As part of its second annual survey on IT security and the
workforce, The Computing Technology Industry Association (CompTIA)
asked nearly 900 organisations to rank their top 15 security concerns.
The report revealed that 37 percent of the respondents experienced one
or more browser-based attacks in the last six months. This represented
a 12 percent increase from last year.
Browsers are increasingly being used as a weapon to sabotage
PCs or compromise privacy. Some attacks simply crash a browser, while
others pave the way for the theft of personal information or the loss
of confidential proprietary data, CompTIA said.
In Australia, several reports have indicated that phishing
scams have led users to unknowingly download keystroke logging software
after accessing fraudulent financial Web sites disguised as the real
thing. The Australian Bankers' Association has described the losses from these clandestine activities as "immaterial" compared with other forms of fraud.
The CompTIA survey made no mention of specific browsers but it's highly
likely that Microsoft's Internet Explorer played a vital part. In fact,
according to online analytics company OneStat.com, Microsoft's IE 4.0 and later versions command about 95 percent of the browser market. Mozilla, Opera and Safari share the remaining pie.
Microsoft, on its part, has been working on making its browsers more
secure, especially after Danish security company Secunia highlighted an
IE flaw which allowed hackers to display fake Web addresses. And after
the latest IE-related vulnerability,
Australia's national Computer Emergency Response Team (CERT)
recommended that "Internet Explorer users avoid visiting Web sites of
untrusted origin, or avoid completely the use of Internet Explorer,
until a patch is available from Microsoft."
The software giant can spend millions to secure its products
but no amount of money can substitute for common sense. Why are some
Web users easier to con than others? And what's so "high-tech" about
this type of crime? The fact that technology and the Internet are used
to break the law doesn't make it any different from any other crime. If
you don't lock your door, you're asking for trouble.
Online fraud is becoming commonplace and the sooner industry bodies
like the ABA realises this, the better -- bank robbers don't wield guns
these days, the mouse and keyboard have, instead, become the weapons of
Fran Foo is the editor of ZDNet Australia Insight.