Companies using the Internet to do business should adhere to a code of conduct to reduce hacking and online theft, the U.S. Commerce Department said in a report issued Wednesday.
The department recommended improved methods for authenticating identity in a world where passwords are easily stolen or hacked. It also urged using the latest technology to ensure that when users type in a Wed address that they actually go to that domain rather than being hijacked.
Another element of the code of conduct would be the development of incentives to encourage needed expenditures on security. For example, a company using best practices may have less legal liability in the case of a hack.
With online transactions estimated at $10 trillion globally each year and growing, the threat of online theft has also grown, the Commerce Department said.
“In 2010, an estimated 55,000 new viruses, worms, spyware and other threats were bombarding the Internet daily,” the department said.
“Our economy depends on the ability of companies to provide trusted, secure services online. As new cybersecurity threats evolve, it’s critical that we develop policies that better protect businesses and their customers,” Commerce Secretary Gary Locke said in a statement.
Consulting firm Forrester estimates that security ate up about 8 percent of North American and European corporate information technology budgets in 2007, and that figure grew to 14 percent in 2010.
The report follows the release of a recent spate of highly publicized hacks and data losses. The danger from the breaches varies. One put the company’s customers at risk for identity theft while another potentially made the company easier to hack in the future.
Recent hacking victims include defense contractor Lockheed Martin and search giant Google Inc.
In another twist, hackers associated with Lulz Security broke into Sony Corp computer systems twice after the company announced what appeared to be an unrelated data breach in April.
While criminal hackers usually strive for complete anonymity, Lulz Security says it has no financial motives and hacks for political reasons.
It also claimed credit for an attack on an Atlanta office of InfraGard, an outreach center used by the Federal Bureau of Investigation to liaise with private business. And the hacker group has said it defaced the U.S. Public Broadcasting Service network websites to protest a documentary about secrets publisher WikiLeaks.
On Wednesday, Lulz tweeted that it had attacked the website of a computer security firm which had gone on Twitter to sardonically thank the group for giving it new customers. The company’s site was down as of midday on Wednesday.
(Reporting by Diane Bartz; Editing by Tim Dobbyn)