At War With Cybersecurity

Conversation highlights

On balancing risk in the cybersecurity space

It’s a trick and a challenge to figure out how to manage IP in a fast paced software environment.

There is a dimension there of really having to think about, okay, we’ve got this innovation that is valuable to us and we think it is innovative and patentable. But is it something that we want to disclose to the public, because there may be security concerns, trade secret issues that we want to protect?

We’re trying to mitigate the risk of a cyber attack. And so on some level, we have to think about that as a component. In terms of what we publish and what we talk about, and how we think about protecting the IP assets. 

The bigger risk is from NPE patent trolls. And to some extent, you have to mitigate against competitive risk as well. And so we have to have patents to make sure that we protect the value of the innovations that we have created and make sure that we can defend ourselves. 

How long is the cycle of value and innovation?

If I was to get up on my lobbying horse, this is where I think patent laws are currently not equipped to manage the fast pace of innovation.

One of the things that you see is old legacy technologies that are really not relevant to today’s modern, next generation cybersecurity technologies, being used and wielded against companies that are really doing very interesting, novel, innovative things. 

And so, how do you manage that? Patent laws give you a limited monopoly for 20 years. And is the cycle of value and innovation really 20 years?

Filing patents still makes sense, because we don’t know what the world is going to look like in 10 years or 20 years. And we don’t want to be caught with nothing. 

It really comes back to how do you strategically make good use of the dollars that you have to invest in patents. And make wise decisions that are going to provide the most value in the long run? 

How many patents are enough?

There’s a lot of analogies between right-sizing your portfolio and monitoring and detecting cybersecurity threats, in the sense of the more data points you can collect, the more likely you’re going to make a good decision about whether a certain action that you detect on somebody’s machine is malicious or not.

With patents, the more data points you can collect to paint a picture that says, here’s value and here’s naught value. Then you can start funnelling more of the limited resources that you have into things that actually provide value.

Getting the best ROI

You need to be able to tell a story to your executives, one that’s convincing and supported by data.

In smaller companies, getting budget, getting resources to do that is difficult.

And so if you can really demonstrate and show that you’re putting that money in the right place, executives are going to be more confident to give you that money. 

For example, you can spend, let’s say $20,000 filing a new patent application, which based on my experience in the market is pretty expensive. You could pretty quickly go out and find a firm that will charge you half that. And now you’ve all of a sudden demonstrated that you can be efficient. 

But if you’re still spending $10,000 on a patent application, but you’re filing them all over the world indiscriminately, you’re still spending a lot of money that you don’t need to spend, right.

It’s easier to have a conversation with executives and say, “if we got exposed to the risk of a patent attack in this particular area, that would be a serious threat to our business. And it makes sense to take the limited dollars that we have and focus it in those areas.”

IT departments at large enterprises are having to cut budgets on some level. But one of the areas where they’re not cutting budget is on security, because security is just too important. You can’t just not have security. And in the same way, IP is risk mitigation insurance, for the value of the intellectual assets that the company creates.

Jared’s Key Takeaway

The future is coming, it is here.

AI and machine learning tools are going to be more prevalent over time. And I think there’s a real opportunity to take advantage of those and be creative about how those can benefit you in your own career, but also your organisation to make better decisions, more efficient decisions. 

But then the related point to that is, the more data you have to train your models, the more effective the AI can be at giving you interesting information. And so data, again, becomes really valuable. 

And as an IP professional, I think it’s really important to think about the different types of data that may not inherently be tracked by your IP team. But figure out what kinds of data would be interesting to analyse over time. And figure out ways to start tracking that data. Whether it’s manually entering some of it or capturing it from other systems that you have.

And then you can use the future AI or other tools like that, to turn that data into really interesting analysis and information. 

Nigel’s Key Takeaway

When you think of cybersecurity, your mind takes you to dark corners and the dark web. But for the intellectual property strategist, the challenges are all too familiar. A company which depends on technology and innovation to defeat bad actors, fighting with the familiar commercial pressures of attracting investment, and staying ahead of the competition.

Seen through that lens, it’s easy to see why CrowdStrike, despite having a relatively small patent portfolio requires such an experienced IP professional. Intellectual property is a multi dimensional mesh of issues that go to the heart of the value of an organisation and the risks it faces.

Balancing all of this in a world of constrained budget is a core capability for all businesses. While Cipher focuses on using ML to automate those tasks that are performed by machines, Jared is a useful reminder that computers can’t juggle.