IDG News Service - Five months after Google was hit by hackers looking to steal its secrets, technology companies are increasingly warning their shareholders that they may be materially affected by hacking attempts designed to take valuable intellectual property.
In the past few months Google, Intel, Symantec and Northrop Grumman -- all companies thought to have been targets of a widespread spying operation -- have added new warnings to their U.S. Securities and Exchange Commission filings informing investors of the risks of computer attacks.
Google doesn't talk about the specific attack against its systems, but it now warns shareholders that this type of event is a material risk.
"[O]utside parties may attempt to fraudulently induce employees, users, or customers to disclose sensitive information in order to gain access to our data or our users' or customers' data," Google wrote in a section added to its annual financial report in February, a month after it disclosed the hacking incident.
Google warned that it could lose customers following a breach, as users question the effectiveness of its security. "Because the techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures," the company said in the filing.
Google's admission that it had been targeted put a public spotlight on a problem that had been growing for years: targeted attacks, known to security professionals as the advanced persistent threat (APT). These attacks are often successful because they are low-volume, fly under the radar of most security companies and are extremely targeted. In many APT attacks, the victim is sent an interesting-looking document or a link to a Web site that contains attack code. If the victim's software isn't up-to-date (Google is thought to have been compromised via a bug in Internet Explorer 6), the criminals break into the computer, gaining a foothold in the company.
In February, Intel disclosed in an SEC filing that it had been targeted by a similar attack in January, and warned investors that the theft of its trade secrets could hurt its bottom line.
Last year, Heartland Payment Systems was sued by shareholders for failing to disclose that the company had been hit by a December 2007 SQL injection attack. Plaintiffs argued that the company should have disclosed the incident in SEC filings and in calls with financial analysts. The December incident was eventually linked to the largest data breach in U.S. history, and Heartland's stock dropped nearly 80 percent when the company finally disclosed the full extent of the attack in January 2009. Heartland shareholders ultimately lost this lawsuit, however.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts