The government has been urged to create one-stop shops to allow businesses to report computer crimes and share confidential intelligence about cyberattacks with other organisations.
The lack of reliable intelligence on computer criminals and a shortage of hard statistics on the impact of computer crime, is placing businesses at risk, industry/government lobby group Eurim claimed in a wide-ranging discussion paper published this week.
The group’s warning comes as the Home Office is preparing a national e-crime strategy that is likely to have far-reaching consequences for the police, government and computer users.
“There is a real lack of information on the extent to which e-crime is undermining trust in the information society,” Eurim warned. “We need to make sure that we have adequate skilled resources and processes in place to report, investigate and prosecute e-crime when it occurs.”
Businesses and the government should collaborate to ensure that the public and small businesses have access to better information about computer security, said Eurim, which is seeking comments from IT professionals on its proposals.
This would protect larger businesses by helping to slow down the spread of viruses and making it harder for hackers to use vulnerable computer systems as a staging post to attack large companies.
The paper also called for certification schemes to be developed for forensic invesitagors so that in the future, business will find it easier to find qualified staff to investigate security breaches.
“We do need to think seriously about the whole security area and treat it much more as a profession with all that it entails, with codes of practice and continuous development,” said security consultant Chris Sundt, who contributed to the Eurim report.
It called for a campaign to persuade software and hardware suppliers to provide products with the security turned on by default. Suppliers should also offer small firms ready-to-go security packages and low-cost security audits to help them protect their systems, the report said.
The paper also called for a government review of computer crime law, including strengthening of the Computer Misuse Act against denial-of-service attacks, and the implementation of past recommendations by the Law Commisison.
Government should create one-stop shops to report computer crime and exchange intelligence between industries
Government and industry bodies should work more closely to gather better intelligence and eliminate duplicated effort
Retailers and IT suppliers should offer ready-to-use security packages and low-cost security audits for small firms.
IT user courses should be extended to cover basic security practices
Government and industry to develop codes of practice and consider an accreditation scheme for e-crime investigators
Voluntary accreditation scheme for security consultants
Government should strengthen the Computer Misuse Act and consult on other legal reforms identified by the Law Commission
Government should ensure that industry has an early input into development of global co-operation on e-crime and international legislation.