Despite organizations spending billions of dollars on solutions designed to protect their Internet communications and e-commerce applications, the number of browser-based attacks and phishing scams continue to soar, according to IT trade association CompTIA.
Almost 57 percent of about 500 organizations surveyed reported suffering a browser-based attack in 2004, the Oakbrook Terrace, Ill.-based group reported. Last year, 36.8 percent of those polled reported being victims of a browser-based attack, in which perpetrators use browser systems and user system permissions to disrupt computer use.
“Organizations rely on the Internet more than ever before, making the storage and housing of personal account information and proprietary data even more vulnerable to identity theft and data corruption,” said Brian McCarthy, CompTIA’s chief operating officer. “As more and more business is conducted over the Internet, there are more opportunities for data theft, fraud, identity theft and other criminal activity.”
In addition, 25 percent of organizations claimed to have been victims of a phishing attack in the past 12 months, CompTIA found, up from 18 percent in 2003. Phishing scams use fake e-mail messages to steal personal information such as credit card and Social Security numbers.
“It doesn’t surprise me at all,” said Audri Lanford, co-editor of ScamBusters.org, a free newsletter that reports on Internet scams. “[Phishers] have gotten so sophisticated. The thing that is the most interesting about phishing scams is how sophisticated they’ve gotten.”
Last year phishing cost U.S. consumers about $500 million, according to a September 2004 study by Truste, a non-profit privacy group, and NACHA, an electronics payment association, which sponsored the study. Seventy percent of those queried said they had unintentionally visited a spoofed site that seemed to be legitimate, and more than 15 percent claimed to have been successfully phished, the report found.
“A lot of people believe if you’re smart, it’s enough to protect yourself from Internet scams,” Lanford said. “Some of these scams are so sophisticated that, unless you know that type of scam exists, your chance of getting taken is huge. Being smart just isn’t enough.”
Despite the increase in phishing, traditional worms and viruses continue to be the primary security threat. In 2004, 66 percent of respondents reported experiencing these attacks, down slightly from 68.6 percent in the prior year, CompTIA found.
“Organizations are investing in security technologies: 97 percent of the organizations we surveyed use anti-virus software; 24 percent have firewalls and proxy servers in place; and 53 percent use intrusion-detection systems,” McCarthy said. “To combat pharming, organizations are upgrading their DNS software and installing cryptography solutions.”
Federal agencies alone are expected to spend $7.1 billion on IT security products and services in 2009, compared with $5.6 billion this year, according to market research firm Input. And IDC predicted overall security spending would increase 6 percent this year, vs. 5 percent in 2004.