Intellectual property and cybersecurity. A critical combination for businesses
Table of Contents
Cyberattacks targeting corporate secrets highlight the vital link between intellectual property and cybersecurity
Cyberattacks aimed at spying on or obtaining sensitive documents and information from companies have proliferated in recent years amid geopolitical tensions. This leads us to focus on the relationship between intellectual property and cybersecurity.
A good example of this is the attacks against the drone industry. Although for many people, drones are devices used to record incredible videos from above, the truth is that their use in multiple areas is becoming increasingly relevant. Drones have become an essential weapon in Russia’s invasion of Ukraine and a key element in the European Union’s protection against Russia.
This relevance has further boosted the drone industry… and advanced persistent threat (APT) groups are well aware of this.
In fact, it has recently been revealed that Lazarus, a group sponsored by North Korea, has launched a campaign of attacks against European companies that develop drones, using a tactic that has become popular in recent years: the use of fake job offers to gain access to corporate systems and infect them with malware.
What is Lazarus’s objective? To steal the intellectual property of these companies, just at a time when North Korea is making an ambitious investment in drone manufacturing.
This news highlights the connection between intellectual property and cybersecurity. The consequences of a company having its intellectual and industrial property documentation and data stolen can be devastating.
1. Why intellectual property is a priority target for the most dangerous criminal groups
Although the theft of personal and financial data from customers, employees, or suppliers of companies is one of the most common targets of cyberattacks, it is not the only information that criminals seek.
Intellectual and industrial property, trade secrets, business or financial planning documents, contracts with partners and relevant customers… Corporate systems also host this wealth of critical information, and it is vitally important to protect it.
In fact, the most knowledgeable and resourceful criminal groups, often linked to states such as Russia, China, Iran, or North Korea, are aware of the strategic importance of intellectual property to Western companies. As a result, they are designing increasingly sophisticated, difficult-to-detect attacks that allow them to persist in the systems of the companies they target and move through them to collect extremely sensitive information.
Without going any further, in early 2025, the US House of Representatives National Security Committee focused on the combination of intellectual property and cybersecurity.
The committee warned that in the previous four years, 60 cases of espionage linked to China had been detected, including the theft of intellectual property and trade secrets from US companies.
In today’s environment of geopolitical tensions and a fast-paced technological race, safeguarding intellectual property through effective cybersecurity is crucial—especially as APT groups often target strategic sectors.
2. In which sectors is the relationship between intellectual property and cybersecurity most important?
Intellectual and industrial property is present in all economic sectors, but there is no doubt that the relationship between intellectual property and cybersecurity is more relevant in sectors where research is critical, such as pharmaceuticals, and where the use of powerful technological developments is essential for the functioning of companies, such as in the automotive or manufacturing industries.
It should therefore come as no surprise that the Lazarus group itself has launched campaigns over the last decade against companies in sectors such as aerospace, defense, and entertainment.
Along the same lines, the US House of Representatives Committee on Homeland Security has pointed to cyber espionage against critical sectors such as transportation, telecommunications, and energy.
Meanwhile, the Department of Homeland Security has warned about the use of sophisticated tactics to steal intellectual property and profit from the innovation of companies by groups linked to states and transnational criminal organizations.
Similarly, this year, the LYNX ransomware group successfully attacked a Malaysian pharmaceutical company, obtaining a wealth of information, including patent applications.
What we have just outlined shows that the relationship between intellectual property and cybersecurity is critical across a wide range of economic sectors, as criminal groups have set their sights on multiple targets.
3. Social engineering and zero-day vulnerabilities: How hostile actors target intellectual property and cybersecurity
How do malicious actors manage to compromise companies’ intellectual property? Attacks involve social engineering, exploiting vulnerabilities in technological infrastructure, and using spyware.
As we pointed out earlier in the case of Lazarus, social engineering is key to gaining entry into company systems. Lazarus deceived company professionals by sending them a document purporting to be a job offer. This document was accompanied by a PDF reader that allowed a remote access Trojan to be deployed, enabling malicious actors to compromise corporate systems and collect information about their victims’ intellectual property.
Another key element is the exploitation of zero-day vulnerabilities. In another campaign discovered in 2025, a Chinese criminal group attacked manufacturing companies by exploiting vulnerabilities in their suppliers’ software and hardware that had not yet been patched, including IoT devices.
Hence, when addressing the dual issues of intellectual property and cybersecurity, it is essential that companies:
- Train their staff on social engineering techniques and conduct tests to check how they would respond to personalized campaigns.
- Have an effective vulnerability management system that continuously monitors all weaknesses that could affect their infrastructure, prioritizes their remediation, and prevents their exploitation from resulting in intellectual property theft.
4. Consequences of not having an intellectual property and cybersecurity strategy
Not having an intellectual property and cybersecurity strategy to effectively protect one of a company’s main assets can lead to:
- Substantial financial losses. Many companies make huge investments in intellectual property. If a criminal group steals it and sells it to a rival company or hands it to a rival state, the financial losses will be enormous.
- Damage to the company’s competitiveness. A company’s intellectual property is one of the pillars of its market competitiveness. Industrial cyber espionage seeks to undermine it and thus damage the organization’s market position.
- Reputational crisis. If it becomes public knowledge that a company has had its intellectual property successfully stolen, the damage to its reputation will be inevitable.
- Loss of company value. The value of many companies is directly and inexorably linked to the value of their intellectual property. For example, for a pharmaceutical company, the market value of its drugs is absolutely critical. The same is true for a company in the aviation sector or a defense contractor. If a company’s intellectual property is stolen, its value drops significantly.
To all this, we must add the consequences of the theft of intellectual property in strategic sectors for the country’s productive fabric and society as a whole. Since intellectual property theft is often aimed at launching subsequent attacks against critical infrastructure and sectors such as telecommunications, energy, and defense…
5. How companies can safeguard their intellectual property
When addressing the relationship between intellectual property and cybersecurity, it is essential to keep in mind that companies need an advanced strategy that prioritizes safeguarding intellectual and industrial property.
Given that cyberattacks aimed at stealing intellectual property are personalized and highly sophisticated, organizations need to resort to advanced cybersecurity services:
- Threat Intelligence. Targeted threat intelligence provides insight into the most plausible attack scenarios, accounting for each organization’s lines of business and intellectual property. The knowledge generated by Threat Intelligence teams is crucial for understanding a company’s threat landscape and implementing preventive measures.
- Threat Hunting. To detect advanced threats, it is vitally important to have a proactive Threat Hunting service that assumes compromise, on the premise that a sophisticated attack may have occurred even if no security event has been detected. Threat Hunters work with an offensive mindset and can identify malicious operations by analyzing available telemetry.
- Red Team. The work carried out by both Threat Intelligence experts and Threat Hunting specialists is essential when designing 100% realistic attack scenarios in which a Red Team plays the role of a malicious actor to test a company’s ability to resist a sophisticated attack and safeguard its intellectual property. Red Team exercises allow companies to detect cross-cutting weaknesses, optimize their monitoring systems and response mechanisms, and train their security personnel.
- Proactive incident response. If an Incident Response team is already working within an organization, it can respond to any incident from the very first minute, orchestrate a tailored response, expel the malicious actor before they can access the company’s intellectual property, restore normality in the shortest possible time, and investigate what happened to prevent future incidents.
6. Conclusions
The relationship between intellectual property and cybersecurity is becoming increasingly close and relevant for companies in multiple sectors that are key to the economy and society.
Advanced persistent threat groups are designing and launching campaigns to steal intellectual property in critical areas.
Companies operating in these sectors must continuously optimize their cyber resilience against sophisticated attacks that can result in the theft of invaluable intellectual property.