InfoLab21

Recent Data Breach statistics highlight the vulnerability of Intellectual Property to misuse or theft.

• 92% of large companies and 83% of smaller companies surveyed suffered a data security incident in 2009 (Insurance Age magazine Jan 2012)
• 62% of the large companies surveyed were infected by a virus and 61% had detected a significant attempt to break into their network (Source: PWC UK information Securities Breaches Survey 2010)
• 95% of breaches were caused by either hackers, rogue employees or the loss or theft of equipment (source: NetDiligence Cyber Liability & Data Breach Insurance Claims - June 2011)
• In the UK the average cost of a data breach is £1.9m and the average cost per customer record is £71 (Source: Ponemon/Symantic 2010 Annual Study:UK cost of a data breach)

Ken Garner of Blackburn based Styskin's Solutions Ltd discusses why IP theft is now the main threat from cyber criminals.

Ken Garner is the Director of Business Development for Blackburn based Styskins' Solutions Limited. Ken has an extensive background in the software sector. He has held various international sales and marketing positions, including European Sales and Marketing Manager for the LanDesk division of Intel, and similar EMEA marketing roles at Progress Software Inc. Accent Software International Inc, The Scansoft division of Xerox Inc, and Nuance Software Inc. Ken joined Styskins' Solutions in 2009. Styskins was founded by 2 Cambridge graduates to commercialise their ideas for "frictionless encryption".

Access to up-to-date information delivers competitive advantage for all organisations.

Technology makes information readily accessible and available to share, within the enterprise, with clients and suppliers and throughout the extended domestic and international supply chain.

Sharing information increases productivity, but at the same time sharing sensitive company or personal data raises issues about accidental data loss or the misuse of sensitive confidential data by third parties.

Never been more vulnerable

So access to data has never been more valuable, but, that very same data has never been more vulnerable.

This vulnerability is caused by rapid changes in the number and range of threats, the inability of SMEs to sustainably defend themselves and the cost (time, skills and money) of deploying consistently usable security.

Organised cyber criminals are re-focussing their efforts, often using techniques derived from internet grooming, onto businesses, particularly SMEs, to obtain information that could put an entire company, if not an entire supply chain in jeopardy.

"The clever guys are going after more high-value intellectual property, sometimes stolen to order. They are not simply looking for credit cards, but information they can sell for a higher price, use for blackmail or monetize." (Source: Ovum)

Recession induced lay offs also places data at risk. Remaining, often overstretched staff, begin making mistakes with data, putting company reputations on the line.

A world where everyone, everything, everywhere is connected

Because we live in a world where everyone, everything, everywhere is connected, data has to flow to wherever it is needed; an organisation's actual perimeter is no longer its physical or legal boundary.

The security focus is moving away from hardware on the network edge and onto the data user with the spotlight firmly on verifiable encryption as the only workable solution.

The reason cyber criminals target SMEs is that small businesses do not have the same high-level security of their enterprise counterparts.

However, SMEs are under exactly the same regulatory and contractually imposed data security pressure as their corporate partners.

But their needs are different. SMEs need an incremental, tactical, level of protection with greater choice and flexibility to protect the information that drives their businesses.

Although the majority of small or mid-sized businesses have some form of data protection solution in place, these solutions are often time-consuming to operate or are inconsistently used.

This causes "workflow friction" and time pressed employees find work-arounds which compromises security.

Limited Resources

In addition SMEs are often faced with problems like lack of staff time, limited in-house skills and expertise, and restricted budgets.

Encryption addresses three main business issues.

It reduces the risk of data loss, helps companies comply with legal and professional regulatory requirements and encryption builds supply chain trust by demonstrating a company's commitment to data security.

Most companies will already have data security policies in place ranging from:

• Acceptable Use Policies
• Information Protection Policies
• HR Policies and Employment Contracts

Many will also have contractually imposed Information and IP protection safeguards imposed by upstream suppliers and downstream customers.

Employee Security Breaches

However a significant number of information security breaches come about as a result of employees' failure to comply with existing, well documented, security practices and policies. Many organisations have tried to sustainably modify user behavior towards data security and encryption.

Almost all have found it difficult. Research has shown that most of these data security breaches are caused by security mechanisms which are either technically complex or have become an impediment to the user completing their work in a timely fashion.

This is known as "workflow friction"

Research has shown that even technically competent users such as systems administrators and software developers often struggle to keep up with the ever increasing complexity and administrative workload created by Governance Regulation and Compliance, Data Loss Prevention and security and encryption processes.

The Goal

The goal, particularly for SMEs, has to be to provide "practical security" e.g.

• the right level of security
• for the right reasons
• at the right cost
• at the right time.

Using encryption tools which non technical end users:

• Can operate correctly with little or no training.
• Which have minimal impact on existing network infrastructure and working practices
• Which work within irregular, unstructured relationships where the data owner and the data user probably have unrelated IT systems.

SMEs need easy-to-learn-and-use security solutions which deliver the security options they need, when they need it, for only as long as they need it at a price they can afford and without disrupting established work practices or impacting on current network architecture.

Want to find out more? Come to our Intellectual Property Value Creation event

We would welcome comments on your experiences with data security solutions, particularly encryption, below or you can meet Ken and other experts at our IP Value Creation event - registration details from the link below.

Lancaster University cannot be held responsible for any activity by its Association Members. We display information from InfoLab21 Associate Companies on our site and we are not responsible for the content or privacy polices of InfoLab21 Associate Companies' sites, nor for the way in which information about them is treated.

Tue 17 January 2012

Associated Links

• Intellectual Property - Value Creation - Was held on 14th February at Lancaster House Hotel. This event has ended.