Criminals are turning increasingly towards intellectual property as a ‘Cybercrime Currency’, leading to companies spending up to $1million each week in an effort to secure their most sensitive business information, reports McAfee.

Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency, conducted in association with the Science Applications International Corporation (SAIC), shows that criminals have shifted from stealing personal information and are instead focusing on the corporate intellectual capital of some of the globe’s best-known organisations.

Trade secrets, marketing plans, research and development findings and source code have all been targeted, said the report – a follow-up to 2008’s Unsecured Economies. The study showed which countries were deemed the safest and least safe in which to store corporate data.

China, Russia and Pakistan are seen as the least safe for data storage – but good news for the UK, Germany and the US where storage is seen as the safest. A large number of organisations are not, however, conducting frequent risk assessments, and more than a quarter of organisations assess the threats or risks posed to their data only twice a year or less.

“Cybercriminals have shifted their focus from physical assets to data driven properties, such as trade secrets or product planning documents,” commented Simon Hunt, vice president and chief technology officer, endpoint security at McAfee. “We’ve seen significant attacks targeting this type of information. Sophisticated attacks such as Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the largest, and seemingly most protected, corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding.”

Scott Aken, vice president for cyber operations at SAIC, added that the distinction between insiders and outsiders is blurring. “Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely – just as an insider would. Having defensive strategies against these blended insider threats is essential, and organisations need insider threat tools that can predict attacks based on human behaviour.”
A quarter of organisations have had a merger/acquisition, and/or a new product/solution roll-out halted thanks to a data breach, or the credible threat of a data breach. Only half of those who did experience a data breach took steps to remediate and protect systems from future breaches. And only three in ten organisations report all data breaches they suffer, and six in ten pick and choose which they report.

The financial crisis has seen an increase in the organisations reassessing the risks of processing data outside their home country, and around a third said they are looking to increase the amount of sensitive information they store aboard – compared to one in five just two years ago.

In China, Japan, the UK and the US, more than $1million a day is spent on IT. The US, China and India are spending more than $1million per week on securing sensitive data abroad.

Share Story: