A Pilfered Laptop Is as Good as Gold18 April 2006
Some 7,000 pharmacists crowded into San Francisco's Moscone Center on a rainy week in March to attend the American Pharmacists Association's annual meeting. Joining them were representatives from nearly every major pharmaceutical manufacturer and distributor who looked at this and similar gatherings as a peerless sales and marketing opportunity. Armed with laptops, they ply their trade on the swarming convention hall floor. These laptops offer them instant access to customer lists, product information and contracts -- in short, all the tools to close a deal.
Hidden among the legitimate attendees at any big event may be thieves, solo practitioners as well as members of organized gangs. To them, a pilfered laptop is as good as gold. The laptop, including software, may fetch less than $1,000 on the black market. But that's chump change for these ambitious crooks. The data on these machines is another story. The information entered onto a company representative's computer holds the greatest value.
Finding an interested buyer requires no more than an Internet hookup and a little technical savvy. The World Wide Web is a bazaar for all manner of illicit products, from mass market goods to those that are highly specialized. Not only will the thief find a buyer, the Web almost guarantees that the parties in this illegal transaction will remain anonymous.
Most of the recent attention paid to data theft has focused on the potential damage to consumers. The Privacy Rights Clearinghouse, which as its name implies, tracks cases of privacy breaches, reports that last year 27 stolen laptops compromised the privacy of 750,000 individuals. Congress has been mobilized into action by this potential threat to consumer confidence. To date, the strongest legislation has focused on the financial services industry where, it is believed, the potential for consumer harm is the greatest.
Congress's concerns are justified. In an incident last month, mutual fund giant Fidelity Investments reported that a laptop containing customer account information was stolen during a meeting. The file included names, addresses, birth dates and Social Security numbers for 196,000 Fidelity customers, a bonanza for an identity thief. Fidelity says the data was "scrambled," and, so far, there are no signs that it has been used.
Missing from the reports was any discussion of the potential damage to Fidelity's business. Yet, intellectual property theft poses an even greater potential for monetary losses than identity theft. According to an analysis conducted in 2001, at least 1,600 laptops are stolen each day. Reports and estimates vary wildly as to the financial losses an organization experiences when a laptop and its data are stolen -- from as little as a few thousand dollars to as much as $5 million.
In no other industry is the protection of intellectual property more critical than in pharmaceuticals. Creating a new drug, from idea to market, takes an average of 10 years and $800 million, according to the University of California at San Francisco. And only one drug in 100 clears the complex hurdles required to verify the product's safety. The Federal Drug Administration approves a little more than two dozen drugs each year. Of those, only a handful will become blockbusters -- the kinds of drugs like Lipitor and Celebrex able to generate $1 billion in revenue each year.
What if a thief roaming the Moscone Center last March had made off with a pharmaceutical executive's laptop? The data on his or her machine would be of an even more proprietary nature. It would likely include a spreadsheet detailing the progress of yet-to-be introduced drugs in the regulatory process. There may be introduction dates for new drugs, sales figures for the current line and perhaps even formulas. Without encryption, the data is unmoored, free to be sent via the Internet, making a black market trader a troublesome competitor who can instantly eat into a market that had taken years to develop.
The fact is, however, companies have not yet taken adequate measures to protect intellectual property stored on mobile devices. Less than half the respondents to the 2005 FBI Computer Crime and Security Survey indicated they protect files using encryption, compared to nearly 100% usage of anti-virus software and firewalls.
The reason, perhaps, is because the problem of electronic data theft is relatively new. The idea of the Internet as a popular medium is only a decade old, and the earliest security breaches were from hackers who broke into corporate computer networks to prove their cleverness. Later, they unleashed viruses, causing real damage, and expanded to launching denial-of-service attacks on targets. Only recently have criminals started using their cyber- tools to steal personal identities. The theft of raw data, your hard-earned intellectual property, is their next likely target -- if such thefts haven't already begun!
A second reason may be a tendency among some business leaders to view new technology as a drain on the bottom line. The return-on-investment is difficult to quantify, they say. However, encryption technology has matured: Enterprise-grade solutions now integrate seamlessly with existing IT systems, improving scalability and streamlining management of encrypted data and computers, and the actual encryption and decryption processes take place in the background -- so much so that most users are not aware encryption has even been installed on their computers.
The reality is, however, that not using encryption may cause the greatest pain -- in part because you can never know whether your sensitive files were compromised or not.
Let's go back to that medical conference in San Francisco last March and imagine some possible scenarios. A sales or marketing representative may have accidentally forgotten his or her computer in a taxi, but the next person using that cab could simply pick up the computer as though it belonged to him. Was the data on the computer used or sold on the black market? Perhaps not.
But if a thief intentionally gains entrance to a conference attendee's hotel room, where the laptop is "safely" stored, that thief can start up the computer, bypass the traditional login screen and download any file he or she wants. No one would know any better.
In either example, the thief has control of the computer, and he who controls the computer, controls the data ... unless the computer is encrypted.
With encryption companies can maintain control of their intellectual property. In addition, they can place more sensitive and mission-critical information in the hands of their employees, secure in the knowledge that this information is protected against cyber-thieves.
Source: prnewswire
All trademarks and copyrighted information contained herein are the property of their respective owners.
Related Computer Hardware Articles
|
