Cyber Crime Pays as Companies Under-Report Incidents

CIO Insight Staff Avatar

Updated on:

Cyber-criminals are increasingly targeting intellectual property and trade secrets, according to a new research report from McAfee.

Cyber-criminals are making money stealing trade secrets, marketing plans, research and development findings, and even source code, according to a report released March 28 by McAfee. As attacks on intellectual property increase, organizations are also less willing to publicize or thoroughly investigate the incident, the report found.

Hacking into corporate networks and stealing information is proving easier and more lucrative, said Chris Drake, CEO of Firehost.

"Cyber-criminals have shifted their focus from physical assets to data-driven properties, such as trade secrets or product-planning documents," said Simon Hunt, vice president and chief technology officer, endpoint security at McAfee.

The report is quite timely, considering the recent attack against RSA, which resulted in the compromise of sensitive data related to the company’s SecurID two-factor authentication technology. Many corporations in both the private and public sectors rely on the technology to guard their systems, and after the RSA breach, many are wondering if they will be targeted next.

More than half of organizations decided at one point or another not to investigate further a breach because of the cost of the investigation, the report found. Small incidents are often investigated internally instead of getting a third-party expert, which increases the chances that the breached organization won’t properly close security holes or sufficiently beef up the defenses, the researchers noted in the report. Future penetration is possible if the threat persists, and in the case of an inside attack, the responsible party is not stopped, the report found.

Recent attacks such as Operation Aurora and Night Dragon have shown that some of the largest and “seemingly most protected” corporations are vulnerable, according to Hunt. “Criminals are targeting corporate intellectual capital and they are often succeeding," he said.

Botnet and malware-driven attacks looking for sensitive personal information, such as names, addresses, birth dates, and financial details, will continue, but corporate espionage is gaining currency among the cyber-criminal underground, according to the report.

For more, read the eWEEK article: Corporate Espionage Easier and Lucrative as Companies Under-Report Breaches: Survey.

CIO Insight Staff Avatar