Cybercriminals are increasingly moving from stealing just personal data to capturing trade secrets and other corporate intellectual capital that they can easily sell through the underground market, according to a new report from McAfee and the SAIC.
In today's release of a new study, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency" (PDF), McAfee and the Science Applications International Corporate find that the theft of trade secrets, marketing plans, R&D data, and even source code is on the rise, especially as such information is often unprotected.
Based on a global survey of IT professionals, the report uncovered a number of findings.
A quarter of the companies surveyed said a data breach or just the threat of one has put a halt on plans for a merger or new product launch. Among those that actually suffered a data breach, only half of them took the necessary steps to prevent it from happening again.
Among companies that have been hit by cyberattacks, only about 3 in 10 have reported all such breaches, while 6 in 10 picked and chose which ones they reported. Along those lines, many organizations specifically look to store their data in countries where the laws are more lax over reporting data breaches to customers.
Hit by the recent economy downturn, many companies have been looking at cheaper ways of processing and storing their information abroad despite the potential risks, the report said. Across the world, China, Russia, and Pakistan are thought to be the least secure areas for storing critical data, while the U.S., U.K., and Germany are perceived to the safest. Currently, companies in the U.S., China, and India spend about $1 million a week to secure their sensitive data outside their own countries, the report said.
The information technology industry itself continues to be challenged trying to secure the wave of iPhones, iPads, and Android devices that employees are increasingly using on the job for sharing data, the report found.
"Cybercriminals have shifted their focus from physical assets to data-driven properties, such as trade secrets or product planning documents," said Simon Hunt, vice president and chief technology officer for endpoint security at McAfee. "We've seen significant attacks targeting this type of information. Sophisticated attacks such as Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding."
To generate the report, McAfee and the SAIC worked with Vanson Bourne to survey more than 1,000 senior IT decision makers across the U.S., U.K, Japan, China, India, Brazil, and the Middle East during November and December of last year. This latest report is a follow-up to a 2008 report entitled "Unsecured Economies," which at the time found that cybercrime was costing companies more than $1 trillion globally.