What do you see as the biggest online security threats today?

Today’s biggest online threats come from malicious software (e.g., viruses, worms, and ad-bots), phishing scams, and direct attacks by hackers.

Malicious software typically exploit unpatched software bugs in widely used software such as operating systems, browsers, and office software. These malware agents are often propagated through email attachments, often associated with SPAM, or by leveraging unprotected file shares used like frogs jumping from one object to another. Spyware from freeware and software suppliers that plants unwanted “monitors” and system operation alterations (e.g., interfering with normal web browser operation and “homesite” selection on end-user systems is a constant headache for both end-users and desktop security software suppliers. Using built-in web browser safeguards and vigilantly keeping current anti-virus and anti-spyware software is a way of life to ensure secure web browsing and workstation software reliability.

Phishing is accomplished through the copying of prominent financial services sites (e.g., major banks, PayPal on E-Bay) to create bogus sites. The victims are lured to the bogus web sites by phony emails requesting that the customers need to update their accounts and then proceed to login to the bogus sites while their account numbers and passwords are being captured. User awareness is an important countermeasure against this sinister threat.


Direct hacking of website continues to be a problem associated with vulnerabilities created by a combination of unpatched software bugs and failure to use bundled security features in the software. Security and network software from prominent vendors, such as Cisco, Internet Security Systems (ISS), Symantec, and Zone Labs, have also come under attack during the past year. Attack objectives range from denial of service, web site defacement, and privilege escalation to direct theft of credit card information and other valuable electronic information. Being proactive with intensive web and database application coding guidelines and testing along with the use of up-to-date intrusion prevention systems is an absolute must in today’s Internet environment.

Direct attacks on recently implemented wireless LANs are also prevalent, but usually result in only the theft of high-speed Internet service or possible relaying to “interesting” targets. Use of strong authentication, encryption, firewalls, and ongoing audits, such as wired and wireless vulnerability testing, are critical safeguards to protect wireless network access points.

What are the people that come to the MIS Training Institute most worried about?