Safeguarding Your IP from Insider Threats: Insights from ADSTAR 2024

Posted on by

Paul Curwell

4–7 minutes

2024 Australian Defence Science, Technology, and Research Conference (ADSTAR)

On 18 September 2024, I had the privilege of speaking at the Australian Defence Science, Technology, and Research (ADSTAR) Conference, where I discussed one of the most pressing issues facing research-intensive industries: the persistent and evolving threats to intellectual property (IP) and critical information assets from trusted insiders. Here, I expand on those talking points and provide actionable insights for anyone looking to safeguard their innovations in today’s high-stakes environment.

Understanding the Threat: The Many Faces of IP Theft

A recent U.S. congressional study outlined seven primary ways IP is stolen in the biotech sector. While each of these seven ways are concerning, two stood out to me as particularly pervasive: trusted insiders and cyberattacks.

A colleague of mine works in a dark web intelligence firm and recently shared a sobering statistic: on a single day, over 2,000 unique IP assets were up for auction on dark web marketplaces. These assets ranged from trade secrets to proprietary research, stolen by trusted insiders, business partners, intelligence practitioners, and cybercriminals.

The sheer volume of stolen IP underscores the importance of vigilance. No organisation is immune, and the risks are particularly acute in industries where innovation is both rapid and critical. These are not abstract threats; they are happening here in Australia. Consider the following real-world examples of how these can manifest in your business:

  • Talent Grabbing: Competitors lure away key personnel, taking proprietary knowledge with them.
  • Dodgy Business Partnerships: Collaborations with foreign partners reveal hidden histories of IP theft.
  • Conflict of Interest: A principal researcher secretly commercialises their employer’s research through an undeclared side business.
  • Family Ties Gone Wrong: A contract manufacturing organisation leaks proprietary data through a relative running a competing business.
  • Infiltration by Activists: Issue-motivated groups gain employment in industries like mining, targeting sensitive operations.

A common misconception is that Australia’s geographic isolation somehow shields it from global IP theft. This couldn’t be further from the truth. Whether through cyberattacks, insider threats, or international collaborations gone awry, Australian organisations are just as exposed as their global counterparts.

These scenarios highlight the multi-faceted nature of threats to IP. Whether the risk stems from negligence, malice, or opportunism, the result is the same: compromised assets and diminished Australian competitiveness.

Managing the Risks: Five Steps to Safeguard Your Research and Technology

Protecting your IP doesn’t have to be overwhelming. In my view, there are five foundational steps you need to do to get started:

Identify Your Critical Assets

  • Begin by cataloguing what you want to protect. This includes digital and physical information such as personal identifiable information (PII), trade secrets, prototypes, and classified government data.

Assess Risks to These Assets

  • Map out vulnerabilities across all domains: cyber, physical, personnel, and suppliers. Recognise that risks often overlap, creating complex attack vectors.

Build a Strong Security Culture

  • Your workforce can either be your weakest link or your strongest defence. Invest in awareness programs and foster a culture where security is a shared responsibility. Leadership must set the example.

Develop your Research & Technology Protection Plan (RTP-P)

  • A RTP-P is your roadmap to protecting IP. Include actionable measures for onboarding and offboarding employees, managing supplier relationships, and securing data, facilities, and products. Start small, prioritise, and evolve over time.

Actively Manage Your Security Framework

  • Don’t treat your security plan as a “set-and-forget” exercise. Assign clear roles and responsibilities, conduct regular reviews, and adapt to new threats as they emerge.

Why a Legal-Only Approach Falls Short

Many organisations make the mistake of relying solely on legal measures like contracts and confidentiality agreements. While important, these tools only protect against honest people. The harsh reality is that not everyone plays by the rules—particularly when dealing with international partners who may operate under different ethical norms. To truly safeguard your IP, you need a proactive, multi-layered approach that goes beyond legal protections.

Remember, a best practice is to treat all R&D as a trade secret until patents are granted and published. This approach minimises exposure and ensures your sensitive information remains protected during the development phase.

How is the security field evolving to mitigate these risks?

The landscape of IP protection is evolving rapidly, with new threats and technologies shaping how organisations respond. Here are three trends reshaping the field:

Convergence of Data for Threat Detection
Organisations are integrating cyber, physical, and personnel data into unified analytics platforms. By applying advanced threat models, they can generate actionable alerts and respond to risks in real time. Some critical infrastructure sectors are even incorporating drone defence systems into their frameworks.

Holistic Insider Risk Management
Insider risk programs now extend beyond traditional background checks. Tools like behavioural analytics and Australia’s own DTEX Systems monitor cyber activities and even social media behaviour to detect anomalies. Future developments could integrate internal fraud detection into these systems.

Digital Footprinting
Companies are increasingly examining their employees’ online presence to identify vulnerabilities. This proactive approach includes monitoring public posts, connections, and potential risks stemming from digital exposure. One great Australian solution for this is FiveCast.

Your Call to Action: The Need for more proactive protection

The stakes for protecting research and IP have never been higher. Whether you’re a startup founder, a researcher, or a corporate leader, safeguarding your innovations is not just a matter of compliance; it’s a business imperative.

Take a moment to evaluate your organisation’s current practices. Are you identifying and cataloguing your critical assets? Are your risks mapped and mitigated? Is your workforce engaged in security, or are they an overlooked vulnerability?

Start the conversation within your organisation. Share this article with your team, and begin building a robust framework to protect your IP. Remember, innovation drives progress, but protection secures its future.

Further Reading:

  • Defence Science and Technology Group, 2024 Australian Defence Science, Technology and Research Conference, Canberra, www.adstarsummit.com.au

DISCLAIMER: All information presented on paulcurwell.com is intended for general information purposes only. The content of paulcurwell.com should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon paulcurwell.com is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.