. Protection of copyright material is crucial as it not only secures a company’s inventions and creations, but also preserves its economic value and competitive edge.
Copyright protection starts the moment a work is created and does not require registration. It exists as soon as the work is fixed in a tangible form, whether directly or with the help of a machine or device.
Trademarks
Trademarks are symbols that represent your brand. They could be visual, such as a logo or seal, but they could also be written expressions or sayings associated with your business. This data certainly isn’t confidential, but it’s almost impossible to isolate.
Say you’ve got a contractor with access to your OneDrive Corporate Brand folder — a folder that also includes brand strategies and draft press releases announcing a divestiture. You don’t really care what that contractor does with the brand elements, but if they copy that whole folder to their personal drive, they introduce significant risk exposure. Not even Microsoft can see that type of data movement today.
It’s not the trademarked articles themselves but how your company shares them that could expose your organization to data exfiltration.
Patents
A patent is a form of IP that grants a business the exclusive right to monetize an idea or product. Typically, acquiring a patent requires a company to disclose information about how the concept works, and other businesses can’t use that information as long as the patent remains in effect.
Research shows that patents can account for up to 80% of total revenue. Protecting products from intellectual property theft before patenting is crucial to safeguard a business’s expected earnings. This was evident in Merck’s $2.5 billion lawsuit against Gilead for patent infringement.
Trade secrets
A trade secret is any type of information generally not known to the public and can potentially create economic value for the business that has access to it.
If one of your remote software engineers takes a branch of code, commits it locally, and then pushes that to their personal Git repository instead of to the corporate hosting tool – they’ve suddenly exposed trade secrets.
Trade secrets are often the most challenging IP to protect because they’re the work your employees create, change, move, and share daily — they’re the lifeblood of how work gets done. Trade secrets are hard to lock down and catastrophic when exposed.
What is the cost of IP theft?
The cost of intellectual property theft is mammoth and multifaceted, and it impacts not just the bottom line of your business, but also long-term competitiveness and innovation. According to the Commission on the Theft of American Intellectual Property, IP theft costs the U.S. economy more than $225 billion in counterfeit goods, pirated software, and theft of trade secrets annually, with some estimates soaring as high as $600 billion — a testament to the enormity of the issue.
While these figures underscore the significant loss in revenue, the damage doesn’t end there – the ripple effects include job loss, decrease in incentives for innovation, loss of competitive advantage, and tarnishing brand reputation.
Common IP theft scenarios
While stealing private data like a patent through data exfiltration may be the first example of IP theft that comes to mind, there are numerous ways it can occur.
Here’s a closer look at the four most common IP theft scenarios:
Insiders
IP theft from insiders happens when employees take sensitive information without authorization, whether intentional or not. When employees depart your organization for their next job, there is a 1 in 3 chance they take IP with them. The fear of unemployment or the desire to secure a competitive advantage in their next role may lead some individuals to misappropriate intellectual property, underlining the critical need for data protection measures within companies.
Human error
One behavior that leads to IP theft is the insecure use of cloud services or applications due to human error. If an employee uploads data to a cloud service and exposes it by making it publicly viewable, it becomes available to anyone with an internet connection.
Additionally, the intermixing of company applications and storage services with personal devices and services is a common vector for IP theft, as personal devices are black holes for most security and IP tracking systems.
Access exploitation
Unlike when employees inadvertently expose IP to theft, some may deliberately steal data.
Corporate spies — i.e., employees who use espionage techniques for commercial or financial purposes — or workers stealing data for their own use may seek out sensitive information from file shares hosted by corporate servers. Similarly, disgruntled employees who have put in their notice to quit might intentionally leak private business data to competitors to take revenge on their soon-to-be former employer.
Hackers
Malicious actors outside an organization, like hackers, don’t typically steal IP, but it happens occasionally. They use phishing or other social engineering attacks to steal regulated data like Personally Identification Information (PII) and credit card details that they can monetize by impersonating individuals.
7 best practices for intellectual property theft prevention
Preventing IP theft can be challenging, especially when you don’t want to slow down how employees accomplish legitimate work. You can achieve both imperatives successfully by watching for untrusted movement and stopping the activity before damage happens.
Here are seven best practices your company can implement to prevent IP from falling into unauthorized hands – all while empowering employees to work in the most efficient ways possible.
1. Create acceptable use policies
The first method of reducing IP theft is to create policies that clearly define how, where, when, and by whom information owned by your business can be shared. Then, promote the guidelines internally, making them highly visible to your employees, contractors, and other stakeholders who may have access to sensitive data.
2. Maintain transparency with employees and contractors
Be clear about which types of information you collect about workers, how you gather it, and how your company shares it with third parties.
Transparency creates a culture of trust. When security and employees see themselves as partners in safety, they let the security team know when they see something wrong happening or when they make a mistake.
3. Monitor all of your data and its movement
Instead of deciding which types of data qualify as IP, it’s easier and more efficient to treat all data as potential IP and monitor its movement accordingly. Inadvertent data exposure occurs up to 34 times per user every day, so protecting all data as if it’s IP helps minimize the risk of accidentally moving sensitive information and creating a situation for IP theft.
4. Flag your most at-risk IP
To protect yourself from IP theft, identify which types of IP are at risk. Determine where trademarks, patents, trade secrets, and other susceptible data exist within your business and how much potential exposure to theft that data faces.
Not sure where to start when identifying your most critical IP? With the right solution, you might not even need to go through this exercise. Discover why Code42 automatically detects what types of IP are at-risk on day 1 of using the product.
5. Stop breaches before they happen
The average cost of a data breach is 4.35 million dollars, so an ounce of IP theft prevention is worth many pounds of cure. When you stop exfiltrations before they happen, you can save your company considerable sums in legal costs, reputational harm to the brand, loss of competitive advantages, and beyond.
6. Educate employees to drive secure work habits
An alarming 96% of U.S. security leaders and practitioners believe their company needs to improve data security training. To make education effective, offer interactive programs rather than long videos or training methods that employees will write off as a yearly “checklist item.”
7. Use the right tools
Deploying the right tools is critical to identifying at-risk IP and monitoring risky data movement. In addition, having software that provides real-time alerts upon risk detection is crucial in addressing threats before they become active breaches.
Prevent IP theft without disrupting employee productivity
The problem of IP theft isn’t going away. With the changing ways that employees work and how markets increasingly value businesses based on their IP instead of physical assets, it’s only growing in scope and impact.
That’s why protecting IP should be a key consideration for every organization. And while tackling IP theft may seem daunting due to the volume of the data at stake, the ever-changing nature of data and the difficulty of identifying risks in real-time, IP theft prevention is possible with the right tools.
Code42 Incydr™ gives you the visibility, context and controls you need to stop valuable data from going to places you don’t trust without slowing down your business. Incydr prevents data leak and theft from employees to reduce your organization’s IP theft. We analyze your risk exposure and show you activities requiring security intervention, so you can confidently respond before damage occurs.
Get full visibility into IP theft with Code42 Incydr
76% of companies have experienced IP loss. Stop your crown jewels from being stolen.