At the same time, VeriSign on Monday reported a rise in the number of security events per monitored device; the total reached 4 million in March, double the number recorded in January. Its briefing also notes that phishing attacks are becoming more acute, though there's no new data to support this contention.
Security professionals are not surprised. "As usage grows, everyone expects the number of incidents to grow," says Pete Lindstrom, research director at information-security and market-research firm Spire Security. Such increases can also be explained, he says, by improved monitoring, in the way that the advent of X-ray machines revealed more broken bones.
Consumers, likewise, seem to be taking theses trends in stride. Mark Griffiths, VP at VeriSign Security Services, observes that the rise in E-commerce despite security scares demonstrates consumer confidence.
That may not be entirely a good thing. "The end user thinks, 'I'm not liable for that [fraudulent] transaction that occurred, so why should I care?'" Griffiths says. "They should care because of the fact that if that fraudulent person actually manages to get a hold of more than just their credit-card information, more could be done to actually hurt them." He cites being refused a loan due to a ruined credit rating as one possibility.
Enterprise IT professionals can't afford to be so sanguine because of the increasing sophistication of the viruses and worms coming out--on Monday, a new variant of the MyDoom worm spread across the Net, sending administrators scrambling. "The time from the announcement of a vulnerability to the time that a virus or a worm comes out is now decreasing," says Griffiths. "So it's more important now for the enterprise security guy, whenever those vulnerabilities come out, to make some assessment and decide what he wants to do about it."
It's certainly a matter of concern for businesses. "The banks are very concerned about customer retention," Griffiths contends. "It's a lot cheaper to keep a customer than to actually acquire a new customer. If word gets out and their brand gets decimated because they're No. 1 on the phishing list and people are losing money, then obviously they're going to lose their customer base and potentially go out of business."
While Lindstrom says the good news is that we're tracking these trends, he argues against becoming too focused on counting security incidents. "This is security flotsam and jetsam for the most part," he insists. "It's simple to count this stuff. Let's hope there's not so much noise that the really significant attacks get lost."