Thursday, April 14, 2011

The Internet - A False Sense of Security

With the extensive use of the internet, including the movement to the cloud, the growing and pervasive use of social media and the extensive use of the internet for email, messaging and simply finding information, people generally have grown accustomed to the Internet, and familiar with the major providers of applications, such as Facebook, Microsoft, Google, etc.

While at one time not so long ago, people generally were wary of the internet, refusing for example to purchase on websites for fear of having their payment information stolen (or the payment itself), now a certain complacency has crept in, prompted not only by this familiarity but also by an increased sophistication of most users - a sophistication that enables them to identify simple phishing expeditions and phony offers of large sums of money.

But the problem is that the growing sophistication is more than offset by the deviousness of the various hacking and phishing attempts and the speed of change in such ploys.

A recent report by Symantec, the security company, shows that the complacency is dangerously misplaced. The report reveals that web based attacks increased an incredible 93% from 2009 to 2010. The attacks were high prior to 2009, so the base is not modest. One presumes that increases of considerable magnitude have continued in 2011. So it is getting much harder to avoid being a victim.

One of the more common tools employed by the phishers is the use of shortened URLs; the kind that people have become familiar with on social networking sites. These shortened URLs effectively hide the real URL, making it possible for a message to masquerade as being, say, from a well known bank, while the URL has nothing to do with the bank. Regular users of the Internet can notice with regular URLs whether the URL is likely to be legitimate. With shortened URLs, this is difficult or impossible. And the flavour of the day is targeted attacks, directed to particular companies or individuals, often in an attempt to obtain the personal information of customers.

People can't afford to be complacent about web based security, meaning they need to take precautions seriously. It also means web based providers need to ramp upo their security efforts. 93% increases are simply not acceptable.

No comments: