Twelve months ago most people were unaware of phishing; now it is the fastest growing form of attack on e-finance and e-commerce, increasing at 50% month on month, particularly affecting all the global banks.
Phishing is starting to become comparable with credit card fraud in its financial impact on the banks and risks affecting consumer confidence in e-commerce.
In January 2004, the Real Time Club alerted the e-world to the problem by rating phishing as the second most important future risk in its report “ICT Banana Skins 2004”. Banana Skins are defined as unexpected things we must avoid in next few years, but if we don’t we — i.e. the ICT industry — will probably get the blame. So, the report covers not only security risks, but also political, legal, economic and social risks.
Six of the top eleven risks in 2004 were related to attacks on ICT systems. Concealment of attacks, Phishing, Unexpected attacks, Cyber terrorism, Spam and Hackers unite.
Concealment of attacks was rated the highest because if organisations refuse to admit they have been attacked, criminals are probably not pursued; and may be encouraged to repeat their attacks on other systems.
Meanwhile, other organisations trying to protect their systems are unaware of new forms of attack and unable to take pre-emptive action. Of the other forms of attack, only cyber terrorism – probably the most hyped - has thankfully failed to happen.
Other highly rated risks were the National Grid failing in fifth place, reflecting IT leaders' concern over the power outages experienced in London last autumn, and two legally related ones: data protection legislation that is considered to be too onerous and having a negative impact on e-marketing; and the expected failure of the personal identity card in the UK.
The biggest economic and fastest rising risk was offshore outsourcing hitting the UK, with not only India, but China emerging as a vast powerhouse of IT resources.
The biggest social risk was the ongoing battle between users and IT professionals, with the perennial problem of users doing their own thing, because IT doesn’t meet their needs. This now includes new issues like using Instant Messaging without authorisation, which can then start to impact another risk, IT Governance.
The biggest political risk was the old chestnut of extraterritoriality raising its head, with US authorities this year successfully taking down websites in 20 other countries around the world.
If you would like to download a copy of the report please go to www.realtimeclub.org/bskins/preskin.shtml
This year we have debated the risks again, carried forward 26 of last years 29 for year on year comparison purposes and introduced 4 new risks: China and Far East leading in ICT; e-Government systems failing; the collapse of the encryption industry; and Spyware becoming pervasive. We have also broadened the risk posed by the disgruntled IT employee to any employee who may become careless, disgruntled, ideological or malicious.
The Real time Club is pleased to invite members of the CWIUG to take part in the survey, which you can do by visiting http://www.realtimeclub.org/bskins/newskin.shtml
Using the results should produce a thought provoking and even contentious report alerting our colleagues to potential problems, which may not have been considered. We can then take actions to avoid or alleviate the risks singularly or jointly, using technology, people, political influence and the law
Real Time Club
Founded in the 1960s, the Real Time Club has an eclectic membership of 150 innovators and thinkers from across the IT industry, including IT users, suppliers, academics, politicians, civil servants, and venture capitalists.
The group, which meets six times a year to dine and debate, is accountable to nobody and its meetings are off the record. It is influential behind the scenes and on-going "think-tank/ pressure group" interests include education, finance and quantum computing and cryptography.