Targeted attacks represent the biggest IT security threat to companies, a senior Gartner analyst warned today.
Vic Wheatman, managing vice president for Gartner US said at the Gartner IT Security Summit in London that criminals are going after databases of customer names, addresses and dates of birth and then selling them on the open market.
Cyber-crime has become so sophisticated that criminals do not even need to hack into corporate systems to steal information, according to Wheatman.
"The bad guys have got so smart they are able to sell valid credit card numbers and the authentication numbers before the credit card companies actually issue those numbers," he said.
"There is an algorithm associated with the validation number so you can sort of guess what the credit card number's going to be by looking at the credit card. American Express would be 3714 [for example].
"Then there is an algorithm associated with the rest of the number that becomes the validation number."
Identity theft is also becoming a big issue, although Wheatman warned that the level of reported incidents may not reflect the true numbers.
"There has been a lot of identity theft, or potential identify theft. Some people think they've been affected and maybe they were. They see something going on, but a lot of times they're wrong," he said.
"They see an account that they don't recognise but it may just be they did business with someone and they're using a different name to process the credit cards. But certainly there's been a lot of identity theft. It's become a big issue."
Most attacks on businesses are targeted at specific companies, according to Wheatman.
"People hesitate to mention names, but you can imagine the names. It's also phishing attacks where banks have found emails have gone out under their name," he said.
"It looks like the email came from security at (fill in the name of the bank) and people fall for that and click on the link.
"The only thing the banks can do is warn their customers, which most banks do on their homepage, that this occurs and that they will never ask you for your password in an email.
"They [can] also do things like stronger authentication. Some of the methodologies we've seen include the user logging on with their ID and seeing a recognisable symbol - it could be a picture of a cat - before entering their password.
"It gives a warning that yes, that's my bank, they know what my secret symbol is and now I can enter my password."
The level of phishing attacks is also having a negative effect on consumer confidence, according to Wheatman.
"Phishing is reducing the willingness of consumers to participate in online commerce, banking and stock trading. So there's a real cost to the industry and it is in their interests to combat it," he said.
Hackers up the ante with targeted attacks
By Will Head on Sep 19, 2006 3:48PM