This section features key industry perspectives, research and market commentary deemed to be of particular importance or relevance in understanding today's User Authentication & Identity Management market trends.

Webroot uncovers thousands of stolen identities collected by a Trojan horse program.
May 09, 2006

According to Information provided to InfoWorld by Webroot Software, Webroot researchers have uncovered a location of a server containing tens of thousands of stolen identities from 125 countries collected by a Trojan horse program called Trojan-Phisher-Rebery. The information is organized by country and includes names, phone numbers, Social Security numbers, and user log-ins and passwords for tens of thousands of Web sites. The Rebery malicious software is an example of a "banking" Trojan, which are programmed to spring to life when computer owners visit one of a number of online banking or e-commerce sites, said Gerhard Eschelbeck, CTO at Webroot. According to InfoWorld, the discovery is just the latest evidence of rampant identity theft by online criminals who use malicious Web sites, common software vulnerabilities and keylogging software to harvest information from unsuspecting Web surfers. Rebery is still "running wild" on the Internet, Webroot said. The company believes there are more than 12,000 systems infected with the Trojan, 1,200 of them in the U.S.

Source: http://www.infoworld.com/article/06/05/09/78139_HNTrojanrebery_1.html

UC Berkeley & Harvard Study Shows Why Phishing Attacks Still Work Successfully
April 2006

According to UC Berkeley and Harvard academics’ research on “why phishing works”, controlled tests showed that 91% of people couldn’t tell the difference between legitimate or phishing websites.

Source: http://people.deas.harvard.edu/~rachna/papers/why_phishing_works.pdf

DOJ Study Estimates Identity Theft Costs Citizens $6.4 Billion a Year
April 3, 2006

According to the US Department of Justice's (DOJ) National Crime Victimization Survey, identity theft costs US citizens an estimated $6.4 billion annually. Data gathered through the survey indicates that three percent of US households experienced some form of identity theft during the first half of 2004. Credit card fraud accounted for roughly 50 percent of the cases; banking and financial account fraud accounted for 25 percent. Average losses incurred averaged US $1290.

Source: http://www.ojp.usdoj.gov/bjs/pub/pdf/it04.pdf

Privacy Rights Clearing House Reports The Chronology of 113 Data Breaches To Date Since February 2005 Exposing More Than 54 Million Individuals
March 30, 2006

Privacy Rights Clearing House reports the chronology of data breaches since February 15, 2005, currently totaling 113 breaches compromising more than 54 million Americans. Stolen data included Social Security numbers, account numbers and drivers license numbers, in many cases through breaches of computer systems.

Source: http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP

Ernst & Young Global Survey indicates regulatory compliance as the lead primary driver of information security
October 27, 2005

According to Ernst & Young Global Survey, regulatory compliance, for the first time has surpassed viruses and worms, as the leading driver of information security. The steep number of regulations and non-compliance consequences has escalated information security to boardroom governance. Nearly two-thirds of survey respondents, representing 1,300 global companies, government and non-profit agencies cited compliance with regulations such as Sarbanes-Oxley, as the primary driver of information security. The consultancy firm warns that information security, a key part of an organization’s ability to manage risk, is failing to keep pace with speeding technological change and the growing regulatory burden.

Source: http://www.ey.com/global/download.nsf/International/Global_Information_Security_Survey_2005/$file/EY_Global_Information_Security_survey_2005.pdf

The Identity Theft Technology Council (ITTC) report examines all classes of Phishing attacks and countermeasure technologies
October 3, 2005

The Identity Theft Technology Council (ITTC), in association with the Antiphishing Working Group, DHS S&T, and SRI International has issued a report examining the classes of phishing attacks and ways in which technology could be deployed to stop them. Technology-based phishing countermeasures are examined in detail, including the information flow in phishing attacks of all types.

Source: http://www.antiphishing.org/Phishing-dhs-report.pdf