Cybercriminals now target trade secrets of companies

After chasing personal information of individuals world over, cybercriminals are now targeting the trade secrets of well-known global organisations including those in India as they see greater value in selling a corporation's proprietary information to competitors and foreign governments, according to a report.

"Cybercriminals are now focusing on trade secrets of global companies. Sophisticated attacks like Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world," says Simon Hunt,vice president and chief technology officer, endpoint security at McAfee.

The report 'Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency', has been prepared by security technology company McAfee and Science Applications International Corporation, a scientific, engineering, and technology applications company in USA.

More than 1,000 senior IT decision makers in India, US, UK, Japan, China, Brazil and West Asia were surveyed for it.

Out of the 100 representatives from different organisations surveyed from India, 29 per cent said they had suffered a security breach and this number has increased from 19 per cent in 2008. 32 per cent of the Indian respondents said they only occasionally take steps to remediate and protect systems for the future after a breach or attempted breach.

Eleven per cent of them said their organisations accrued a loss between $500,000 while 27 per cent indicated a loss between $500,000-1,000,000 due to loss of sensitive information orintellectual property.

Forty per cent Indian respondents indicated that data breach or threat of a data breach affected their merger and acquisition plan and 26 per cent said it affected theirproduct roll-out.

Two years ago, McAfee produced the 'Unsecured Economies report', which found that businesses companies worldwide lost more than an estimated $1 trillion in 2008 because of data leaks,

the cost of remediation and reputational damage.

Not only do companies have to worry about competitors stealing intellectual capital, but they have to worry about sensitive or even classified information that could be leaked to media, as in the case of WikiLeaks, adds the report.

In 2006, a laptop of an Indian official working with a top technical intelligence gathering agency went missing from his car and it is believed to be having important data on country's nuclear arsenal and missile system.

"Most of the current technologies use the preloaded algorithms to sense any anomaly. However, the cybercriminals are far superior in terms of their technical capability and they can identify ways and means to break the systems," says Dinesh Pillai, chief executive officer, Mahindra SSG, a leading corporate security risk consulting firm in India.

According to Scott Aken, vice president for cyber operations at SAIC,"the distinction between insiders and outsiders is blurring. Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely -- just as an insider would."

The report suggests advanced malware analysis and forensics and insider threat tools to interrupt connections if data is inappropriately being removed, as the solutions to check the cybercriminals.

Aken advises that the companies should know clearly what needs to be protected.

"Most organisations spend enormous sums of money protecting the less critical portions of their network while the crown jewels, their intellectual capital, remain wide open.

"The thorough analysis of what lies on the network, combined with a solid defense in depth strategy, all implemented by a properly trained staff can do wonders for protecting an organisation's data," says Aken.