The great conundrum of online privacy – that consumers say they’re worried about online privacy yet readily join social networks and freely release their personal data on the Web – has hit the corporate world, just as the threat of data breach for corporations is more dangerous than ever. So just who, or what, is the biggest threat to corporate security?
One quarter of organizations around the world had a merger and acquisition or new product rollout delayed or even stopped by a data breach or the threat of breach, according to the latest study from McAfee, a vendor of cyber security products.
And who is the greatest enemy corporations face in keeping their secrets safe? Themselves.
The report found the greatest challenge faced by corporations in securing information is employees’ lack of compliance with internal security policies and, it seems, complying with those policies themselves on a broader scale.
Among the organizations that experienced a data breach, only half took steps to protect systems from future breaches; just 3 out of 10 organizations report all data breaches suffered; while 6 in 10 admitted to “picking and choosing” the incidents they report to officials and shareholders, the study found.
In addition, only half of companies took the necessary actions to fix and protect their systems from later break-ins. A quarter of companies assess the risks to their data just twice a year, or less.
The study, “Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency” surveyed more than 1,000 senior IT workers in the U.S., U.K., Japan, China, India, Brazil and the Middle East.
The stark findings coming straight from decision makers themselves prompted McAfee to issue a stark, new warning to the world’s corporations and largest organizations: your data, from trade secrets to marketing plans, is the “new currency” of the underworld economy.
The study found that cybercriminals have shifted from stealing personal information, to targeting corporate intellectual capital because there is much greater value in selling a corporations’ proprietary information and trade secrets.
And those secrets are more easily filtered out, and reachable by thieves, through the wave of mobile devices like iPhones, iPads and Android smartphones used by employees to share data and work remotely. 62 percent of respondents identified securing and managing those devices as a major challenge.
And the breaches are more than just a headache to IT works and corporate CEOs alike. The research found that in China, Japan, U.K. and the U.S., companies spend more than $1 million a day on their IT.
In China, at least, even spending $1 million each day is not enough. Germany, the U.K. and the U.S. lead the world for perceived safety, while China, Russia and Pakistan are seen as the least safe for corporations.
Further hiding the full picture of data theft in the corporate world is the fact that many companies may not even realize they’ve been breached, and many seeks ways to avoid sharing their privacy blunders with customers and shareholders.
McAfee notes the report “also shows that organizations may seek out countries with more lenient disclosure laws, with eight in ten organizations that store sensitive information abroad influenced by privacy laws requiring notification of data breaches to customers.”
When it comes to these targeted attacks, many companies have taken the approach that “it won’t happen to us, and if it does, we’ll just pay for it then,” said Simon Hunt, a vice president and chief technology officer at McAfee. “What’s become evident over the past year is that it’s happening more than people expected.”
Citing specific cases where companies opened the door to criminals by not censoring information about corporate culture or structure e-mails and other messages, McAfee advised companies to more closely monitor employees and also invest in behavioral analysis software to spot activity on the corporate network.