Every organization knows its intellectual property is incredibly valuable — potentially it’s the most valuable data any company has. For manufacturers in the medtech space, it’s often the lifeblood of the company. IP is also one of your most vulnerable assets and can put you at risk from hostile insiders and external attackers.
Breaches come with a high price tag. They cost companies money and time, and can damage reputations for years. Company executives, corporate boards and other stakeholders are waking up to the dangers posed by cybercriminals and demanding action. No company wants to be on the front page of the paper after suffering a public breach or have critical information get into the hands of competitors, domestic or foreign.
It’s critical that the products you build are secure. However, you must turn your attention inward and safeguard your own organization from attackers who will target your most vulnerable data.
The Problem of Too Much Open Data
Companies who research and develop new technology likely have decades worth of valuable digital files — product plans, manufacturing process documentation, scientific research, equipment designs, and other kinds of valuable, sensitive data. Storage is cheap and it’s always easy to add more terabytes in the data center or the cloud. Since you never know when you might need something, data is rarely deleted — meaning that data will always grow over time.
The question every company with valuable data needs to ask is, “Are we sure that all this new data is secure? Are we keeping it private? Would we know if something went wrong?”
Data represents risk, but data that can be accessed by lots of people presents a much greater risk. In the race to develop and bring new products to market, companies tend to make information available to far too many users than necessary, creating security gaps that could undermine your business. In a recent report examining data exposure, we found that 21% of data in most organizations is open to everyone. It’s also common for important data to be scattered across your network on file servers and email, where it may be open to anyone who finds it. In that same report, a surprising 41% of companies had at least 1,000 sensitive files open to all employees.
Internal and External Threats to Your Data
Companies tend to underestimate the dangers posed by insiders. A disgruntled employee, corrupt contractor or even a partner with access to highly sensitive data could copy your IP and sell it. Imagine a competitor or an aspiring start-up company using your product plans to replicate and sell your newest device before yours even hits the market. An insider with enough access could also alter product designs or delete information without a trace if the proper security measures are not taken.
External attackers funded by foreign governments are another threat targeting medical manufacturers. Rather than seeking to sabotage your business, their goal is to steal product designs, source code, information on your manufacturing processes and more with the intention of using that insight to improve their own technology and operations back home. If an attacker steals your proprietary information, your business will suffer. You could miss out on new opportunities or lose revenue to counterfeits.
Another external risk – ransomware – could wipe out years of R&D by encrypting every digital file it can reach. If your HR department opens what looks like a resume from an applicant or if an accounting staffer clicks on a link on a phishing email designed to look like a real invoice, you could be forced to pay a steep price to get your data back. Even if you pay the ransom, you may not ever get your data back.
Threats are everywhere but you can’t fix everything right away. You need to prioritize where you’re at risk. Digital information, especially sensitive data, open to everyone in your company is almost like printing out your product plans and leaving them on a table in your break room. Unfettered access makes it easy for criminals to find and steal what they want.
Here are four signs to watch for that could indicate an attack on your data is underway.
- Suspicious Data Access: It’s a manufacturer’s worst-case scenario -- an employee or contractor leaves the company, taking valuable proprietary information out the door with them. If you monitor access you can catch when something strange happens. For example, when a user starts looking at sensitive data they’ve never seen before or data that has nothing to do with their job function.
- Unusual User Account Activity: How closely do you watch your network for signs of unauthorized access? Attackers will try to escalate their network privileges to get expanded rights and access. Attackers may try to sneak in using logins for expired users, compromised service accounts, or try to brute-force an attack using information they’ve found on social networks or leaked data from the dark web.
- Device Anomalies: A user, admin or executive logging in from a new or a personal device might be a workaround for a broken computer, but it could also be a sign that a cyberattack is underway. The user’s IP address could hold clues as well: If an employee is based in the U.S. but logs in from another country a thousand miles away, it’s time to investigate.
- User Behavior Changes: If an attacker landed on your file server today, would you be able to spot their activity? Cybercriminals will often perform reconnaissance during off hours, including weekends and holidays, thinking their movements won’t be noticed. Investigate when user accounts suddenly change their login habits, as you may have an insider attack on your hands or a user account may have been compromised.
The first step to protecting your information involves understanding the inherent value of your company’s data. Then trust, but verify, your employees’ activities. Keep in mind that external attackers can hijack user accounts of innocent employees. Watch for outsiders who may have landed on your network and clamp down on overexposed data. Importantly, understand that attackers may already be in your environment and be prepared to stop them.