Home / / McAfee warns of cyber-attacks on data

McAfee warns of cyber-attacks on data

One laptop from a mid-level employee can be worth $60,000 to a cyber-criminal

Hamed Diab, McAfee regional director for MENA says that data breaches around the world are currently costing companies $1 trillion.
Hamed Diab, McAfee regional director for MENA says that data breaches around the world are currently costing companies $1 trillion.

McAfee and Science Applications International Corporation (SAIC) have released an Underground Economics global study, which was composed to shed light on the data breaches that are happening around the world and the evolution of the stages of hacking and data breaches around the world.

"According to a study we did, these data breaches around the world cost approximately $1 trillion and that is not just about the size of the data being stolen and the value of the data, but the value of the reputation of the companies that have lost the data,," said Hamed Diab, McAfee regional director, MENA.

In the mature sophisticated markets such as the US, the average spend on security threats and protections is $1m per week, according to Diab.

This is a far cry from when cyber-attacks first began as just a hobby in the 1980s and early 1990s, where attackers just wanted to show off, Diab said. After this first step, cyber-criminals began going after websites and trying to bring them down to gain popularity among the hacking community.

"It then became more of a financial approach where [cyber-criminals] go after your credit card credentials, your personality [or personal identity?] and things like that. Today, and this is what we have seen as a recent behaviour in the market, cyber-crime is becoming more involved with the intellectual properties of companies and that is the core of any enterprise company or even a government, so they are going after the most sensitive and confidential data a company can have," he said.

Examples of data theft attacks include the Aurora attack in December 2010, which went after reputable companies with good security networks, such as Google, Microsoft and Juniper.

Diab says the Aurora attack was very different in how the code was written and what it was trying to do. It was actually trying to control data and duplicate personalities within the companies.

"They can build their own fake identity and try, through your name, to leverage whatever they can get through the company network. So they try to go to the highest positioned person possible and try to steal his identity and therefore access data and confidential documents and try to utilise it," said Diab.

In January 2011, McAfee saw another data theft attack, called Night Dragon, which the company says seemed to have originated in China, based on the IP addresses it found.

"Night Dragon was very sophisticated in nature, it is not normal code, it is very focused on a specific segment, industrial-based segments like oil and gas, the industrial base where it can really control their total operation and pursue whatever the cyber-criminals want to do," Diab said.

According to Diab, there are two reasons why cyber-criminals are targeting intellectual property. The first is money from the sale of stolen data and from the companies whose data they have breached. If a cyber-criminal steals the notebook or personal computing device of any mid-level employee, that device is worth up to $60,000 to them from not only the information on the device, but the networks and contacts that may then be open to them.

"Data leakage is one of many threats and we just need to have a holistic approach when we are dealing with security in order to really look at an organisation from a 360 degree perspective," said Diab.

 The second reason for cyber-attacks that steal intellectual property is more subversive.

"The second intangible reason is politically driven like Wikileaks. A company that brings information to the public can be manipulated and used in a different fashion and can have a domino effect on power," he said.

These attacks, which focus on stealing intellectual property are not country-specific and leave any company or individual in any country open to attack, however, the UK, USA, China, Russia and Israel lead spending on cyber security, and have positioned themselves ahead of all other countries in terms of the sophistication of their cyber-defences.

There are also countries that are the least trusted in terms of cyber-security.

"Vulnerability-wise what are perceived to be the least secure countries in the world are China, Russia and Pakistan, for keeping information safe. For a company with cloud, with the move toward cloud where people are trying to have replication of their information elsewhere outside of their country, people usually invest in the US, the UK and Germany," said Diab.

To maintain security within a company is very difficult, and McAfee has a new slogan ‘Safe Never Sleeps', which reflects that security attacks can happen 24 hours a day, 365 days a year.

To create a safe environment in companies, Diab said you have to start with the basics and develop a regular checking procedure on a company's defenses.

"Most of the companies, according to the studies that we did, only do their security health assessment checks twice a year and that is not enough with the current number of threats we are seeing on a daily basis. From last year it was approximately 50,000 new threats per day, now we are getting about 60,000 new threats per day according to our McAfee lab. You need to check more regularly and really do an assessment of your current vulnerabilities. It is like doing a health check, a tune up for your car, you need to make sure you are in touch with what is going on," he said.

A second thing companies must do is give security spending priority over hardware and software upgrades.

"If we look at the current spending, the data says we have an average spending per company on security of  $1m per week versus a total of $1m a day on total IT. That means security is still not a priority..If you spend a little more on security from day one in order to reach optimisation stage, everything can be under one umbrella to try to prevent any attacks," said Diab.

Diab says that in the Middle East, it is quite important that even though data breaches are usually kept quiet, that companies share even limited information about data breaches and attacks to spread awareness of the problem.

"In the Middle East, perception is reality and knowledge is power.. If it is in your culture and in your mindset that ‘I am secure', then it is probably better if people can share knowledge, a limited share of knowledge, that will definitely help the market build an understanding about security and how much it can have an effect on a business or operation. It is also very important to spread the word that security breaches are there and they need to have a more focused approach to build better dynamics for their operation," said Diab.

Diab's advice to companies across the globe is to be aware of their security position today before things happen and make sure the companies know where their security issues lie.

"A lot of companies have done security in one way or another, but they don't know how secure they are until they really have an overall assessment of their organisation. The threats are not just coming from outside, they are also coming from inside and having the sophistication of cloud computing, it becomes very blurry as to who is the attacker, where it is coming from and what they want. At the end of the day companies need to think about all these scenarios to create proper policies to be protected," he said.

In the Middle East, MacAfee provides training labs for customers to ensure customer employees understand and can fully utilise MacAfee's security services and software for within the company.

"We have made training labs for our customers and our channel, so we really promote different types of courses where we enable our customers and our partners to understand different types of security threats," said Diab.