There's an article over at InfoWorld looking at the various measures that companies have been using to try and mitigate the current rising trend in phishing attacks.
My money's on server-based mitigations as opposed to client-based ones (like the anti-phishing toolbars mentioned in the article). There are several good reasons for this.
1. Companies don't and won't control the client environment, so they're not in a good position to dictate the client environment. Also given the current trend in spyware and virii, there's no way companies can place trust in a client based solution.
2. There are literally millions of clients out there which would need to be "fixed" to make a solution work, but for each company there is only one location that needs fixed...
Personally my monies on the deployment of 2-factor authentication like secureID. Most banks already use it internally, the main reason it hasn't been deployed for customers is cost... well if phishing starts placing a significant cost on the banks, then suddenly it starts being much more viable to deploy....
Of course there are some more complications involved as SecureID can still be vulnerable to a MITM attack, but it would still be a great step forward.....
Leave a comment