Phishing is one of those problems that the security industry is not going to solve. However, they are making it tougher.

The Anti-Phishing Working Group released its quarterly report this week. It took a bit to digest because it had some errors in its analysis, but the most significant data point seems to be that the number of Web pages created as a landing page for phishing attacks has skyrocketed. While that at first seems threatening, and the APWG appears to read it that way, it could be the opposite. If the attackers are reacting to better defenses and quicker takedowns of their sites by churning through many more URLs, then that is a success, of sorts.

I also took a look a breach data this week. The data does seem to suggest that, while companies are increasingly punished for big breaches, their losses – along with moderate customer churn - appear to have a small impact on the companies in the medium and long term.

Sure they feel the pain, and some stock prices have gone down, but no one has really felt a lot of pain. — Lillian Ablon, cyber-security and emerging technologies analyst at RAND

This is not necessarily a new finding, but as more breaches cause havoc at firms, seeing whether the trend holds will be interesting.

  • “Phishers Creating More Noise to Fool Defenses,” eWEEK
  • “Huge Data Breach Losses Aren’t Forcing Companies to Bolster Security,” eWEEK

Week in Review is where I highlight articles that I’ve written and that have been published in the last week.