Search Security Improving, but Complete Security Not Found

Yahoo!, Inc. recently announced a partnership with McAfee, Inc. to improve its search security. In other news, researchers have found "free" hotspots very susceptible to security breaches, while government agents from the US Federal Bureau of Investigation (FBI) found a large server with thousands of stolen banking records.

Focal Points:

• Officials from Yahoo! recently announced that they were partnering with McAfee to improve the security of its Web site servers. Some of the capabilities Yahoo! has gotten as a result of this partnership include identifying sites that are known for adware, phishing, malware, spam, and spyware. Yahoo's new feature, SearchScan, provides red warning messages when risky sites are found in searches. This move comes shortly after Google, Inc. announced its own actions in February for improving search security. Citing a recent survey, Both McAfee and Yahoo claim that 65 percent of Americans are more worried about threats posed by online scams than they are of getting their wallet stolen or other neighborhood crime. Officials from McAfee further claim that, collectively, search engines find over 8 billion risky sites per month.
• Recent wireless security researchers have found that most traveling business workers are significantly exposed to security risks in public Wi-Fi hotspot areas. In some cases, hackers pose as legitimate wireless hotspots, while in other cases hackers passively "sniff" the air for unencrypted traffic traversing public hot spots.  The risk is great, since there are over 68,000 Wi-Fi hot spots in the United States, the vast majority of which do not use any form of encryption. When there are Wi-Fi security breaches, people running the hot spots often do not know this has occurred. Some of the actions end users can take to increase endpoint security include keeping all laptop software up to date with the latest patches, keeping anti-virus and anti-spyware enabled, and eliminating questionable transactions via email, such as authorizing bank account transactions.
• Officials from the FBI recently announced they had found a server in Malaysia that had over 5,000 customer records from 40 different international financial institutions. Security researchers have called this a "crime server," which contains over 1.4 gigabytes of both business and personal data. The information was obtained via computers infected by Trojans. Some of the data compromised included user names, passwords, account numbers and social security numbers. Officials estimate over 60 percent of the data found was bank customer information.

Experton Group believes the sophistication of criminals looking to steal information will increase exponentially over time. Because of the rate of criminal growth, IT shops are unlikely to be completely protected from all efforts to obtain data. At the same time, even sophisticated breaches usually take advantage of known software weaknesses. To this end, IT executives should increase the emphasis on educating end users on best use policies and system updates, combined with security compliance software to help enforce those policies.