Just as important, some parts of the high-tech sector provide an attack path into other sectors, since high-tech products are a key infrastructure component for all kinds of organizations. Technology is a key enabler, but it can also be a key source of vulnerability. For example, because of the tremendous need to establish trust on the internet, attacks on certificate authorities have caused serious privacy breaches across a number of industries. Also, vulnerabilities
in point-of-sale systems have led to major security breaches for retailers, and back doors in communication hardware have exposed organizations in every sector to a wide range of attacks.
Speaking of back doors, the growing involvement of covert state actors in this area has been making headlines recently, causing serious reputational damage for the organizations involved.
For companies in the high-tech sector, one of the biggest threats is loss of intellectual property (IP). Having IP lost or stolen after years of investment can dramatically reduce an organization’s competitive advantage (which involved both IP and personal information). States and competitors are often the actors in IP theft; however, insiders are also a major threat. A single highly skilled insider with the right kind of access can quickly make off with huge amounts of valuable data.
Since many high-tech companies also offer online services, loss of customer information is another major threat that is highly visible, since many countries require disclosure when personal identifiable information is lost. However, IP theft might actually be more prevalent. It’s hard to know for sure based on media coverage since there is generally no requirement to disclose lost IP.
Hacktivism is another significant threat in this sector. High-tech companies create products that technically savvy people are keen to “hack” in the original sense of the word, which means using something for a purpose other than what it was designed for. Organizations that prosecute or sue people for this type of “hacking” may find themselves targeted by hacktivist groups, which can lead to great financial losses and reputation damage.