The news on the IT security front is alarming. Recent months have seen one report after another of companies exposing, selling or simply losing customer data to criminals.
The reason: The security threat has changed, according to Bruce Schneier, CTO of Counterpane Internet Security Inc., of Mountain View, Calif.
In the past three years, he says, “criminals have taken over from hackers.” The latest twist in cybercrime is online extortion.
The August 2 issue of “Newsweek International” reported that online gambling sites have been hit by extortionists who threaten to shut down their Web sites with denial-of-service attacks unless the gambling sites pay off the blackmailers.
According to Alan Paller, director of research at the SANS Institute, an IT security educational organization located in Bethesda, Md., banks and online retailers have also quietly paid off online extortionists, whose demands have, to date, ranged as high as $1 million.
And in June, the U.K.s National Infrastructure Security Co-Ordination Centre warned that Trojan horses (transmitted by e-mail or through Web sites) that appear to come from legitimate sources, and so can evade antivirus software and firewalls, were specifically targeting individuals who work with sensitive “commercially or economically valuable information.”
The latest update from IBM Corp.s “Global Business Security Index” indicates that such targeted attacks are a fast-growing percentage of the 237 million infected e-mails and attacks perpetrated in the first half of 2005.
In light of these reports, our latest security survey of nearly 300 IT executives presents some pretty grim findings.
Three out of ten respondents admit that their companys attitude toward security has become more relaxed as the events of Sept. 11 fade into the past.
Two-thirds report some kind of security breach, from penetration by viruses or spyware, to lost data and inappropriate access.