For the average consumer, hopping online to shop is as commonplace as physically going to the mall. No one thinks for a moment about how relatively unsafe it is to conduct business on the web. But in spite of our years’ long dependence on the web for commerce, it’s still astonishingly easy for cybercriminals to hack web-based transactions.
The reason? Web browsers. The fundamental insecurity of web browsers is arguably the weakest link in cyber security today.
Browser security isn’t a new problem. Apple, Google, Microsoft and Mozilla have put a huge amount of effort into enabling consumers to have a secure browsing experience. But who’s thinking about the web site operators and their secure browsing experience?
Internet trust is dependent on certification authorities; with TLS/SSL being the most commonly used technology for securing electronic commerce transactions online. It’s all about enabling the consumer to access web services and be reasonably confident they know who they are talking to.
Many of us work for organizations with an established corporate IT department. IT determines the security policies; sets the protocols, permissions and instructs employees on the best practice. Given the cyber risks that organizations now face is ‘egg-shell’ security enough?
Some of you may remember Bob from my previous post. Let’s continue to see what Bob is doing to explore how safe corporate IT really is.