Forget Social Security numbers -- cyber criminals want your intellectual property

A report warns companies to drop reactive approach to network security or risk losing data to increasingly sophisticated hackers

If you thought protecting your customer and employee data like Social Security numbers and bank information against two-bit hackers was challenging, brace yourself: A report released by McAfee and SAIC (Science Applications International Corporation) titled "Underground Economies," says that cyber criminals are growing craftier and have their eyes on the troves of unprotected intellectual property floating around your company networks and all the devices and networks your networks touch.

The report concludes that intellectual capital and sensitive corporate data are the latest cyber crime currency. More than that, the old-school approach of perimeter-based security and "check the box" compliance won't cut it in era of mobile and cloud computing.

These findings likely won't come as much of a shocking revelation to anyone who has been paying close attention to cyber crime trends over the past couple of years, as cyber crime organizations have successfully infiltrated countless organizations through such techniques as APTs (advanced persistent threats). The trend has likely drawn more attention, however, in the wake of news that high-profile companies like RSA, HBGary, Google, energy companies, and Bank of America have lost sensitive documents and important information through sophisticated hack attacks.

McAfee and SAIC attribute the growing trend toward intellectual theft to the increasingly porous nature of the corporate network: "With the perimeter continuing to dissolve due to enterprises extending operations to mobile devices, cloud computing, and to third-party providers, containing intrusion vectors is getting more and more difficult," wrote Simon Hunt, VP and CTO of endpoint security at McAfee.

The question is, how can an organization protect itself from the sort of sophisticated attacks that can be pulled off at just about any time by anyone? The whodunit aspect is indeed tricky because outsiders have become increasingly adept at posing as insiders. "Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely -- just as an insider would," said Scott Aken, vice president for cyber operations at SAIC. "Having defensive strategies against these blended insider threats is essential, and organizations need insider threat tools that can predict attacks from this blended threat."

Too often, organizations are working reactively rather than staying ahead of the bad guys. Further, they're investing in technologies that don't go far enough to documents containing intellectual property and other sensitive information that might be sent around via email to various mobile devices or stored on a remote server in Russia or China. Compounding the challenge: Protecting documents containing simple data, such as Social Security numbers, is more difficult than securing files containing complex data that lacks patterns a data-loss prevention system can easily identify.

According to McAfee and SAIC, companies are embracing new strategies to combat today's cyber criminal tactics. They include:

  • Deep packet inspection, a means of performing inline, full packet analysis in near real time. DPI can be employed to strip data off packets leaving a network, as well as to strip suspicious data from incoming traffic.
  • Human-behavior based network security, comprising solutions that watch for certain types of behaviors that a human being would undertake if they were working to infiltrate a network
  • Insider threat tools, capable of monitoring hundreds or even thousands of inside users' activities at line speed and identifying traits inherent in those actions. These products are capable of interrupting a user's connection if they identify a user engaging in suspicious or unusual activities.
  • Advanced forensics, software tools and services that help uncover how a particular device, be it computer or handheld, was exploited
  • Advanced malware analysis, with which one can discover and capture zero-day malware can be used or is being used to attack a network.

The McAfee/SAIC report "Underground Economies" is available for free download on McAfee's site (PDF).

This story, "Forget Social Security numbers -- cyber criminals want your intellectual property," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.


Copyright © 2011 IDG Communications, Inc.

How to choose a low-code development platform