Improve Your Ability to Detect Cyber-Attacks
Final in a Series from Former DuPont CISO on Trade Secret Protection for Manufacturers
Protecting your manufacturing trade secrets is a journey not a destination. It requires a holistic approach beyond purely information technology controls, which are still necessary but insufficient without user education and awareness.
Improve your organization’s threat detection by taking these four actions:
Make your systems more intelligent to match threat intelligence.
To match your improved knowledge and understanding, make your IT systems more intelligent as well. Security information and event management (SIEM) solutions provide real-time analysis of activity logs and high risk alerts generated on the network. Start by pointing these intelligent systems at your highest value assets or highly privileged users such as plant operations or R&D labs.
Improve IP egress controls as your capabilities mature.
Evolve your organizational mentality from keeping the bad guys out to keeping the crown jewels from leaving. Data access and egress controls on your information flows can also benefit from greater intelligence. Your enterprise may want to control outbound Internet access to unsecured sites, restrict use of outbound protocols (e.g. FTP, SSH, Telnet), limit public sharing and email services for unencrypted data, or provide virtual server access where data can’t be downloaded. Intelligent monitoring of web and email content can flag and block prohibited activity before your IP is gone.
Constantly improve your IP protection based on what you learn.
Protecting your critical IP is an ongoing process of detection and response that’s continuously measured and improved over time. Even the most seasoned IT professional has more to learn, as the tools and techniques of cyber attackers are constantly evolving. Ongoing threat intelligence will help you understand the current indicators of compromise and stay a step ahead of the bad guys.
No manufacturer is an island - collaborate on common goals.
We must collaborate to protect our common interests against those who would do us harm. Consider forming a small information sharing group with other trusted security professionals in your industry. Learn to benchmark your organization’s approach against IP protection leaders with a more mature program.
The best IP Protection programs are based on solid governance, risk and compliance principles. They have the active support and participation of senior leadership. In summary, follow this checklist to establish a truly holistic IP Protection Program:
□ Establish clear policies and procedures.
□ Assign senior leadership with high level ownership of the program.
□ Create a culture where all are committed to IP protection.
□ Effectively educate everyone on both outsider and insider threats.
□ Monitor, enforce, and report IP security violations.
□ Audit the program's effectiveness annually.
□ Improve the program over time as needed.
You might want to download the complete e-book covering 5 IP protection tips with lots of current industry statistics on the common threats we face.
Read the full series:
- The Threats to Your Trade Secrets are Real
- Why Offshoring Complicates IP Protection
- Calculating the True Cost of IP Theft
- Make the Case for Investment in Ongoing IP Protection
- How to Form an IP Risk Committee
- 7 Elements of a Holistic IP Protection Plan
- Defining Intellectual Property
- Lock up your IP and Control Access to it
- Discover the Weaknesses in Your IP Security
- Improve Your Ability to Detect Cyber-Attacks