Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Report: Cybercriminals Increasingly Targeting Corporate Intellectual Property

Cybercriminals in the underground economy are making serious money from stealing corporate intellectual property, which includes things such as source code, trade secrets, marketing plans, and research and development discoveries.

According to the results of a study released today by McAfee and Science Applications International Corporation (SAIC), cybercriminals realize there is significant value in stealing corporate IP and the ability to that corporate information and trade secrets.

Cybercriminals in the underground economy are making serious money from stealing corporate intellectual property, which includes things such as source code, trade secrets, marketing plans, and research and development discoveries.

According to the results of a study released today by McAfee and Science Applications International Corporation (SAIC), cybercriminals realize there is significant value in stealing corporate IP and the ability to that corporate information and trade secrets.

The study, “Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency,” shows that cybercriminals have made the shift from stealing personal information, to targeting the corporate intellectual capital of some of the most well-known global organizations.

McAfee and SAIC collaborated with Vanson Bourne to survey more than 1,000 senior IT decision makers in the U.S., U.K., Japan, China, India, Brazil and the Middle East.

The new study reveals the changes in attitudes and perceptions of intellectual property protection in the last two years. The findings revealed which countries were perceived as the least safe to store corporate data, the rate at which organizations are experiencing breaches and the response rate to prevent or remediate data breaches.

“Cybercriminals have shifted their focus from physical assets to data driven properties, such as trade secrets or product planning documents,” said Simon Hunt, vice president and chief technology officer, endpoint security at McAfee. “We’ve seen significant attacks targeting this type of information. Sophisticated attacks such as s Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding.”

“The distinction between insiders and outsiders is blurring,” said Scott Aken, vice president for cyber operations at SAIC. “Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely – just as an insider would. Having defensive strategies against these blended insider threats is essential, and organizations need insider threat tools that can predict attacks based on human behavior.”

Key findings from this year’s report include the following:

Advertisement. Scroll to continue reading.

Impact of Data Breaches – A quarter of organizations have had a merger/acquisition and, or a new product/solution roll-out stopped or slowed by a data breach, or the credible threat of a data breach. If an organization experienced a data breach, only half of those organizations took steps to remediate and protect systems from future breaches.

Organizations Are Looking to Store Intellectual Property Abroad — The economic downturn has resulted in an increase of organizations reassessing the risks of processing data outside their home country, in search of cheaper options, with approximately half of organizations surveyed responding they would do so, an overall increase since 2008. Approximately one third of organizations are looking to increase the amount of sensitive information they store abroad, up from one in five two years ago.

Cost of securing data abroad – In China, Japan, U.K. and the U.S., organizations are spending more than $1 million a day on their IT. In the U.S., China, and India, organizations are spending more than $1 million per week on securing sensitive information abroad.

Geographic Threat Perceptions to Intellectual Property — China, Russia, Pakistan are perceived to be the least safe for data storage, and the United Kingdom, Germany and the United States are perceived to be the most safe. Of the global organizations surveyed however, a large amount of organizations are not conducting frequent risk assessments, while more than a quarter of organizations asses the threats or risks posed to their data only twice a year or less.

Organizations Keeping Quiet about Data Breaches — Only three in ten organizations report all data breaches suffered, and six in ten organizations currently “pick and choose” the breaches they report. The report also shows that organizations may seek out countries with more lenient disclosure laws, with eight in ten organizations that store sensitive information abroad influenced by privacy laws requiring notification of data breaches to customers.

Device Management a Current Challenge — One of the greatest challenges organizations face when managing information security is the proliferation of devices, such as iPads, iPhones and Androids. Securing mobile devices continues to be a pain point for most organizations, with 62 percent of respondents identifying this as a challenge. Concurrently, the report shows the most significant threat reported by organizations when protecting sensitive information is data leaks.

Corporate Intellectual Property Protection

Two years ago, McAfee produced the Unsecured Economies report, a global study on the security of information economies. That study found that based on a global survey of businesses, companies worldwide lost more than an estimated $1 trillion in 2008 due to data leaks, the cost of remediation and reputational damage.

Recent attacks on RSA’s SecurID product and a former Goldman Sachs programmer heading to jail for stealing confidential computer code from the firm are recent cases that have been in the spotlight in just the past couple weeks. Other recent cases involving theft of trade secrets include a Chinese National pleading guilty to stealing Ford trade secrets, and a former technical operations associate in Bristol-Myers Squibb’s management training program stealing trade secrets from the company.

With cases like these becoming more common, it shows that corporate information is increasingly under threat and clearly shows the need for improved separation and isolation of information.

The Full Report is available here (PDF Download)

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...