Kaspersky Lab Survey: One in Five Manufacturing Businesses Has Lost Intellectual Property within the Past Year

A survey of nearly 4,000 IT managers across 27 countries, conducted by Kaspersky Lab in partnership with B2B International, found that 21% of manufacturers suffered a loss of intellectual property to security breaches within the past year. Malware was the most common cause of data loss incidents for manufacturers, although other types of cyber-incidents – including software vulnerabilities, theft of mobile devices, network intrusion, etc. – were also cited as sources of intellectual property leakage.

In a highly competitive global economy, businesses rise to leadership or sink into bankruptcy on very slim profit margins. Most often, a business’s most decisive advantage comes in the form of Research & Development insight or a proprietary high-tech solution which, in the case of manufacturers, can help businesses produce items more efficiently than their competitors. If a competitor is able to obtain this insight, especially without incurring the initial R&D costs, then that competitor now has a significant business advantage.

The manufacturing industry clearly understands the importance of securing their intellectual property. The survey found that manufacturers ranked “Internal Operational Information” and “Intellectual Property” as the two types of non-financial data they fear losing the most. Interestingly, manufacturers ranked the fear of losing “Customer/Client Information” the lowest out of all business segments, most likely because manufacturing facilities are less likely to store this information in the first place.

When asked about the cause of their most serious data loss event within the past 12 months, “Malware” was the most common cause, cited by 23% of manufacturers. Manufactures also reported other sources of incidents leading to data loss, including “Software Vulnerabilities” (8%), “Network Intrusion” (8%), “Information Leaked on Mobile Devices” (5%), and “Targeted Attacks” (3%). 

Protection measures:

Kaspersky Lab offers a number of security technologies to control applications, close software vulnerabilities and maintain control over mobile devices, and offers unmatched insight into cyber-threats targeting industrial control systems. To protect the specific needs of manufacturing, industrial and critical infrastructure environments, Kaspersky Lab is leading the development of the world’s first secure operating system for industrial control systems, and today offers a custom-designed version of the company’s Endpoint Security for Business software, designed for manufacturing and industrial settings.

It also offers the Kaspersky Industrial Protection Simulation to help organisations train for cyber-attacks that could affect the infrastructure of their facility.

In general, organisations should pay attention to the following protection technologies for Industrial Control Systems environments:

• Proactive protection against unknown malicious programmes and automatic protection against exploits. The technology scans executable programmes, assessing the security of each application by monitoring its activities when in operation.
• Default-deny as a standard policy. In this mode, Industrial Control Systems work in a protected environment which only allows to run programmes required for the technological process to function. All unknown and unwanted applications, including malicious programmes, are blocked. Thus, a secure running environment is created with minimum load on system resources.
• “Device Control” technology to manage removable devices (USB storages, GPRS modems, smartphones, USB network cards) and create limited lists of permitted devices and the users who can access them.
• An all-in-one IT Security Console helps IT managers to monitor and control all solutions to ensure IT security.
• Integration with security information and event management (SIEM).

Other summaries of the Kaspersky Lab’s survey key findings are included in the following reports on Data Security Risks, Online Financial Fraud, and Virtualization Security.