ppt slide
kristina469
TRreport.docx2
CSCI-303-01W
November 13, 2022
Cyber Theft of Trade Secrets
Abstract
In recent years, the cyber theft of trade secrets has become an increasingly important concern for businesses and governments worldwide. This issue's growing importance is due to businesses' growing reliance on digital information and the increasing sophistication of cybercriminals. Unimaginable sums of money have been lost due to trade secret theft. As a result of theft, many good companies had to close their doors. Every firm uses its own trade secrets to conduct trustworthy and successful operations. If a company's trade secrets are compromised in this way, the company will suffer financial losses directly. Government policy regulators have paid insufficient attention to the problem of protecting trade secrets from online attacks. Because there are no robust procedures and regulations in place to safeguard trade secrets from being stolen by cybercriminals, this leaves them open to assault. Trade secrets, confidential customer data, and contracts are examples of the organization's assets that are at risk of being stolen or compromised. For the sake of the organization's performance, the precious assets have earned the right to be adequately preserved. Prevention is the proactive method that would assist in securing trade secrets. Some examples of prevention include having robust passwords that are updated regularly and teaching personnel to spot possible assaults early enough.
Key Words: Trade secrets, Cyber Crime, Economy
Introduction
A piece of information is regarded to be a trade secret if it possesses commercial value yet is not generally known to the general public. A wide variety of information might be considered a trade secret, ranging from client lists and marketing plans to product designs and production procedures. A piece of information that is kept hidden from the general public is called a trade secret. The company can protect its innovations and improve its position in the market thanks to the information included in its trade secrets. This kind of unwarranted disclosure of information is referred to as "the theft of trade secrets" and is considered a serious crime. The theft of a company's trade secrets can severely damage the organization's economy and the country's economy. The theft of trade secrets is a serious crime that can devastate an entire industry. Trade secrets are kept under extremely close control and are not available to anyone and everyone. They comprise highly confidential business information in addition to other types of industrial secrets. Anyone has the capability of stealing something. Workers, global corporations, or even people from other countries could be affected.
Examples of Trade Secrets
Every business has its own trade secrets, which it only discloses to the appropriate authorities. The examples of trade secrets from well-known and prosperous corporate organizations provide fascinating information. The Coca-Cola firm has a proprietary secret recipe that is fiercely guarded. It is securely stored in a specially constructed vault in the World of Coca-Cola. Similarly, KFC's renowned fast-food restaurant uses a secret blend of 11 herbs and spices to create its world-famous Kentucky fried chicken. The manufacturing corporation also protects the privacy of its trade secrets.
Science and technology firms also keep their research and studies under wraps, in addition to their recipes and production processes. Until the research is validated, they are kept a secret. If they divulge their trade secrets, the company's product will no longer be valuable commercially. In order to escape criticism if their study is unproven, scientists also conduct their studies in secret. The protection of trade secrets is a growing problem for businesses today. It is also a good idea for businesses to keep quiet about their trade secrets in the light of all the continuing operations linked to trade secret theft. Additionally, they have begun to conceal their list of clients and consumers. The business must cherish its clients and consumers. A short check of the case law revealed that there are more than 150 federal court cases where it is alleged that client and customer information is being utilized improperly as trade secrets.
Vulnerable Assets
The same technologies that have fueled the expansion of enterprises and economies have also introduced a novel and dangerous challenge to the task of safeguarding essential resources. The risk of losing a trade secret has increased as a result of the easiness with which sensitive information may now be stored, accessed, disseminated, and published, thanks to technological advancements. It is no coincidence that cybercrime and the theft of trade secrets go hand in hand. While the rise of digital technologies has benefited things like innovation and data management, it has also exposed the fragility of intangible assets. Examples of digital assets include intellectual property (IP), data, customer records, and security information. Additionally, operational assets, such as mission-critical information technology services, also fall under the category of digital assets (Ruan, 2017). Cyber security provides businesses with important and practical safeguard for their most valued items, while proprietary information legislation tends to help mitigate security flaws by offering protection under the law for these digital assets.
Cyber security offers companies with important and practical protection for their most valuable assets. In response to the dangers posed by these situations, the government is taking action. The U.S. has issued a warning about the growing dangers posed by competitors and enemies that engage in destructive economic espionage and hostile cyber operations. These types of activities have the potential to cause major disruption and damage to the economy. The United States government has been working to strengthen trade secret protections at the same time, it is developing cyber policies. The 'war narrative' surrounding recent trade secrets debates has US companies as potential partners against the national security threat posed by trade secret theft. The choice to use trade secrets is critical for any business. Businesses should consider using intellectual property systems to regulate how their information is used to preserve their competitive edge and safeguard their breakthroughs.
In relation to other forms of IP, trade secrets do not have to be formally registered, can exist indefinitely, shield a wide range of information, and do not mandate disclosure. Companies can shield everything from client lists to prototypes under the umbrella of trade secrets. Technical glitches in software or the results of a botched experiment can nevertheless be protected as commercial secrets. One drawback of adopting trade secrets as a form of intellectual property protection is that maintaining their secrecy is crucial to their utility; once revealed, the secret loses its privileged status as a trade secret for both practical and legal purposes. Theft can be prevented with solid cyber security and legal controls like contracts. When it comes to legal and strategic business procedures, companies do not need to rely on trade secrets alone.
Using patents as an alternative to sharing trade secrets is becoming increasingly common. However, patents can be costly and time-consuming, requiring disclosing more information than might otherwise be the case, which can reduce the patent's effectiveness and ultimately reduce the patent holder's competitive advantage. Despite the dearth of hard data, it seems clear that trade secrets are more valuable than other forms of intellectual property, and thus that trade secret protection should be prioritized. Cyber security has benefits for other types of intellectual property, such as the use of technical protection mechanisms to manage copyrighted material, but it is crucial for protecting trade secrets.
Consequences of Trade Secrets Theft
Theft of trade secrets may be quite costly for a business, which is why cyber security measures are so important. Cyber security and trade secrecy both have costs and benefits that should be considered before making any decisions. However, it is not easy to put a number on these factors. Trade secret protection is a more cost-effective method of safeguarding high-value assets than other types of intellectual property. It is debatable whether, in this day and age of rampant cybercrime, a trade secret may still be kept hidden if it is not subject to "reasonable protection." The passage of time and the development of new technologies is what was formerly thought reasonable may now be deemed totally obsolete and this is a concern that needs necessary intervention for an effective solution. Effective cyber security measures might demand a continuous input of capital. Considering the risk of "loss of private data" is essential before taking any measure to ensure data integrity. The principle of diminishing marginal returns states that increasing security measures should be made only to a minimal degree for extremely low or very high vulnerabilities. Information that is already in the public domain, like the possible sale of a business unit, may be too expensive to protect. One such reality is that an investor's focus should shift from the asset's sensitivity to loss to the protection from expected loss that the investment provides. Knowing how much protection is enough could be difficult. As a rule of thumb, the ideal amount to spend on information security is less than or equal to 37% of the value of the assets that may be lost if they are not protected. Financial institutions invest between 1percentage points and 2percent in terms of their overall IT budget on security, per Lagazio et al. (2014). The intangibility and unpredictability of protection make it hard to calculate returns on investment in security and the projected loss from a theft of trade secrets. The lack of appropriate quantitative data hinders accurate risk assessment in businesses (Ruan, 2017). Given the rapid evolution of both technology and cyber threats, determining the optimal level of investment in security has proven difficult. A company may lose money as a result of cybercrime. Loss of data (including proprietary information) is a major expense for any company that has been the target of an assault. If sensitive information is lost, it could fall into the wrong hands and hurt the company's ability to compete. Unlike more fleeting cyberattacks like denial of service, the effects of IP theft on businesses can be more pervasive and enduring. This is consistent with the earlier reported policy concerns, showing that IP theft is a major strategic worry for the corporation.
Despite the dangers, there is scant empirical evidence of likely losses. Any news that a company has compromised its intellectual property or network security is bad for the stock price. Keep in mind that while intellectual property theft can significantly negatively affect a company's profitability, the effects of other security breaches can be unpredictable and, sometimes, very short-term or even insignificant. You will discover that the negative reaction of the stock market is statistically substantial but only transitory. They point out, however, that factors such as increased insurance premiums and indirect harm to a company's goodwill may have an effect on a business's bottom line. Another finding that is cited as proof that it is difficult for legislators to incentivize investment in cyber security is the fact that cyber security incidents, such as data breaches, do not affect the amount of web traffic that is experienced by online businesses. It's possible that the effect will undergo some changes. According to the findings of the research, the negative impact on stock market prices lessens when investors reduce the costs, they anticipate incurring as a result of security breaches. According to the findings of Hilary and colleagues, the response of the market to the incidence of cyber-breach is statistically significant but economically negligible (2016). In spite of the fact that studies on the subject have produced conflicting results over the past two decades, Arcuri et al. (2017) conclude that the stock market does, in fact, respond negatively and significantly whenever there is news of a breach in information security. The research as a whole paint a picture of a dynamic setting in which companies must constantly adjust their assumptions about the extent to which they would be affected by criminal activity. Cybersecurity concerns and cybercrime have been shown to have detrimental effects in both theory and practice, but despite this, investment decisions remain challenging. Companies have a hard time deciding whether to invest in a high- or low-security environment since the implications of a cybersecurity incident or theft of trade secrets are unknown.
Prevention of Trade Secrets Theft
There are a number of steps that businesses and governments can take to prevent trade secret theft. For example, businesses can implement security measures to protect their digital information, and governments can enact laws that make trade secret theft a crime. The policy implications of cyber theft of trade secrets are significant. The issue of cyber theft of trade secrets raises a number of policy questions.
According to surveys, accessing personal information unlawfully frequently results in 50% of employees losing their jobs. The motivations for the workers' international migration are several. There may be some good ones and some bad ones. The business should begin with its personnel in order to secure its trade secrets. Everyone should be aware of theft's repercussions when recruiting a new employee. The organization should compile all relevant information about an employee that is suspected of committing theft. The details of his job history, including the projects he worked on, the data he accessed, his relationships with persons outside the organization, etc. In such a circumstance, the appropriate course of action is to question the accused employee. The business has access to his works, his actions, and the circumstances that motivated him to take these actions.
The Economic Espionage Act of 1996 was a better method developed by the US government to safeguard trade secrets. This statute proposes two different types of trade secret theft. Theft committed for financial gain and theft committed to boosting the foreign economy. The accused might get a fine of up to $250,000 or double the loss the firm suffered, along with a sentence of up to 10 to 15 years in jail. The most current trade secret legislation, passed in 2016, allows the federal government the authority to take action in situations involving the unauthorized licensing of trade secrets. The business owner is also empowered by this law to take strong measures to protect trade secrets and other private information from third parties.(Doyle, 2016)
Steps of Trade Secret Protection
The most effective line of protection against trade secret theft has agreements and processes in place. Companies that have developed protection procedures can safeguard trade secrets as effectively as feasible. Managing the hazards is another option. When trade secrets are protected, there are some dangers involved. The information pertaining to the materials that the business considers to be trade secrets and the contents they need to be registered. Pricy, hefty manufacturers might make the components with cutting-edge engineering.
Additionally, the company details must be registered. The protection team should be set up to keep a watch on trade secrets. When trade secrets are misappropriated within the organization, building a cross-functional team will aid the business in laying the groundwork for trade secret protection. The business information may include important business and economic information that can assist the nation's economy in growth. Similarly, the business must ensure that all workers know the repercussions of stealing trade secrets.
Government Policy and Cybersecurity
Nobody is considering the repercussions when formulating the policies that will govern the future. Those thefts that are reported to the government have a greater influence on policies than those thefts that are not recorded. According to the Cyber Strategy, "The prompt reporting of cyber incidents to the Federal Government is critical to an effective response, correlating related occurrences, identifying the culprits, and preventing future attacks." This is an important step in the process of preventing future attacks. In order to achieve a balance that is both socially and economically beneficial, public policy needs to address the synchronization issues that are exacerbated by openness. There is evidence to suggest that the repercussions of breach-related criminality have been lessened as a result of government policies that mandate the immediate report of data breaches.
On the other hand, despite the fact that reports are necessary for enhancing both policy and safety, they are very seldom submitted in a form that is considered satisfactory. If a company admits to stealing trade secrets, they run the risk of losing their competitive edge, as well as any goodwill they've built up and their ability to keep trade secrets secret. However, if they fail to do so, they run the risk of losing all three: there will be ethical and legal repercussions, a precedent will be set that there will be no repercussions for stealing, and potential damages will be lost. In a survey conducted by the Computer Security Institute and the Federal Bureau of Investigation (CSI/FBI), 48 percent of respondents indicated the fear of negative publicity as a reason for not disclosing a breach in computer security to the relevant authorities.
In addition to this, businesses frequently underestimate the magnitude of the monetary damages that they have sustained as a direct result of cyber-attacks (Shackelford, 2016). This is due to the fact that the repercussions from the exposure, which can come in the form of exposed internal weaknesses and a bruised reputation, can be much more devastating than the initial attack itself. An excerpt from an interviewee that was included in Ettredge et al. (2018). It is interesting to note that businesses who reveal their possession of trade secrets in public filings have a much increased risk of being the target of subsequent hacks (Ettredge et al., 2018).
When it comes to determining whether or not to share the information, one's own best interests aren't always the deciding factor. There are a variety of reasons why certain parties can overstate or conceal the true extent of cybercrime. For example, businesses in the cyber security industry might exaggerate their achievements, while governments might try to hide crime figures, both of which would result in inferior outcomes. Keeping the knowledge a secret and not seeking criminal or civil sanctions could, on the other hand, encourage illegal behavior in an ongoing game. The attempts of the FBI to expand criminal protections for trade secrets will be made worthless if corporations do not make advantage of the measures now at their disposal. When businesses and law enforcement engage, a feedback loop is created, which might potentially lead to underreporting of criminal activity (like the FBI). Lagazio et al. (2014) use a technique known as systems dynamic causality (SDC) to analyze the influence that chronic under-reporting of cybercrime by victim enterprises has on the ability of the government to successfully tackle the expanding problem. These relationships, in addition to governmental policies that encourage reporting and participation in computer security, are the foundation of our strategyRole of
Role of Computers in Theft of Trade Secrets
Computers significantly facilitate trade secret theft. A computer protects almost all trade secrets. Anyone who believes they won't be caught stealing from a secured computer is very incorrect. The use of computers has grown with all the new software and programs that have been developed along with new technological advancements. Companies now utilize modern, updated technologies to safeguard their trade secrets. When someone is unaware that his actions are visible, they misappropriate trade secrets. Every day, a computer monitors every movement made by the employee. As a result, computers may be used to find the individual who stole trade secrets quickly.
The first thing a business may do in the event of employee theft is to look at the employee's computer. His use of computers created a computerized data network, making it possible to retrieve the history of his operations simply. Additionally, if he denies stealing, the computer he used might be considered trustworthy evidence against him in court. Computers are used to operate every business, government, educational system, and other aspect of life. The world we live in today would not be conceivable without computers. Therefore, believing that stealing will go undetected when computers are involved is shameful.
COVID-19 and Trade Secrets
Currently, the world is passing through some difficult stages. 2020 is regarded as the most challenging year. Tests and impacts follow the challenging year. People are losing their jobs as a result of job closures. However, those who work from home present the greatest risk. The trade secret needs to be protected right now. It is thought that employees who work from home have increased their creativity and created new goods, logos, and a variety of trustworthy software. In other words, it also suggests that trade secret theft cases may be on the rise in the future. While working remotely and online may be the best option for employees with COVID-19, it is problematic for employers to consistently track employees' activity. The software and data also become accessible to parties outside the business, increasing the likelihood of illegal third-party activity and, thus, the risk of data loss or theft. Furthermore, there is no assurance that after the pandemic is finished, the theft (Wilding and Woolgar, 2020).
The majority of people will still prefer remote employment even after all of this chaos. When a corporation has a larger number of remote workers, all of their pre-employment agreements are more likely to be broken. Investigating is also very challenging. The E-filings system, which allows for online court hearings and the registration of theft cases, is another way that the courts are attempting to be as transparent as possible. However, several businesses have prolonged deadlines, rescheduled tasks, or even dropped the lawsuit due to the difficulties in obtaining information and instructions. Customers remain the same, and firms' reputations are just as important as they were before to the pandemic even if the globe has entered a phase of "new normal" (Wilding and Woolgar, 2020).
The world has been devastated by the COVID-19 disaster, and organizations are just fighting to stay afloat. Even those working for large technological organizations must conduct their business remotely. Organizations should have a mechanism in place to give trade secrets more protection because the likelihood of theft is higher now than it was before the crisis. They can start by implementing a work-from-home policy. The preservation of trade secrets must be emphasized in the policy. Even if thousands of people worked from home before the epidemic, the conditions brought on by this disaster have compelled the transition of nearly the entire workforce to remote employment. Reminders and announcements should constantly be sent by the accountable parties to encourage employees to keep the trade secret confidential. The usage of personal devices should be kept to a minimum while communicating and sharing trade secret information with coworkers. Introduce the concept of a safe workspace at home. More incidences of home invasions and robberies are occurring now than they did before COVID-19. Consequently, it is the duty of the employees to keep their workplace safe (Finberg and Christensen, 2020).
On all workplace devices where work is done, the companies should enable the automatic screen locking method. Employees who have access to trade secrets are required to store an extra physical copy for future use in a safe and locked software. When trade secrets are misused, there should be a required alarm or notification system that alerts the organization's higher authorities. Additionally, businesses ought to restrict who has access to trade secrets. As a result, there will be less chance of sensitive documents being taken. While working remotely, the use of third-party software should be limited. While working from home and keeping their personal lives with families and children, the employees are susceptible to distraction. However, they must constantly be on the lookout for both novel and well-known risks to trade secrets. Businesses are also putting in place fail-safe measures like remote lockouts of people to increase security. If the employee compromises the trade secrets, the gadget used by the corporation will be locked out of them. While people have become accustomed to working remotely, all these procedures are challenging to implement. Organizations must therefore make a special effort to ensure that all the policies are in place. The employees must get ready to go back to the office when they are transferred back there, even if everyone is hoping to escape this catastrophe safely. It will be crucial that all processes continue to be followed to guarantee that any trade secrets obtained outside of the office are appropriately returned and not utilized. (Finberg and Christensen, 2020).
Ways to Prevent Trade Secret Theft
The advancement of technology over the past decade has made it possible for firms to access previously unexplored avenues of commercial opportunity. However, the utilization of such technologies can also put businesses at danger of suffering losses in the millions of dollars due to the disclosure of trade secrets and breaches of confidentiality. The data of the organization is susceptible to cyberattacks from employees just as much as it is to those launched by technology. The data of the organization is just as susceptible to cyberattacks launched by employees as it is to those launched by technology. For instance, a study that was conducted not too long ago by SolarWinds discovered that the least qualified employees constituted the greatest threat to government agencies. Because of this, ensuring the safety of customer data when it is transmitted over the internet should be a top priority for any firm. The prevention of malicious software like worms, spyware, viruses, and other potentially damaging applications is one of the many advantages of practicing good cybersecurity.
The most obvious advantage of cyber security is the peace of mind that comes from knowing that a treasure trove of information that was painstakingly acquired will not be compromised. On the other hand, there is no assurance that data will always be protected from cyber threats in a manner that is 100 percent foolproof. Instead, it has the potential to slow down the operation of your systems. There is also the possibility that this will result in the authorized owner losing access to the data because of a problem with the program or a change in the configuration of the computer network. In addition, it is possible to build up a substantial bill by investing in cyber security measures such as system upgrades and additional protection software. In addition to investing a significant amount of money on software updates and other pricey data security measures, there are other methods available to you for protecting the information you own.
The first thing you need to do to keep your personal data secure is to choose a password. Make sure that the password you use to access your files is close to twelve characters long and includes a combination of capital letters, lowercase letters, and other symbols in addition to numbers. To prevent unwanted access, passwords need to be kept a secret and should be changed on a regular basis. Also, make sure that nobody from your company's staff who shouldn't have access to the material has managed to get their hands on it. Maintain a constant awareness of who can access the information and at what time.
It is possible that if your staff is trained to recognize common online threats, it will be simpler to keep the computers used by your firm secure. Employees who have undergone training in security awareness are in a better position to identify potential dangers that could affect the entire organization. When employees use a corporate computer that is connected to a network, they should be aware of the expectations placed on them as well as the methods by which they will be held accountable. Training that is required for all newly hired employees and training that is repeated on a regular basis should be used to instill the company's commitment to maintaining data security. Because it is everyone's responsibility to ensure the security of the company's data, it is critical that this point be driven home in a consistent manner. Data protection, data integrity, and data confidentiality are all responsibilities that must be upheld by the manager, IT officials, and IT workers in line with the law and any rules that are applicable.
In the event that a worker's computer becomes infected with a virus or begins behaving strangely in any manner (unexpected difficulties, sluggish performance, altered desktop settings, etc.), the worker should be aware of how to report the issue in accordance with the policy of your firm. In order for them to accomplish this, they need to get an understanding of what makes a valid warning. If employees immediately report cases of this kind, your IT staff will be able to take preventative measures and conduct an investigation into what happened. Make sure that everyone on your team is aware that they are not permitted to use a corporate computer to browse prohibited websites or download anything illegal. When employees disobey company rules and download software without a valid license, the company puts itself in danger of being targeted by malicious software, which could allow hackers to access the network and steal sensitive information.
Conclusion
Theft of trade secrets is a rising problem for companies and governments worldwide. A company's trade secrets are valuable because they provide the company a leg up in the marketplace. However, there are various methods for stealing trade secrets, such as hacking, espionage, and simple theft. Defending against trade secret theft is important for companies and governments alike to avoid potentially disastrous outcomes. There is a need to put enough effort into securing trade secrets from competitors that use cybercriminals to access them illegally, putting businesses in a risk and disadvantageous state. The organization management should consider funding the protection of the trade secrets and make sure that the company sensitive information in a good way. There is the need of allocating enough resources that makes the organization ready to counter cyber threats. The government need to put more effort and invest in more technology and infrastructure to protect citizens from cyber criminals that steal trade secrets.
Reference
Abd Jalil, Juriah, & Halyani Hassan. (2020). "Protecting trade secret from theft and corporate espionage: Some legal and administrative measures." International Journal of Business and Society 21.S1: 205-218. http://www.ijbs.unimas.my/images/repository/pdf/Vol21-S1-paper15.pdf
Arcuri M. C., Brogi, M. & Gandolfi G. (2017). How Does Cyber Crime Affect Firms? The Effect of Information Security Breaches on Stock Returns. http://ceur-ws.org/Vol-1816/paper-18.pdf
Basuchoudhary, Atin, & Nicola Searle. "Snatched secrets: Cybercrime and trade secrets modelling a firm's decision to report a theft of trade secrets." Computers & Security 87 (2019): 101-591. https://www.sciencedirect.com/science/article/pii/S0167404819300616
Ciuriak, Dan, and Maria Ptashkina. "Quantifying trade secret theft: policy implications." CIGI Paper 253 (2021). https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3706511
Doyle, C (2020). "Stealing Trade Secrets and Economic Espionage: An Overview of the
Economic Espionage Act." Congressional Research Service, 19 Aug. 2016, fas.org/sgp/crs/secrecy/R42681.pdf. Accessed 9 Sept. 2020.
Ettredge, Michael, Feng Guo, & Yijun Li. (2018). "Trade secrets and cyber security breaches." Journal of Accounting and Public Policy 37.6 (2018): 564-585. https://www.sciencedirect.com/science/article/pii/S0278425418302400
Hilary, G., Segal, B., & Zhang, M. H. (2016). Cyber-risk disclosure: Who cares? SSRN Electronic Journal. https://doi.org/10.2139/ssrn.2852519.
Hurley, K. (2019, November 21). Anatomy of Computer Forensics in Trade Secret
Misappropriation. In ENIGMA FORENSICS. Retrieved November 20, 2020, from https://enigmaforensics.com/blog/computer-forensics-in-trade-secret-misappropriation/
Ruan, K. (2017). Introducing cybernetics: A unifying economic framework for measuring cyber risk. Computers & Security, 65, 77–89. https://doi.org/10.1016/j.cose.2016.10.009
Shackelford SJ. (2016). Protecting intellectual property and privacy in the digital age: the use of national cyber security strategies to mitigate cyber risk. Chap L Rev, 19 (2016), p. 445. https://digitalcommons.chapman.edu/cgi/viewcontent.cgi?article=1376&context=chapman-law-review
Schmitz, Kassidy. (2020). "TRIPing on Trade Secrets: How China's Cybertheft of US Trade Secrets Violated TRIPS." Am. U. Int'l L. Rev. 36: 929. https://heinonline.org/hol-cgi-bin/get_pdf.cgi?handle=hein.journals/amuilr36§ion=31
