This document summarizes a webcast on protecting corporate assets from cyber threats. It discusses common cyber threats like IP theft, data breaches, and how threat actors like nation states, malicious insiders, and competitors can exploit vulnerabilities. It then provides a 5-step framework organizations can use to assess trade secrets, identify threats, measure the impact of a loss, improve security practices, and measure effectiveness of improvements. The webcast aims to help organizations understand security risks and guide investments to best protect their most valuable information assets.
3. Chelsie Chmela
Events Manager
chelsie.chmela@ethisphere.com
847.293.8806
We encourage you to engage during the Q&A portion of
today’s webcast by using the chat function located within
your viewing experience.
HOST
QUESTIONS
RECORDING The event recording and PowerPoint presentation will be
provided post event.
3
6. Pamela Passman
President & CEO
Center for Responsible
Enterprise and Trade
CREATe.org
Marissa Michel
Director, Forensic Services Group,
Strategic Threat Management
Services
PriceWaterhouseCoopers (PwC)
7. U.S. hacking victims fell prey to
mundane ruses
-May 20, 2014
U.S. announces first charges against
foreign country in connection with
cyberspying - May 19, 2014
U.S. announces first charges against
foreign country in connection with
cyberspying - May 19, 2014
Trade secrets bill
clears a hurdle
-September 17, 2014
9. On the rise:
• Malicious code and sustained probes have
increased the most: average of 17 malicious
codes/month, 12 probes/month, 10
unauthorized access incidents
Uncertainty about steps to take:
• 50% low/no confidence they are making the
right investments in people, process and
technologies to address threats
Greatest threat:
• The human factor (negligence) and system
glitches (IT and business process failures) still
account for almost two-thirds of data breaches
12. Threat
Actor
Objectives Methods Vulnerabilities Risks /
Outcomes
Nation
States
Military
technology, help
national
companies
Blunt force hacking
Social Engineering
Trojan Horse
Spear phishing
Watering Hole
Exploits
Malware
Co-opted Credentials
Physical/Non-
technical
Processes
People
Technology
IP Theft
Data Breaches
Disrupted Business
Reputational issues
Lost revenues
Lawsuits
Fines
Malicious
Insiders
Competitive
advantage,
financial gain,
national goals
Competitors Competitive
advantage
Transnati’l
Organized
Crime
Financial gain
Hacktivists Political/social
goals
Source: CREATe.org – PwC Report: Economic Impact of Trade Secret Theft: A framework for
companies to safeguard trade secrets and mitigate potential thefts, February 2014
13.
14. Impact
Motivation
Access
Connections
Red Flags
Most common source of IP theft;
Differs from unintentional or uninformed insiders
Typically disgruntlement or ego, ideology,
competition, or personal financial gain
Insider authorization to systems, records,
source code, and even facilities = opportunity
to exploit access for malicious purposes
Can be leveraged or planted by Advanced Persistent
Threats to exploit access to critical assets
Activity changes w/business change: mergers, divestitures
and legal entity separations, and within 2 weeks before and
after employment separation (voluntarily or involuntarily)
15. • The economic impact
• An analysis of key threat actors
• Three future scenarios
• A five-step framework
16. Consensus across business units over definitions and criteria
for determining IP that is a trade secret
Prioritized, ranked list of trade secrets with location maps
around the world
A clear repeatable process for incorporating new innovations
and trade secrets into the existing trade secrets list
Proven formula for assessing the cost of trade secret theft at
the individual level
Means to determine how to maximize the value of protective
measures to ensure the greatest return on security investment
17. Category of Trade Secrets
• Product Information
• Research & Development
• Critical & Unique Business Processes
• Sensitive Business Information
• IT Systems & Applications
28. WHY SHOULD YOU APPLY?
• Learn your scores – your Ethics QuotientTM
• Compare your practices to those of the Worl’s
Most Ethical Companies
• Understand the gaps in your program, activities and
practices vs. leading companies
• Use this knowledge to guide and shape investments in
program and resources
• Engage the entire organization and ecosystem
29. This webcast and all future Ethisphere webcasts are
available complimentary and on demand for BELA
members. BELA members are also offered
complimentary registration to Ethisphere’s Global
Ethics Summit and other Summits around the world.
For more information on BELA contact:
Laara van Loben Sels
Senior Director, Engagement Services
laara.vanlobensels@ethisphere.com
480.397.2663
Business Ethics Leadership
Alliance (BELA)