It was only a matter of time before Internet security was compromised not primarily by glory-seeking hackers working on their own but by savvy groups of organized criminals looking upon the Web as a new — and extremely lucrative — source of ill-gotten gain.
This is not to say that the “old-style” of bit disturber doesn’t still carry out his thrills from the dank caverns of hackerdom, reveling in the notoriety that a significant strike can bring them amongst his peers. That community is still alive and well, unfortunately.
But when we look at the growth of this newer style of organized online pilfering, one doesn’t require the sleuthing skills of a Sherlock Holmes to know where the world of Internet crime is heading. And it’s also easy to see where the bigger threats are going to be coming from, and on which ones authorities, governments, organizations and individuals should be concentrating their preventative efforts.
As more and more business is transacted across the Net, a corresponding rise in the amount of personal information being stored on devices connected to it is also taking place. With some of the woeful uses of such data carried out by some retailers and vendors who have proven they simply don’t “get” what effective privacy and security policies constitute, salivating criminals are often able to get their hands on such data as easily as picking cherries off a tree.
The bad guys are having so much success in large part because companies haven’t put in place effective policies around collection, storage and use of customer data. With that much loot for the taking, and with a plentiful store of unemployed coding talent sitting around in nations with struggling economies, their skills ready to be exploited by organized crime outfits who can pay them handsomely, the only thing left to wonder is why there haven’t been more such computer-oriented calamities than what we’ve seen already.
In the days when glory hacking predominated on the Net, breaches were regarded as a nuisance and, in worst-case scenarios, a significant drain on all-important uptime. Today, companies’ very existences can be on the line when it comes to preventing the kind of organized attack that is beginning to predominate.
Observers should expect to see a rise in attacks aimed at Web 2.0 content, such as that being generated by such popular online gathering spots as Facebook and MySpace. Corporations should also be tuned into this type of growing threat when implementing internal social networking software programs. With information flying back and forth at a rate that’s faster than anything witnessed in the past, the chances are good that sensitive corporate data will eventually be leaked. And of course, e-mail remains another key area of concern for IT administrators.
In the end, with authorities virtually powerless to stop much of the online criminal activity today taking place, the best defense for companies is to employ stringent guidelines around generation, exchange and storage of data. It is also imperative that employees be educated on the importance of such policies, and the dangers of not following them.