Security is just a mouse click away
Next time an e-card with a jolly message drops into your computer's inbox, think before you click it open – it could be a virus which will implant itself in your machine and spread before you even realise it. Computer users across the world are struggling against a rising tide of viruses and spam which corrupt data, slow down or take over systems and fill inboxes with junk. Viruses are mutating and spreading so fast that anti-virus software cannot keep up. This year has also seen an explosion in numbers of "phishing" emails, which fool unsuspecting online banking customers into clicking on a link to a fraudulent website which then records their password and banking details. More recent scams are designed to record bank details immediately a user opens an e-mail. More than 4.5 million phishing e-mails were intercepted by security company MessageLabs in November, up from just 337,000 in January of this year. Banks including NatWest, Citbank and HSBC have been among the main targets, but other organisations which operate online accounts, such as eBay, have also been hit. According to MessageLabs' annual report published today, 1 in 16 of the 147 billion e-mails scanned for viruses during 2004 contained a virus, compared with 1 in 33 last year and just 1 in 212 in 2002. spam e-mails accounted for 73 per cent of the 12.6 billion e-mails scanned by MessageLabs' anti-spam service over the past year. Hi-tech criminals are now much more likely to be organised gangs than teenaged loners writing virus code on computers in their bedrooms, security experts warn. Graham Cluley, senior technology consultant at Sophos, the anti-virus company says: "In the last 18 months there has been a growth in criminal communities committing online crimes. Kids used to do it to show off. Now it's more about making money." Criminals are starting to target specific companies or groups, says Natasha Staley of MessageLabs. "In the past there was a scattergun pattern but now it's become more commercial and targeted." Home computer users hooking up to broadband are instantly vulnerable through their fast, always-on internet connection unless they install up-to-date antivirus software and firewalls to prevent hackers. But companies are also open to attack. Online crimes like phishing, bombarding servers with spam e-mails so that they cannot function normally and extortion (attacking websites with millions of messages until the owner agrees to pay up) collectively cost companies billions. Despite this, many companies are still not taking computer security seriously enough and are not doing enough to protect either their own internal systems or customers using services like online banking. Philip Robinson, head of the crime division at Financial Services Authority, the City watchdog, told banks last month that they had to "run to stand still" to protect their assets and those of their customers. Felicity Bell of the National Hi-Tech Crime Unit (NHTCU), set up in 2001 as part of the government's anti-crime strategy, says: "There is greater understanding by company boards that IT security is important but departments need to work together more. For example there is some evidence that when people leave companies their e-mail addresses are not deleted so they can still get access to their former company's system." Disgruntled employees have released viruses into systems, causing havoc with systems and data. A survey of 201 businesses carried out by the NHTCU last year revealed that only 30 per cent of companies had a data encryption policy to protect data from hackers and viruses. Nearly a quarter did not carry out audits of security spending and processes and nearly half had no formal procedures for dealing with computer-based crime. Graham Cluley says: "Some companies take security very seriously but many others are oblivious to the threat. Some companies think all employees have a God-given right to full internet access for example. But at Sophos people have to explain why they need access to sites and we have a separate computer for online shopping and banking in the lunch hour." Tighter control of what is allowed into systems through employees' e-mail boxes could drastically cut down on the danger of virus infections. And, says Mr Cluley, companies need to give IT departments resources. "They need to invest in security. Their reputation is important and their data is their lifeblood."
Reproduced from an article published by Times Online
© Times Online
The original article can be viewed here:
http://business.timesonline.co.uk/article/0,,17809-1391559,00.html
Permalink Bookmark Digg this story
