Skip to main content

Get Safe Online

It’s that annual InfoSec time again and walking the aisles of Europe’s most successful Information Security show, I find myself plagued with a nagging sense of doubt. Why? Scantily clad girls dressed as angels and the sash-climbing acrobats in yellow lycra bodysuits on the Symantec stand were entertaining and colourful enough and even the message on the EP Secure stand warning visitors of the dangers from viruses and “Wormes” instead of “Worms”, should have bought a smile to my face but all I could see in a packed Olympia, was an industry united in a profitable celebration of the failure of our society to properly protect itself from the dangers of living an increasingly online existence.

InfoSec was once again the venue for the release of the latest Government-sponsored survey of information security breaches in the UK, conducted by a consortium led by PricewaterhouseCoopers LLP and while you can find encouragement in the news that large businesses have become more security-conscious, with the total security incidents having fallen by 50% over the last two years, the opposite is true of small business. Here, the average number of incidents has risen by 50% to approximately eight a year. Worse still perhaps in figures that support last month’s smaller eCrime Congress survey, we have an indicative estimate of the total cost of security breaches to UK plc, up by 50% from two years ago, and now approximately £10 billion per annum.

Microsoft which is at last joining the dubious “Windows Client Protection” business with its own anti-virus, ‘Windows Live OneCare’ solution, has been working hard to improve it’s own security credentials with a number of initiatives over the last year and its Hotmail mail service is blocking 3.4 billion spam email messages each day and it has had two billion downloads of its malicious software removal tool in the last year, which tells us something about the overall size of the malicious software problem.

The computing environment that surrounds us today reminds me of a large Termite mound. It’s intricate, solid, highly-efficient and constantly improved. It does however have lots of different openings to the world outside and every now and then, a hungry chimpanzee with a twig comes along and plays havoc with the poor industrious Termite’s defensive structure. Taking this metaphor, a step further and looking at the sheer number of companies displaying solutions at InfoSec, I have to wonder how long business will have to continue spending sizeable sums on information security products that continue to have relatively modest success in mitigating the expanding risks from Netcrime?

It was Winston Churchill who said: “Although personally I am quite content with existing explosives, I feel we must not stand in the path of improvement” and at an earlier InfoSec Show, I released a Microsoft-sponsored report “A matter of trust” which examined some of the many at the challenges facing Microsoft’s Trustworthy Computing strategy and the steadily growing threat from online crime. In the intervening period, InfoSec and the security industry have become larger and more successful, as have the organised crime groups that are busy milking people’s bank accounts, defrauding businesses and stealing the identities of as many as 100,000 people in the UK each year.

So I’m confused. InfoSec is a great show and a wonderful platform for an arsenal of information security and identity products but all the evidence of this year and previous years, suggests that we’re on the wrong side of the arms race to secure the computing environment and that even for the most paranoid of organisations, an unlimited security budget doesn’t offer a safe and bullet-proof existence or to quote Arthur Dent in The Hitchhiker’s Guide to the Galaxy: “Ah, this is obviously some strange use of the word safe that I wasn't previously aware of.”

Comments

Popular posts from this blog

Civilisational Data Mining

It’s a new expression I haven’t heard before. ‘Civilisational data mining.’

Let me start by putting it in some context. Every character, you or I have typed into the Google search engine or Facebook over the last decade, means something, to someone or perhaps ‘something,’ if it’s an algorithm.


In May 2014, journalists revealed that the United States National Security Agency, the NSA, was recording and archiving every single cell-phone conversation that took place in the Bahamas. In the process they managed to transform a significant proportion of a society’s day to day interactions into unstructured data; valuable information which can of course be analysed, correlated and transformed for whatever purpose the intelligence agency deems fit.

And today, I read that a GOP-hired data company in the United States has ‘leaked’ personal information, preferences and voting intentions on… wait for it… 198 million US citizens.

Within another decade or so, the cost of sequencing the human genome …

The Nature of Nurture?

Recently, I found myself in a fascinating four-way Twitter exchange, with Professor Adam Rutherford and two other science-minded friends The subject, frequently regarded as a delicate one, genetics and whether there could exist an unknown but contributory genetic factor(s) or influences in determining what we broadly understand or misunderstand as human intelligence.

I won’t discuss this subject in any great detail here, being completely unqualified to do so, but I’ll point you at the document we were discussing, and Rutherford’s excellent new book, ‘A Brief History of Everyone.”

What had sparked my own interest was the story of my own grandfather, Edmond Greville; unless you are an expert on the history of French cinema, you are unlikely to have ever hear of him but he still enjoys an almost cult-like following for his work, half a century after his death.

I've been enjoying the series "Genius" on National Geographic about the life of Albert Einstein. The four of us ha…
The Mandate of Heaven

eGov Monitor Version

“Parliament”, said my distinguished friend “has always leaked like a sieve”.

I’m researching the thorny issue of ‘Confidence in Public Sector Computing’ and we were discussing the dangers presented by the Internet. In his opinion, information security is an oxymoron, which has no place being discussed in a Parliament built upon the uninterrupted flow of information of every kind, from the politically sensitive to the most salacious and mundane.

With the threat of war hanging over us, I asked if MPs should be more aware of the risks that surround this new communications medium? More importantly, shouldn’t the same policies and precautions that any business might use to protect itself and its staff, be available to MPs?

What concerns me is that my well-respected friend mostly considers security in terms of guns, gates and guards. He now uses the Internet almost as much as he uses the telephone and the Fax machine and yet the growing collective t…