Cybercrime is on the rise, and unfortunately, it's a trend that shows no signs of slowing down.
In fact, a new report from McAfee and Science Applications International Corporation (SAIC) found that the cyber underground economy now makes its money on the theft of corporate intellectual capital, including trade secrets, marketing plans, research and development findings and even source code.
McAfee defines this intellectual capital as the "new currency of choice" and says that cybercriminals have discovered that there is great value in selling a corporations' proprietary information and trade secrets which have little to no protection.
"Cybercriminals have shifted their focus from physical assets to data driven properties, such as trade secrets or product planning documents," Simon Hunt, vice president and chief technology officer, endpoint security at McAfee, said. "We've seen significant attacks targeting this type of information. Sophisticated attacks such as s Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding."
The report, Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency, found that:
One-quarter of the organizations studied have had a merger/acquisition and/or a new product/solution roll-out stopped or slowed by a data breach, or the credible threat of a data breach. If an organization experienced a data breach, only half of those organizations took steps to remediate and protect systems from future breaches.
The economic downturn has resulted in an increase of organizations reassessing the risks of processing data outside their home country, in search of cheaper options. About half of organizations in the survey said they would do so, an overall increase since an earlier study in 2008. Approximately one third of organizations are looking to increase the amount of sensitive information they store abroad that's up from one in five two years ago.
In China, Japan, UK and the US, organizations are spending more than $1 million a day on their IT. In the US, China, and India, organizations are spending more than $1 million per week on securing sensitive information abroad.
China, Russia and Pakistan are perceived to be the least safe for data storage, while the UK, Germany and the US are perceived to be the safest. Of the global organizations surveyed however, a large amount of organizations are not conducting frequent risk assessments. More than a quarter said they assess the threats or risks posed to their data only twice a year or less.
Only three in ten organizations report all data breaches suffered, and six in ten organizations currently "pick and choose" the breaches they report.
Some organizations may seek out countries with more lenient disclosure laws. Eight in ten organizations that store sensitive information abroad said they were influenced by privacy laws requiring notification of data breaches to customers.
One of the greatest challenges organizations face when managing information security is the proliferation of devices, such as iPads, iPhones and Androids. Securing mobile devices continues to be a pain point for most organizations, with 62 percent of respondents identifying this as a challenge. Concurrently, the report shows the most significant threat reported by organizations when protecting sensitive information is data leaks.
The full report is available at http://www.mcafee.com/us/resources/reports/rp-underground-economies.pdf .