Tuesday, January 13, 2009

Prediction Number 1 for 2009

A major company will suffer losses due to stolen intellectual property.

(I've been trying to come up with all my predictions but I think I will just post them 1 at a time as I think of them. Here is the first.)

If you have been fortunate to attend any of my recent presentations, have read my blog or have gotten caught in a lift (elevator) with me then you'll know all about my Perfect Storm prediction.

I have no idea if it will happen in 2009 or 2010 but it is coming. It may have happened already and we just don't know about it. Briefly - there is a major underground economy happening right now. They are focused on payment card information (PCi) and personal information (PPI) that can be used for identity theft. There is a glut in the availability of this information and it is not worth so much. Either the underground economy will collapse in on itself or (more likely) it will start to trade intellectual property (IP).

IP is worth a lot more than either PCi and PPI but it is harder to find a buyer who can use it and the information is less standardised. But tough times call for tough measures and these are tough times.

I'd like to think that companies would reject offers of stolen information but this is very naive.

The reason that it may happen and we will not find out about it is that companies tend not to report these things to the media or anyone else. And since the information stolen does not belong to anyone else then they don't really have to report it.

The only time they'll have to report it is if it has the potential to make a massive change in their earnings. They'd still be able to fudge the numbers.

So, my prediction is that there will be a growing trend of theft of IP in amounts too small for companies to report until one company is rocked by atheft so big that it can't hide it.

This will happen - the question is whether it will happen 2009 or 2010.

2 comments:

Anton Chuvakin said...

But how will they KNOW that they lost it?

Unknown said...

Hah! A typical comment from the Chuvakin.

The answer is, in this case, the issue will be so big that the company will know when their competitor(s) starts acting in a way that hints to them having access to the compromised company's information.

They may have logs and may have some log program but the company will probably not have much of an information security plan in place.