Cybercriminals have shifted their efforts from targeting individuals' personal information to the intellectual capital of global corporations, according to a report released Monday by McAfee and defense contractor Science Applications International Corporation.
The study of more than 1000 senior IT executives in the US, Britain, Japan, China, India, Brazil and the Middle East, revealed that intellectual capital often has little to no protection. And cybercriminals have found that trade secrets, marketing plans and research and development findings is often worth more money than personal data, such as credit card numbers and bank credentials.
Simon Hunt, vice president and chief technology officer of endpoint security at McAfee, said the shift in cybercriminals' focus was an evolution.
“The level of expertise in the criminal world is growing all the time,” Hunt said.
“Meanwhile, highly sensitive intellectual capital is stored almost exclusively electronically now. It is worth a lot of money and people will pay for it.”
The report came the heels of such cyberattacks as Night Dragon and Operation Aurora, which had hackers infiltrating the networks of global corporations, most notably Google, to steal information.
But most organisations were not conducting frequent risk assessments of their network, the report said. Of those that experienced a data breach, only half took steps to find the source of the breach – leaving them open to repeated attacks, said Scott Aken, vice president for cyber operations at Science Applications International.
Still, many IT executives believe they are spending too much to secure their intellectual capital, he said. Since the recession, more companies have made the move to storing data outside their home country to cut costs, and about half of those surveyed said they were reassessing the risks of storing data abroad. China, Russia and Pakistan were believed to be the least safe locations for data storage, while Britain, Germany and the US were perceived to be the safest.
Organisations in the US, China and India spend an average of $1 million a week to secure sensitive information abroad.
The report also warned about the blurred line between insiders and outsiders. Corporations were struggling to distinguish between outside attacks and threats that were, more often, originating from inside their network, Aken said.
“If you're not also looking at your network from the inside, you're missing a big part,” he said. “You have to look from the outside in to help try to find some of these people who might already be on your network.”
The survey found that a quarter of organszations have had a merger, acquisition or product launch slowed or stopped by a data breach. And just three in 10 reported all data leakage incidents, while six in 10 selected which breaches to report, indicating their reluctance to admit a vulnerability to customers or other potential attackers.
Further, 80 percent of organisations said they were influenced by privacy laws requiring notification of data breaches to customers when choosing in which country to store sensitive information.