Cybercriminals have shifted their efforts from targeting individuals' personal information to the intellectual capital of global corporations, according to a report released Monday by McAfee and defense contractor Science Applications International Corp. (SAIC).
The study of more than 1,000 senior IT executives from a wide range of corporations in the United States, U.K., Japan, China, India, Brazil and the Middle East, revealed that intellectual capital often has little to no protection. Moreover, cybercriminals have found that trade secrets, marketing plans and research and development findings is oftentimes worth more money than personal data, such as credit card numbers and bank credentials.
Simon Hunt, vice president and CTO of endpoint security at McAfee, told SCMagazineUS.com that the shift in cybercriminals' focus is a natural evolution.
“The level of expertise in the criminal world is growing all the time,” Hunt said. “Meanwhile, highly sensitive intellectual capital is stored almost exclusively electronically now. It is worth a lot of money and people will pay for it.”
The report comes on the heels of such cyberattacks as Night Dragon and Operation Aurora, both of which involved hackers infiltrating the networks of global corporations, most notably Google, to obtain proprietary information.
And while the risk to corporate capital is increasing, most organizations are not conducting frequent risk assessments of their network, the report stated. Of the organizations that experienced a data breach, only half took steps to determine the source of the breach – leaving them open to repeat attacks, Scott Aken, vice president for cyber operations at SAIC, told SCMagazineUS.com.
Still, many IT executives believe they are spending too much to secure their intellectual capital, he said. Since the economic downturn, more companies have made the move to storing data outside their home country in hopes of lowering costs, and approximately half of surveyed organizations said they were reassessing the risks of storing data abroad, the report stated. China, Russia and Pakistan are believed to be the least safe locations for data storage, while the U.K., Germany and the United States are perceived to be the safest.
Organizations in the United States, China and India spend an average of $1 million per week to secure sensitive information abroad.
The report also warned about the blurred line between insiders and outsiders. Corporations are struggling to distinguish between outside attacks and threats that are, more often, originating from inside their network, Aken told SCMagazineUS.com.
“If you're not also looking at your network from the inside, you're missing a big part,” he said. “You have to look from the outside in to help try to find some of these people who might already be on your network.”
In addition, the survey found that a quarter of organizations have had a merger, acquisition or product launch slowed or stopped by a data breach. And, just three in 10 organizations report all data leakage incidents, while six in 10 select which breaches to report, indicating their reluctance to admit a vulnerability to customers or other potential attackers.
Further, 80 percent of organizations said they were influenced by privacy laws requiring notification of data breaches to customers when choosing in which country to store sensitive information.