Successfully Protecting Your IP Assets

A Cyber Perspective

E.J. Hilbert

October 8, 2013

About the Speaker• Managing Director Kroll Advisory Solutions- Head of Cyber

Investigations for EMEA

• President of Online Intelligence- A cyber security and investigative firm specializing in social media and online advertising schemes, scams and crimes.

• Director of Security Enforcement for MySpace – Responsible for addressing all security concerns related to MySpace, its systems and its users.

• FBI Special Agent- Specialized in White Collar Crime, Cyber Crime and Counter-Terrorism. Notable cases are Treason charges against Adam Gadahn aka Azzam Al Amriki, FBI.gov email intrusion, Carderplanet takedown/Cardkeeper, Samantha Runnion Kidnapping and Invita/Flyhook: the Alexey Ivanov case

• High school Teacher and Coach- History, Science, Baseball, Basketball and Cross Country

• Got my first computer at 12yrs old, a Commodore 64, upgraded later to an Apple IIe

• Consultant on TV shows, movies and books, various media coverage including MSNBC, CNN, Financial Times, Rolling Stone, WSJ, Wired, Gizmodo and others

Why Invent When You Can Steal

IP equals Information that can equal Profit

» There is no innovation that is not stored digitally

» Patent trolls illustrate the profit model

Innovation takes time

» Shortage of Cyber professionals in EMEA

» Plagiarism is the highest form of flattery?

Theft can level the playing field

» Emerging markets are looking for a leg up

» 1st world markets are looking to stay on top

Physical theft is hard, cyber theft is easy

Five Steps To Protecting Your IP

Know What You Have

Limit Who Can Access It

Know Who Is Accessing It and Why

Terminating Access

Fight For What Is Yours

Knowing What You Have

Before you can protect something you need to know what IT is.

Blob Data- most people and companies have a stockpile of Blob data with no understanding of what it includes.

Value of Your Data – One man’s trash is another man’s fortune

Subjective Security- Protection around the individual as well as the whole.

Limit Who Has AccessEveryone does not have “A Need To Know”

Access Control – shut the doors and close the blinds

Key ring approach – Require different passwords for each level of access

Change It Up- Force changes at random times

Who are you and why are your looking at this

You need to monitor who is accessing your stuff

Most companies do not monitor access

» We create logs but nobody reviews them

Logs are not just for reactive work

» Viewing the logs will show patterns

User authentication and reasons for use are imperative

» Are you sure they are who they say they are?

Detection and Terminating AccessYou need to have lightening reflexes

The speed of cyber theft is only tempered by perceived monitoring, the fear of getting caught and victims ability to act.

You must be able to detect an attack and shutdown access immediately

“We will protect IP as soon as we get some of our own.”

Fight for What is Yours “What’s the use?” is defeatist and has a knock-on

effect.

Cyber attackers do not fear being caught because most given up the fight. There is no downside to stealing your IP for the hackers.

Most victims of cyber attack focus on the how it happened and defending against the next attack, few seek attribution and penalties.

No fight means you will forever be the victim.

WITH

Take Away Information

Know What You Have

Limit Who Can Access It

Know Who Is Accessing It and Why

Be Able to Terminate Access

Fight For What Is Yours

Which of These Don’t You Do?

Questions?

E.J. Hilbert

Managing Director

Kroll Advisory Solutions

+44 (0)782-5753027

ehilbert@kroll.com

www.twitter.com/ejhilbert

www.linkedin.com/in/ejhilbert