I’ll be giving a presentation next week at Appsec USA on perceptual hashing and how it can be used as a component of anti-phishing systems. It will be more of a proof of concept and introduction to an interesting algorithms than it is about practical realities. Enough self promotion though.
While doing some research into the economics of phishing. I was floored by the numbers being thrown around and how much the business of information security and cybercrime has changed in the decade that I’ve been a part of it. I can only image how those with two times my experience feel.
The numbers, while likely quite exaggerated, are staggering. Phishing itself is estimated to cost ~6 billion annually, while cybercrime in general is pegged at being over 400 billion.
What surprises me the most about this is that phishing and email security is viewed as a largely “solved” problem. 6 Billion on the table, and yet this area of security hasn’t significantly advanced in years. Some would argue that there have been no real improvements since reputation based systems came on the scene in the mid 2000s. Phishing, and malicious messaging in general, is interesting in that their targets should often know better, and protecting the last few 0.01% of the population gets increasingly expensive. At the same time the value that an attacker can extract from that 0.01% is on the rise.
I have to wonder what level of fraud we’re all collectively “OK” with and if we’ve gotten there in the world of email security.
Christine Barry est blogueuse en chef et responsable des réseaux sociaux chez Barracuda. Son travail consiste à rédiger des articles captivants en lien avec les services Barracuda et à faciliter la communication entre le public et les équipes internes. Avant de rejoindre Barracuda, Christine a été ingénieure de terrain et chef de projet dans l'éducation et auprès de PME pendant plus de 15 ans. Elle est titulaire de plusieurs diplômes technologiques, d'une licence de l'université du Michigan, et d'une maîtrise en administration des affaires.
Connectez-vous avec Christine sur LinkedIn.