Tuesday, March 3, 2009

Pepsi is not desperate.

[The other side to my prediction. Why I still believe it will happen but why it hasn't happened just yet.]

As per usual, the Securosis guys are smack bang on the pulse and deliver some interesting reading.

The take-away quote from the article is this:

[J] ust because the employee walked out with the information does not necessarily mean that the company suffered a loss. That data has to be used in some manner that affects the value of the company, or results in lost sales.
The Securosis blog entry links to an article about a Coke employee trying to sell Intellectual Property (IP) to Pepsi. Pepsi said "no thanks" and helped Coke who tipped off the FBI who made 3 arrests.

My feeling is that cyber criminals (hackers) are getting desperate. The average price of a credit card on the black market has dropped to the point where it is not worthwhile trading in credit cards anymore. The new currency will be intellectual property. The problem with IP as opposed to credit card data is that credit cards are easy - there are any number of buyers and the consequences are still not too harsh.

Intellectual Property really would only benefit the competitors of a company so there are not so many buyers for the information. And that company would need to act on the information that they get, otherwise it is not worthwhile.

The Coke/Pepsi example is not very technical - it sounds like the employee stuffed files in her bag but it is still a breach. The thing is that there are few companies that would benefit from Coke's private documents. There are fewer that would take the risk in acting on stolen information. Pepsi was not interested in taking the chance.

I think that my prediction still stands but it requires a desperate employee who has access to valuable information. And a desperate competitor that will use the information offered to them. There will probably be a middle-man orchestrating the transaction. Big money will be paid out for the information and the original company will suffer in some way - market share, share price, loss of tender, etc.

I don't think it will be widespread but it may get ISOs around the world thinking "that could be my CEO with egg on his face apologizing to shareholders about losing IP"