Cisco released its annual security report this week. The report covers a range of cyber security trends ranging from spam, to bots, to malware. They also devote a few pages to the criminal business models that generate profits from illicit activity. Worth a read.

The link is here.

Not surprisingly, as computer use grows around the world, the trends are all upward for more malware, more spam, more fraud.

One of the solutions hightlighted in the Cisco report is user education.
“Previous Cisco security reports have emphasized that “user education” is an essential component to security. Users should be expected to take measures to protect their online identity and to be aware of the risks that accompany their use of technology.”

While true, it’s simply not enough. Businesses need to raise security higher on their own priority lists in order provide their customers with “as secure as possible” environments.

I had an account at a regional bank that highlighted their focus on security (secure access to accounts, privacy, etc.) They even charged extra for it. One day I received an email allegedly from the bank that led me to their web page. It had the account login script on the page. Upon further inspection, the web page was coming from a server and location that didn’t belong to the bank. Looked like a phishing site to me.

So I called the bank and asked for their security department. “We don’t have a security department,” he said. I asked who I should talk to if I did have a security problem. He said, “You need to talk to Jim, our IT guy.” I was feeling much less comfortable by now.

Jim (not his real name) called me back and after discussing the situation with him, told me the site was legitimate. They had outsourced all their marketing efforts to a 3rd party company and allowed their main website to be routed from an untrusted source. I asked him why, in the age of so much internet crime, would they choose to create a vulnerable point for their customers–particularly their elderly customers. He was a nice guy. Very polite. But I’m not sure if he understood the risks. Clearly marketing hadn’t.

My account is now closed.

The two pillars of trust and reputation are hard to build.  Securing the “client’s  visit” (physical and virtual) is required if you want those pillars to stay up.

Dear Bank CEO: Jim’s a good guy. Jim needs help. This isn’t an IT problem, it’s your responsibility.