Attention Business Editors- Security expert recommends low tech approach to phishing

Released on = December 6, 2005, 8:27 pm

Press Release Author = Informatica Security Corporation

Industry = Internet & Online

Press Release Summary = Canadian information security consultant warns of the
growing risk of identity theft and discusses anti-phishing strategies

Press Release Body = Toronto, December 8, 2005 /PR/ The rising threat of Internet
crime has drastically changed the information security landscape in 2005. Companies
all over the world are feeling the result as they struggle with the challenge of
fighting an anonymous, rapidly spreading threat. In Canada, phishing emails have
become frequent, with users reporting them on a daily basis.

According to a 2004 VISA survey, only 16% of Canadians were aware of the threat, yet
an estimated 4% or 200,000 email recipients had already been victims of phishing.
AOL Canada's more recent phishing study indicated an even more alarming 12%
clickthrough rate, indicating that the threat continues to evolve even as more
people are exposed to this type of crime.

Information security expert Claudiu Popa believes that phishing is fundamentally a
simple, low-tech problem that demands an equally unsophisticated but adaptable
solution: "Phishing attacks are no more sophisticated than your average hoax email.
They test people's trust and abuse it by adding a credible dose of urgency to the
mix. Some of the most effective protection measures include spam filtering and
digitally signed emails. Most people find it amusing that others can be tricked into
submitting confidential details through a fake site, but they fail to realize that
social engineering has existed since the beginning of time and it is the key
ingredient in many types of crime."

According to a Gartner study 57 million people have already received phishing
emails. Like spam, phishing requires only a minute percentage of compromises to be
profitable and with hundreds of thousands of reported victims, the backlash against
companies could be significant. Posing as financial companies and e-commerce firms
is the easiest, because these firms already have strong brands and established
trust. But the resulting brand erosion and loss of market share are only the tip of
the iceberg. Phishing attacks and related cybercrime are causing changes in the way
companies are run. Internet service providers are seeing increased bandwidth use,
added operational costs for filtering technology and an explosion in incident
support costs.

"Any company that has acquired the trust of customers, or failed to protect customer
records, is a potential target. The days of Paypal phishing emails riddled with
typos are over. In the coming year, we will see a variety of new attack strategies
including personalized emails, new domain registrations, information aggregation and
added sophistication through pharming and dependence on Trojans." Popa added. "It's
a matter of proper planning, incident response and awareness training, especially
within the enterprise where corporate identity theft is a real concern."

As president of Toronto-based Informatica Corporation, Claudiu Popa has designed the
company's Security Awareness Certification (www.SecurityAwarenessCertification.com)
program, designed specifically to educate employees at all levels about evolving
information security threats. "The program is designed to establish a realistic
baseline of awareness across the enterprise and ensure that everyone works
effectively with processes and technology to support information security efforts.
Companies without security awareness training programs are seeing higher security
costs and more significant security breaches because they do not have the
cooperation of their employees. Companies often fail to give their staff enough
credit by ignoring or excluding them from security programs, when in fact they
should be relied upon to play a critical role. By certifying every employee's
knowledge, companies empower people to close security gaps using little more than
common sense and vigilance."

According to Popa, the reasons for some of the panic we are seeing in the constant
flow of phishing news is that criminals are changing their strategy faster than
someone can build technology to combat it. Some current strategies include automatic
site takedowns, rigid spam rules, and site blocklists. "Desperate measures have no
place in security. Our clients use their trusted security partner to intelligently
plan defensive strategies and use existing technology that will adapt as the threat
evolves over the next eight to twelve months."

In addition to a successful security awareness program available across Canada,
Informatica provides a variety of solutions to combat phishing and social
engineering. These are: the executive Anti-Phishing Seminar, Confidential Decision
Support and Secure Domain Management. A free corporate anti-phishing policy template
and other resources are available from Informatica's Identity Theft page at:
http://www.informaticasecurity.com/anti_phishing_strategies.html.

About Informatica Corporation and InformationSecurityCanada.com

Toronto-based Informatica Corporation is Canada's information security consulting
leader. Over the past 16 years, Informatica has provided consulting, analysis,
implementation and training solutions to SME and enterprise clients in diverse
sectors. Informatica clients include financial organizations, government, non-profit
organizations, services, manufacturing and health organizations. The Informatica
group of companies offers diversified security solutions including best-of-breed
commercial products, research and analysis, strategy and implementation, corporate
training and security awareness certification for all corporate employees. On the
web: www.InformationSecurityCanada.com and www.InformaticaEducation.com. A
downloadable brochure and white papers are freely available from the Informatica
Security Library at http://www.informaticasecurity.com/whitepapers.html

For media enquiries, strategic alliances and more information contact:

Claudiu Popa, CISSP, PMP, CISA
President & CEO, Informatica Corporation
416-431-9012 Claudiu@InformaticaSecurity.com

CO: Informatica Corporation Information Security/Risk Management
ST: Ontario
IN: HTS
SU:



Web Site = http://www.securityawarenesstraining.ca

Contact Details = Informatica Security Corporation
67 Yonge St. Toronto, ON. Canada
416-431-9012

  • Printer Friendly Format
  • Back to previous page...
  • Back to home page...
  • Submit your press releases...
  •