You are here  Software Enterprise Software

Attacks rise as e-tailers lag finance sector on security

John-Paul Kamath
Thursday 13 September 2007 12:00

Big brandonline retailersare increasingly targets for internet attacks, but they lag behind the finance sector in addressing vulnerabilities, according to Symantec's latest security threat report.

The financial services sector still bears the brunt of e-crime, accounting for 72% of all attacks. But the sector that experienced the greatest increase in the number of attacks was e-commerce. Attacks in this sector have risen by 15% since 2006.

Guy Bunker, chief scientist at Symantec, said that hackers targeting e-commerce websites see them as an easier target for stealing credit card details than banking websites, where security is getting better.

The rise in e-commerce vulnerabilities is also due to the increased use of programming languages such as Ajax by online retailers. This allows them to roll out web applications faster, but this is often at the expense of security.

"Unpatched servers remain the main reason why hackers can easily infiltrate these e-commerce systems. Retailers running transaction servers over the internet must have a formal method for patching the software and applications that run on these machines very fast," said Bunker.

He said that testing upgrade patches to ensure compatibility can take time, and some IT departments do not have a formal process for monitoring when new patches are released or for allocating specific times to conduct patch updates. This ad hoc approach to testing patches can increase the time it takes to install and protect servers.

Sandra Barton-Nicol, head of risk investigations at gambling site Betfair, said the growing sophistication of threats and the complexity of infrastructures were posing challenges to security in e-commerce.

"In the e-commerce sector, the biggest trend is e-commerce crime. As the internet grows, and people become more conversant with it, the criminals are becoming more sophisticated," she said.

Ian Larkin, managing director of consumer banking at Lloyds TSB, said, "As a bank, we do everything in our power to keep fraudsters at bay by making sure our online security is second to none. But our customers also have a part to play in the fight against online crime."