Skip to main content
The Scotsman’s Grip

I have been at the first e-crime congress in London this week, talking about IT security and business continuity planning and asking whether these represent core business functions a year on from 911. For many readers this may be a statement of the obvious, after all, Merril Lynch lost two datacentres that day but the statistics of apathy make grim reading.

If 97% of UK companies have been attacked or ‘threatened’ in some way, according to DCS Len Hynds of the National High Tech Crime Unit (NHTCU), then at least half the business community are not taking the risks seriously.

You may be familiar with the statistics from the DTI earlier this year. They had 44% of UK companies reporting malicious attacks with an average repair cost of £30,000, some as high as £500,000. Now, I take most of the statistics I see with a large pinch of salt but the most recent NHTCU figures suggest even more strongly that the problem is becoming worse and reflects almost geometric growth, month on month in the incidence of attack. Mi2G has now offered a revised projection for 2002 of 70,000 attacks, mostly targeted at small to medium size businesses.

According to a report from Mi2G, November saw a decline of 8% in the number of overt digital attacks worldwide to 14,812 - after four consecutive record-breaking months including October - when the highest number ever was recorded at 16,167.

Europe's sharp plunge accounted for a large portion of the overall decline This was principally due to the UK, where attacks fell sharply by nearly 70% from 2,253 in October to 679 in November, a consequence, it is hoped of government efforts to draw greater attention to the threat among businesses.

On the positive side, research from Riptech reveals what appears to be the first quantifiable evidence that companies may be achieving some level of success in defending against Internet attacks. For example, the percentage of companies that suffered at least one severe attack during the past six months declined by nearly half, a trend that is partly attributable to a gradual strengthening of the security postures of companies represented in the sample set.

Companies that did not strengthen their security posture likely suffered higher rates of severe attack activity.

While the many different agencies involved can be applauded for their good work, I’m left with a sense that there remains a danger of locking the stable door after the digital horse has bolted. Let me explain.

In preparing the Broadband Britain agenda, government has known about the risks for some time. One example is the as yet unknown ‘infection’ rate among Broadband users, a second is the relative simplicity by which inadequately protected UK Online centres might be compromised by their users or third parties.

You see, in the rush to achieve the online agenda, blind ambition has preceded a national programme and single point of responsibility where the education and protection of the online citizen is involved. In fact, no such programme is likely to appear before the Spring, so until then it’s open season on anyone who hasn’t taken what you and I might think of as sensible security precautions, anti-virus, personal firewalls and so on.

Who really owns this ‘information assurance; agenda at a national level, the Office of The e-Envoy or the Home Office? More importantly who will pay for it, because I can’t imagine BT volunteering to add the unsubsidised costs of better consumer security to the costs of rolling out Broadband. This raises an interesting question. Has government spent so much effort on the big picture projects that it’s been at the expense of security, that most fundamental part of IT?

Comments

Popular posts from this blog

Civilisational Data Mining

It’s a new expression I haven’t heard before. ‘Civilisational data mining.’

Let me start by putting it in some context. Every character, you or I have typed into the Google search engine or Facebook over the last decade, means something, to someone or perhaps ‘something,’ if it’s an algorithm.


In May 2014, journalists revealed that the United States National Security Agency, the NSA, was recording and archiving every single cell-phone conversation that took place in the Bahamas. In the process they managed to transform a significant proportion of a society’s day to day interactions into unstructured data; valuable information which can of course be analysed, correlated and transformed for whatever purpose the intelligence agency deems fit.

And today, I read that a GOP-hired data company in the United States has ‘leaked’ personal information, preferences and voting intentions on… wait for it… 198 million US citizens.

Within another decade or so, the cost of sequencing the human genome …

The Nature of Nurture?

Recently, I found myself in a fascinating four-way Twitter exchange, with Professor Adam Rutherford and two other science-minded friends The subject, frequently regarded as a delicate one, genetics and whether there could exist an unknown but contributory genetic factor(s) or influences in determining what we broadly understand or misunderstand as human intelligence.

I won’t discuss this subject in any great detail here, being completely unqualified to do so, but I’ll point you at the document we were discussing, and Rutherford’s excellent new book, ‘A Brief History of Everyone.”

What had sparked my own interest was the story of my own grandfather, Edmond Greville; unless you are an expert on the history of French cinema, you are unlikely to have ever hear of him but he still enjoys an almost cult-like following for his work, half a century after his death.

I've been enjoying the series "Genius" on National Geographic about the life of Albert Einstein. The four of us ha…
The Mandate of Heaven

eGov Monitor Version

“Parliament”, said my distinguished friend “has always leaked like a sieve”.

I’m researching the thorny issue of ‘Confidence in Public Sector Computing’ and we were discussing the dangers presented by the Internet. In his opinion, information security is an oxymoron, which has no place being discussed in a Parliament built upon the uninterrupted flow of information of every kind, from the politically sensitive to the most salacious and mundane.

With the threat of war hanging over us, I asked if MPs should be more aware of the risks that surround this new communications medium? More importantly, shouldn’t the same policies and precautions that any business might use to protect itself and its staff, be available to MPs?

What concerns me is that my well-respected friend mostly considers security in terms of guns, gates and guards. He now uses the Internet almost as much as he uses the telephone and the Fax machine and yet the growing collective t…