Online Security - Who Do You Trust?

ONLINE SECURITY WITH WHOM DO YOU TRUST YOUR DATA? WOULD YOU TRUST YOUR MONEY TO A BANK THAT DOESN'T LOCK ITS VAULT? EACH TIME YOU BUY SOMETHING ON THE WEB, WHETHER SHARING A CREDIT CARD NUMBER OR OTHER PERSONAL INFORMATION, YOU'RE PUTTING YOURSELF AT RISK IF YOU DON'T VERTIFY THAT THE WEBSITE YOU ARE VISITING TAKES APPROPRIATE MEASURES TO PROTECT YOUR SECURITY AND PRIVACY. DATA BREACH () 36 855 174 75% COUNTRIES INCIDENTS MILLION RECORDS OF ONLINE RETAILERS ARE STILL FAILING TO ADOPT ONLINE SECURITY BEST PRACTICES(2) +30% +20% ONLINE ATTACKS ON THE RISE PHYSICAL ATTACKS % CHANGE BETWEEN 2010 AND 20110 HACKING MALWARE SCARY ISN'T IT! AND TO THINK... YOU TRUST THESE PEOPLE WITH YOUR IDENTITY! -19% 35 MILLION RECORD LOST UNAUTHORIZED SERVER INTRUSION IN JULY 2011, THE SOUTH KOREAN SOCIAL NETWORKING SITE CYWORLD EXPERIENCED A BREACH PERSONAL INFORMATION OF USERS, INCLUDING NAMES, EMAIL ADDRESSES, PHONE NUMBERS AND ENCRYPTED RESIDENT REGISTRATION NUMBERS AND V PASSWORDS MAY HAVE BEEN ACCESSED (3). BILLON DOLLARS 2.1 ESTIMATED COST OF BREACH WHO CAN WE TRUST? 2012 ONLINE TRUST INDEX - AVERAGE OTA 100% Online Trust Alliance 90% THE OTA IS A GLOBAL, NON-PROFIT ORGANIZATION DEDICATED 80% TO PROMOTING ONLINE SECURITY BEST PRACTICES AND POLICIES 70% THAT MITIGATE EMERGING PRIVACY, IDENTITY AND SECURITY 60% THREATS, THEREBY ENHANCING ONLINE TRUST AND CONFIDENCE. THE OTA 2012 HONOR ROLL REPORT HIGHLIGHTS SECURITY AND 50% PRIVACY IMPLEMENTATION ACROSS THE WEB WHILE DISTINGUISH- 40% ING COMPANIES LEADING WITH BEST PRACTICES THAT PROTECT 30% CONSUMERS. THE REPORT CAN BE SEEN HERE - G 20% 10% 0% FOIC 100 EC 500 OTA MEMBERS SOCIAL MEDIA SSL IMPLEMENTATION EMAIL AUTHENTICATION ALL CONSUMER FACING WEBSITES ARE CATEGORIZED PRIVACY PRACTICES INTO 1 OF THESE 4 SEGMENTS: MOST REVEALING BENCHMARKS 1. THE FDIC 100 OF ONLINE SECURITY 2. LEADING ECOMMERCE SITES (EC 500) 3. MEMBERS OF THE OTA THE ONLINE TRUST INDEX (OTI) IS A COMPOSITE 4. TOP SOCIAL MEDIA SITES SCORE BASED ON THE DEGREE OF ADOPTION OF A COMPANY OF THESE THREE BEST PRACTICES 1200 3600 500 THE OTA EXAMINED OVER DOMAINS, WEB PAGES AND OVER MILLION EMAILS. THEIR DEEP ANALYSIS OF THESE MEASURES IS HIGHLIGHTED BELOW. SSL IMPLEMENTATION AND CONFIGURATION INCORRECT SSL SETUP CAN BE DETRIMENTAL TO THE ONLINE WORLD OF SECURITY. WITH 41% IGNORING "SECU- RITY ALERT"TYPE MESSAGES THIS INTRODUCES AN OPPORTUNITY FOR HACKERS TO TAKE ADVANTAGE. 41% IGNORE “SECURITY ALERT" 91% 43% HAVE SEEN "SECURITY ALERT" POP-UP MESSAGE ABANDON SITES WHEN THEY SEE "SECURITY ALERT" MESSAGES ONLY 10% SECURE 190,000 SITES SURVEYED: ONLY 19,810 SECURE BASED ON SSL AND SERVER CONFIGURATION TESTING (2) 2012 AVERAGE SSL SCORES EV SSL REQUIRES A MORE 100% 90% THOROUGH VERIFICATION AND 80% IS THEREBY A BETTER INDICA- TOR THAT A SITE TRULY IS SAFE 70% 50% 40% 30% WORLDWIDE GROWTH OF EV SSL CERTS 20% 10% APRIL 2012 57,837 0% APRIL 2011 38,966 FDIC 100 FEDERAL GOV SITES EC 500 OTA MEMBERS SOCIAL MEDIA 48% APRIL 2010 23,675 ALARMINGLY, FEDERAL GOVERNMENT SITES CONTINUE TO TRAIL BEHIND THE OTHER SECTORS IN ADOPTING APRIL 2009 12,725 SSL BEST PRACTICES. YEAR-TO-YEAR GROW'TH OF SITES USING EV SSL CERTIFICATES (2) WHAT CAN WE DO? SSL IS A VERY SECURE PROTOCOL. HOWEVER, WHEN NOT IMPLEMENTED CORRECTLY IT LEAVES VULNERABILITIES OPEN. WHEN PURCHASING SSL CERTIFICATES YOU SHOULD CONSIDER PUR- CHASING HIGH ASSURANCE CERTS, AND EV CERTS WHERE POSSIBLE. IN ADDITION TO LOOK- ING AT DOING BUSINESS WITH OTA HONOR ROLL COMPANIES (CAN BE SEEN HERE a), BE SURE TO PURCHASE YOUR SSL CERTS FROM A CERTIFICATE AUTHORITY THAT HAS EXCELLENT V SUPPORT SO THEY CAN WALK YOU THROUGH SERVER SETUP IF NECESSARY. PRIVACY PRACTICES EMAIL AUTHENTICATION AVERAGE PRIVACY SCORES 100% INTERNET 90% SENDING MAIL SERVER RECEIVING MAIL SERVER 70% 60% S0% JUNK 40% INBOX 30% REPUTATION DATA 10% TO COMBAT SPAM AND PHISHING, STANDARDS HAVE BEEN SET THAT FDIC 100 EC 500 OTA MEMBERS SOCIAL SITES ALLOW SENDERS TO BE VERIFIED VIA THE SENDER POLICY FRAMEWORK (SPF) AND DOMAINKEYS IDENTIFIED MAIL. EITHER DKIM OR SPF 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% FORTUNE 100 FORTUNE 500 EC 500 FEDERAL GOV SITES FDIC 100 OTA MEMBERS SOCIAL MEDIA April 2010 April 2011 April 2012 ADOPTION OF EITHER SPF OR DKIM IS UP FROM 56% IN 2011 TO 73% IN 2012 PRODUCED BY DIGICERT, ONE OF THE WORLD'S LARGEST PROVIDERS OF HIGH-ASSURANCE SSL CERTIFICATES, IS A BOARD MEMBER OF THE ONLINE TRUST ALLIANCE. ALONG WITH THE OTA, DIGICERT IS DEDICATED TO MAKING THE INTERNET ECOSYSTEM A SAFER PLACE FOR ORGANIZATIONS AND CONSUMERS. YOU CAN GET MORE INFORMATION ON DIGICERT OR FOLLOW THEM ONLINE VIA ONE OF THESE LINKS: Cidigicert SOURCES: 1) HTTP://WwW.VERIZONBUSINESS.COM/RESOURCES/REPORTS/RP DATA-BREACH-INVESTIGATIONS-REPORT-2012 EN_XG.PDF 2) 3) HTTP://WwW.OTALLIANCE.ORG/NEWS/RELEASES/2012SCORECARD.HTML HTTP://DATALOSSDB.ORG/INCIDENTS/4521