I'm an optimist. I can't help it. But that doesn't mean there aren't a few goblins and ghouls roaming in the shadows that bug me out. So as jack o' lanterns lit up across North America last weekend, I decided to let you in on a few of the biggest issues that send chills down my spine.
Let's start with phishing. For those that don't know, phishing is replicating a legitimate Web site and using it to collect password or credit information. (PayPal seems like a favorite target.) The Anti-Phishing Working Group just reported that the cumulative number of phishing expeditions more than tripled between May and July this year.
Nearly 5 percent of visitors succumb to the fraud and just volunteer personal information. Worse yet, Amit Yoran, director of the national Cyber Security Division of the Department of Homeland Security, just resigned because he didn't believe that the government saw cybersecurity as a significant-enough priority.
My view is that most enterprises don't take it seriously enough, either. (At Sun Microsystems, our chief information officer used to be the CIO at the Pentagon. We take it that seriously.)
What are you doing about it?
If you're not scared yet, take your worst security breach from last year and imagine that the perps had rehearsed for a year -- because that's what is going on. Measure that fear against the fear of inconveniencing your users with a basic "something you have, something you know" access policy for buildings and networks alike. On average, 30 percent of your former employees still have access to internal systems. That's the industry average. Scary? What are you doing about it?
Consider some folks who take security seriously. Mobile-phone shipments long ago blew by PC numbers. The handset-to-PC ratio is nearly 10 to one -- a gap that's widening every day. And handsets are generating massive value. Compare the value of downloaded music on handsets (it's in the billions of dollars) to the value on desktops (it ain't billions).
Why the difference? Handsets are secure and convenient. Most of the others -- the PCs -- aren't. They're still secured largely with a password. And they're still devices that can be readily stolen with their information intact -- whether from the FBI or your kitchen counter. Lose your laptop, lose your data. Unsecured. It's time you started to look at PCs like the telecommunications companies look at handsets. Not as tools, but as the keys to your house. Don't let your house become haunted.