ISF warns over Trojan web attacks

Trojan-based attacks are likely to take over from email phishing in the US and Europe as Trojans become more sophisticated and harder to stop. So says a new report from the Information Security Forum (ISF). It also warns of increasing use of ‘moles’ placed in organisations to gain access to high-value competitors. The rapid development of phishing by organised criminals is reflected in a survey of ISF members that indicates more than a third having been affected by phishing attacks. Indeed, over 30% of these have experienced more than 20 attacks. The ISF report provides a five-point strategy to tackle the threat. However, it also says that while two- or three-factor authentication is a strong preventative measure, savings from fraud alone do not currently justify expenditure. Organisations should consider other factors such as damage to their reputations, regulatory intervention or loss of competitive advantage. Significantly, the report also points to better education of customers about phishing and identity theft as being a more immediate requirement. This should be supported by a strong anti-phishing policy, continuous Internet monitoring to identify phishing activity and brand misuse, and better internal protection. In particular, with criminal gangs planting and grooming company ‘moles’, the need to secure customer databases from internal attack is becoming increasingly important. “Improving user awareness of Internet risks is key to fighting online fraud, but in a manner that does not risk losing customer-confidence in ecommerce and online banking,” says Andrew Wilson of the Information Security Forum.