Why do after high hanging fruit
People are very concerned about the security of the "stream"; that people can get their credit card number on-line. And generally it is a good idea to only buy things from "secure" sites; these websites will usually say "secure transactions" and either have "https:" as the start of the address, offer warnings or notifications ("secure area"), or say something about SSL or security when you're shopping on their site. What they do is scramble (encrypt) the information, like your VISA card number, so that anyone that "intercepts" the information would get garbage and not easily be able to fraudulently use your card. At least not without many weeks of computer time to descramble that data; and even then, some people are complaining that isn't secure enough.
But even if your data isn't secure at all (encrypted), there are a lot easier ways to intercept your credit card number than stealing it off the net. Dumpster diving at a local shopping mall or out of your garbage is an easier way to get credit card numbers; or people just hang out at malls or around stores and memorize credit card or calling card numbers as they watch others use them. Think about the real world security as well as the virtual world. Think about the greater threats.
If people want to do fraud on a large basis, they just break into mailboxes and take hundreds of checks and credit cards, rather than one at a time across the net. Or hackers are more likely to attack organizations for their private information (en masse) rather than individuals.
Another issue of security that is overlooked is "trusted sources". I trust Wall-Mart more than I trust a guy selling things out of his trunk on the street corner. Do the same on-line. Once I've dealt with an organization and they seem to be respectable, they earn a little more trust. If I don't know an organization, I try to do a little research.
A lot of fraud is intentional. I'd be more concerned with a phony store (real or on-line) that is trying to dupe me into me giving my private information or credit card number than I am about a hacker stealing it off the net. In fact, there's a lot more fraud in the real world than on-line. Think about it, most hackers can make more money through less risky means; so why bother with petty crimes?
Another pet peeve of mine is organizations that use complex passwords that change all the time, but then write down those passwords where people have access to them. Most computer "break-ins" are not from outsiders, but by disgruntled employees. Don't just protect from without, but from within.
And one of the biggest issues of security, and the most ignored, is physical security. Honestly, if someone wants a lot of information about you, they can do things like try to snoop on all this data coming out of your machine, which is work; or just steal your laptop or computer when you leave it unattended, or just access it when you're not around.
I've seen many companies that put a lot of effort into paying for all these Internet firewalls and the like (which aren't a bad idea), but then they let strangers walk around their offices unattended, or they have the servers in an unlocked area (where anyone can go in and just physically steal the whole computer), or they leave backup tapes (with all that private data) lying around, and so on. People that wouldn't leave their purse or briefcase out in the open (unattended) will do the exact same to their computer, without a password, even though it has more private information on it.
Your data is only as secure as the container it is in. If you office or home isn't secure, then your data is vulnerable. If you computer doesn't have a password on it, or it can be taken, then your data can as well. So when you start thinking about security, start thinking about all aspects of it. It isn't that I'm unconcerned about hacking, I'm just more concerned about other more likely threats to security and try to keep them in perspective.