Presentation on theme: "Successfully Protecting Your IP Assets A Cyber Perspective E.J. Hilbert October 8, 2013."— Presentation transcript:
Successfully Protecting Your IP Assets A Cyber Perspective E.J. Hilbert October 8, 2013
About the Speaker Managing Director Kroll Advisory Solutions- Head of Cyber Investigations for EMEA President of Online Intelligence- A cyber security and investigative firm specializing in social media and online advertising schemes, scams and crimes. Director of Security Enforcement for MySpace – Responsible for addressing all security concerns related to MySpace, its systems and its users. FBI Special Agent- Specialized in White Collar Crime, Cyber Crime and Counter-Terrorism. Notable cases are Treason charges against Adam Gadahn aka Azzam Al Amriki, FBI.gov intrusion, Carderplanet takedown/Cardkeeper, Samantha Runnion Kidnapping and Invita/Flyhook: the Alexey Ivanov case High school Teacher and Coach- History, Science, Baseball, Basketball and Cross Country Got my first computer at 12yrs old, a Commodore 64, upgraded later to an Apple IIe Consultant on TV shows, movies and books, various media coverage including MSNBC, CNN, Financial Times, Rolling Stone, WSJ, Wired, Gizmodo and others
Why Invent When You Can Steal IP equals Information that can equal Profit »There is no innovation that is not stored digitally »Patent trolls illustrate the profit model Innovation takes time »Shortage of Cyber professionals in EMEA »Plagiarism is the highest form of flattery? Theft can level the playing field »Emerging markets are looking for a leg up »1 st world markets are looking to stay on top Physical theft is hard, cyber theft is easy
Five Steps To Protecting Your IP Know What You Have Limit Who Can Access It Know Who Is Accessing It and Why Terminating Access Fight For What Is Yours
Knowing What You Have Before you can protect something you need to know what IT is. Blob Data- most people and companies have a stockpile of Blob data with no understanding of what it includes. Value of Your Data – One mans trash is another mans fortune Subjective Security- Protection around the individual as well as the whole.
Limit Who Has Access Everyone does not have A Need To Know Access Control – shut the doors and close the blinds Key ring approach – Require different passwords for each level of access Change It Up- Force changes at random times
Who are you and why are your looking at this You need to monitor who is accessing your stuff Most companies do not monitor access »We create logs but nobody reviews them Logs are not just for reactive work »Viewing the logs will show patterns User authentication and reasons for use are imperative »Are you sure they are who they say they are?
Detection and Terminating Access You need to have lightening reflexes The speed of cyber theft is only tempered by perceived monitoring, the fear of getting caught and victims ability to act. You must be able to detect an attack and shutdown access immediately We will protect IP as soon as we get some of our own.
Fight for What is Yours Whats the use? is defeatist and has a knock-on effect. Cyber attackers do not fear being caught because most given up the fight. There is no downside to stealing your IP for the hackers. Most victims of cyber attack focus on the how it happened and defending against the next attack, few seek attribution and penalties. No fight means you will forever be the victim. WITH
Take Away Information Know What You Have Limit Who Can Access It Know Who Is Accessing It and Why Be Able to Terminate Access Fight For What Is Yours Which of These Dont You Do?