Paper over online cracks

摘要

With so many financial organizations offering customer services online, and so many automated attacks being targeted at them, I have been dealing with a growing number of requests for specialist security reviews of such companies' customer authentication processes. For many of these organisations, theneedto review their authentication processes has been driven by their boards of directors - typically in response to the phishing threat. Unlike many other internet-based security threats, phishing appears to be one of only two IT security issues regularly discussed at board level - the other being viruses or worms. What surprised me initially was that many of these organizations were not particularly worried about the financial losses of a fraud committed as a result of a successful phishing attack, nor even the loss of reputation. Because the threat applies equally to all organizations in the same vertical market, they don't believe that customers will leave them and turn to a competitor.