OUCH!!!
http://news.cnet.com/8301-27080_3-20013246-245.html
How much more must consumers and financial institutions suffer? How much more money must we lose to these cyber criminals? How much longer will financial institutions bury their heads in the sand and reassure consumers that their banking systems are safe to use?
I get sooooooooooooooo frustrated when i see such attacks time and time again as I believe that they are easily avoidable.
How?
Three-prong approach!
1) Financial institutions must finally show the initiative to deploy security systems that not only protect their back end systems, but also the weakest link in their security chains - the end user when they login to their internet banking systems!
2) Users must be given access to security technologies that protect their confidential information (usernames, passwords, one-time-token passwords, personal details, bank account access) even if their computer is compromised with malware such as keyloggers, trojans, spyware etc. Such technology must be fool-proof as many users out there don't even know what a firewall is let alone how to spot a phishing attack or how to identify code injection caused by cross-site-scripting techniques.
3) There must be a coordinated approach by industry and low enforcement to raise consumer awareness, develop systems that educate, nurture and encourage safe browsing habits, and greater information-sharing initiatives between industry and law enforcement to help the good guys defeat the bad guys!
Does your bank use state-of-the art security?? So what, who cares!!!!
When was the last time you read about a bank's back-end systems being directly compromised? You never read about this as the banks have invested huge amounts of resources in securing their back-end systems. Bank back-ends are robust and built like sherman tanks and the cyber criminals know that it is easier to enter into the enemy's sherman tank on the back of the unsuspecting tank driver than it is to try to break in through the many layers of solid iron and steel!
Well the same applies in the cyber world! Cyber criminals know it's much easier to ride on the back of an unsuspecting online banking user than it is to attack the bank directly. And as the above article shows, they are reaping huge "rewards" for their work.
It is not until the banks secure the weakest link (ie, the unsuspecting internet banking user) that they can effectively protect their customers from such threats! All they really need to do is deploy a small app (few mb in size) that can verify the security health of the user's computing device, suspend any known malware in real-time and secure the transaction by locking down the session so it cannot be penetrated or intercepted by the criminals or any malware present onthe device (such as the zeus trojan).
Sounds like rocket science, but it is very simple to deploy and end users are then protected, regardless of their technical ability.
So what now?
It's about time that consumers began demanding better security services that included their computing devices in the entire security chain. Such services exist and are not expensive at all.
Also, it's about time financial institutions started thinking about the end user and taking steps to secure the end user's online identity and hard-earned cash. It's no longer good enough to simply reimburse a user for any amounts stolen by a cyber criminals. STOP the theft altogether and protect the user's online identity!
PLEASE PLEASE PLEASE give us online peace of mind!
Wednesday, August 25, 2010
Subscribe to:
Posts (Atom)