Hackers hunting for corporate IP

Cyber criminals have turned their attention more towards corporate secrets, moving away from targeting personal data, a report has indicated.

Global firms have started shifting their corporate data and intellectual property to the cloud, the McAfee and Science Applications International Corporation (SAIC) report claimed.

Now hackers have followed this move as they look to acquire such highly valuable information, the findings indicated.

A third of organisations surveyed in the report said they were hoping to increase the amount of sensitive information stored abroad, up from one in five in 2009.

China, Russia and Pakistan were considered by respondents to be the least safe nations for data storage, with the UK seen as one of the most secure destinations.

"We've seen significant attacks targeting this type of information. Sophisticated attacks such as Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world," said Simon Hunt, vice president and chief technology officer for endpoint security at McAfee.

"Criminals are targeting corporate intellectual capital and they are often succeeding."

Despite this shift, a number of organisations have failed to take mitigating steps.

A quarter of respondents had seen a merger or a new product launch either stopped or slowed thanks to a data breach, or the threat of one.

For those who had experienced a breach, just half took remedial steps to protect systems from similar compromises in the future.

Just a quarter said they carried out forensic analysis of a breach or loss.

McAfee said the cost of data breaches could be the main driver behind victims' lack of action after being compromised, as businesses seek to save money in tough times.

According to Symantec, the average cost for a data breach in the UK stood at 1.9 million in 2010.

"Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely just as an insider would," said Scott Aken, vice president for cyber operations at SAIC.

"Having defensive strategies against these blended insider threats is essential, and organisations need insider threat tools that can predict attacks based on human behaviour."

According to the report, companies have been keeping quiet about data breaches too, with just three in ten reporting all cases.

In the UK, it looks likely many businesses will soon have to comply with EU directives requiring them to report data breaches to the Information Commissioner's Office.