Wednesday, May 25, 2005
Research about spyware offers telling information about the average computers user's relationship with this online threat. Data from the widely reported 2005 National Spyware Study, conducted by the Ponemon Institute, suggest that people may be failing to weigh the dangers of spyware appropriately. This is just additional proof that more education is critical.
It seems that computer users don't even understand what is going on, let alone grasp the full gravity of the risks associated with spyware. The computer, retail, and banking industries must step up their consumer education efforts. Many computer users don't even recognize blatant spyware attacks, but once the damage is done, consumers and everyone else involved lose.
Ponemon's study reveals that the staggering toll spyware has exacted on computer users hasn't necessarily sounded the alarm for consumers. According to the study, 84 percent of respondents had experienced trouble with spyware. Yet most still seemed confused about spyware and indicated that, when given the choice, they would choose more access to free downloads over the development of laws to address the problem of spyware.
If this study is any indication, the current approach to educating everyday computer users about the spyware threat is ineffective. Enjoying all the conveniences of technology, consumers also sacrifice a large degree of security. I don't think they would jeopardize themselves in this way if they truly understood the stakes.
We see television commercials that present serious issues such as spyware and identity theft under the guise of humor, as if online security were a laughing matter. It is not.
While Madison Avenue sure can make some entertaining commercials, the advertising industry clearly hasn't framed the problems of spyware, identity theft, and related issues effectively. Otherwise, I doubt we'd be seeing results like those from Ponemon's study.
Most respondents to the study were unfamiliar with the lexicon of online threats. For instance, many could not differentiate between spyware and adware.
The industry must begin to look at spyware and related threats as more than mere opportunities to increase revenue. Advertising is for making money, but industry first needs to spend money on its existing customers' online security education.
Sunday, May 15, 2005
Industry and government are still debating the best ways to combat identity theft. This should be a wake-up call for consumers to take their online security into their own hands. Computer users have an array of options at their disposal to fight the problem themselves.
On May 4 Canada.com ran an article [link no longer available] by The Gazette's Alison MacGregor. The report quoted McAfee Inc.'s chief security officer, Ted Barlow, providing advice for computer users to protect their systems.
So many computer users operate their systems with little or no security against hackers, identity thieves, phishers, and other online crooks. We need education. Executives everywhere must follow Barlow's lead and publicize solutions to computer security woes.
Computer users are susceptible to a litany of threats. Webmobs, organized online theft rings, collude to steal identities en masse. Geeks create viruses to wreak havoc for no reason other than fun.
Hackers can even turn a home's computer, unbeknownst to its owner, into one of countless nameservers like it to run illegal Botnets. These networks then fuel phishing activities, also known as online scams, which perpetuate indefinitely and elude law enforcement by utilizing constantly moving nameservers that authorities cannot pinpoint.
Companies offering security technologies must be ahead of the curve for us even to have a prayer in turning back the tide of online crime. The speed and pace of the conveniences of technology have far outpaced the security necessary to keep users secure. However, there are a variety of tools available for free or for a small fee to maintain a relatively secure system.
Some computer users are savvier than others. Companies such as Netcraft have developed solutions that let users across the spectrum of proficiency pool knowledge to surf the Internet more safely, avoiding phishing sites and the like.
Security is a journey, not a destination. It needs constant attention and a never ending implementation of available combative resources. An online security solution that pools the expertise of advanced users to protect the less savvy remionds me of an Internet neighborhood watch. I like this idea.
The sophistication of online crime is mind-boggling. The response from the high-tech security industry must be the same.
Saturday, May 14, 2005
Fears of mass identity theft struck again a couple weeks ago with the reported loss of hundreds of thousands of employees' records at one of the world's foremost media companies. The incident demonstrated that everyone is a potential victim of this crime.
Has Time Warner read its own publications this past year? Is the company aware of what has been reported regarding major breaches of data? Even at one of the world's largest media companies, supposedly a technology-savvy organization, employees are still vulnerable to identity theft.
On May 2, Bloomberg's Cecile Daurat, along with others, reported that the personal information of 600,000 Time Warner Inc. employees, both past and present, had been lost. According to the report, a container holding 40 back-up tapes has disappeared.
An employee has no choice but to relinquish valuable identifying information to her employer, exposing the data to the whims of lax security. Employers entrusted with this information should protect it as if it were their own.
Information continues to disappear elsewhere, and Time Warner is only the latest in this year's string of data breaches:
-On April 21, Linda Rosencrance of Computerworld reported an incident at Carnegie Mellon University's Tepper School of Business. The school informed 19,000 students, alumni, and faculty that their personal information had potentially been compromised. Recent weeks have seen similar incidences at Tufts University and Boston College.
-On April 20, Emily Fredrix of The Associated Press reported that Ameritrade Holding Corp. had notified 200,000 current and former customers of the loss of a backup tape containing their personal information.
-On May 13, The Duluth News Tribune quoted me in one of many articles that have chronicled a March 2005 incident of identity theft involving a DSW Shoe Warehouse database.
We are witnessing a freefall. Data is dropping out of sight left and right.
In most of these cases, the official communique to customers follows a theme. This theme says the data breach poses no known threat to customers' identities. This theme is wishful thinking.
Meanwhile, on May 2, Red Herring reported on the latest findings out of the SANS Institute, which found more than 600 new Internet security vulnerabilities.
High technology is forcing us to rethink the way we identify people and safeguard important information from crooks. Right now, the bad guys are winning. We need a uniform response from government and industry immediately to combat the threat before identity theft cripples our economy and irrevocably shatters people's trust in longstanding institutions.