So, here we are at the end of another year. And what has this past year brought us? A few things have changed compared to last years review and some things havent. Hows that for a generalized statement?

Two things still stand out as highlights (or lows) for the past year: phishing and the lessons taught by Katrina.

Assault on Private Data

Phishing and pharming, or more specifically identity theft, were made headlines early in the year. They continue plague many financial institutions and e-commerce Websites. The number of phishing attempts or variants continues on an upward trend. December 2004 came and went with 8,829 reported incidents to the Anti-Phishing Group, while this month (December 2005) that number is 15,820, with some time still on the clock. People are either becoming more aware of the problem, and thus reporting it more, or there are more actual phishing variants out there.

Along with some of the phishing attempts, we have seen the installation of Trojans and other RATs (Remote Access/Administration Tools) onto users machines as methods of getting credit card information. These operate primarily on the user and home user level, but the risk is still there for those that bring home their laptops home and use them to surf.

But even if you did manage to avoid traps like phishing and pharming, you still could be susceptible to credit card information theft due to incidents like those with ChoicePoint, Bank of America and Lexis-Nexus. As I write this, Ford Motor Co., is in the process of notifying 70,000+ of its present and past office workers that their personal data may have been compromised due to a laptop theft in November. The importance of identity and protecting it will certainly be a key resolution for 2006 for many enterprises.

And it should be, given how robust the Internet is today. Yet, we still have some e-commerce sites using insecure ordering forms. For instance, I recently went to place an online order and was rather shocked that this major company, in Canada and using a major search engine to host their store, didnt employ any encryption at all as I was about to enter my credit card info for a gift certificate.

Recovery Wasn't a Given

You would have thought that after 9/11 companies would have realized the importance of using things like warm/hot sites and remote backups. But Hurricane Katrina highlighted many of the flaws in existing disaster recovery and business continuity plans. For those that have them.

Many still dont even have daily backups that can mitigate relatively minor problems caused by user error, never mind large scale planning. Many enterprises seem oblivious to the fact that if a disaster did occur theyd go bankrupt in seconds because they didnt take the time to plan and deal with things in advance. Mother Nature has never been known to ask permission before unleashing her fury.