Latest news
Online travel most vulnerable to email attacks
Posted on 16 May 2012.
Agari released its first TrustIndex, a quarterly measurement that applies Agari’s big data insights to score email attack vulnerability and email trust by industry.
Similar to a credit score, the TrustIndex is a composite score on a scale of 1, lowest level of security, to 1000, the highest level of security. Criteria include consistency of brand authenticity and adoption of DMARC, an industry standard that defines a security framework for email senders and receivers.
The first TrustIndex examined four vertical industries threatened by email attack — Social Media, Financial Services, Internet Retail, and Online Travel — and rates Online Travel and Internet Retail as least trusted and most vulnerable to email attack.
Key findings by industry:
Social media, a favorite target of cyber criminals, scored the highest on the Email TrustIndex. A secure email channel is critical to achieving and sustaining viral adoption so it is not surprising that social media companies would be the leaders in taking on cyber criminals and finding new ways to secure their email channel. Further, as more businesses, including small and medium sized businesses, use social media to grow their businesses and introduce new marketing approaches, there will be continued focus on maintaining high security levels
Financial services, coming in as a close second to Social Media, has been working across the industry to combat cyber crime to protect their customers and reputations. In fact, leading sinancial services organizations FS-ISAC and BITS took the dramatic step earlier this year of adopting the Email Trusted Registry and partnering with technology firms such as Agari to aid its members in securing their email channels. Clearly, these efforts are paying off.
Internet retail scored much lower on the TrustIndex when compared to Social Media and Financial Services, putting these firms at high risk of an attack. According to a recent IDC report, “Ten years ago, government, financial services, and very large enterprises were the target of cybercriminal activity, but over the past five years, attacks have enlarged their scope to even commercial SMBs offering high-value targets (e.g., financial information, intellectual property, and other proprietary data).” Cyber criminals are shifting away from their traditional targets of government, financial services and very large enterprises to commercial SMBs. In time, there will be broader adoption of security standards as this emerging industry matures and implements new technologies.
Online travel scored the lowest on the TrustIndex with a score less than half the score of Social Media, which is alarming given the surge in phishing attacks over the past six months that have included Southwest Airlines, Delta Airlines, American Airlines and a Brazilian Airlines, TAM, to name a few. Consumer trust in email messages and willingness to purchase online will be impacted. According to a recent Gartner report, “40% of U.S. consumers have altered their online behavior due to safety concerns, which has reduced their level of trust in email messaging and online shopping.” Financial Services firms could serve as a model for how the online travel and airline industry could collectively take action against phishing and other cyber scams.
“Our members comprise some of the world’s largest and most prestigious financial firms. By coming together through FS-ISAC and BITS, our industry has been able to put into place successful protections against cyber criminal attacks. By working together to promote technologies such as DMARC and the Trusted Registry, the financial services sector is advancing its objective to keep our customers and our brands safe,” said Eric Guerrino, Executive Vice President, FS-ISAC.
Similar to a credit score, the TrustIndex is a composite score on a scale of 1, lowest level of security, to 1000, the highest level of security. Criteria include consistency of brand authenticity and adoption of DMARC, an industry standard that defines a security framework for email senders and receivers.
The first TrustIndex examined four vertical industries threatened by email attack — Social Media, Financial Services, Internet Retail, and Online Travel — and rates Online Travel and Internet Retail as least trusted and most vulnerable to email attack.
Key findings by industry:
Social media, a favorite target of cyber criminals, scored the highest on the Email TrustIndex. A secure email channel is critical to achieving and sustaining viral adoption so it is not surprising that social media companies would be the leaders in taking on cyber criminals and finding new ways to secure their email channel. Further, as more businesses, including small and medium sized businesses, use social media to grow their businesses and introduce new marketing approaches, there will be continued focus on maintaining high security levels
Financial services, coming in as a close second to Social Media, has been working across the industry to combat cyber crime to protect their customers and reputations. In fact, leading sinancial services organizations FS-ISAC and BITS took the dramatic step earlier this year of adopting the Email Trusted Registry and partnering with technology firms such as Agari to aid its members in securing their email channels. Clearly, these efforts are paying off.
Internet retail scored much lower on the TrustIndex when compared to Social Media and Financial Services, putting these firms at high risk of an attack. According to a recent IDC report, “Ten years ago, government, financial services, and very large enterprises were the target of cybercriminal activity, but over the past five years, attacks have enlarged their scope to even commercial SMBs offering high-value targets (e.g., financial information, intellectual property, and other proprietary data).” Cyber criminals are shifting away from their traditional targets of government, financial services and very large enterprises to commercial SMBs. In time, there will be broader adoption of security standards as this emerging industry matures and implements new technologies.
Online travel scored the lowest on the TrustIndex with a score less than half the score of Social Media, which is alarming given the surge in phishing attacks over the past six months that have included Southwest Airlines, Delta Airlines, American Airlines and a Brazilian Airlines, TAM, to name a few. Consumer trust in email messages and willingness to purchase online will be impacted. According to a recent Gartner report, “40% of U.S. consumers have altered their online behavior due to safety concerns, which has reduced their level of trust in email messaging and online shopping.” Financial Services firms could serve as a model for how the online travel and airline industry could collectively take action against phishing and other cyber scams.
“Our members comprise some of the world’s largest and most prestigious financial firms. By coming together through FS-ISAC and BITS, our industry has been able to put into place successful protections against cyber criminal attacks. By working together to promote technologies such as DMARC and the Trusted Registry, the financial services sector is advancing its objective to keep our customers and our brands safe,” said Eric Guerrino, Executive Vice President, FS-ISAC.
Spotlight
The security of WordPress plugins
Posted on 18 June 2013. | Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
