IT security professionals need to educate themselves about
cyber-criminal methods and share the knowledge with end-users, says
Howard Schmidt, former US national cyber-security advisor.
The best way of getting the know-how they need is to work with
law enforcement officers, said Schmidt, president and chief
executive of the UK-based international
Information
Security Forum (ISF).
Traditional IT security defences are becoming less effective
against cyber-attacks that are increasing rapidly in technical
sophistication, cyber-crime investigators report.
More than half (62%) of security professionals polled for the
2009 eCrime Congress survey said not enough resources were
dedicated to finding security vulnerabilities.
IT security professionals can identify and prioritise weaknesses
in their defences accurately only if they share intelligence with
those investigating cyber-crime, said Schmidt.
Feedback from business will also help crime fighters with future
investigations by providing valuable information on
cyber-attacks.
This type of collaboration is one of the key initiatives of the
UK's e-crime programme, led by Metropolitan Police Service deputy
assistant commissioner
Janet Willams.
According to Schmidt, collaboration between law enforcement and
business is vital in the fight against cyber-criminals inflicting
financial losses on an unprecedented scale.
IT security professionals must ensure that knowledge of
cyber-criminal methods is passed on to all users of IT in their
organisations.
"IT end-users should be able to identify potential cyber-threats
and know how to respond to them," said Schmidt.
Many businesses tell employees what to do if there is a
breakdown in production processes, he said, but few give guidelines
on how to protect company information.
Even fewer organisations provide easy ways for user to report
suspected e-crime to keep defences at the highest possible
level.
Schmidt is one of three panellists who will discuss how best to
meet the growing cyber-criminal threat at
Infosecurity
Europe 2009 at Earls Court in London on 30 April.
Infosec 2009: an essential guide for IT professionals
>>