Security, a Many Faceted Problem (part 1)
There was a great webinar held today by RSA, a vendor for Adaptive Authentication. I’ve seen / heard similar presentations before but Sean Brady, RSA guy, really did a nice job of laying out the security challenges for both corporate and consumer customers in the near-term.
Almost all clients I have consulted for have had security issues, no matter what the size. Most of these issues fall around policies and procedures, and not the hardware/software angle. Of course, a piece of software/hardware is only as effective as the human who is configuring and managing it, so there is always that consideration.
What is interesting to note is that Fraud in general is becoming a supply chain process. Gone are the days where a pale grubby geek churns out malicious code in their parent’s basement. Although, speaking as a geek, I’m still pale. Anyway, the whole business of Fraud has become available to the user at large on the Internet. Forums, user groups and underground websites can guide the novice fraudster in their budding criminal activity. Phishing has become very cost effective via the outsourcing model to where it now costs less than a dollar for an attack on a per user basis. Also, bank websites, while still a target, are considered secondary compared to all the user information stored on Facebook, Apple, Skype, MySpace, etc. All of this available information is used to create profiles of potential marks and then sold for big bucks in the underground economy.
Taking a few pages from the corporate world, fraudsters are now looking at their ROI and planning attacks based on upfront investment and payoff. They are outsourcing their data centers and development while adding a nice efficient customer service component where English speakers are guaranteed! Of course all of these services are covered by SLAs and maintenance plans. Sound familiar?
I think I’ll make my research on this subject a series and post updates on a daily basis. So keep checking this space for an update. Also, please leave a comment if you read this, even a “bleh”. It would be good to know who or who isn’t reading 🙂