SANTA CLARA, Calif. & MCLEAN, Va.--(BUSINESS WIRE)--McAfee and Science Applications International Corporation (SAIC) [NYSE:SAI] today announced findings from a global study on the security of information economies. In the study, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency," security experts and senior IT decision makers illustrate how cybercriminals have made the shift from stealing personal information, to targeting the corporate intellectual capital of some of the most well-known global organizations. Cybercriminals understand there is greater value in selling a corporations' proprietary information and trade secrets which have little to no protection making intellectual capital their new currency of choice.
The cyber underground economy is making its money on the theft of corporate intellectual capital which includes trade secrets, marketing plans, research and development findings and even source code. McAfee and SAIC collaborated with Vanson Bourne to survey more than 1,000 senior IT decision makers in the U.S., U.K., Japan, China, India, Brazil and the Middle East. The study is a follow up to a report released in 2008 called "Unsecured Economies." The new study reveals the changes in attitudes and perceptions of intellectual property protection in the last two years. The findings revealed which countries were perceived as the least safe to store corporate data, the rate at which organizations are experiencing breaches and the response rate to prevent or remediate data breaches.
"Cybercriminals have shifted their focus from physical assets to data driven properties, such as trade secrets or product planning documents," said Simon Hunt, vice president and chief technology officer, Endpoint Security, McAfee. "We've seen significant attacks targeting this type of information. Sophisticated attacks such as Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the largest and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding."
"The distinction between insiders and outsiders is blurring," said Scott Aken, vice president for cyber operations at SAIC. "Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely - just as an insider would. Having defensive strategies against these blended insider threats is essential, and organizations need insider threat tools that can predict attacks based on human behavior."
Key findings from this year's report include the following:
- Impact of Data Breaches - A quarter of organizations have had a merger/acquisition and, or a new product/solution roll-out stopped or slowed by a data breach, or the credible threat of a data breach. If an organization experienced a data breach, only half of those organizations took steps to remediate and protect systems from future breaches.
- Organizations Are Looking to Store Intellectual Property Abroad -- The economic downturn has resulted in an increase of organizations reassessing the risks of processing data outside their home country, in search of cheaper options, with approximately half of organizations surveyed responding they would do so, an overall increase since 2008. Approximately one third of organizations are looking to increase the amount of sensitive information they store abroad, up from one in five two years ago.
- Cost of securing data abroad - In China, Japan, U.K. and the U.S., organizations are spending more than $1 million a day on their IT. In the U.S., China, and India, organizations are spending more than $1 million per week on securing sensitive information abroad.
- Geographic Threat Perceptions to Intellectual Property -- China, Russia, Pakistan are perceived to be the least safe for data storage, and the United Kingdom, Germany and the United States are perceived to be the most safe. Of the global organizations surveyed however, a large amount of organizations are not conducting frequent risk assessments, while more than a quarter of organizations asses the threats or risks posed to their data only twice a year or less.
- Organizations Keeping Quiet about Data Breaches -- Only three in ten organizations report all data breaches suffered, and six in ten organizations currently "pick and choose" the breaches they report. The report also shows that organizations may seek out countries with more lenient disclosure laws, with eight in ten organizations that store sensitive information abroad influenced by privacy laws requiring notification of data breaches to customers.
- Device Management a Current Challenge -- One of the greatest challenges organizations face when managing information security is the proliferation of devices, such as iPads, iPhones and Androids. Securing mobile devices continues to be a pain point for most organizations, with 62 percent of respondents identifying this as a challenge. Concurrently, the report shows the most significant threat reported by organizations when protecting sensitive information is data leaks.
To download "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency," please visit http://www.mcafee.com/us/resources/reports/rp-underground-economies.pdf.
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world's largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe.. http://www.mcafee.com
SAIC is a FORTUNE 500(R) scientific, engineering, and technology applications company that uses its deep domain knowledge to solve problems of vital importance to the nation and the world, in national security, energy and the environment, critical infrastructure, and health. The company's approximately 43,000 employees serve customers in the U.S. Department of Defense, the intelligence community, the U.S. Department of Homeland Security, other U.S. Government civil agencies and selected commercial markets. Headquartered in McLean, Va., SAIC had annual revenues of $10.8 billion for its fiscal year ended January 31, 2010. For more information, visit http://www.saic.com/ . SAIC: From Science to Solutions (R)
NOTE: McAfee is a registered trademark or trademark of McAfee or its subsidiaries in the United States and other countries. Other marks may be claimed as the property of others.