According to a recent study performed by the Center of Strategic and International Studies, the annual cost of cybercrime is more than $400 billion. This is equal to almost 1 percent of global income and higher than the national income of most countries. The report states that “The most important loss from cybercrime is in the theft of IP (intellectual property) and business confidential information, as this has the most significant economic implications”. In fact, some estimates place the cost of IP theft higher than the actual returns to IP creators: According to the World Intellectual Property Organization (WIPO), the world IP market generates $180 billion a year in fees and royalties, whereas IP theft costs the US economy alone more than $200 billion. This means that eliminating IP theft could more than double the returns on innovation for IP-generating firms.
Losses can vary significantly between sectors. The risk of IP theft and losses resulting from stolen data is higher in sectors where IP can be more readily monetized such as finance, chemicals, aerospace, energy, defense and IT. The impact of IP theft on individual firms can also fluctuate depending on how closely R&D and innovation-driven IP is tied to profitability. In extreme cases, it can lead to a complete collapse in profits. This is illustrated by the experience of Codan, an Australian technology company that manufactures mining and communications equipment. Codan’s net profit fell by 500 percent in a single year from $45M to $9M following the theft of technology blueprints during a targeted cyber attack. The stolen blueprints were used by counterfeiters to manufacture imitations that substantially undercut the price of genuine products manufactured by Codan. Despite slashing the price of its products, Codan was unable to stem the loss of market share that eventually eroded the company’s profits. The attack against Codan was profiled in a recent episode of Four Corners, a current affairs program aired by the Australian Broadcasting Corporation. The episode can be viewed below and underlines the destructive impact of financially-motivated economic espionage. According to research performed by Symantec and Kaspersky, such attacks are growing in volume and sophistication. They are frequently performed by organized criminal groups that target high-value corporate information that can be exploited for insider trading or other purposes.
Protection against such threats requires a layered security strategy including countermeasures at the network, OS, database and application level. For SAP application stacks, you can refer to Layer Seven’s white paper Protecting SAP Systems from Cyber Attack. The paper outlines a comprehensive approach for securing SAP systems against advanced threats and includes guidance for encrypting sensitive communications, securing access, implementing robust password policies, effectively patching SAP systems, and other areas.