There is no escaping the reality that businesses live on the Web today. From banks to bookstores, from auctions to games, the Web is the place where most businesses ply their trade. For consumers, the Web has become the place where they do the majority of their business as well. For example, nearly 50 percent of all retail music sales in the United States happen online today; the market for virtual merchandise in online games will top $1.5B this year; and, by some estimates, over 45 percent of U.S. adults use the Internet exclusively to do their banking. With the growing popularity of web-enabled smart phones, much of this online commerce is now available to consumers anytime and anywhere. By any estimation, business on the Web is an enormous part of the economy and growing rapidly. But along with this growth has come the uncomfortable realization that the security of this segment of commerce is not keeping pace.
In the brick and mortar world, business owners have spent decades encountering and learning to mitigate threats. They have had to deal with break-ins, burglary, armed robbery, counterfeit currency, fraudulent checks, and scams of all kinds. In the brick and mortar world, however, businesses have a constrained, easily defined perimeter to their business, and, in most cases, a reasonably constrained population of threats. They have, over time, learned to apply an increasingly mature set of practices, tools, and safeguards to secure their businesses against these threats. On the Web, the story is quite different.