Cybercriminals target trade secrets of companies

New Delhi: After chasing personal information of individuals world over, cybercriminals are now targeting the trade secrets of well-known global organizations including those in India as they see greater value in selling a corporation`s proprietary information to competitors and foreign governments, according to a report.

"Cybercriminals are now focusing on trade secrets of global companies. Sophisticated attacks like Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world," says Simon Hunt, VP and chief technology officer, endpoint security at McAfee.

The report `Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency`, has been prepared by security technology company McAfee and Science Applications International Corporation, a scientific, engineering, and technology applications company in USA.

More than 1,000 senior IT decision makers in India, US, UK, Japan, China, Brazil and the Middle East were surveyed for it. Out of the 100 representatives from different organisations surveyed from India, 29 per cent said they had suffered a security breach and this number has increased from 19 per cent in 2008.

32 per cent of the Indian respondents said they only occasionally take steps to remediate and protect systems for the future after a breach or attempted breach. 11 per cent of them said their organisations accrued a loss between USD 0- 500,000 while 27 per cent indicated a loss between USD 500,000-1,000,000 due to loss of sensitive information or intellectual property.

40 per cent Indian respondents indicated that data breach or threat of a data breach affected their merger and acquisition plan and 26 per cent said it affected their product roll-out.

Two years ago, McAfee produced the `Unsecured Economies report`, which found that businesses companies worldwide lost more than an estimated USD 1 trillion in 2008 due to data leaks, the cost of remediation and reputational damage.

Not only do companies have to worry about competitors stealing intellectual capital, but they have to worry about sensitive or even classified information that could be leaked to media, as in the case of WikiLeaks, adds the report.

In 2006, a laptop of an Indian official working with a top technical intelligence gathering agency went missing from his car and it is believed to be having important data on country`s nuclear arsenal and missile system.

"Most of the current technologies use the preloaded algorithms to sense any anomaly. However, the cybercriminals are far superior in terms of their technical capability and they can identify ways and means to break the systems," says Dinesh Pillai, CEO, Mahindra SSG, a leading corporate security risk consulting firm in India.

According to Scott Aken, Vice President for cyber operations at SAIC,"the distinction between insiders and outsiders is blurring. Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely ? just as an insider would."

The report suggests advanced malware analysis and forensics and insider threat tools to interrupt connections if data is inappropriately being removed, as the solutions to check the cybercriminals. Aken advises that the companies should know clearly what needs to be protected.

"Most organizations spend enormous sums of money protecting the less critical portions of their network while the crown jewels, their intellectual capital, remain wide open. The thorough analysis of what lies on the network, combined with a solid defense in depth strategy, all implemented by a properly trained staff can do wonders for protecting an organization?s data," says Aken.