Tuesday, September 25, 2007

The web of Insecurity

Take a look at the following:

Some Phishing Data
$10 to $150Price range on the black market for a full set of identity information
50 cents to $5Price range per stolen credit card number
196860Unique phishing messages detected by Symantec for the first half of 2007, up 18% from last six months of 2006
52771Number of active bot-infected computers per day in the year's first half

Data: Symanted Internet Security Threat Report Trends [2007]

The report above is just an indication of the wild business of phishing flourishing out there. The most recent hit, a huge theft of credit card information, was felt by Vertical Web Media, Chicago Publisher of Internet Retailer magazine and millions of its customers.

This information came a week after TD Ameritrade Holding disclosed that attackers from half a dozen IP addresses worldwide made off with personal information, including credit card numbers and email addresses of about 6.3 million customers. The report, the incident all point to one vulnerability - the most widespread vulnerability of organizations from security threats.

Many organizations are realizing this and shielding themselves by putting in place a security team and a security infrastructure. But is that enough? I will write about some of the security initiatives that organizations should adopt to escape from the vulnerability in a future post. If your organization is not yet serious and proactive about the security threats, then the risks are very high!

Jim Motes (CISO of Perot Systems) puts it aptly:
"The sophistication of these attacks being used today, hasn't been offset by an equal sophistication of the tools we use to prevent them"

No comments: