Cybersecurity is of crucial importance to the UK, and policing
it is up to all of us. Mark Lewis reports
Many people have said that Richard Granger, head of IT in the NHS,
has the toughest job in UK IT. Len Hynds might beg to differ. As
the head of the UK's National High-Tech Computer Crime Unit, it is
Hynds' job to police UK cyberspace. Even with the support of
government and the user community, this would be no easy task.
Without it, it becomes nigh on impossible.
The issue of security shows no sign of improving. Only three months
ago, the Slammer virus wreaked havoc worldwide, delivering a timely
reminder of the ability of a lone scripter to disrupt business
globally. Hynds makes it clear in
our exclusive interview that we will only start to tackle the
problem when all stakeholders pool information and collaborate on
finding solutions.
Any readers who think focusing on security in their own
organisation is a matter of choice would do well to digest the
opinions of
David Griffiths and
Yag Kanani, partners at Clifford Chance and Deloitte &
Touche, respectively. Widening corporate governance requirements
mean IT professionals now have a duty of care to ensure secure
systems.
Of course, users alone cannot solve the problem of security.
Government policy makers must establish a clear framework for
change.
Liz Warren provides a route map for tackling security by
extrapolating lessons from the US government's adoption of a
national strategy on cybersecurity.
A lesson that emerges from this week's security special report is
that we all have a role in securing our places of work and, by
extension, UK plc. End-users need to stop opening suspect e-mails;
those responsible for corporate security need to wise up fully to
their responsibilities; and government and law enforcement agencies
need to create a means of stopping hackers and others from
compromising systems, and prosecute them successfully when they
do.
This year's Infosecurity Europe show in London will be bursting
with clever tools and good ideas for keeping our systems secure.
Now the onus is on us to implement them.
Security by numbers
Average number of cyberattacks per company, per week -
30
Source: Symantec Internet Security
Report, Q3/Q4 2002
Percentage of UK companies not adopting wireless technologies
owing to security fears - 75%
Source:
@stake
Proportion of users who choose a common password where possible
- 81%
Source: NTA Monitor
Proportion of global SMEs only updating antivirus software once
a week - 42%
Source: Sophos
Antivirus
Number of UK businesses without disaster recovery provisions in
place - 360,000
Source: TDM
Group
Proportion of employees who have divulged their password to at
least one person - 71%
Source:
Synstar
Number of employees who would report a stranger using a PC in
their office - 4%
Source:
Synstar
Predicted proportion of e-mail crossing office networks in 2003
that is spam - 50%
Source: Aberdeen
Group
Proportion of respondents with no idea if their firm has a
security policy - 56%
Source:
Synstar
Percentage of corporate e-mail that is non-work related -
35%
Source: Waterford Technologies
Percentage of major financial institutions in the City of London
not reporting cybercrime due to corporate reputation fears -
67%
Source: Defcom