© The Financial Times Ltd 2015 FT and 'Financial Times' are trademarks of The Financial Times Ltd.
November 25, 2013 7:18 am
The head of a leading security software provider has warned that intellectual property theft is a greater cyber security threat than cyber war and malicious attacks from rogue hackers.
Steve Bennett, chief executive of Symantec, said even western companies were using cyber attacks to steal intellectual property, with potentially dangerous consequences for the global economy if innovation cannot be protected.
Mr Bennett, who advises President Barack Obama on cyber security, said companies and governments need to step up and share more information about attackers because they are losing a war against “black hat” hackers. Nasdaq-listed Symantec sells security software and services including the Norton antivirus programme.
“What I’m most concerned about for the world is the economic threat if intellectual property is transferred from IP creators to countries with lower costs,” he said. “It will have a big negative impact on global economic growth.”
The number of companies suffering external cyber attacks designed to steal commercial secrets doubled in the year 2012-13 compared with the previous financial year, according to Kroll, the investigations agency. Information theft is the second most common form of fraud after the physical theft of assets.
Hackers entering corporate networks to steal intellectual property from product plans to source code is the “biggest enterprise risk” for companies that create IP, however small they are, Mr Bennet said. Symantec said attacks on small business had risen 50 per cent year on year.
Mr Bennett, who was appointed to the US national security telecommunications advisory committee in the summer, criticised the US government and the security industry for dragging their feet on reform and resisting working together. The US government is working on the National Institute of Standards and Technology framework, a set of guidelines for critical infrastructure owners and operators after an executive order from the president.
“While we’re making best efforts that aren’t producing results, the bad guys are getting more sophisticated and the consequences of breaches are going up,” he said, adding even his own company had been too focused on meeting quarterly earnings targets rather than securing the internet before he took over last year.
An elite battalion of largely twenty-something experts are on the front line of corporate cyber defence. They track down the hactivists and the nations that steal billions from businesses
Governments, still reeling from the fallout of the revelations about National Security Agency surveillance, are asking the “wrong question” and confusing privacy with cyber security, he said. The focus should be ensuring information is secure before you can create privacy policies.
Adobe suffered the most high-profile theft of its intellectual property earlier this year, when the company behind Photoshop and the widely used Acrobat document reader said hackers had stolen the source code which forms the basis of its software. Armed with the code, like the plans to a house, cyber attackers can map vulnerabilities which could help them to access computers running the programs all over the world.
But many cyber attacks go unreported, with companies taking pains to keep them secret for fear of lawsuits. Companies keep their own database of attacks but cannot learn from what others are experiencing.
Even attacks that are reported have a relatively minor impact on share prices in nine out of 10 incidents, according to Freshfields Bruckhaus Deringer. Regulators are pushing for cyber security to become a greater corporate priority, but in only a quarter of cases did a company’s shares fall by more than 1 per cent after a cyber attack was reported.
Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.
Sign up for email briefings to stay up to date on topics you are interested in