In many organizations, corporate security is taken pretty lightly until something bad happens. No one really cares about email encryption, firewalls and other theft prevention tools until someone hacks into the system or an employee walks out the door with millions of dollars in private corporate information. News stories, lessons from other companies and research reports try to communicate the importance of corporate security to other organizations. The costs of security breaches continue to rise and employees are becoming increasingly tech savvy. There’s never been a better time for companies to revamp their corporate security measures.
The Cyber Underground
A recent study from McAfee and Science Applications International Corporation (SAIC) delves into the corporate security sphere to find out what information is most sought after by cyber criminals and much more:
FREE Investigation Report Template
Prepare thorough, consistent investigation reports with our free report template.Download Template
“The cyber underground economy is making its money on the theft of corporate intellectual capital which includes trade secrets, marketing plans, research and development findings and even source code. McAfee and SAIC collaborated with Vanson Bourne to survey more than 1,000 senior IT decision makers in the U.S., U.K., Japan, China, India, Brazil and the Middle East. The study is a follow up to a report released in 2008 called “Unsecured Economies.” The new study reveals the changes in attitudes and perceptions of intellectual property protection in the last two years. The findings revealed which countries were perceived as the least safe to store corporate data, the rate at which organizations are experiencing breaches and the response rate to prevent or remediate data breaches.”
In the press release for the report, Scott Aken from SAIC mentioned that the lines between insiders and outsiders is blurring. This is an important point for organizations to keep in mind, as corporate security risks aren’t limited to external threats. Some companies aren’t even aware their systems have been compromised because cybercriminals can be very stealthy.
Here are some of the key findings from the “Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency,” report:
- Impact of data breaches- Data breaches have lead to delays in product launches, mergers and acquisitions and other business activities. The study found that only half of the organizations that experienced a data breach did something to prevent future breaches.
- Organizations storing information abroad- A third of the respondents claim that they are looking to store sensitive corporate information abroad.
- Not enough risk assessments- Responses from those surveyed show that risk assessments are conducted infrequently. Over 25% of the respondents communicated that their organizations assess data risks twice a year or less.
- Organizations try to keep data breaches quiet- The survey found that 3 in 10 organizations report all data breaches, while 6 in 10 pick and choose which information they want to disclose. One of the motives to storing information abroad is the relaxed data privacy laws, including lax laws about reporting security breaches to customers.
- Handheld/external devices are one of the largest security challenges- Laptops, cell phones, tablets, USB keys and other external devices continues to be a pain for many companies. 62% of the respondents identified device security as a major challenge.
Companies need to care about where their information is stored and how it is protected. Many of the conversations we have are with companies that want their information stored in the securest of locations. In my opinion, it makes more sense for companies to take the responsible route when it comes to data security.