Only half of organizations that experienced a data breach took steps to remediate and protect their systems from future breaches, according to Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency.
“A lot of that was driven by cost. So this leaves organizations wide open for repeated attacks because they didn’t remediate what happened the first time”, Scott Aken, vice president of cyber operations at SAIC, told Infosecurity.
McAfee and SAIC collaborated with Vanson Bourne to survey more than 1,000 senior IT decision makers in the US, UK, Japan, China, India, Brazil, and the Middle East.
“Two main themes emerged from the study. The first is that corporate intellectual capital is the newest form of cybercrime currency. And the second is that the distinction between insiders and outsiders is blurring”, said Aken. “We’ve seen the cybercriminals shift there focus from stealing credit cards…to targeting corporate intellectual capital”, he added.
“Sophisticated attackers are infiltrating our networks, they are stealing credentials on the network, and they are operating freely inside the network just as a normal insider would. So network security professionals are really struggling to identify who a valid user is on the network”, Aken said.
The survey found that only three in 10 organizations report all data breaches, and six in 10 “pick and choose” what breaches they report. Organizations often seek countries with more lenient disclosure laws, with eight in 10 organizations that store sensitive information abroad influenced by privacy laws requiring notification of data breaches to customers.
In fact, one third of organizations are looking to increase the amount of sensitive data they store abroad, the survey found. China, Russia, and Pakistan are perceived to be the least safe for data storage, according to those surveyed. The UK, Germany, and the US were seen to be the safest for data storage.
According to the survey, more than a quarter of organizations are assessing data only twice a year or less. At the same time, companies in the US, China, and India are spending more than $1 million per week on securing sensitive information abroad.
One of the greatest challenges organizations face when managing information security is the proliferation of devices, such as iPads, iPhones and Androids. Securing mobile devices continues to be difficult for most organizations, with 62% of respondents identifying this as a challenge.
“There are technologies and policies that will help mitigate many of these threats. We realize that we can never take the risk down to zero, but by combining emerging technologies, understanding what is important on the network, a solid defense-in-depth strategy, and a strong education policy, we think these risks to organizations can be dramatically decreased”, Aken concluded.