One of the things that is generally assumed about IT security is that the bad guys are making use of some massive amount of IT infrastructure they invested in to send malware. In reality, a report from Agari, a provider of an anti-phishing cloud security service, suggests that real primary source of all that malware out there is systems that have been compromised.
In effect, this means that because many IT organizations either don’t have the time, inclination or tools to identify when their systems have been compromised, hackers are pretty much borrowing IT infrastructure at will to distribute malware, says Daniel Raskin, Agari vice president of marketing.
The Agari report found that 233.4 million phish messages each day succeed in reaching inboxes. Given the fact that most organizations have the ability to eliminate these messages using spam, reputation and virus filtering software to keep these messages from reaching inboxes, Raskin says the volume of phishing email still reaching inboxes suggests that they emanate from a trusted source. Raskin says that means that it’s likely that far more servers within IT organizations are compromised than most people realize.
Raskin says with industry estimates of phishing attacks resulting in costs that exceed $98.3 billion annually, which begs certain questions about accountability. If an IT organization deploys an unprotected server that is used to harm others, should they be held liable. Hasn’t it become the digital equivalent of leaving a loaded gun out for anyone to find. Obviously, some attacks are more sophisticated than others, but Agari estimates that 25 percent of the successful phishing attacks could have been prevented simply by applying to rudimentary security.
As lawmakers continue to pay more attention to what’s happening with digital security it’s only a matter of time before phrases such as “reckless disregard” start to get thrown around. And once judges hear that phrase in court; the number of zeroes in the size of the monetary damages awarded begin to multiply.