Here is some ammunition for our live discussion on the OnComputers radio show, July 10th, 2005. The question before the house is: will the growing threats on the Internet dramatically change corporate and consumer behavior, leading to a major decrease in Internet activity -- an Internet winter.
- 59 million Americans have dealt with spyware. They are changing how they approach the Internet based on bad experiences with viruses, spyware, and identity theft.
- IBM says the number of phishing attacks is at an all-time high, up 225% in May.
- INternet hacking is no longer the province of teenagers; professional criminals are behind much of today's Internet crime. These criminals are acting in concert.
- With 246,000 complaints to the Federal Trade Commission on identity theft, independent estimates put the number of victims of identity theft in the past five years at a staggering 1 in 5 Americans. NBC News reports that the identities of 50 million Amercians have been stolen or compromised in the past six months. The Internet is one of the key vehicles for identity theft.
- On the technology front, viruses and trojans are merging and becoming polymorphic. This smart malware is flying under the radar of anti-virus products, the first line of defense for many consumers and enterprises.
- There is a 50 percent chance your unprotected Windows PC will be compromised within 12 minutes of going online, says security vendor Sophos. That means your machine may be hijacked before you can install anti-virus, firewall, and adware software on a clean install of any version of Windows prior to SP2. Do not plug in your network cable until all of your safety/security software is installed. Unfortunately, older versions of Windows do not install network drivers and protocols unless a network connection is available. Catch 22.
- Life is not much safer inside the business world's firewall, as evidence of the recent Veritas Backup flaw reveals. Aberdeen Group reported this week that only a small fraction of enterprises have best-in-class policies and practices in place to deal with security on networks and infrastructure, information access, and governance.
- Businesses face a number of threats to hard-one consumer business on the Internet, as the pharmacist CVS found recently in a compromised consumer-facing application.
- The biggest threat to enterprises comes from the inside, security experts tell me. It can be a trivial exercise to get the keys to corporate jewels.
- It's getting hard to know what and who to trust on the Internet. The latest attack used a Microsoft security bulletin lookalike to spoof users. If users stop paying attention to Microsoft security bulletins, their machines will become a lot more vulnerable over time.
- The complexity of the multiple technologies (e.g., TCP/IP, routing, switching, Microsoft Windows internals, HTTP(S), Javascript, and all of the options these have) is absolutely beyond the capacity or ken of all but a handful of geek consumers. It requires multiple specialists in the enterprise world too. In short, computer users are unfit (but not necessarily incapable) of protecting themeselves.
- User education alone is not the answer, says Jakob Neilsen.
- Strike-back systems are not the answer, says Larry Seltzer.
Predictions of the demise of the Internet go back a decade -- before the general public really knew about the Internet! Are we headed for Internet winter, or will Darwinian selection win out with (massive) adaptations to thwart the black hats? We'll discuss this on Sunday.
-- Peter S. Kastner
No comments:
Post a Comment
All comments are moderated.
Note: Only a member of this blog may post a comment.