IDG News Service - Five months after Google was hit by hackers looking to steal its secrets, technology companies are increasingly warning their shareholders that they may be materially affected by hacking attempts designed to take valuable intellectual property.
In the past few months Google, Intel, Symantec and Northrop Grumman -- all companies thought to have been targets of a widespread spying operation -- have added new warnings to their U.S. Securities and Exchange Commission filings informing investors of the risks of computer attacks.
Google doesn't talk about the specific attack against its systems, but it now warns shareholders that this type of event is a material risk.
"[O]utside parties may attempt to fraudulently induce employees, users, or customers to disclose sensitive information in order to gain access to our data or our users' or customers' data," Google wrote in a section added to its annual financial report in February, a month after it disclosed the hacking incident.
Google warned that it could lose customers following a breach, as users question the effectiveness of its security. "Because the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures," the company said in the filing.
Google's admission that it had been targeted put a public spotlight on a problem that had been growing for years: targeted attacks, known to security professionals as the advanced persistent threat (APT). These attacks are often successful because they are low-volume, fly under the radar of most security companies and are extremely targeted. In many APT attacks, the victim is sent an interesting-looking document or a link to a Web site that contains attack code. If the victim's software isn't up-to-date (Google is thought to have been compromised via a bug in Internet Explorer 6), the criminals break into the computer, gaining a foothold in the company.
In February, Intel disclosed in an SEC filing that it had been targeted by a similar attack in January, and warned investors that the theft of its trade secrets could hurt its bottom line.
Last year, Heartland Payment Systems was sued by shareholders for failing to disclose that the company had been hit by a December 2007 SQL injection attack. Plaintiffs argued that the company should have disclosed the incident in SEC filings and in calls with financial analysts. The December incident was eventually linked to the largest data breach in U.S. history, and Heartland's stock dropped nearly 80 percent when the company finally disclosed the full extent of the attack in January 2009. Heartland shareholders ultimately lost this lawsuit, however.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!