Intellectual property theft (IP theft) is an important consideration in development. According to a report from the Intellectual Property Commission, IP theft accounts for up to $600 billion in losses each year. With these numbers in mind – plus an increasingly global and remote workforce – IP theft is a bigger concern than ever.
Explore everything you need to know about IP theft, so you can recognize signs and identify risk factors. Most importantly, learn how to avoid IP theft and proactive steps to take to secure your organization's data. Read along or jump ahead:
What Is IP Theft?
IP theft, or intellectual property theft, is when someone steals data from a company. Intellectual property theft includes stealing product information, financial records, trade secrets, customer contacts, or patents.
Back to top
The Impact of IP Theft
Now that you have a clear answer to what is IP theft?, let's get into the implications. IP theft is a major ongoing concern, faced even by leading companies across every industry. It can cause massive loses in terms of both property and reputation. Just this year, in February 2023, the electronics maker Acer reported an IP theft of more than 2,500 sensitive files. This occured when a hacker broke into a private server.
Another recent case, also occuring in February 2023, resulted in a New York based technology company losing more than $4 billion in their market capitalization, according to a press release from the Department of Justice.
Breaches of this nature often give intruders access to IT systems, which then provide access to other systems. By creating legitimate looking accounts — that look like regular employee accounts — hackers gain persistent access. This gives them the keys to a company’s most valuable assets.
One of these important assets (that is often overlooked) is source control. Controlling access to such systems is often not implemented. Fears persist that developer productivity will plummet. But with a company’s success on the line, it is important to protect against IP theft.
Back to top
How Do I Prevent IP Theft?
In today’s world, companies should be operating with the assumption that they are being attacked (and are probably already infiltrated). For security teams, this means adopting a strategy that actively looks for weaknesses and continuously monitors access.
Employees sometimes share things that they shouldn’t share, even accidentally. This has become one of the easiest ways for attackers to get the information they need to compromise system security.
Oftentimes, intruders prey on weak employee passwords. Once they crack these accounts, getting into internal systems is easy. These intruders use existing accounts, so they appear to be legitimate users. As a result, once inside, their activity could go unnoticed and have even more of an impact over time.
So how can employers and their staff prevent IP theft?
1. Uncover Secrets In Your Code
It’s common wisdom that sensitive data like passwords, secrets, and private keys shouldn’t be kept in an unprotected location. This includes open repositories. But this can happen.
One notable example is the 2016 Uber breach. Driver and rider accounts of some 57 million people were exposed. In that breach, user IDs and passwords were “parked” in GitHub repositories by Uber employees. Then the bad guys used that information to gain access to internal Uber systems.
There are tools that can help you find sensitive data stored in repositories that shouldn’t be there. But they can only do so much. The most difficult part of using them is tracking down all your repos. If you have hundreds of repos, you will need to search each one individually. Having a centralized model — compared to a distributed model — helps eliminate a lot of the detective work.
Learn How to Really Lock Down Git >>
There are also several purpose-built systems that are designed to store secrets, like HashiCorp’s Vault, and Square’s Keywhiz. But this type of solution could create more work for your admins, especially in DevOps-heavy environments.
2. Implement Monitoring
Even without the threat of IP theft, companies across industries — such as automotive, aerospace, financial services, entertainment, semiconductor and embedded design/manufacturing — have a strong need to implement monitoring tools. Monitoring allows you to see what your servers are doing in real time. And it can help you optimize resources to better support development effort.
When intruders are hanging around in your system, they can potentially steal your source code and electronic designs. These are kept in your version control system (VCS). When it comes to protecting your VCS, continuously monitoring can allow you to spot bad actors. But this can be difficult as you scale and add more servers, people, and applications.
With the right version control system, you can enforce restrictions for traffic and content movement beyond what can be done by firewalls and ACLs. If you are not already tracking, it is important to start.
Use Prometheus and Grafana for Monitoring >>
3. Use Enhanced Authentication
Creating defense-in-depth to protect against IP theft involves first gating your front door. This is why you need to implement a strategy to authenticate both users and applications that access your system.
There are many enterprise-level Identify Access Management (IAM) tools, such as Ping and Okta, available on the market. Integrating these tools with your existing VCS helps ensure that you are protected against IP theft. For many companies, this also can include multi-factor authentication (MFA).
4. Implement Encryption
When it comes to encryption, some companies offer the use of SSH or SSL to access version control systems.
- Secure Socket Layer (SSL): A HTTPS remote URL connects a browser and server.
- Secure Shell (SSH): Encrypts the connection between two computers.
Using SSL has some advantages compared to SSH. It's easier to set up, but it’s not as secure. Using SSH usually works through strict firewalls and proxies. However, it also prompts you to enter your GitHub credentials every time you pull or push a repository. This can impact a developer’s productivity.
5. Get Strong Security Built-In
Ultimately, it is critical to balance security, usability, and the needs of your products and projects when deciding how to protect valuable intellectual property.
The best choice for your company will depend on the amount of sensitive data you have to protect, the size of your team, and the maturity of your DevSecOps practice. In a multi-front war against cyberattacks, it’s important to have multiple choices.
You have a lot of choices when it comes to version control. With many, you may need to do a lot of heavy lifting to make it secure. But using Helix Core — version control from Perforce — you get the highest level of security built-in.
📕 Related Resource: Learn more about Enterprise Application Security.
Back to top
Lock Down IP Theft Vulnerabilities
Helix Core allows teams to implement security measures to protect against IP theft without sacrificing performance.
Global IP Protection
With Helix Core, companies can enforce restrictions for traffic and content movement beyond what can be done by firewalls and ACLs. This protection extends to replicas and edge servers. Administrators can permission access down to the individual file level. Once you have this in in place, you can analyze the history of changes of millions of files accurately.
Authentication From Every Angle
Helix Core also supports MFA and works with IAM providers. You can implement authentication via the command line, popular IDEs, and Helix Swarm.
Monitor Everything
Helix Core’s ability to manage an immutable, traceable history is a perfect fit for companies with strong compliance and governance needs. You can track and monitor user activity for audits and use this information to discover potential security threats.
Related Reading
Explore additional semiconductor topics: