Skip to main content

Get Safe Online

It’s that annual InfoSec time again and walking the aisles of Europe’s most successful Information Security show, I find myself plagued with a nagging sense of doubt. Why? Scantily clad girls dressed as angels and the sash-climbing acrobats in yellow lycra bodysuits on the Symantec stand were entertaining and colourful enough and even the message on the EP Secure stand warning visitors of the dangers from viruses and “Wormes” instead of “Worms”, should have bought a smile to my face but all I could see in a packed Olympia, was an industry united in a profitable celebration of the failure of our society to properly protect itself from the dangers of living an increasingly online existence.

InfoSec was once again the venue for the release of the latest Government-sponsored survey of information security breaches in the UK, conducted by a consortium led by PricewaterhouseCoopers LLP and while you can find encouragement in the news that large businesses have become more security-conscious, with the total security incidents having fallen by 50% over the last two years, the opposite is true of small business. Here, the average number of incidents has risen by 50% to approximately eight a year. Worse still perhaps in figures that support last month’s smaller eCrime Congress survey, we have an indicative estimate of the total cost of security breaches to UK plc, up by 50% from two years ago, and now approximately £10 billion per annum.

Microsoft which is at last joining the dubious “Windows Client Protection” business with its own anti-virus, ‘Windows Live OneCare’ solution, has been working hard to improve it’s own security credentials with a number of initiatives over the last year and its Hotmail mail service is blocking 3.4 billion spam email messages each day and it has had two billion downloads of its malicious software removal tool in the last year, which tells us something about the overall size of the malicious software problem.

The computing environment that surrounds us today reminds me of a large Termite mound. It’s intricate, solid, highly-efficient and constantly improved. It does however have lots of different openings to the world outside and every now and then, a hungry chimpanzee with a twig comes along and plays havoc with the poor industrious Termite’s defensive structure. Taking this metaphor, a step further and looking at the sheer number of companies displaying solutions at InfoSec, I have to wonder how long business will have to continue spending sizeable sums on information security products that continue to have relatively modest success in mitigating the expanding risks from Netcrime?

It was Winston Churchill who said: “Although personally I am quite content with existing explosives, I feel we must not stand in the path of improvement” and at an earlier InfoSec Show, I released a Microsoft-sponsored report “A matter of trust” which examined some of the many at the challenges facing Microsoft’s Trustworthy Computing strategy and the steadily growing threat from online crime. In the intervening period, InfoSec and the security industry have become larger and more successful, as have the organised crime groups that are busy milking people’s bank accounts, defrauding businesses and stealing the identities of as many as 100,000 people in the UK each year.

So I’m confused. InfoSec is a great show and a wonderful platform for an arsenal of information security and identity products but all the evidence of this year and previous years, suggests that we’re on the wrong side of the arms race to secure the computing environment and that even for the most paranoid of organisations, an unlimited security budget doesn’t offer a safe and bullet-proof existence or to quote Arthur Dent in The Hitchhiker’s Guide to the Galaxy: “Ah, this is obviously some strange use of the word safe that I wasn't previously aware of.”

Comments

Popular posts from this blog

Mainframe to Mobile

Not one of us has a clue what the world will look like in five years’ time, yet we are all preparing for that future – As  computing power has become embedded in everything from our cars and our telephones to our financial markets, technological complexity has eclipsed our ability to comprehend it’s bigger picture impact on the shape of tomorrow.

Our intuition has been formed by a set of experiences and ideas about how things worked during a time when changes were incremental and somewhat predictable. In March 1953. there were only 53 kilobytes of high-speed RAM on the entire planet.

Today, more than 80 per cent of the value of FTSE 500* firms is ‘now dark matter’: the intangible secret recipe of success; the physical stuff companies own and their wages bill accounts for less than 20 per cent: a reversal of the pattern that once prevailed in the 1970s. Very soon, Everything at scale in this world will be managed by algorithms and data and there’s a need for effective platforms for ma…
The Mandate of Heaven

eGov Monitor Version

“Parliament”, said my distinguished friend “has always leaked like a sieve”.

I’m researching the thorny issue of ‘Confidence in Public Sector Computing’ and we were discussing the dangers presented by the Internet. In his opinion, information security is an oxymoron, which has no place being discussed in a Parliament built upon the uninterrupted flow of information of every kind, from the politically sensitive to the most salacious and mundane.

With the threat of war hanging over us, I asked if MPs should be more aware of the risks that surround this new communications medium? More importantly, shouldn’t the same policies and precautions that any business might use to protect itself and its staff, be available to MPs?

What concerns me is that my well-respected friend mostly considers security in terms of guns, gates and guards. He now uses the Internet almost as much as he uses the telephone and the Fax machine and yet the growing collective t…

Civilisational Data Mining

It’s a new expression I haven’t heard before. ‘Civilisational data mining.’

Let me start by putting it in some context. Every character, you or I have typed into the Google search engine or Facebook over the last decade, means something, to someone or perhaps ‘something,’ if it’s an algorithm.


In May 2014, journalists revealed that the United States National Security Agency, the NSA, was recording and archiving every single cell-phone conversation that took place in the Bahamas. In the process they managed to transform a significant proportion of a society’s day to day interactions into unstructured data; valuable information which can of course be analysed, correlated and transformed for whatever purpose the intelligence agency deems fit.

And today, I read that a GOP-hired data company in the United States has ‘leaked’ personal information, preferences and voting intentions on… wait for it… 198 million US citizens.

Within another decade or so, the cost of sequencing the human genome …