Electronic business is toppling internal sabotage - intentional or not - as the greatest threat to networks, Gartner Group security analysts told attendees of its Symposium/ITxpo '99 last week.
"Web site vandalism will constitute the greatest threat," said analyst Michael Zbouray.
That's precisely what the bad guys are counting on, Zbouray said. Nearly unnoticeable changes will have dire financial consequences because of the way Web sites are used, he said.
"People use Web sites to comparison shop, to get to the last three choices, then call to talk to someone and make a choice. Think what effect a change in the price or availability of a product on your site could have," he said.
"With strong change management and integrity checking, one can easily detect such errors after they've happened, but preventing it is a bit more difficult," said Steph Marr, a security analyst at Predictive Systems in New York.
That's a good reason why "the day-to-day security monitoring of a company's Web site needs to be done by the organisation itself or, through contractual obligations, by outsourcers whose lives and livelihoods are attached" to maintaining the site's integrity, Marr said.
Internet crimes also will change, Zbouray said.
Credit-card fraud won't be as obvious as Kevin Mitnik's theft of 40,000 credit-card numbers. Tomorrow's thief will steal more card numbers, but spread the thefts over a month, he said. The thief will transfer a small amount of money from each of perhaps 250,000 accounts. The idea, Zbouray said, will be to create a pattern that's unseen by cardholders or fraud-detection software.