By Chris Morales, Vectra
Intellectual property (IP) is the lifeblood of medical device companies. An analysis of the top 10 medical device manufacturers indicates that intangible assets – R&D, trade secrets, designs, manufacturing processes, clinical trials management systems, and customer relationships – constitute 20-30 percent of their market value.
Beyond the accounting, IP is the engine of growth, the future of the company.
Unfortunately, IP theft is a growing problem for the medical device industry, as well as other IP-intensive industries. The economic damage of IP theft to U.S. companies is estimated at over $300 billion per year, according to an IP Commission Report, issued by the Commission on the Theft of American Intellectual Property.
Stolen IP represents a significant subsidy since the thieves don’t have to bear the costs of developing or licensing that technology or manufacturing process. If a competitor steals a company’s product-related trade secrets, it can beat that company to market with a new and innovative product, undercutting the victim company’s market share.
The IP Commission concluded that IP theft hinders the development of new inventions and industries, putting the U.S. economy and security at risk.
Many medical device manufacturers protect their IP by gaining visibility inside their networks to detect and respond faster and more efficiently to in-progress cyberattacks that would otherwise remain hidden.
Despite strong network perimeter defenses – next-generation firewalls, intrusion detection systems, web security proxies – cyberattackers today are adept at evasion and can easily gain a foothold inside they network to spy, spread and steal.
The What And Why Of IP Theft
Medical device manufacturers have a significant amount of IP to protect. Consequently, they’ve been the target of numerous attacks, which fall into two broad categories:
- Insider trading and market manipulation: This includes stealing information such as trial results, non-public earnings information, and acquisition targets to profit in equity markets. This manipulation impacts all legitimate shareholders, including executives, employees and public shareholders.
- Theft of trade secrets for competitive advantage: This enables perpetrators to accelerate time-to-market and reduce costs, especially R&D expenses. Corporate espionage may come from any competitor but is especially likely from emerging economies with substantial funding and support from governments.
In its report, the IP Commission notes that the scale of economic impacts from IP theft is unprecedented due to national security ramifications, international dimensions, significant foreign-state involvement, and inadequate legal and policy remedies and deterrents. It cites China, Russia, and India as the country’s most often implicated in the theft of IP from U.S. companies.
New Approaches For Protecting IP
Medical device companies face a very competitive environment, increasing the incentive for IP theft as well as damage to victims. While traditional industrial espionage techniques have been used extensively, cyber methods for stealing IP have become more widespread and harmful due to low costs, difficult attribution, and the ability to perpetrate crimes remotely to remain immune from extradition.
And whereas it typically takes months to discover a breach of credit cards or consumer identities – usually when the thief tries to use the stolen data to perpetrate fraud – IP theft may never be definitively discovered; victims are just left with an insidious disbelief at a competitor seeming to be just one step ahead.
It’s imperative that medical manufacturers take precautions to defend themselves from all types of IP theft, including both opportunistic and targeted cyberattacks.
To protect trade secrets and other IP, the IP Commission notes that enterprises need security systems that are capable of rapidly analyzing the behavior of unknown files and links, and that provide advanced, real-time network analysis.
Firewalls, intrusion prevention systems, web security proxies, payload analysis, and other prevention-centric products have a place in the enterprise security tool box, providing a first line of defense. But once attackers gain a foothold inside the network, they are free to begin their exploitation, to which perimeter defenses are blind.
To combat advanced threats, security professionals need automated real-time detection and reporting capabilities that provide multiple opportunities to stop an attack.
Detect Attacks In Progress, Streamline Security Operations
It is incumbent today for medical device manufacturers to employ network detection and response – in conjunction with endpoint detection and response and security information and event management systems (SIEMs) – to detect and respond rapidly to threats and stop attackers before critical IP is stolen.
Picking up where perimeter security leaves off, it is vital to perform deep, continuous analysis of internal and internet-bound network traffic and detect the fundamental actions and behaviors that attackers must perform when they spy and spread across an organization’s networks in search of valuable IP.
Continuous, uninterrupted traffic monitoring is also critical to detect suspicious access to critical assets by authorized employees, as well as policy violations related to use of cloud storage, USB storage, and other means of moving data out of the network.
By leveraging a unique combination of data science, machine learning and behavioral analysis, it is possible to detect all phases of a cyberattack, including command and control, internal reconnaissance, lateral movement, abuse of account credentials, data exfiltration, ransomware activity, and botnet monetization behaviors.
In addition, by automating the manual, time-consuming Tier-1 analysis of security events, security teams can dramatically reduce the time spent on threat investigations and focus instead on data loss prevention and mitigation.
About The Author
Christopher Morales is the head of security analytics at Vectra, a San Jose, Calif. cybersecurity firm that detects hidden cyberattacks and helps threat hunters improve the efficiency of incident investigations.