E-Commerce Growth Triggers Security Issues

VeriSign says Internet commerce was up 13% in the first half of the year, but the number of security incidents also grew.
E-commerce is on the rise, and with it, security issues. Internet commerce increased 13% in the first half of 2004, according to a report from Internet infrastructure services company VersSgn Inc. Domain registrations, traditionally an indicator of small-business growth, according to the company, rose 23% in the same period.

At the same time, VeriSign on Monday reported a rise in the number of security events per monitored device; the total reached 4 million in March, double the number recorded in January. Its briefing also notes that phishing attacks are becoming more acute, though there's no new data to support this contention.

Security professionals are not surprised. "As usage grows, everyone expects the number of incidents to grow," says Pete Lindstrom, research director at information-security and market-research firm Spire Security. Such increases can also be explained, he says, by improved monitoring, in the way that the advent of X-ray machines revealed more broken bones.

Consumers, likewise, seem to be taking theses trends in stride. Mark Griffiths, VP at VeriSign Security Services, observes that the rise in E-commerce despite security scares demonstrates consumer confidence.

That may not be entirely a good thing. "The end user thinks, 'I'm not liable for that [fraudulent] transaction that occurred, so why should I care?'" Griffiths says. "They should care because of the fact that if that fraudulent person actually manages to get a hold of more than just their credit-card information, more could be done to actually hurt them." He cites being refused a loan due to a ruined credit rating as one possibility.

Enterprise IT professionals can't afford to be so sanguine because of the increasing sophistication of the viruses and worms coming out--on Monday, a new variant of the MyDoom worm spread across the Net, sending administrators scrambling. "The time from the announcement of a vulnerability to the time that a virus or a worm comes out is now decreasing," says Griffiths. "So it's more important now for the enterprise security guy, whenever those vulnerabilities come out, to make some assessment and decide what he wants to do about it."

It's certainly a matter of concern for businesses. "The banks are very concerned about customer retention," Griffiths contends. "It's a lot cheaper to keep a customer than to actually acquire a new customer. If word gets out and their brand gets decimated because they're No. 1 on the phishing list and people are losing money, then obviously they're going to lose their customer base and potentially go out of business."

While Lindstrom says the good news is that we're tracking these trends, he argues against becoming too focused on counting security incidents. "This is security flotsam and jetsam for the most part," he insists. "It's simple to count this stuff. Let's hope there's not so much noise that the really significant attacks get lost."

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing