How to Safeguard Against Intellectual Property Theft Using Advanced Analytics
Decision Intelligence software can help governments identify and stop bad actors.
In early July, the leaders of MI5 and the FBI did something extraordinary, taking the stage together at a meeting in London with international business leaders to warn about the threat of intellectual property and technology theft by agents of the Chinese government. At risk are a wide range of UK, EU, and US businesses, research institutions, universities, government agencies, and other organizations.
“If you are involved in cutting-edge tech, AI, advanced research, or product development, the chances are your know-how is of material interest to the CCP (Chinese Communist Party),” MI5’s director general, Ken McCallum, said. “And if you have, or are trying for, a presence in the Chinese market, you’ll be subject to more attention than you might think. It’s been described as “the biggest wealth transfer in human history.”
FBI Director Christopher Wray described the threat to U.S. organizations, saying, “The greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality, is the counterintelligence and economic espionage threat from China.” And while China was front and center in Wray’s comments, his cautions just as easily apply to the threats many organizations worldwide face from other governments and bad actors, who are constantly probing their defenses in hope of finding ways to bypass existing data security measures to usurp valuable intellectual property and technology secrets.
McCallum urged the leaders in attendance to make sure their organizations take a number of specific actions to protect themselves and manage their risks. Here are some questions business leaders should be asking key team members internally as they assess their threat readiness:
Do you have a strategic approach to managing the risks, and have you discussed those risks with your board members?
Do you have a thoughtful security culture at all levels in your organization, or does everyone leave it to a security department that’s off to one side, only to be contacted in an emergency?
Does your organization know what its crown jewels are? What are those things that, if stolen, would compromise your future?
Have you put the right controls in place to assess the risks attached to your funding sources and partnerships, and to protect your supply chain?
Clearly, addressing these questions can serve as a best-practice roadmap for managing risk. But what are “the right controls” to assess risks and protect your intellectual property, trade secrets, and technology?
Leveraging advanced analytics technology
There is growing recognition that can serve as a powerful risk management control, especially in addressing questions about people and organizations whom you may be considering doing business with.
Bank and financial service professionals have long been familiar with this concept of KYC — Know Your Customer. More recently, the idea has evolved to encompass more than just customers and potential customers. It’s evolved to KYX, where the X is a variable that applies to current and potential suppliers, partners, employees, strategic allies, service providers, and others.
Entering into new professional relationships with individuals and organizations entails risk. Analytic technology, using Entity Resolution and network generation, can mine data of all types to provide critical information about an individual or an organization, including their connections with other people and entities, with past events, locations, sanction and/or watch lists, and with a wide range of risk factors.
Mitigating risks from individuals
The utility of this type of contextual analysis is not limited to the specific threats presented by foreign governments. Consider these challenges and potential use cases involving individuals, which can easily be avoided using the right technology solutions:
Your organization is approached by an individual who wants to make a large purchase or investment that would be highly profitable for your firm. Using analytic technology to research that person’s background reveals they are closely associated with a Russian citizen who is on EU, UK, and US sanctions list, and who has a strong motivation to launder cash.
A job candidate for an essential position in your firm has impressed senior management and is poised to receive an offer. Running a network generation analysis reveals this person was previously involved in the theft of trade secrets from another firm and that they have a number of links to a high-risk foreign government.
An expert in your professional field with impressive credentials approaches your firm about a collaborative research and development project that could, if successful, yield new drug manufacturing methods and be highly profitable. The project would require sharing sensitive intellectual property with the expert. Using contextual analysis, your firm discovers the expert has close links to an organization suspected of being a front for organized crime.
Seeing the bigger picture
There are countless other scenarios where having a complete picture of potential customers, partners, employees, suppliers, etc. — all the Xs in KYX — can lead to better decision-making, risk avoidance, and risk mitigation. That complete picture is now available when we use advanced analytic technology to provide context, visualize connections, and discover linkages using commercially available data from a range of sources, including credit information, public records, corporate filings, social media, news media, sanctions lists, and more.
Treasury & Risk reports that in the US alone, the Commission on the Theft of American Intellectual Property estimates that annual costs from IP losses range from $225 billion to $600 billion. Organizational leaders must invoke a sense of urgency to address these risks, but many don’t know where to start. This is where public/private partnerships can be invaluable. They can jumpstart your risk mitigation strategy as part of a broader plan to transform your organization and secure it against threats to intellectual property and technology thefts in the future.