Transitory information such as engineering development work, component orders and marketing campaigns must not be overlooked by security systems.
Cyber security systems tend to focus on databases, the big, immovable assets such as customer information, but every corporation also relies on work-in-progress data that is just as vulnerable to cyber-attack.
Information about current projects such as roadmaps, engineering proposals and marketing campaigns are often of vital importance but because they are transitory they can slip through the security net.
“Increasingly if you look at critical information assets these things tend to turn up in all sorts of strange places and the example of a marketing campaign is a good one,” says Steve Durbin, managing director of Information Security Forum. “I often use the example of a well-known smartphone manufacturer who every year has a product launch that is industry changing. In the run-up to that launch there is a high level of security around the marketing campaign which, if the information were to fall into the wrong hands, would have a significant impact on the launch.”
After the launch, of course, that information is worth nothing but this must not be used as an excuse to relax security beforehand.”
The problem is exacerbated by the urgency of such events, the large number of people working on them and the need to collaborate with external consultants and others.
“The challenge is how to secure that transitory information, some of which is shared with outside organisations,” Durbin points out. “Step one is to identify the asset and its importance. Then you have to look at it through every stage of its life cycle from creation to destruction. You have to identify where it travels and who accesses it.”
In today’s global manufacturing environment this can be incredibly complex. That smartphone company, for example, designs its products in California and sends out the engineering information all over south east Asia for components to be supplied to China for assembly. Even order numbers are of interest to competitors and journalists.
Controlling access to this vast flow of data may be a life or death matter for the company. “Information is incredibly valuable – in the Standard and Poors companies, more than 80 per cent of their assets are intangible,” Durbin points out.
For more information, go to www.securityforum.org/