As McAfee has jointly published a report with SAIC – claiming to show that cybercriminals are now focusing on intellectual property as a means of extracting revenues from companies – my own observations confirm that hackers are no longer simply after the money: electronic, physical or otherwise.
The report confirms my own analysis of IP traffic threats over the last 24 months, which has shown a marked shift away from direct revenue theft to hybrid or advanced threats, where industrial espionage and even business blackmail is the order of the day.
What we are seeing is something of a seismic shift away from conventional bank phishing for bank and card account credentials, over to a more sophisticated form of theft. In addition, this time compression of the evolution of cybercrime is continuing apace, meaning that next year’s cybercriminals will have almost certainly have developed even more advanced strategies to extract money fraudulently from businesses.
Against this backdrop, today’s IT security defences need to be enhanced to protect against an increasing hybridised and multi-vectored set of security threats.
The good news that our colleagues over at McAfee did not expand upon in their report is that these advanced threats do not always require the installation of shiny new IT security systems, meaning that organisations can enhance and augment their existing systems, rather than starting afresh.
This strategy centres on a strategy of advising clients that, by identifying what their existing legacy IT security systems do best – and then tapping into those resources – the amount of money needed for additional security defences can be significantly reduced.
And just as the report identified a series of changes in attitudes and perceptions of intellectual property protection in the last two years, I have identified a change of approach to security amongst my more savvy clients.
The cloud computing phenomenon – which is actually not that new, as it was around before we set up Idappcom back in 2004 – has driven this change, as companies are now learning what areas of the world that corporate data, in both electronic and physical forms, is more at risk of theft, and adapting their security accordingly.
What this means is that organisations can never assume their data security is a set-it-and-forget-it installation, and that the need to constantly review their security posture – and enhance when necessary – should always be at the forefront of the savvy IT managers’ mind.