The Scotsman’s Grip

I have been at the first e-crime congress in London this week, talking about IT security and business continuity planning and asking whether these represent core business functions a year on from 911. For many readers this may be a statement of the obvious, after all, Merril Lynch lost two datacentres that day but the statistics of apathy make grim reading.

If 97% of UK companies have been attacked or ‘threatened’ in some way, according to DCS Len Hynds of the National High Tech Crime Unit (NHTCU), then at least half the business community are not taking the risks seriously.

You may be familiar with the statistics from the DTI earlier this year. They had 44% of UK companies reporting malicious attacks with an average repair cost of £30,000, some as high as £500,000. Now, I take most of the statistics I see with a large pinch of salt but the most recent NHTCU figures suggest even more strongly that the problem is becoming worse and reflects almost geometric growth, month on month in the incidence of attack. Mi2G has now offered a revised projection for 2002 of 70,000 attacks, mostly targeted at small to medium size businesses.

According to a report from Mi2G, November saw a decline of 8% in the number of overt digital attacks worldwide to 14,812 - after four consecutive record-breaking months including October - when the highest number ever was recorded at 16,167.

Europe's sharp plunge accounted for a large portion of the overall decline This was principally due to the UK, where attacks fell sharply by nearly 70% from 2,253 in October to 679 in November, a consequence, it is hoped of government efforts to draw greater attention to the threat among businesses.

On the positive side, research from Riptech reveals what appears to be the first quantifiable evidence that companies may be achieving some level of success in defending against Internet attacks. For example, the percentage of companies that suffered at least one severe attack during the past six months declined by nearly half, a trend that is partly attributable to a gradual strengthening of the security postures of companies represented in the sample set.

Companies that did not strengthen their security posture likely suffered higher rates of severe attack activity.

While the many different agencies involved can be applauded for their good work, I’m left with a sense that there remains a danger of locking the stable door after the digital horse has bolted. Let me explain.

In preparing the Broadband Britain agenda, government has known about the risks for some time. One example is the as yet unknown ‘infection’ rate among Broadband users, a second is the relative simplicity by which inadequately protected UK Online centres might be compromised by their users or third parties.

You see, in the rush to achieve the online agenda, blind ambition has preceded a national programme and single point of responsibility where the education and protection of the online citizen is involved. In fact, no such programme is likely to appear before the Spring, so until then it’s open season on anyone who hasn’t taken what you and I might think of as sensible security precautions, anti-virus, personal firewalls and so on.

Who really owns this ‘information assurance; agenda at a national level, the Office of The e-Envoy or the Home Office? More importantly who will pay for it, because I can’t imagine BT volunteering to add the unsubsidised costs of better consumer security to the costs of rolling out Broadband. This raises an interesting question. Has government spent so much effort on the big picture projects that it’s been at the expense of security, that most fundamental part of IT?


Popular posts from this blog

The Nature of Nurture?

Civilisational Data Mining