Michael D. Moberly February 4, 2009
It’s worth noting in McAfee’s study conducted by Purdue University’s CERIAS unit titled Unsecured Economies: Protecting Vital Information, that ‘certain countries are emerging as clear sources of threats to sensitive data, in particular, intellectual property’.
Perhaps the most compelling point made in this section of the study, at least in my view, is that it suggests that ‘geopolitical perceptions are influencing data (security, protection) policy reality’, i.e., China, Pakistan, and Russia were reported as ‘trouble zones’ for various legal, cultural, and economic reasons’. More to the point, the study’s respondents:
rated China, Russia, and Pakistan as the ‘worst when it comes to the protection of digital rights’, and
perceived Pakistan, China, and Russia (in that order) to have the worst reputations for pursuing or investigating security (information loss) incidents.
While experienced information asset protection professionals are likely to find nothing particularly new insofar as citing these, and other countries, as ‘trouble zones’, most of us have probably not characterized it in quite the same manner, i.e., constituting ‘geopolitical perceptions’. Professionally speaking, I find this to be a much welcomed and refreshing departure from conventional portrayals of this persistent and costly problem.
The study also points out that the ‘perceptions’ expressed by survey respondents may be rooted in both historical conflicts and modern economic, cultural, and political differences’. In other words, there have been warranted and long lasting ‘tensions beween China and Japan, as well as India and Pakistan, the U.S., U.K. and Russia, for example. Collectively, some of these ‘tensions’ may well have influenced the perceptions we have come to hold with respect to the security and protection of proprietary/sensitive company information and intellectual property.
Particularly interesting findings in terms of acquiring more comprehensive views – insights into global information security and protection are the perceptions held by other countries about information risks and threats. For example, when asked to rate the threat level of various countries in terms of sensitive data and IP:
– 47% of Chinese respondents chose the U.S., followed by Taiwan, India, and Japan
– 57% of Japanese respondents chose China, followed by Russia
– 61% of Indian respondents chose Pakistan
– 62% of U.S.-based respondents chose China, followed by Russia
– 74% of U.K.-based respondents selected Russia, followed by Pakistan and China
One of the business realities to these findings is that, as a result of this mistrust, some, perhaps more, companies are completely refusing to produce their products in or transfer their intellectual properties to countries they believe – perceive pose a risk/threat.