October 17, 2007 — CSO —
As technology continues to evolve, so do malicious attacks that are often associated with the Internet. According to some industry insiders, Canadians aren’t aware of and aren’t taking these problems and attacks seriously enough.
A noted from Symantec Corp.’s most recent semi-annual Internet Security Threat Report (ISTR), Volume XII, covering the period from January 1 to June 30 of this year, the country hosting the most phishing sites is the United States at 59 per cent, while Canada ranked in seventh place with just two per cent.
Dan Hubbard, vice-president of security research at Websense, Inc., says that where phishing Web sites are hosted isn’t all that important from an attack standpoint.
"Canadians can be lured to Web sites that are being hosted in China or the U.S. as well as other places," Hubbard says. "Where the Web sites are hosted doesn’t really matter. If you look at the number of users online and the amount of ISPs in the U.S., the U.S. dwarfs Canada because the sheer volume in the U.S. is bigger."
He explains it’s hard for the U.S., especially its financial industry, to protect itself against phishing sites using a unified solution because there are so many more banks in the U.S. than there are in Canada.
"In the U.S., there are literally tens of thousands of banks all over the place, whereas you contrast that to Canada, and there are only five major banks," Hubbard said. "Because there are smaller groups of banks in Canada, it’s much easier for them to standardize on a solution."
Michael Murphy, vice-president and general manager of Symantec Canada Corp., says most of these Internet attacks are profit-driven.
"Attackers try to lure [people] outside of their trusted Web sites to go outside of a safe environment to a compromised one," Murphy said. "In many cases, attackers are compromising trusted entities such as well-known Web sites and financial Web sites to target users."
San Diego, Calif.-based Websense Security Labs analyzes and investigates advanced Internet threats and Web sites on a 24 x 7 basis. Hubbard says weak infrastructures and poor take down practices are the factors that usually contribute to crimeware and other malicious activities.
Rosaleen Citron, chief executive officer at Burlington, Ont.-based WhiteHat Inc., an information technology security provider and also a reseller of third-party software and hardware products, says attacks and phishing threats in Canada is a serious problem.
"In the U.S. and Canada, 95 per cent of phishing attempts use financial Web sites," Citron said. "No one teaches anyone the rules of engagement when it comes to the rules of the Internet. If you’re going to do any business over the internet, learn. People need to realize it’s their brand being affected."
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.
- Unlock the Power of Device ID to Combat Online Fraud and Abuse
- Network Security Services: Outsourcing considerations for maximizing network protection
- How Are Open Source Development Communities Embracing Security Best Practices?
- Using Likewise to Comply with PCI Data Security Standard
- End-Users - Your Weakest Security Link
- Practical Role Management: Real-World Approaches to a Complex Problem
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Executive Seminar on Application Security
-
January 29, 2009New York, New YorkRegister now »
-
February 25, 2009San Francisco, CaliforniaRegister now »
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
