The Corporate Identity Crisis
by Andrew Krcik - VP of Marketing and Product Development at PGP Corporation - Thursday, 15 January 2004.
A recent Cabinet Office report estimates that identity theft costs the U.K. economy more than £1.3 billion per year. This figure seems conservative next to a U.S. Federal Trade Commission (FTC) survey showing that 9.9 million U.S. residents fell victim to identity theft in 2002 and a prediction from IT analysts The Aberdeen Group, that the global cost of identity theft will be $221 billion by the end of 2003, growing to $2 trillion by the end of 2005. Discrepancies in these figures are largely attributable to different definitions of identity theft, but one thing is certain: Identity theft has already developed into a major global criminal industry.

As perpetrators’ abilities grow, the sophistication and scale of the frauds and identity thefts are also increasing. The recent spate of so-called “phishing attacks” on U.K. banks and their online customers have opened peoples’ eyes to the increasing dangers of corporate identity theft(1). In those cases, the banks’ identities were usurped with “spoofed” emails that use HyperText Markup Language (HTML) to re-create the corporate identity and forge the sender’s address to look as if the message emanated from its own domain. The emails direct customers to bogus websites with URLs similar to official sites, where they are then encouraged to “re-register” their personal and financial information—enabling the perpetrators to collect vital data that can be used for fraud.

The tangible financial cost of these attacks is significant, with a Gartner Research survey of U.S. banks putting the average value of a fraudulent transaction at $6,795. Over time, however, the intangible costs of lost customer trust and damage to a business’s brand is likely far greater. With many people still sceptical of the security of online financial transactions, fragile confidence in an online business can be destroyed by the latest tactics of identity thieves. Identity theft is by no means an online-only phenomenon, however. The irony is that with the right technology in place, the online world offers one of the most secure environments for any financial transaction.

The efficiency of email and online communications, which makes them so attractive for legitimate e-business, makes them equally as attractive to spammers and cyber criminals. The victims who respond to phishing emails may be equally likely to respond to a fraudulent telephone call or letter. For cyber criminals, email offers the least-expensive way to bombard the target group and isolate those individuals who can be fooled.

If businesses wish to preserve the efficiency and value of email communications with customers, they need to look at ways to secure these communications channels from criminals attracted to the financial potential of the online world. The answer must lie in the use of secure messaging: using encryption and digital signatures to protect information and prove the authenticity of the message as well as the sender.

Secure messaging has traditionally posed a problem in a corporate environment for two main reasons: firstly, the complexity of maintaining the infrastructure of “keys,” which serve similar roles to unique identification credentials, and secondly, the complexity of explaining and using the solutions. The simple fact is that traditional secure messaging is complex—and therefore costly—to administer and maintain, difficult to explain to non-technical users, and tedious for these individuals to use.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th