Cyber-Crime has outstripped illegal drug sales worldwide, and analysts estimate online fraud will bring in $105 billion in 2007. Despite the fact that most people know going online poses a risk for becoming a victim of crime, few individuals, companies or even government agencies truly understand the massive scope of the problem. Favorite ways of defrauding 'Net users include "phishing," or using trickery to get a person to reveal their personal data, stealing bank account numbers, appropriating credit cards, and many other means.
The continued vulnerability of online information and financial access points is an enormous concern for many industries, police agencies and the military, and the sophistication of the thieves grows each year, as well. For example, the Internet stock trading company TD Ameritrade Holding admitted a database was cracked by hackers who extracted personal information from customers. While Ameritrade recently announced this happening, the initial security breach occurred a year ago & all of the company's 6.3 million accounts opened before July 18, 2007 were exposed, they admitted. In response, an attorney for the group just filed a class-action lawsuit.
Other large financial institutions that suffered data base loss include Citigroup and Bank of America, and worldwide data loss will hit $40 billion in 2007, for individuals and companies.
In a keynote address at the InformationWeek 500 conference in Tucson, McAfee CEO David DeWalt, of the computer security and virus defense giant said international law has failed to keep up with the scope and seriousness of internet fraud crimes. DeWalt stated, "If you rob a 7-Eleven you'll get a much harsher punishment than if you stole millions online, the cross-border sophistication in tracking and arresting cybercriminals is just not there."
DeWalt went on to outline five trends that will affect the cyber security sector in the next few years:
1). Industry Consolidation. The smaller Internet security firms will either be consolidated, or will go under, leaving fewer, larger companies. This consolidation will itself lead to a unification of threat management systems into a single, centralized system that IT managers can then apply across diverse technology with a single console.
2). Federal Standards. The Federal Government will raise standards and requirements for computer technology to fight against the threat of cyber-attacks and safeguard consumer data., perhaps in a bill dedicated to the subject. Unfortunately, this may shift the advantage to countries that do not demand such time-consuming and expensive regulation for their IT sector.
3). Protection moving from the edges to the center. The security focus will move from the perimeter of technology to the data itself, meaning moving beyond the firewall systems towards amore sophisticated methods meant to encrypt the information itself into unbreakable sub-units, or making the data itself manacled to the system. This is important, since 70% of data theft is by company insiders.
4). Server Virtualization considerations. Companies are changing their IT data and software centering from individual machines to server virtualization, which places user programs outside the machinery, whether on or off site, to cut down on software costs and centralize the work. This creates new risks and problems, which DeWalt lists as, "noncompliant virtual machines, VM-aware threats that can subvert countermeasures, the propagation of infected virtualization images, and "hyperjacking," or the potential for a single breach to offer simultaneous access to many machines across a virtualized environment."
5). Mobile Devices Creating New Acess Breach Opportunity. Novel devices and IT management methods create unseen before opportunities for cybercriminals, as they respond with adapted ways of hacking, and phishing. For example, Mobile devices like cell and smartphones, voice-over-IP systems, and other highly mobile technologies are inherently more risky for users, who might only consider their convenience.
The upshot of the subject is the overwhelming need for continued workups of new technologies to correspond not only to the latest innovations in machinery, but also of fraud technology.