London, UK - 1 March 2005, 09:00 GMT - The latest digital risk data from the mi2g Intelligence Unit shows that, within the coming two years, homes and Small to Medium size Enterprises (SMEs) may be unable to protect themselves from the relentless rise in spam, sophisticated viruses and worms, spyware, manual and automated digital attacks, complex phishing scams, denial of service incidents and zombie harvesting techniques deployed to create elaborate botnets - networks of compromised machines used for nefarious purposes.

The standard compendium of anti-virus tool kit, firewall and patch regime is unlikely to prove adequate especially for those SME organisations and individuals that can ill afford specialist security expertise for their 24/7 broadband online and wireless connection. Governments and regulators may have to intervene to protect their citizens and SMEs from trans-national radicals, organised criminals and espionage technology as the economic impact of digital risk becomes severe and damages GDP growth by several percentage points. So far, nations have noted productivity gains from computing. The inverse may also become true, detrimental productivity losses as a direct result of large scale digital risk manifestations may occur post 2007.

Large corporations and government departments will not be able to stand away from this rising threat as their customers and suppliers come under sustained digital attack, curtail their online transactions and are unable to meet their obligations. The Achilles heel in the digital eco-system is the home and SME user-base and this is the weakness being exploited by organised criminals, radicals and spies. If those vulnerable machines have been compromised and turned into zombies, the resultant botnets can be used to launch an elaborate Distributed Denial of Service (DDoS) attack against any government department, large corporation or nation state. Once a large botnet based within a country's 'homes and SMEs' sectors has been clandestinely created, even if the national or regional internet connections are severed to stop a large scale attack, there will be no impact because the botnet "Trojan Horse" will continue to attack the larger entities from within.

Most homes and some SMEs are unaware that their standard security systems and regime will not always protect them from:

1. Spam, which is routinely laden with malware - Trojans, viruses and worms;
2. Sophisticated viruses and worms, which may attack systems prior to the availability of the latest upgrade from the security or software vendor and the solution may lie in shutting the vulnerable ports or applications off in the interim;
3. Software application and operating system vulnerabilities that do not have a patch available until much later sometimes. Automated as well as manual attacks may be directed against those targets in the interim if other counter-measures are not in place;
4. Phishing scams and online identity theft via Trojans or spyware, which may not be controllable because the present regime of online authentication via a password and keyword utilised by most banks or simple credit card entry utilised by online merchants is proving to be woefully inadequate. Unless there is a migration to biometric authentication (eg iris, voice or thumb print scan), coupled with a keyfob or physical device authentication and a password, the sophisticated digital crimes may not be controllable; and
5. Machine hijacks, where computers have been converted into zombies to become mail relay farms, launch DDoS attacks and carry out other nefarious activities like hosting child pornography or an illegal peer-to-peer music download server.

The global economic damage from all types of digital risk including overt and covert digital attacks, malware incidence, phishing scams, DDoS and spam lies between USD 470 billion and USD 578 billion for 2004, more than double the damage calculated for 2003 by the mi2g Intelligence Unit. [Breakdown damages are available.] At an estimated 1.2 billion computer units worldwide, the damage per machine lies between USD 390 and USD 480 per machine. As of 2004, the damage caused by digital risk manifestations per machine is running equivalent to the average price of a new computer unit. In 2005 and 2006, the 'digital damage per machine' figure is projected to exceed the price of the machine significantly as the price of computers keeps coming down and the damage from digital risk carries on rising.

"Banks are already beginning to shy away from their responsibility to compensate users in the event of an online fraud where they have issued warnings and the incapability of the user is to blame." said DK Matai, Executive Chairman, mi2g. "The present computing environment is not fool-proof and is not safe enough for the average computer user who is not a geek or does not have a friend who is a geek. This era is likely to come to an end with a bang. Users and governments will demand change and they have the collective power to influence the thinking of computing and communications vendors who have consistently put profits and time-to-market before safety and security."

Digital risk damages are calculated by the mi2g Intelligence Unit on the basis of helpdesk support costs, overtime payments, contingency outsourcing, loss of business, bandwidth clogging, productivity erosion, management time reallocation, cost of recovery and software upgrades. When available, Intellectual Property Rights (IPR) violations as well as customer and supplier liability costs have also been included in the estimates.

[ENDS]


mi2g is at the leading edge of building secure on-line banking, broking and trading architectures. The principal applications of our technology are:

1. D2-Banking;
2. Digital Risk Management; and
3. Bespoke Security Architecture.

mi2g pioneers enterprise-wide security practices and technology to save time and cut cost. We enhance comparative advantage within financial services and government agencies. Our real time intelligence is deployed worldwide for contingency capability, executive decision making and strategic threat assessment.

mi2g Research Methodology: The Frequently Asked Questions (FAQ) List is available from here in pdf. Please note terms and conditions of use listed on www.mi2g.net

Full details of the February 2005 report are available as of 1st March 2005 and can be ordered from here. (To view contents sample please click here).