Security is already closing out 2004 as the number one problem in IT – bar none. It is shaping up to be absolutely dismal 2005 such that major downturns in consumer eCommerce likely will takeplace. Virus, denial of service and Web attacks are reaching a crescendo. But spyware, adware, keyboard heisting, phishing and identity theft are swinging out of control. See the latest major phishing/theft breech at Secunia. Or consider what insiders are saying about the spyware menace. At least twice every week I get very sophisticated phishing notifications like the one below. It is so bad and I so distrust my connections with major vendors, I have started canceling services. The image below is a phish attack. Looking not just at the external polish but also at the email header, the hyperlinks and external references- almost every one is valid (why this does not open the phishers to obvious “false representation” criminal charges is beyond my ken) and appears legit.
The reason I know it is not – I cancelled all my connections with eBay.
IT vendors, eRetailers, government enforcement agencies – read the writing on the email wall. I can remember 5-6 years ago when no consumer wanted to do business online because it was considered unsafe. Due to negligence, total unpreparedness, and unwillingness to pursue and prosecute a now small set of of perpetrators (see eWeek for report on small phishing circles) security is plainly in jeopardy.
eWeeks Larry Seltzer is cautiously optimistic. Unfortunately, in the IT industry and surrounding stakeholders responses I see naked opportunism, draconian proposals, fingerpointing, and an almost criminal negligence. In short, 2005 is shaping up to be brutal – The Year of Insecurity.