In the bad old days before the Internet, they used to ask criminals like Willie Sutton why they robbed banks. The answer, of course, was always because that's where the money is.
A new survey of 132 operators of major network service platforms conducted by Arbor Networks indicates that a similar scenario is starting to take place online. As evidenced by recent attacks on Google and others, an increasing percentage of the security attacks on the Internet these days seem to be aimed directly at large service providers with big online presences, namely well-know social networks, banks and travel services. In fact, 35 percent of the operators surveyed by Arbor Networks said sophisticated service and application attacks are now the number-one threat, compared to 21 percent who identified botnets as the biggest threat.
The reason this is happening is because these are the places online where there is valuable data. Creating security breaches on sites where data has little value is pretty much a waste of time for most criminals. Unfortunately, as the ecosystem of Web services continues to expand on the Web, it's only a matter of time before a major security breach on a popular Web site affects not only the users of that service, but hundreds of other companies that are linked into that service.
This is why chief technologists of all stripes and sizes need to start a serious dialogue about their collective security. There are some attempts in this direction in the form of a Cloud Computing Security Alliance, but that effort at this point would best be described as nascent.
When it comes to ultimately defeating hackers, the odds are long. Just like terrorists, they only have to be right once. The people defending against them have to be right every day. And the only way that can really happen is if they all work very closely together to leverage each other's collective strength.