March 28, 2011, 12:47 PM — Attackers are increasingly focusing on stealing intellectual property from companies and governments, but details of the losses continue to be scarce, concludes a survey of experts released by two security companies Monday.
The report -- conducted by security firm McAfee, now part of Intel, and technology giant SAIC -- found that companies worry so much about the reputational damage caused by a data breach that they tend to keep leaks of proprietary information a secret. Only one in four companies perform a forensics investigation following a breach, despite the fact that analysts have estimated that proprietary business information is twice as valuable as the custodial customer data that companies store.
The result is that companies are poorly prepared to deal with the perceived shift in cybercrime, the report argues.
"We've moved away from kiddies in their bedrooms, to semi-organized professionals to organized professions," says Simon Hunt, vice president and chief technology officer of endpoint security at McAfee. "And now, we have people realizing here they can send 100,000 emails out and make $10,000 or they could target somebody like Google or RSA and make $100 million dollars. The reward for the effort is there now and people are willing to spend it."
This month, security firm RSA acknowledged a breach of its systems that resulted in attackers accessing critical intellectual property pertaining to the security of its one-time password technology, SecureID. And last week, Internet security firm Comodo warned that an attacker coming from an Iranian network was able to fraudulently reserve SSL certificates for major domains.
The survey is based on interviews with more than 1,000 senior information technology managers in Brazil, China, India, Japan, the Middle East, the United Kingdom and the United States. While the report argues that intellectual property is increasingly targeted, it provides little evidence to back up the claim.