March 28, 2011 – A new global study of information security shows that cybercriminals have shifted from stealing personal information such as credit card information and Social Security numbers to targeting intellectual capital such as design documents, schematics, product launch plans, pharmaceutical formulas and other trade secrets that have little to no protection.

McAfee and Science Applications International Corporation collaborated with Vanson Bournein to survey more than 1,000 security experts and senior IT decision-makers in the U.S., U.K., Japan, China, India, Brazil and the Middle East. Responding organizations find the greatest information security challenge is the changing nature of security attacks, followed by the mobile security around the many available devices and services, such as removable media, smartphones and social networking.

The study reports that in China, Japan, U.K. and U.S., organizations are on average spending more than $1 million a day on their IT in general, and in the U.S., China and India, organizations are on average spending more than $1 million a week on securing sensitive information abroad.

Scott Aken, vice president for cyber operations at SAIC points out that “the underground economy” finds greater value in selling a corporations’ proprietary information than trading credit cards. “These attacks targeting intellectual capital are becoming frequent news headlines and are much more sophisticated than we are typically used to,” he says.

“It is very difficult to tell insiders from outsiders these days. Network security professionals are struggling at identifying who is a valid user on the network. No longer does it help to have strong castle walls and a deep moat if your enemy is already inside,” says Aken. In fact, the greatest security threat reported by organizations was data leaked by employees.

Aken suggests there are policies and technologies that can help mitigate many of the threats. The respondents’ most popular method of protecting sensitive data is through the use of antivirus software, firewalls and intrusion detection/prevention systems, implemented by more than four out of five organizations.

Along with emerging technologies, understanding what is on your network and it’s security posture combined with a solid strategy and a strong training policy can help decrease risk, Aken says.

“The study highlights the fact that cyber intrusions are a pervasive, existing threat to competitiveness and financial health for any company,” say sBob Giesler, SAIC cyber security director. “It means not waiting for the massive cyber attack usually characterized in the media in order to protect your networks and data. Rather, knowledge that strategic data and intellectual property is stolen on a daily basis should fundamentally alter corporate risk analyses – now.”

The report “Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency,” is available here.

Read more Information Management security-related content here.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access