By now I hope readers have seen our latest report – “Underground Economies” where McAfee and SAIC collaborated to investigate perceptions around intellectual capital – the “secret sauce” of companies. The report surveyed over 1,000 senior IT decision makers across the world, getting their opinion on where they thought their valuable data was, their attitude to outsourcing control of it, and questions around how it was protected and the risk of it being “misplaced”.
There were a lot of interesting trends, I hope you’ll read the full report but some things which were particularly notable included the following.
Regarding storage of the data, where it was kept, inhouse/outsourced etc:
- Eight in ten organizations who store sensitive information abroad are influenced by each country’s privacy laws requiring notification to cutomers of data breaches.
- Seven in ten organizations who store sensitive information abroad do so in countries where laws give them more autonomy.
- The economics of data storage abroad is playing a greater role in data decisions. More than half of organizations are reassessing the risks of processing data outside of their home country due to the economic downturn, compared to four in ten doing so in 2008.
In terms of attitudes towards securing the data itself:
- Employees’ adherence (or lack of) to security procedures is considered to be a greater challenge to organizations’ information security than the fact that there are multiple systems within the organization, or the insecurity of supply chain partner systems.
- Around half of organizations are looking to increase their IT security spending in regard to hardware upgrades, software upgrades and external hosting of data and other services.
And in terms of how much companies were spending to protect information, and on IT in general:
- Organizations are on average spending more than $1 million a day on their IT.
- Companies are spending $1 million a week to secure sensitive information abroad.
There were a lot of questions in the survey, and again I must thank the innumerable people who participated, both contributing their thoughts, and the teams who worked to collate all the results together.
Finally if you only get three key takeaways from this report, for me they would be:
- Corporate intellectual capital is the newest cybercrime currency. Cybercriminals have made the shift from stealing personal information, to targeting the corporate intellectual capital of some of the most well-known global organizations. Cybercriminals understand there is greater value in selling a corporations’ proprietary information and trade secrets which have little to virtually no protection resulting in intellectual capital as their new currency of choice.
- We’ve seen significant attacks targeting this type of information. Sophisticated attacks such as Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding.
- The distinction between insiders and outsiders is blurring. Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely – just as an insider would. Having defensive strategies against these blended insider threats is essential, and organizations need insider threat tools that can predict attacks based on software human behavior.