Perpetrators’ move is disappointing, but Apple faces a solvable problem
How do companies put new technology in the market and gain a competitive edge? They build it, buy it, or partner to get it. Or in the case of Rivos, they allegedly steal it by poaching employees and trade secrets from a primary competitor.
According to news articles, Apple recently filed a lawsuit against ‘stealth’ startup Rivos that claims the company “began a coordinated campaign to target Apple employees with access to Apple proprietary and trade secret information.” Rivos hired “over 40 of Apple’s former employees in the past year to work on competing “system-on-chip” (SoC) technology, and that at least two former Apple engineers took gigabytes of confidential information with them to Rivos.” In the April 29 filing, Apple also said it had “spent billions of dollars and more than a decade on its system-on-chip (SoC) technology, which has revolutionized the personal and mobile computing worlds” and is now in the hands of a potential competitor.
This isn’t unique to Apple. Just ask Cartier, Pfizer and Block – who also have had high-profile insider data exfiltration or intellectual property theft in the past several months. With intangible assets – patents, trademarks and copyrights – now making up 90% of all business value, it’s no surprise that departing employees find source code, product plans and personnel data tempting to take with them as they leave for jobs at competitors. In fact, one in three organizations will lose valuable IP when employees leave their company.
Data loss from inside actors represents an increasingly urgent risk. Why? Because organizations spend huge sums of money developing their innovative products – in Apple’s case, R&D was reportedly billions of dollars – and because collaboration technologies like AirDrop, Google Drive, Box and Slack are growing and making data sharing easier. Furthermore, remediation for insider data loss incidents now exceeds $11 million. That doesn’t include the loss of competitive advantage and reputational damage, which can be multiples of the direct costs. Insider Risk is a material problem that deserves immediate attention.
Companies are accountable for data protection
In general, I don’t believe in blaming the victim. But this is a problem that has a solution. A modern Insider Risk Management (IRM) product like Code42, would have seen this exfiltration when it happened and nipped the situation in the bud – before the data was used and a lawsuit was required. Insider Risk Management solutions allow organizations to collaborate freely, but when data is shared to untrusted locations like thumb drives and Dropbox, they flag it. Especially when the employee is departing the organization. When you catch insiders “in the act,” there are no lawsuits, no press stories, and more importantly, no competitors using your data. An IRM solution delivers a new and comprehensive approach to data protection and costs a fraction of what this one incident will cost Apple.
I can’t do my job without the cutting-edge devices Apple makes – my Mac and iPhone are indispensable and let me share and collaborate freely with my colleagues. Put simply, Apple builds the best products in the world in so many categories. Wrapping a new layer of security around the ideas, data and innovations behind those products is a step Apple – and all data-driven companies – could take so they don’t face this problem again in the future.