The Computer Security Institute (CSI) just released the results of its sixth annual "Computer Crime and Security Survey. " Some 538 security practitioners responded to the survey, and the results are rather interesting. For example, 85 percent of the respondents said they had detected some kind of security breach during the past year, and 35 percent (186 respondents) were willing (and able) to quantify their losses; all totaled, those breaches cost them more than $377 million—ouch.
Even more interesting is that, although 47 percent of respondents said they run e-commerce Web sites, 27 percent of those respondents said they have no idea whether they've suffered an intrusion! Apparently, that's an all too common situation.
Last week, the National Infrastructure Protection Center (NIPC) issued a warning about a widespread spree of e-commerce site break-ins (see the Security News section). A group of Russians and Ukrainians have been cracking e-commerce sites in 20 US states and have so far stolen about one million credit card numbers and customers' personal information. After the crooks steal company data, they make extortion attempts; many of these companies had no idea their sites were hacked until well after the fact.
I'm amazed by companies that spend a great deal of money putting their e-commerce sites online but fail to spend any money at all on adequate security monitoring solutions. Those companies have a serious lack of inhouse knowledge and experience, which leaves me feeling very leery of consumer-related e-commerce sites. I avoid shopping online because of reports such as those from NIPC and CSI. And I'm certainly not the only hesitant one.
The appeal of online shopping is tremendous, but the shortcomings of the early pioneers are obviously scaring away the masses and increasing consumer prices as a whole. As you know, companies must recover their losses, and usually consumers foot the bill through increased retail prices. So the failure to spend money up front on security almost always results in spending even more money later. It'd be much more cost effective for everyone if businesses stayed on top of security issues day to day. Until next time, have a great week.