The San Francisco Chronicle is reporting that a new study says thieves have shifted their focus to corporate data such as trade secrets and marketing plans, making it the "new currency" of the underworld economy.
The report, based on a global survey of more than 1,000 senior IT workers, follows recent headlines of hacker attacks on Nasdaq OMX Group, RSA Security and energy companies. When it comes to these targeted attacks, many companies have taken the approach that "it won't happen to us, and if it does, we'll just pay for it then," said Simon Hunt, a vice president and chief technology officer at McAfee, which is based in Santa Clara. "What's become evident over the past year is that it's happening more than people expected."
To illustrate the impact of these targeted attacks, the report noted how a quarter of the companies said a data breach - or the serious threat of one - caused them to either stop or delay a merger and acquisition or a new product rollout.
The survey also found that when an organization suffers a data breach or loss, only 3 out of 10 report all such instances to government agencies or authorities, or stockholders. About 6 out of 10 "pick and choose" the incidents they report.
"Companies certainly aren't doing all the reporting they should or that I think most people would like them to," said Scott Aken, vice president for cyber operations at SAIC.
Businesses are also "generally trying to store their data in locations where they're offered the best ability to pick and choose whether they have to notify (about) a breach or not," he added. "Some countries' laws are set up in such a way that maybe they don't have to report."
Among the report's findings:
-- Lost or breached data cost companies more than $1.2 million on average. That compares to less than $700,000 in 2008, when a similar study was done.
-- In the United States, China and India, organizations are spending more than $1 million a week on protecting sensitive data abroad.
-- Employees' lack of compliance with internal security policies was considered the greatest challenge to securing information.
As for the outlook, Aken of SAIC expects to see more of these sophisticated attacks. "We'll continue to see very well-coordinated attacks against big companies that have good security postures in place," he said.