With the presidential campaigns in full swing, never before has the web been so rife for criminals, says Patrick Peterson, vice president of technology and Cisco fellow, IronPort.
“The web, and particularly Web 2.0, changes everything,” he says, explaining that whereas the information published in traditional media goes through a vetting process, much of the content now posted on the web can come from anyone with internet access.
Zulfikar Ramzan, technical director of Symantec Security Technology and Response, agrees that the internet is a big factor in how the candidates communicate their message and raise money, particularly the social networking aspect.
“It's not just information anymore. It's also to build communities of individuals with common ideas to discuss issues online.”
But this new level of sophistication also raises security risks: it allows individuals to contribute content that might be malicious, he said.
Luckily, so far this type of exploitation has only been of a humorous nature, re-directing visitors to the other candidate's website. But, by the same principle, this could become more damaging, says Ramzan. A wrong click could re-direct supporters to a phony website soliciting funds.
“It's all too easy to imagine the effects of sites being defaced and slanted information being published,” says Dominic Fedronic, CTO, ActivIdentity, a provider of identity assurance solutions.
If a candidate site were to be smeared, it could remove some of the trust felt by the public, he says. “It would deny the efficiency of that media. How can the presidential candidates secure America if they can't secure their websites. It's a classical problem of identity assurance.”
Symantec's Zulfikar echoes this. “A lot comes down to awareness of the public. They definitely need to understand the risk, be skeptical and take caution to make the appropriate judgement.”
These security issues carry over to mobile devices, which have evolved to almost laptop-like capabilities, adds Dan Dearing, vice president, marketing and product management, Trust Digital. There's a wealth of data on the devices, and the loss of a device, or the possibility of someone getting a hold of one, makes them a big concern security-wise, he says.
The first step in defense is enabling a password or PIN. “Device loss should be top of mind,” says Dearing. – Greg Masters