Cyber crims replace bored teenagers
- 26 July, 2005 07:36
Gartner last week warned of the rise of the professional cyber criminal, a new IT security threat that is replacing "bored teenagers."
Gartner's security vice president Rich Mogull said there has been a clear transition from security breaches by "bored teenagers" to a new breed of professional focused strictly on profits.
"We've always had people using the Internet for profit, but while they used to be bored teenagers, now there's a significant amount of professionals basically stealing money through the Internet," Mogull said.
Speaking at Gartner's first security summit to be held in Asia Pacific, Mogull said more serious breaches are emerging with direct attacks on financial services and critical infrastructure using targeted viruses, botnets, phishing and Trojans.
Listing recent high profile attacks, such as the MasterCard and Visa breach, in which 50,000 Australian card holders were exposed to a worldwide scam, these examples are strong indicators of a new, truly global security environment, according to Mogull.
"What we're seeing here is definitely a new era - security is gaining greater prominence and executive access than in the past," Mogull said.
"This will allow security professionals around the globe to leverage executive attention and demonstrate value during the next 12 to 18 months."
Compared to the US, Gartner believes Australia is less protected, with fewer suppliers of security technologies.
Also, local IT managers and CIOs have fewer resources.
"Australia doesn't have a choice on getting serious about this, it's a global threat and Australia is one of the first targets for some of these scams," Mogull said.
He said Australia's 'consolidated infrastructure' is also a risk with fewer than 10 major financial institutions responsible for managing most bank accounts which means a higher potential hit rate for attackers and a more effective environment for phishing.
The good news, Mogull said, is that examples of fraud in Australia are more isolated and, because people don't have a single, national ID number - such as a social security number which ties all relevant financial data together - activity doesn't hit anyone's entire financial identity.