Corporate Security and Corporate Espionage

TheĀ article from the Wall Street Journal highlights the dangers companies face regarding intellectual property theft.

Editors Note: A California company alleged that an Internet-filtering program being pushed by the Chinese government contains stolen portions of the companys software…

Mr. Milburn said Solid Oak received an anonymous email Friday stating that Green Dam may contain parts of his companys code. He said engineers at the 15-person software maker, which is based in Santa Barbara, Calif., spent the morning comparing the two programs. Similarities they found include a list of CyberSitter serial numbers and an update that makes the software compatible with an old version of CyberSitter, he said.

“I am 99.99% certain that, if not the entire program, at least a good proportion of it is stolen CyberSitter code,” says Mr. Milburn.

I think that this particular illustrates how important safeguarding intellectual property is as companies shift work to the country of China. While each company needs to weigh the overall cost benefit of outsourcing to China and other countries, companies need to fully understand that the laws in China simply do not provide the same protections provided by US Law.

Editors Note: Some lawyers said that because the software will only be sold in China, Solid Oak faces an uphill legal battle, even if it targets U.S. companies.

“Its not a violation of U.S. copyright law if the computers are only sold in China”, said Jonathan Zittrain, a professor at Harvard University Law School. “The question would have to be resolved in a Chinese court under Chinese law.”

Read this as “tough luck”! So in addition to the greater number of threats in China, companies must also know that their legal options for recourse are limited if their threats are exploited while doing business in China.

Corporate Espionage

This hit the news recently. Hilton hired two senior executives from Starwood Hotels. Starwood is now suing Hilton along with the two executives for allegedly using stolen Starwood information to develop a new luxury hotel chain. The executives are accused of stealing more than 100,000 electronic and paper documents containing sensitive information.

I have dealt with very similar circumstances in my work, and it is very challenging.First, it is difficult to define what is personal property or company property. While most companies tend to take a stance of “Anything and everything is ours, take nothing with you,” many employees considered to be “generally” honest dont believe this meets muster in terms of common sense. A recent study at the Ponemon Institute indicated that 59% of employees leaving companies take confidential information. Personally, I think this is a low percentage. Second, it is difficult to detect electronic and physical theft of property, especially if the theft occurs far in advance of an employees departure.

The best strategy for a company to diminish this type of risk is in the context of a comprehensive website information security strategy. Unfortunately, many companies fall into the trap of wanting a quick return and will look to implement quick fixes. As result, you see the emergence of the DLP (Data Loss Prevention) market as the latest wave in quick fixes. If a consulting firm or security professional is forced into having to or needing to execute the short-term play, there are ways to wrap longer-term information security strategy into a near term DLP implementation. In essence, it is simply pointing at the need for DLP as a symptom of a broader need for an information security strategy, and then incrementally incorporating elements of the long-term strategy as a part of the tactical game plan.

Site Footer