IT | Security

Corporate Data Now A Primary Target

By: Absolute Team | 3/31/2011

McAfee and SAIC just released a new report, Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency [PDF], which talks about protecting intellectual capital such as patents, trade secrets, proprietary data, business processes, and marketing plans.

The report indicates a radical shift in the information marketplace, from personal information to corporate intellectual capital as the new primary target.

“Cybercriminals have shifted their focus from physical assets to data driven properties, such as trade secrets or product planning documents,” said Simon Hunt, vice president and chief technology officer, endpoint security at McAfee. “We’ve seen significant attacks targeting this type of information. Sophisticated attacks such as Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding.”

Insights from the report include:

  • Outsiders are stealing credentials to appear as insiders - insider threat detection tools are essential
  • Data breaches have slowed or halted mergers/acquisitions or new product launches in a quarter of organizations
  • Only half of organizations took steps to remediate and protect systems from future breaches after they had been breached
  • Organizations are looking to store intellectual property abroad, which has increased risks discussed in the report
  • Risk assessments are not being performed frequently enough
  • Only 3 in 10 organizations report all data breaches suffered
  • Companies sometimes choose data storage companies based on countries with more lenient breach notification laws

As you can see, this report delves into areas of data management in a whole new way. It is shocking how companies are finding ways to subvert, or ignore, data breach notification laws and that breaches suffered are not prompting appropriate remediation.