Antivirus company McAfee and R&D company SAIC recently published a report entitled Underground Economies, a study of corporate IP theft. According to the study, many cyberthieves now see stealing IP as more profitable than credit card theft and identity theft. According to the study:
In the past, cybercriminals targeted personal information such as credit cards and social security numbers, which were then sold on the black market. Now, these criminals understand that there is much greater value in selling a company’s proprietary information to competitors and foreign governments. For example, a company’s legal documents can fetch far more money than a list of customer credit cards.
The cyber underground economy has shifted its focus to the theft of corporate intellectual capital–the new currency of cybercrime. Intellectual capital encompasses all the value that a company derives from its intellectual property including trade secrets, marketing plans, research and development findings and even source code. For example, Operation Aurora, a targeted attack on Google and at least 30 other companies, represented a sophisticated attack designed to steal intellectual capital.
Some of the more interesting findings are:
- Theft of corporate intellectual property is “the new currency of cybercrime.”
- Some governments support or even conduct theft of trade secrets. Forrester Research estimates that corporate IP is twice as valuable as custodial data such as credit card information and customer and medical data.
- Cloud-based services are not only a new target for cyber criminals, but also but extensive but inexpensive resources into their hands
for carrying out cybercrimes.
- Data breaches, or the credible threat of a data breach, stopped or slowed a merger, acquisition, or new product rollout at one
fourth of organizations surveyed.
- Yet only a quarter of organizations conduct forensic analysis after a breach or attempted breach.
- Organizations reported that IP was most often leaked or stolen by their own employees.
Read the entire study here.
As an ironic side note, the day that this report was released, security researchers announced that McAfee’s own website has serious vulnerabilities. Read that article here.