SlideShare una empresa de Scribd logo

Protecting Automotive Intellectual Property from Insider Threats

C
Christina Lekati

In the automotive industry, intellectual property (IP) is the differentiator and asset that is often most critical to business success and continuity. Whether we look at R&D, product development, CAD/CAE designs, software development and more, IP is always the core DNA that represents most of the value. It is also very vulnerable to theft. Most of the times, intellectual property is stolen by insiders, who have authorized access to that information or have contributed to their creation. They typically steal it while at work, during normal business hours and while pretending to be conducting “business as usual”. Because of that, detection becomes challenging. It is very difficult to detect illicit access from legitimate access. In addition, there is generally no indication of suspicious activity until the IP is in the process of being stolen or has already been stolen. This allows only an exceedingly small window of opportunity for detection and response. Due to current political, technological and other global developments that are causing sales to plummet, while forcing companies in the automotive industry to make tremendous investments into new technologies and products to keep up with the competition, it cannot be overlooked that the ever-present threat of targeting insiders for economic or industrial espionage is higher than ever. Insiders in key positions are either being recruited or targeted for theft during business travel, or other occasions when they are the most vulnerable. This presentation aims to shed light on the challenging topic of insider theft of intellectual property in the automotive industry. It will discuss the motives that lead employees to theft and/or the facilitation of third-party access to organizational assets intentionally or unintentionally. Despite the challenges, there are measures that businesses in the automotive industry can take to protect their intellectual property. Research has repeatedly found a clear link between insider activity taking place and exploitable weaknesses in security and management processes. Therefore, this talk will go on discussing the organizational factors enabling insider threat operations as well as countermeasures against them, by combining the lessons learned on insider activity prevention from the fields of counterintelligence, psychology, and cyber-security.

Motor
1 de 38
Descargar para leer sin conexión
Christina Lekati Social Engineering & Insider Threat Security Cyber Risk GmbH Protecting Automotive Intellectual Property From Insider Threats Automotive Security Research Group WORLD
Overview • The role of intellectual property (IP) in the automotive industry & market dynamics, today • Intellectual property theft from insiders • Theft of IP from foreign governments or organizations • Mitigation strategies/ countermeasures • Closing remarks Christina Lekati | Cyber Risk GmbH
Christina Lekati • Psychologist focusing on the human element of security • Assisting in cyber security projects from a young age • Trainer & Consultant for Cyber Risk GmbH on the Human Element of Security • Main developer of the training programs on insider threats and social engineering for Cyber Risk GmbH About Me @ChristinaLekatiChristina Lekatiwww.cyber-risk-gmbh.com/
Intellectual Property in the Automotive Industry • Until a few years ago, the automotive sector was considered a mature industry with well-established players. • Core competencies of the automakers were familiar to most people, but not so the technological waves that are transforming and reshaping the industry, today. • Although fully autonomous vehicles (Level 5) are years away from reaching the market, deep-learning, data analytics, real-time control algorithms and a slew of connected devices and components are already changing the car industry. Christina Lekati | Cyber Risk GmbH Source: World Intellectual Property Report 2019
Intellectual Property in the Automotive Industry Christina Lekati | Cyber Risk GmbH Source: World Intellectual Property Report 2019 Increasing trend in innovative activity in AV technology.
Intellectual Property in the Automotive Industry Christina Lekati | Cyber Risk GmbH In the face of the AV technological shock, auto companies have an incentive to join forces to share the costs and risks but also defend their market position. This is just one of a long list of examples of collaboration between tech companies.
Intellectual Property in the Automotive Industry The automotive industry is in the early phases of a period of technological disruption, with several new entrants, both from the automotive and the technological sides. Most tech firms, especially the smaller startups, occupy niches, focusing on hardware, software, mobility services, connectivity, communications and many more. Two main things happen in regard to intellectual property: 1) Significantly increased numbers of intellectual property-related documents and patents 2) Decreased control over ownership rights & sharing Christina Lekati | Cyber Risk GmbH Source: World Intellectual Property Report 2019
Christina Lekati | Cyber Risk GmbH With the first-mover advantage increasing the stakes in market share and many vehicles now coming to market featuring some level of automation, while fully autonomous cars being tested on public roads, we need to focus more on IP rights management and protection. Intellectual property (IP) is right now one of the most important and valuable set of assets that an automotive company can own. Technology and innovation are shifting the market dynamics and intellectual property will play a major role in the way the industry will be shaped within the next years. Intellectual Property in the Automotive Industry
Intellectual Property Goes Beyond Patents Christina Lekati | Cyber Risk GmbH “Intellectual property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce.” -World Intellectual Property Organization IP Includes: • Proprietary software/ source code • Customer information • Product-related IP (designs, formulas, schematics) • Business plans, trade secrets, proposals, strategic plans
Any current or former employee, partner or contractor that has or used to have access to the organization’s digital assets and may intentionally or unintentionally abuse this access and harm the organization. Insider Threats: Who Are They? Christina Lekati | Cyber Risk GmbH ENISA Threat Landscape Report 2018
“Any current or former…. employee, partner, or contractor… Insider Threats: Who Are They? Christina Lekati | Cyber Risk GmbH Source: ENISA Threat Landscape Report 2018
“…may intentionally or unintentionally abuse their access and harm the organization” Insider Threats: Who Are They? Christina Lekati | Cyber Risk GmbH Source: ENISA Threat Landscape Report 2018
• Current employees/ contractors • They already have authorized access to the IP they steal • They usually steal it during normal business hours • Scientists, engineers, contractors, salespeople, and more Who Are The Usual Culprits? Christina Lekati | Cyber Risk GmbH
• Misconception: they want to sell it for monetary gain • Reality: they steal it for a business advantage (a new job, to start a competing business, to send it to a foreign government/ organization) Why Do Insiders Steal Intellectual Property? Christina Lekati | Cyber Risk GmbH
The Anthony Levandowski Case Christina Lekati | Cyber Risk GmbH Sources: https://www.bloomberg.com/news/features/2017-03-16/fury-road-did-uber-steal-the-driverless-future- from-google https://www.bloomberg.com/news/articles/2020-04-18/uber-says-guilty-engineer-on-his-own-for-180-million-to- google
• Insider acts alone • Helped develop the IP/ perceives their role in its development as important • Sense of entitlement & ownership of IP • Intense & explicit evidence of entitlement or possessiveness in many cases Two Main Types Christina Lekati | Cyber Risk GmbH • One insider may recruit other insiders for theft of IP • Want to gain access to more information – may try to assemble an entire strategic plan or software system • Motives vary –recruits are promised higher rewards Individuals Recruiters
• Sense of entitlement • Possessiveness • Disgruntlement Most IP theft happened within 1 month before/after employment termination. The most frequent data exfiltration methods are emails, removable media & remote network access. However physical exfiltration of information also happens. The insider often felt that they exfiltrated what righteously belonged to them- and did little effort to conceal their theft. Patterns Around IP Theft Christina Lekati | Cyber Risk GmbH
Concerning Indications Include: Christina Lekati | Cyber Risk GmbH Extreme disgruntlement with the organization Unusual IT activity; accessing/ emailing/ exfiltrating IP Suspicious comments; entitlement, possessiveness etc.
Disgruntled Insiders Christina Lekati | Cyber Risk GmbH Disgruntlement with the organization is often explicit and can lead to malicious insider activity Source: https://www.csoonline.com/article/3284444/insider-threat-becomes-reality-for-elon-musk.html
Enablers of Insider Threat Activity Christina Lekati | Cyber Risk GmbH “…Where an insider act takes place there is often an exploitable weakness with the employer’s own protective security or management practices which enables the insider to act.” CPNI Insider Threat Collection Study 2013
Lack of a proper inventory. Easy access to hardware and software assets - trade secrets, and other proprietary information etc. *and more!!!* Poor Asset Management Absence of sufficient technical controls. Rare or unsystematic IT auditing that would spot irregularities or unusual behaviors. This enabled insiders to act in the first place. Poor Usage of Technical & Auditing Functions Lack of adherence to security policies & practices allowing insiders to have access to foreign computers, sensitive materials, privileged/accumulated access to information beyond the scope of their work etc. Poor Security Culture Many concerning behaviors/ problems & activities of the insider were noticed but unaddressed. Poor Management Practices Christina Lekati | Cyber Risk GmbH Enablers of Insider Threat Activity
Both technical and behavioral monitoring is required. 72% of IP theft cases were detected and reported by non-technical employees. Signs are often observable by technical and/or non-technical means if you are vigilant. Appropriate policies & processes are also essential. Countermeasures for Insider IP Theft Christina Lekati | Cyber Risk GmbH Source: Cappelli, D., et al. “The CERT Guide to Insider Threats: How to Prevent, Detect and Respond to Information Technology Crimes”, New York; Addison-Wesley.
• Understand the positions at risk – who handles your most critical IP? • Recognize the patterns & organizational factors surrounding IP theft • Employee training on insider threats • Improve termination policies & processes • Clear reporting process in case of suspicious activity • Well-defined and clear contracts on IP development, rights & ownership • Implement technical countermeasures (Data loss prevention systems, digital rights management, etc.) • Review & adjust access controls on the people that move to different projects/departments in your organization. Do they just accumulate privileges? Countermeasures for Insider IP Theft Christina Lekati | Cyber Risk GmbH
Economic Espionage: “the conscious and willful misappropriation of trade secrets with knowledge or intent that the offense will benefit a foreign government, foreign instrumentality, or foreign agent.” Industrial Espionage: “the conscious and willful misappropriation of trade secrets related to, or included in, a product that is a product that is produced for, or placed in, interstate or foreign commerce to the economic benefit of anyone other than the owner, with the knowledge or intent that the offense will injure the owner of that trade secret.” Theft of IP from Foreign Governments or Organizations Christina Lekati | Cyber Risk GmbH -Office of National Counterintelligence Executive
Malicious insiders who infiltrate an organization or get recruited. They misuse their access and involvement to intellectual property rights and development to benefit a foreign entity. Unintentional insiders who do not practice appropriate security practices (e.g. while traveling) and are being targeted by external threat actors. Theft of IP from Foreign Governments or Organizations Christina Lekati | Cyber Risk GmbH It is very difficult to recover stolen IP once it leaves the legal jurisdiction of its “home country”.
Reporting Christina Lekati | Cyber Risk GmbH Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019 Someone meets friendly, fun individual while working on a project abroad …and eventually is offered a large amount of money to provide access to the corporate networks …which the individual refuses… …but after a while notices a coworker enjoying large amounts of sudden, inexplicable wealth.
Reporting Christina Lekati | Cyber Risk GmbH “…I didn’t ask about it or report it because I felt I would also be implicated and actually I would rather not be involved. " Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019 DID HE/SHE SAY SOMETHING?
Reporting: What Does the Research Say? Christina Lekati | Cyber Risk GmbH Quantitative & Qualitative Research: • 1145 participants • Different countries • Different roles • About 15 different industries Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/
Reporting: What Does the Research Say? Christina Lekati | Cyber Risk GmbH High Reluctance to Report: • Employees’ cost / benefit analysis for reporting insider threat activity is discouraging. - Moral inhibitions - Fear of social judgment within the organization - Fear of personal risks “ I would rather come forward as a witness after the attack than risk my life and career being ruined by reporting it earlier.. ” Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/
Reporting: What Does the Research Say? Christina Lekati | Cyber Risk GmbH HR Preferred for Reporting Over Security Teams: • Closer to the employees • Trust; HR would keep the confidentiality • Believed to handle the issue better Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/ …BUT HR is typically NOT trained on the security implications of insider threats (or security in general) and may not pay the proper care and attention to a reported incident.
Reporting: What Does the Research Say? Christina Lekati | Cyber Risk GmbH Lack of Training is the Biggest Barrier to Reporting • Over 72% of respondents cited a lack of training knowledge and confidence to report suspicious activity. • Staff is unclear in identifying suspicious behavior. • Staff does not realize the significance of insider threats and reporting. Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/ “Our company just says report anything suspicious – there is no guidance, no training, nothing.” “It is a scary thing to do (reporting). I need some form of training and process otherwise I feel like I am playing God.”
Through training & management Separation of duties and least privilege. Keep an eye on the physical environment. Monitor and respond to suspicious or disruptive behavior --insiders feel free to act when they fear no risk of detection or consequence!-- Improve Security Culture Technical Security Controls/ Asset Management Christina Lekati | Cyber Risk GmbH Countermeasures - Recommendations Identify your critical IP assets and place technical controls for their protection. Log, monitor and audit (periodically) employee online actions. Deactivate/control employee access to accounts, networks, systems, applications, data & physical locations upon employment & termination. *and more!!!*
Straight forward process. Confidentiality/ anonymity need to be ensured. “No fault” reporting policy. Report to specific teams/ people Reporting Process For HR, management and employees. Recognize insider threats & know how to report. BONUS Benefits: Training strengthens security culture & social engineering defense! Training Christina Lekati | Cyber Risk GmbH Countermeasures - Recommendations
• Fear of creating a toxic organizational culture • Not enough cases made public • “Not In My Back Yard” phenomenon This is still a controversial topic Christina Lekati | Cyber Risk GmbH
Christina Lekati | Cyber Risk GmbH A last word on (avoiding) PARANOIA…
Christina Lekati | Cyber Risk GmbH Community support is still very important, especially towards common threats.
Additional Recommended Resources Christina Lekati | Cyber Risk GmbH • Cappelli, D., et al. (2012) “The CERT Guide to Insider Threats: How to Prevent, Detect and Respond to Information Technology Crimes”, New York; Addison-Wesley. • Center for the Protection of National Infrastructure (CPNI), (2013). “CPNI Insider Data Collection; Report of Main Findings”, Retrieved from: https://www.cpni.gov.uk/system/files/documents/63/29/insider-data- collection-study-report-of-main-findings.pdf • Center for the Protection of National Infrastructure (CPNI), (2012). “Holistic Management of Employee Risk (HoMER)” Retrieved from: https://www.cpni.gov.uk/system/files/documents/da/00/Holistic- Management-of-Employee-Risk-HoMER-Executive-summary.pdf • Charney, L., D., (2014). “True Psychology of the Insider Spy” Retrieved from: https://noir4usa.org/wp- content/uploads/2014/07/NOIR-White-Paper-17JUL14.pdf • European Network and Information Security Agency, (2019). “ENISA Threat Landscape Report 2018”, Retrieved from: https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018 • Red Goat Cyber Security, (2019). “Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/
Contact Details: “Knowledge is a weapon. I intend to be formidably armed.” - Terry Goodkind Christina Lekati @ChristinaLekati Christina Lekati Social Engineering Security Trainer & Consultant Cyber Risk GmbH

Recomendados

Drivers & Enablers of Insider Threats by Christina Lekati
Drivers & Enablers of Insider Threats by Christina LekatiDrivers & Enablers of Insider Threats by Christina Lekati
Drivers & Enablers of Insider Threats by Christina Lekati
Christina Lekati
 
Layer8 Con - Beyond Influence Techniques: Broadening your Social Engineering ...
Layer8 Con - Beyond Influence Techniques: Broadening your Social Engineering ...Layer8 Con - Beyond Influence Techniques: Broadening your Social Engineering ...
Layer8 Con - Beyond Influence Techniques: Broadening your Social Engineering ...
Christina Lekati
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
Bala Guntipalli ♦ MBA
 
Three tools to reduce employee apathy
Three tools to reduce employee apathyThree tools to reduce employee apathy
Three tools to reduce employee apathy
Stephen P. Abbey
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the Trees
Adam Stone
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Ernst & Young
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider Threat
Imperva
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
Mighty Guides, Inc.
 

Recomendados

Drivers & Enablers of Insider Threats by Christina Lekati
Drivers & Enablers of Insider Threats by Christina LekatiDrivers & Enablers of Insider Threats by Christina Lekati
Drivers & Enablers of Insider Threats by Christina Lekati
Christina Lekati
 
Layer8 Con - Beyond Influence Techniques: Broadening your Social Engineering ...
Layer8 Con - Beyond Influence Techniques: Broadening your Social Engineering ...Layer8 Con - Beyond Influence Techniques: Broadening your Social Engineering ...
Layer8 Con - Beyond Influence Techniques: Broadening your Social Engineering ...
Christina Lekati
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
Bala Guntipalli ♦ MBA
 
Three tools to reduce employee apathy
Three tools to reduce employee apathyThree tools to reduce employee apathy
Three tools to reduce employee apathy
Stephen P. Abbey
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the Trees
Adam Stone
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Ernst & Young
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider Threat
Imperva
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
Mighty Guides, Inc.
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
Evan Francen
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
Mighty Guides, Inc.
 
SNW Fall 2009
SNW Fall 2009SNW Fall 2009
SNW Fall 2009
Jeff Kubacki
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
Dominic Vogel
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity component
Jonathan Sinclair
 
The 10 Most Trusted Healthcare IT Security Solution Providers 2018
The 10 Most Trusted Healthcare IT Security Solution Providers 2018The 10 Most Trusted Healthcare IT Security Solution Providers 2018
The 10 Most Trusted Healthcare IT Security Solution Providers 2018
insightscare
 
HIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarHIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy Webinar
Compliancy Group
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
Coastal Pet Products, Inc.
 
Security, Audit and Compliance: course overview
Security, Audit and Compliance: course overviewSecurity, Audit and Compliance: course overview
Security, Audit and Compliance: course overview
Edinburgh Napier University
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
Livingstone Advisory
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
Argyle Executive Forum
 
Detection of Anomalous Behavior
Detection of Anomalous BehaviorDetection of Anomalous Behavior
Detection of Anomalous Behavior
Capgemini
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
centralohioissa
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
centralohioissa
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
msdee3362
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016
Melissa Krasnow
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documents
e.law International
 
The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018
insightscare
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
centralohioissa
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBM
Rick Bouter
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurity
Mark Albala
 
Chris neely the future of cyber security events 3
Chris neely the future of cyber security events 3Chris neely the future of cyber security events 3
Chris neely the future of cyber security events 3
Redazione InnovaPuglia
 

Más contenido relacionado

La actualidad más candente

People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
Evan Francen
 
Detection of Anomalous Behavior
Detection of Anomalous BehaviorDetection of Anomalous Behavior
Detection of Anomalous Behavior
Capgemini
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
msdee3362
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016
Melissa Krasnow
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documents
e.law International
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBM
Rick Bouter
 

La actualidad más candente (20)

People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
CounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat ManagementCounterTack: 10 Experts on Active Threat Management
CounterTack: 10 Experts on Active Threat Management
 
SNW Fall 2009
SNW Fall 2009SNW Fall 2009
SNW Fall 2009
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity component
 
The 10 Most Trusted Healthcare IT Security Solution Providers 2018
The 10 Most Trusted Healthcare IT Security Solution Providers 2018The 10 Most Trusted Healthcare IT Security Solution Providers 2018
The 10 Most Trusted Healthcare IT Security Solution Providers 2018
 
HIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy WebinarHIPAA HITECH Express Security Privacy Webinar
HIPAA HITECH Express Security Privacy Webinar
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
 
Security, Audit and Compliance: course overview
Security, Audit and Compliance: course overviewSecurity, Audit and Compliance: course overview
Security, Audit and Compliance: course overview
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to Enterprise
 
Detection of Anomalous Behavior
Detection of Anomalous BehaviorDetection of Anomalous Behavior
Detection of Anomalous Behavior
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016
 
Secure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documentsSecure dataroom whitepaper_protecting_confidential_documents
Secure dataroom whitepaper_protecting_confidential_documents
 
The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBM
 

Similar a Protecting Automotive Intellectual Property from Insider Threats

The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurity
Mark Albala
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
centralohioissa
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
PECB
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
Adam Heller
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
John Palfreyman
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Enterprise Management Associates
 

Similar a Protecting Automotive Intellectual Property from Insider Threats (20)

The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurity
 
Chris neely the future of cyber security events 3
Chris neely the future of cyber security events 3Chris neely the future of cyber security events 3
Chris neely the future of cyber security events 3
 
Ensuring Cyber Security Resilience with a Skilled Workforce
Ensuring Cyber Security Resilience with a Skilled Workforce Ensuring Cyber Security Resilience with a Skilled Workforce
Ensuring Cyber Security Resilience with a Skilled Workforce
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest MindsWhitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
Technology tech trends 2022 and beyond
Technology tech trends 2022 and beyond Technology tech trends 2022 and beyond
Technology tech trends 2022 and beyond
 
Seed investdeck
Seed investdeckSeed investdeck
Seed investdeck
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
 
Cybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity ForumCybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity Forum
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
Cyber - it's all now a matter of time!
Cyber - it's all now a matter of time!Cyber - it's all now a matter of time!
Cyber - it's all now a matter of time!
 

Último

Vip Mumbai Call Girls Colaba Call On 9920725232 With Body to body massage wit...
Vip Mumbai Call Girls Colaba Call On 9920725232 With Body to body massage wit...Vip Mumbai Call Girls Colaba Call On 9920725232 With Body to body massage wit...
Vip Mumbai Call Girls Colaba Call On 9920725232 With Body to body massage wit...
amitlee9823
 
Sanjay Nagar Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalor...
Sanjay Nagar Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalor...Sanjay Nagar Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalor...
Sanjay Nagar Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalor...
amitlee9823
 
➥🔝 7737669865 🔝▻ Asansol Call-girls in Women Seeking Men 🔝Asansol🔝 Escorts...
➥🔝 7737669865 🔝▻ Asansol Call-girls in Women Seeking Men 🔝Asansol🔝 Escorts...➥🔝 7737669865 🔝▻ Asansol Call-girls in Women Seeking Men 🔝Asansol🔝 Escorts...
➥🔝 7737669865 🔝▻ Asansol Call-girls in Women Seeking Men 🔝Asansol🔝 Escorts...
amitlee9823
 
Call Girls Bangalore Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Bangalore Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Bangalore Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Bangalore Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
amitlee9823
 
Call Girls Kanakapura Road Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Kanakapura Road Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Kanakapura Road Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Kanakapura Road Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Somya Surve Escorts Service Bilaspur ❣️ 7014168258 ❣️ High Cost Unlimited Har...
Somya Surve Escorts Service Bilaspur ❣️ 7014168258 ❣️ High Cost Unlimited Har...Somya Surve Escorts Service Bilaspur ❣️ 7014168258 ❣️ High Cost Unlimited Har...
Somya Surve Escorts Service Bilaspur ❣️ 7014168258 ❣️ High Cost Unlimited Har...
nirzagarg
 
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verifiedConnaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Delhi Call girls
 
Top Rated Call Girls Navi Mumbai : 9920725232 We offer Beautiful and sexy Cal...
Top Rated Call Girls Navi Mumbai : 9920725232 We offer Beautiful and sexy Cal...Top Rated Call Girls Navi Mumbai : 9920725232 We offer Beautiful and sexy Cal...
Top Rated Call Girls Navi Mumbai : 9920725232 We offer Beautiful and sexy Cal...
amitlee9823
 
Top Rated Call Girls Mumbai Central : 9920725232 We offer Beautiful and sexy ...
Top Rated Call Girls Mumbai Central : 9920725232 We offer Beautiful and sexy ...Top Rated Call Girls Mumbai Central : 9920725232 We offer Beautiful and sexy ...
Top Rated Call Girls Mumbai Central : 9920725232 We offer Beautiful and sexy ...
amitlee9823
 
Madiwala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Madiwala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...Madiwala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Madiwala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
amitlee9823
 
如何办理(NCL毕业证书)纽卡斯尔大学毕业证毕业证成绩单原版一比一
如何办理(NCL毕业证书)纽卡斯尔大学毕业证毕业证成绩单原版一比一如何办理(NCL毕业证书)纽卡斯尔大学毕业证毕业证成绩单原版一比一
如何办理(NCL毕业证书)纽卡斯尔大学毕业证毕业证成绩单原版一比一
avy6anjnd
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...
Health
 
Call Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...
Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...
Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...
amitlee9823
 
+97470301568>>buy vape oil,thc oil weed,hash and cannabis oil in qatar doha}}
+97470301568>>buy vape oil,thc oil weed,hash and cannabis oil in qatar doha}}+97470301568>>buy vape oil,thc oil weed,hash and cannabis oil in qatar doha}}
+97470301568>>buy vape oil,thc oil weed,hash and cannabis oil in qatar doha}}
Health
 
(INDIRA) Call Girl Nashik Call Now 8617697112 Nashik Escorts 24x7
(INDIRA) Call Girl Nashik Call Now 8617697112 Nashik Escorts 24x7(INDIRA) Call Girl Nashik Call Now 8617697112 Nashik Escorts 24x7
(INDIRA) Call Girl Nashik Call Now 8617697112 Nashik Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 

Último (20)

Vip Mumbai Call Girls Colaba Call On 9920725232 With Body to body massage wit...
Vip Mumbai Call Girls Colaba Call On 9920725232 With Body to body massage wit...Vip Mumbai Call Girls Colaba Call On 9920725232 With Body to body massage wit...
Vip Mumbai Call Girls Colaba Call On 9920725232 With Body to body massage wit...
 
Sanjay Nagar Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalor...
Sanjay Nagar Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalor...Sanjay Nagar Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalor...
Sanjay Nagar Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalor...
 
What Does The Engine Malfunction Reduced Power Message Mean For Your BMW X5
What Does The Engine Malfunction Reduced Power Message Mean For Your BMW X5What Does The Engine Malfunction Reduced Power Message Mean For Your BMW X5
What Does The Engine Malfunction Reduced Power Message Mean For Your BMW X5
 
➥🔝 7737669865 🔝▻ Asansol Call-girls in Women Seeking Men 🔝Asansol🔝 Escorts...
➥🔝 7737669865 🔝▻ Asansol Call-girls in Women Seeking Men 🔝Asansol🔝 Escorts...➥🔝 7737669865 🔝▻ Asansol Call-girls in Women Seeking Men 🔝Asansol🔝 Escorts...
➥🔝 7737669865 🔝▻ Asansol Call-girls in Women Seeking Men 🔝Asansol🔝 Escorts...
 
Call Girls Bangalore Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Bangalore Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Bangalore Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Bangalore Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
 
Call Girls Kanakapura Road Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Kanakapura Road Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Kanakapura Road Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Kanakapura Road Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Somya Surve Escorts Service Bilaspur ❣️ 7014168258 ❣️ High Cost Unlimited Har...
Somya Surve Escorts Service Bilaspur ❣️ 7014168258 ❣️ High Cost Unlimited Har...Somya Surve Escorts Service Bilaspur ❣️ 7014168258 ❣️ High Cost Unlimited Har...
Somya Surve Escorts Service Bilaspur ❣️ 7014168258 ❣️ High Cost Unlimited Har...
 
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verifiedConnaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
Connaught Place, Delhi Call girls :8448380779 Model Escorts | 100% verified
 
Top Rated Call Girls Navi Mumbai : 9920725232 We offer Beautiful and sexy Cal...
Top Rated Call Girls Navi Mumbai : 9920725232 We offer Beautiful and sexy Cal...Top Rated Call Girls Navi Mumbai : 9920725232 We offer Beautiful and sexy Cal...
Top Rated Call Girls Navi Mumbai : 9920725232 We offer Beautiful and sexy Cal...
 
Top Rated Call Girls Mumbai Central : 9920725232 We offer Beautiful and sexy ...
Top Rated Call Girls Mumbai Central : 9920725232 We offer Beautiful and sexy ...Top Rated Call Girls Mumbai Central : 9920725232 We offer Beautiful and sexy ...
Top Rated Call Girls Mumbai Central : 9920725232 We offer Beautiful and sexy ...
 
Marathi Call Girls Santacruz WhatsApp +91-9930687706, Best Service
Marathi Call Girls Santacruz WhatsApp +91-9930687706, Best ServiceMarathi Call Girls Santacruz WhatsApp +91-9930687706, Best Service
Marathi Call Girls Santacruz WhatsApp +91-9930687706, Best Service
 
Madiwala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Madiwala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...Madiwala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
Madiwala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore Es...
 
John Deere 7430 7530 Tractors Diagnostic Service Manual W.pdf
John Deere 7430 7530 Tractors Diagnostic Service Manual W.pdfJohn Deere 7430 7530 Tractors Diagnostic Service Manual W.pdf
John Deere 7430 7530 Tractors Diagnostic Service Manual W.pdf
 
Why Does My Porsche Cayenne's Exhaust Sound So Loud
Why Does My Porsche Cayenne's Exhaust Sound So LoudWhy Does My Porsche Cayenne's Exhaust Sound So Loud
Why Does My Porsche Cayenne's Exhaust Sound So Loud
 
如何办理(NCL毕业证书)纽卡斯尔大学毕业证毕业证成绩单原版一比一
如何办理(NCL毕业证书)纽卡斯尔大学毕业证毕业证成绩单原版一比一如何办理(NCL毕业证书)纽卡斯尔大学毕业证毕业证成绩单原版一比一
如何办理(NCL毕业证书)纽卡斯尔大学毕业证毕业证成绩单原版一比一
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN ABUDHABI,DUBAI MA...
 
Call Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Patel Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...
Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...
Vip Mumbai Call Girls Navi Mumbai Call On 9920725232 With Body to body massag...
 
+97470301568>>buy vape oil,thc oil weed,hash and cannabis oil in qatar doha}}
+97470301568>>buy vape oil,thc oil weed,hash and cannabis oil in qatar doha}}+97470301568>>buy vape oil,thc oil weed,hash and cannabis oil in qatar doha}}
+97470301568>>buy vape oil,thc oil weed,hash and cannabis oil in qatar doha}}
 
(INDIRA) Call Girl Nashik Call Now 8617697112 Nashik Escorts 24x7
(INDIRA) Call Girl Nashik Call Now 8617697112 Nashik Escorts 24x7(INDIRA) Call Girl Nashik Call Now 8617697112 Nashik Escorts 24x7
(INDIRA) Call Girl Nashik Call Now 8617697112 Nashik Escorts 24x7
 

Protecting Automotive Intellectual Property from Insider Threats

  • 1. Christina Lekati Social Engineering & Insider Threat Security Cyber Risk GmbH Protecting Automotive Intellectual Property From Insider Threats Automotive Security Research Group WORLD
  • 2. Overview • The role of intellectual property (IP) in the automotive industry & market dynamics, today • Intellectual property theft from insiders • Theft of IP from foreign governments or organizations • Mitigation strategies/ countermeasures • Closing remarks Christina Lekati | Cyber Risk GmbH
  • 3. Christina Lekati • Psychologist focusing on the human element of security • Assisting in cyber security projects from a young age • Trainer & Consultant for Cyber Risk GmbH on the Human Element of Security • Main developer of the training programs on insider threats and social engineering for Cyber Risk GmbH About Me @ChristinaLekatiChristina Lekatiwww.cyber-risk-gmbh.com/
  • 4. Intellectual Property in the Automotive Industry • Until a few years ago, the automotive sector was considered a mature industry with well-established players. • Core competencies of the automakers were familiar to most people, but not so the technological waves that are transforming and reshaping the industry, today. • Although fully autonomous vehicles (Level 5) are years away from reaching the market, deep-learning, data analytics, real-time control algorithms and a slew of connected devices and components are already changing the car industry. Christina Lekati | Cyber Risk GmbH Source: World Intellectual Property Report 2019
  • 5. Intellectual Property in the Automotive Industry Christina Lekati | Cyber Risk GmbH Source: World Intellectual Property Report 2019 Increasing trend in innovative activity in AV technology.
  • 6. Intellectual Property in the Automotive Industry Christina Lekati | Cyber Risk GmbH In the face of the AV technological shock, auto companies have an incentive to join forces to share the costs and risks but also defend their market position. This is just one of a long list of examples of collaboration between tech companies.
  • 7. Intellectual Property in the Automotive Industry The automotive industry is in the early phases of a period of technological disruption, with several new entrants, both from the automotive and the technological sides. Most tech firms, especially the smaller startups, occupy niches, focusing on hardware, software, mobility services, connectivity, communications and many more. Two main things happen in regard to intellectual property: 1) Significantly increased numbers of intellectual property-related documents and patents 2) Decreased control over ownership rights & sharing Christina Lekati | Cyber Risk GmbH Source: World Intellectual Property Report 2019
  • 8. Christina Lekati | Cyber Risk GmbH With the first-mover advantage increasing the stakes in market share and many vehicles now coming to market featuring some level of automation, while fully autonomous cars being tested on public roads, we need to focus more on IP rights management and protection. Intellectual property (IP) is right now one of the most important and valuable set of assets that an automotive company can own. Technology and innovation are shifting the market dynamics and intellectual property will play a major role in the way the industry will be shaped within the next years. Intellectual Property in the Automotive Industry
  • 9. Intellectual Property Goes Beyond Patents Christina Lekati | Cyber Risk GmbH “Intellectual property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce.” -World Intellectual Property Organization IP Includes: • Proprietary software/ source code • Customer information • Product-related IP (designs, formulas, schematics) • Business plans, trade secrets, proposals, strategic plans
  • 10. Any current or former employee, partner or contractor that has or used to have access to the organization’s digital assets and may intentionally or unintentionally abuse this access and harm the organization. Insider Threats: Who Are They? Christina Lekati | Cyber Risk GmbH ENISA Threat Landscape Report 2018
  • 11. “Any current or former…. employee, partner, or contractor… Insider Threats: Who Are They? Christina Lekati | Cyber Risk GmbH Source: ENISA Threat Landscape Report 2018
  • 12. “…may intentionally or unintentionally abuse their access and harm the organization” Insider Threats: Who Are They? Christina Lekati | Cyber Risk GmbH Source: ENISA Threat Landscape Report 2018
  • 13. • Current employees/ contractors • They already have authorized access to the IP they steal • They usually steal it during normal business hours • Scientists, engineers, contractors, salespeople, and more Who Are The Usual Culprits? Christina Lekati | Cyber Risk GmbH
  • 14. • Misconception: they want to sell it for monetary gain • Reality: they steal it for a business advantage (a new job, to start a competing business, to send it to a foreign government/ organization) Why Do Insiders Steal Intellectual Property? Christina Lekati | Cyber Risk GmbH
  • 15. The Anthony Levandowski Case Christina Lekati | Cyber Risk GmbH Sources: https://www.bloomberg.com/news/features/2017-03-16/fury-road-did-uber-steal-the-driverless-future- from-google https://www.bloomberg.com/news/articles/2020-04-18/uber-says-guilty-engineer-on-his-own-for-180-million-to- google
  • 16. • Insider acts alone • Helped develop the IP/ perceives their role in its development as important • Sense of entitlement & ownership of IP • Intense & explicit evidence of entitlement or possessiveness in many cases Two Main Types Christina Lekati | Cyber Risk GmbH • One insider may recruit other insiders for theft of IP • Want to gain access to more information – may try to assemble an entire strategic plan or software system • Motives vary –recruits are promised higher rewards Individuals Recruiters
  • 17. • Sense of entitlement • Possessiveness • Disgruntlement Most IP theft happened within 1 month before/after employment termination. The most frequent data exfiltration methods are emails, removable media & remote network access. However physical exfiltration of information also happens. The insider often felt that they exfiltrated what righteously belonged to them- and did little effort to conceal their theft. Patterns Around IP Theft Christina Lekati | Cyber Risk GmbH
  • 18. Concerning Indications Include: Christina Lekati | Cyber Risk GmbH Extreme disgruntlement with the organization Unusual IT activity; accessing/ emailing/ exfiltrating IP Suspicious comments; entitlement, possessiveness etc.
  • 19. Disgruntled Insiders Christina Lekati | Cyber Risk GmbH Disgruntlement with the organization is often explicit and can lead to malicious insider activity Source: https://www.csoonline.com/article/3284444/insider-threat-becomes-reality-for-elon-musk.html
  • 20. Enablers of Insider Threat Activity Christina Lekati | Cyber Risk GmbH “…Where an insider act takes place there is often an exploitable weakness with the employer’s own protective security or management practices which enables the insider to act.” CPNI Insider Threat Collection Study 2013
  • 21. Lack of a proper inventory. Easy access to hardware and software assets - trade secrets, and other proprietary information etc. *and more!!!* Poor Asset Management Absence of sufficient technical controls. Rare or unsystematic IT auditing that would spot irregularities or unusual behaviors. This enabled insiders to act in the first place. Poor Usage of Technical & Auditing Functions Lack of adherence to security policies & practices allowing insiders to have access to foreign computers, sensitive materials, privileged/accumulated access to information beyond the scope of their work etc. Poor Security Culture Many concerning behaviors/ problems & activities of the insider were noticed but unaddressed. Poor Management Practices Christina Lekati | Cyber Risk GmbH Enablers of Insider Threat Activity
  • 22. Both technical and behavioral monitoring is required. 72% of IP theft cases were detected and reported by non-technical employees. Signs are often observable by technical and/or non-technical means if you are vigilant. Appropriate policies & processes are also essential. Countermeasures for Insider IP Theft Christina Lekati | Cyber Risk GmbH Source: Cappelli, D., et al. “The CERT Guide to Insider Threats: How to Prevent, Detect and Respond to Information Technology Crimes”, New York; Addison-Wesley.
  • 23. • Understand the positions at risk – who handles your most critical IP? • Recognize the patterns & organizational factors surrounding IP theft • Employee training on insider threats • Improve termination policies & processes • Clear reporting process in case of suspicious activity • Well-defined and clear contracts on IP development, rights & ownership • Implement technical countermeasures (Data loss prevention systems, digital rights management, etc.) • Review & adjust access controls on the people that move to different projects/departments in your organization. Do they just accumulate privileges? Countermeasures for Insider IP Theft Christina Lekati | Cyber Risk GmbH
  • 24. Economic Espionage: “the conscious and willful misappropriation of trade secrets with knowledge or intent that the offense will benefit a foreign government, foreign instrumentality, or foreign agent.” Industrial Espionage: “the conscious and willful misappropriation of trade secrets related to, or included in, a product that is a product that is produced for, or placed in, interstate or foreign commerce to the economic benefit of anyone other than the owner, with the knowledge or intent that the offense will injure the owner of that trade secret.” Theft of IP from Foreign Governments or Organizations Christina Lekati | Cyber Risk GmbH -Office of National Counterintelligence Executive
  • 25. Malicious insiders who infiltrate an organization or get recruited. They misuse their access and involvement to intellectual property rights and development to benefit a foreign entity. Unintentional insiders who do not practice appropriate security practices (e.g. while traveling) and are being targeted by external threat actors. Theft of IP from Foreign Governments or Organizations Christina Lekati | Cyber Risk GmbH It is very difficult to recover stolen IP once it leaves the legal jurisdiction of its “home country”.
  • 26. Reporting Christina Lekati | Cyber Risk GmbH Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019 Someone meets friendly, fun individual while working on a project abroad …and eventually is offered a large amount of money to provide access to the corporate networks …which the individual refuses… …but after a while notices a coworker enjoying large amounts of sudden, inexplicable wealth.
  • 27. Reporting Christina Lekati | Cyber Risk GmbH “…I didn’t ask about it or report it because I felt I would also be implicated and actually I would rather not be involved. " Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019 DID HE/SHE SAY SOMETHING?
  • 28. Reporting: What Does the Research Say? Christina Lekati | Cyber Risk GmbH Quantitative & Qualitative Research: • 1145 participants • Different countries • Different roles • About 15 different industries Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/
  • 29. Reporting: What Does the Research Say? Christina Lekati | Cyber Risk GmbH High Reluctance to Report: • Employees’ cost / benefit analysis for reporting insider threat activity is discouraging. - Moral inhibitions - Fear of social judgment within the organization - Fear of personal risks “ I would rather come forward as a witness after the attack than risk my life and career being ruined by reporting it earlier.. ” Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/
  • 30. Reporting: What Does the Research Say? Christina Lekati | Cyber Risk GmbH HR Preferred for Reporting Over Security Teams: • Closer to the employees • Trust; HR would keep the confidentiality • Believed to handle the issue better Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/ …BUT HR is typically NOT trained on the security implications of insider threats (or security in general) and may not pay the proper care and attention to a reported incident.
  • 31. Reporting: What Does the Research Say? Christina Lekati | Cyber Risk GmbH Lack of Training is the Biggest Barrier to Reporting • Over 72% of respondents cited a lack of training knowledge and confidence to report suspicious activity. • Staff is unclear in identifying suspicious behavior. • Staff does not realize the significance of insider threats and reporting. Source: Red Goat Cyber Security, (2019). Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/ “Our company just says report anything suspicious – there is no guidance, no training, nothing.” “It is a scary thing to do (reporting). I need some form of training and process otherwise I feel like I am playing God.”
  • 32. Through training & management Separation of duties and least privilege. Keep an eye on the physical environment. Monitor and respond to suspicious or disruptive behavior --insiders feel free to act when they fear no risk of detection or consequence!-- Improve Security Culture Technical Security Controls/ Asset Management Christina Lekati | Cyber Risk GmbH Countermeasures - Recommendations Identify your critical IP assets and place technical controls for their protection. Log, monitor and audit (periodically) employee online actions. Deactivate/control employee access to accounts, networks, systems, applications, data & physical locations upon employment & termination. *and more!!!*
  • 33. Straight forward process. Confidentiality/ anonymity need to be ensured. “No fault” reporting policy. Report to specific teams/ people Reporting Process For HR, management and employees. Recognize insider threats & know how to report. BONUS Benefits: Training strengthens security culture & social engineering defense! Training Christina Lekati | Cyber Risk GmbH Countermeasures - Recommendations
  • 34. • Fear of creating a toxic organizational culture • Not enough cases made public • “Not In My Back Yard” phenomenon This is still a controversial topic Christina Lekati | Cyber Risk GmbH
  • 35. Christina Lekati | Cyber Risk GmbH A last word on (avoiding) PARANOIA…
  • 36. Christina Lekati | Cyber Risk GmbH Community support is still very important, especially towards common threats.
  • 37. Additional Recommended Resources Christina Lekati | Cyber Risk GmbH • Cappelli, D., et al. (2012) “The CERT Guide to Insider Threats: How to Prevent, Detect and Respond to Information Technology Crimes”, New York; Addison-Wesley. • Center for the Protection of National Infrastructure (CPNI), (2013). “CPNI Insider Data Collection; Report of Main Findings”, Retrieved from: https://www.cpni.gov.uk/system/files/documents/63/29/insider-data- collection-study-report-of-main-findings.pdf • Center for the Protection of National Infrastructure (CPNI), (2012). “Holistic Management of Employee Risk (HoMER)” Retrieved from: https://www.cpni.gov.uk/system/files/documents/da/00/Holistic- Management-of-Employee-Risk-HoMER-Executive-summary.pdf • Charney, L., D., (2014). “True Psychology of the Insider Spy” Retrieved from: https://noir4usa.org/wp- content/uploads/2014/07/NOIR-White-Paper-17JUL14.pdf • European Network and Information Security Agency, (2019). “ENISA Threat Landscape Report 2018”, Retrieved from: https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018 • Red Goat Cyber Security, (2019). “Insider Threat Report 2019; Research Results and Analysis” Retrieved from: https://red-goat.com/insiderreport19/
  • 38. Contact Details: “Knowledge is a weapon. I intend to be formidably armed.” - Terry Goodkind Christina Lekati @ChristinaLekati Christina Lekati Social Engineering Security Trainer & Consultant Cyber Risk GmbH