In the automotive industry, intellectual property (IP) is the differentiator and asset that is often most critical to business success and continuity. Whether we look at R&D, product development, CAD/CAE designs, software development and more, IP is always the core DNA that represents most of the value. It is also very vulnerable to theft. Most of the times, intellectual property is stolen by insiders, who have authorized access to that information or have contributed to their creation. They typically steal it while at work, during normal business hours and while pretending to be conducting “business as usual”. Because of that, detection becomes challenging. It is very difficult to detect illicit access from legitimate access. In addition, there is generally no indication of suspicious activity until the IP is in the process of being stolen or has already been stolen. This allows only an exceedingly small window of opportunity for detection and response.
Due to current political, technological and other global developments that are causing sales to plummet, while forcing companies in the automotive industry to make tremendous investments into new technologies and products to keep up with the competition, it cannot be overlooked that the ever-present threat of targeting insiders for economic or industrial espionage is higher than ever. Insiders in key positions are either being recruited or targeted for theft during business travel, or other occasions when they are the most vulnerable.
This presentation aims to shed light on the challenging topic of insider theft of intellectual property in the automotive industry. It will discuss the motives that lead employees to theft and/or the facilitation of third-party access to organizational assets intentionally or unintentionally. Despite the challenges, there are measures that businesses in the automotive industry can take to protect their intellectual property. Research has repeatedly found a clear link between insider activity taking place and exploitable weaknesses in security and management processes. Therefore, this talk will go on discussing the organizational factors enabling insider threat operations as well as countermeasures against them, by combining the lessons learned on insider activity prevention from the fields of counterintelligence, psychology, and cyber-security.