News Archive

Cybercrime Currency

by msecadm4921

Intellectual capital is the new cyber-criminal currency of choice.

Cyber-criminals understand there is greater value in selling a corporations’ proprietary information and trade secrets which have little to no protection. That is according to a study on information security from McAfee and Science Applications International Corporation (SAIC).

Security and senior IT people spoke of how cybercriminals have made the shift from stealing personal information, to targeting the corporate intellectual capital of some of the most well-known global organisations.

The cyber underground economy is making its money on the theft of corporate intellectual capital which includes trade secrets, marketing plans, research and development findings and even source code. McAfee, a subsidiary of Intel, and SAIC collaborated with Vanson Bourne to survey more than 1,000 senior IT decision-makers in the US, UK, Japan, China, India, Brazil and the Middle East. The study follows a report in 2008 called “Unsecured Economies.” The new study points to changes in attitudes and perceptions of intellectual property protection in the last two years.

Simon Hunt, vice president and chief technology officer, endpoint security at McAfee, said: “Cybercriminals have shifted their focus from physical assets to data driven properties, such as trade secrets or product planning documents. We’ve seen significant attacks targeting this type of information. Sophisticated attacks such as Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding.”

Scott Aken, vice president for cyber operations at SAIC, said: “The distinction between insiders and outsiders is blurring. Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely – just as an insider would. Having defensive strategies against these blended insider threats is essential, and organisations need insider threat tools that can predict attacks based on human behaviour.”

Findings from this year’s report include the following:

* Impact of Data Breaches – A quarter of organisations have had a merger/acquisition and, or a new product/solution roll-out stopped or slowed by a data breach, or the credible threat of a data breach. If an organisation experienced a data breach, only half of those organisations took steps to remediate and protect systems from future breaches.

* Organisations Are Looking to Store Intellectual Property Abroad – The economic downturn has resulted in an increase of organisations reassessing the risks of processing data outside their home country, in search of cheaper options, with approximately half of organisations surveyed responding they would do so, an overall increase since 2008. Approximately one third of organisations are looking to increase the amount of sensitive information they store abroad, up from one in five two years ago.

* Cost of securing data abroad – In China, Japan, UK. and the US, organisations are spending more than $1 million a day on their IT. In the US, China, and India, organisations are spending more than $1 million a week on securing sensitive information abroad.

* Geographic Threat Perceptions to Intellectual Property – China, Russia, Pakistan are perceived to be the least safe for data storage, and the United Kingdom, Germany and the United States are perceived to be the most safe. Of the global organisations surveyed however, a large amount of organisations are not conducting frequent risk assessments, with more than a quarter of organisations assessing the threats or risks posed to their data only twice a year or less.

* Organisations Keeping Quiet about Data Breches – Only three in ten organisations report all data breaches suffered, and six in ten organisations currently “pick and choose” the breaches they report. The report also shows that organisations may seek out countries with more lenient disclosure laws, with eight in ten organisations that store sensitive information abroad influenced by privacy laws requiring notification of data breaches to customers.

* Device Management a Current Challenge – One of the greatest challenges organisations face when managing information security is the proliferation of devices, such as iPads, iPhones and Androids. Securing mobile devices continues to be a pain point for most organisations, with 62 percent of respondents identifying this as a challenge. Concurrently, the report shows the most significant threat reported by organisations when protecting sensitive information is data leaks.

To download “Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency,” visit http://www.mcafee.com/us/resources/reports/rp-underground-economies.pdf.

Dr Phyllis Schneck, Chief Technology Officer and Vice President, Global Public Sector, McAfee, told the Committee on Homeland Security in March that private sector companies need stronger protections in sharing global threat intelligence to better protect public and private sector customers and critical infrastructure from rapidly escalating cyber security challenges. By enabling private companies to share more, government and industry can make more efficient use of the public-private collaboration organisations they have created.

Dr Schneck, who testified before the Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, outlined some policy recommendations to improve public/private sector information sharing that is essential to provide the government with the capabilities it needs to respond to the cyber threat.

She also discussed the impact of two major cyber attacks that succeeded in extracting billions of dollars of intellectual property from leading American companies in the information technology and energy sectors. The first, Operation Aurora, was a highly sophisticated series of cyber attacks that targeted Google and at least 20 other companies. Dr. Schneck also testified about Night Dragon, a series of cyber attacks on global oil, energy, and petrochemical companies orchestrated with the apparent intent of stealing sensitive information such as operation details, exploration research, and financial data.

She spoke about McAfee Global Threat Intelligence, which offers the most comprehensive threat intelligence in the industry, and how it was used to detect and remediate both the Operation Aurora and Night Dragon cyber attacks. With visibility across all key threat vectors and a view into the latest vulnerabilities across the IT industry, McAfee Global Threat Intelligence correlates real-world data collected from millions of sensors around the globe and delivers real-time, and often predictive, protection via its integrated security solutions.

During her testimony, Dr. Schneck also made several recommendations to the Committee to enhance protection of our critical infrastructure from the cyber attack:

* The cyber security challenge faced by our country is a serious matter that requires an evolution in the way in which both the public and private sectors collaborate. Leading information technology companies and their customers are uniquely positioned to act as early warning systems that can identify and help address cyber security attacks as a real-time cyber immune system. But only the government can implement the complex set of organisational and policy responses necessary to enable data analysis and distribution across the private sector to counter the growing cyber security threat.
* Private companies need protected ways to share their big picture research findings with the government without loss of trust or creation of material events for stockholders, so that the most significant cyber security information is expeditiously actionable. This is the human component of what Global Threat Intelligence does at machine speed. We need both in order to defeat cyber adversaries, whose aim is to harm our way of life.
* Broad-based situational awareness is vital to securing our global cyber systems and ensuring our national security. Policies that enable companies and governments to work together, using global threat intelligence (e.g. combining cyber, energy, finance and other data) to enhance correlation and predictive capabilities are critical to real-time responsiveness within the network switching/routing fabric should be pursued.

McAfee is a provider of cybersecurity solutions to the US federal government. The company deployed the Defense Information Systems Agency (DISA) Host Based Security System (HBSS) solution which provides five-plus million desktops, servers and laptops across the US Department of Defense (DoD). HBSS monitors, detects, and counters against known cyber-threats to the DoD’s enterprise architecture. McAfee also managed the fielding and deployment of the HBSS for the Secret Internet Protocol Router Network (SIPRNet) for the US Air Force.

For more information about McAfee, visit –

Related News

  • News Archive

    Safe Estate Scheme

    by msecadm4921

    A housing trust has worn an award after using property marking products to reduce burglary and metal theft from an estate in…

  • News Archive

    Cyber Conference

    by msecadm4921

    You can view video and other details of the recent international conference on cyberspace and cyber-security in London at the start of…

  • News Archive

    Hotel CCTV

    by msecadm4921

    Rose Rayhaan by Rotana, the world’s tallest hotel, in Dubai, uses a combination of pan-tilt-zoom, fixed and dome cameras to protect its…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing