eWeek and Symantec are both reporting that eMail spam is reaching huge proportions in the last few month – greater than 75% of all email delivered on the Web in October. This is very debilitating for a number of reasons. First, it increases the opportunities for nasty and increasingly criminal-oriented malicious attacks – phishing, pharming and other means of defrauding the public. Second, it adds increasing costs to security already hard strapped with other problems as they must now contend with ever more cunning BOTs and other spam attacks. But third it cuts into the very Trust and Credibility that the Internet can deliver secure and reliable services. Why build SOA and SaaS services if they are just going to open users to very risky attacks ? This is the most devastating effect.
Here are 3 examples. I got this email I think but I am not really sure from eBay:
Why I am not sure ?
Because earlier this year I was getting at least 3-10 of these emails a day in a stream of phishing attacks that had me pulling my hair since though I did not use eBay at the time I did use Paypal which were getting the brunt of the attacks. How could I ask customers to use Paypal if they were receiving the same flood of attacks every day. Now it is true that eBay (and others) have managed to lower the number of attacks that I see to 3 or less a week, a vast improvement on 2-4 months ago. But think paranoid – precisely because email spam has reached unprecedented levels and BOTs are winning the war against security defenders, I am even more careful with eBay/Paypal email commerce because I believe they are the targets of the most sophisticated attacks.
Second example. Just as more than 35 million voters will be using electronic ballots for the first time, the Washington Post and the University of California at Berkley are raising issues about the integrity of the whole electronic system. And when ABC/TV did a poll for its This Week program (Sunday Nov 5th), they found more than 30% of voters had concerns about electronic balloting.
Finally, I am in the process of advising a small but well placed non-profit on what it should do about making more of its services available on the Web. Now some of these services have privacy and security concerns. Second, the organization does not have a large operational budget, certainly not for actively validating/policing its systems. What should I tell these executives in light of the latest trends in security on the Web ?
Kenneth Arrow won a Nobel prize in Economics, partially for showing that the social fabric of society was intimately entwined with and predictable by economical factors and vice versa. Dr. Arrow concluded that Trust was the crucial social factor that made economies work. Do we need a George Santayana lesson on the costs of forgetting that?