Infosec 2009: Get to know cyber-criminals to get ahead, says former US security advisor

IT security professionals need to educate themselves about cyber-criminal methods and share the knowledge with end-users, says Howard...

IT security professionals need to educate themselves about cyber-criminal methods and share the knowledge with end-users, says Howard Schmidt, former US national cyber-security advisor.

The best way of getting the know-how they need is to work with law enforcement officers, said Schmidt, president and chief executive of the UK-based international Information Security Forum (ISF).

Traditional IT security defences are becoming less effective against cyber-attacks that are increasing rapidly in technical sophistication, cyber-crime investigators report.

More than half (62%) of security professionals polled for the 2009 eCrime Congress survey said not enough resources were dedicated to finding security vulnerabilities.

IT security professionals can identify and prioritise weaknesses in their defences accurately only if they share intelligence with those investigating cyber-crime, said Schmidt.

Feedback from business will also help crime fighters with future investigations by providing valuable information on cyber-attacks.

This type of collaboration is one of the key initiatives of the UK's e-crime programme, led by Metropolitan Police Service deputy assistant commissioner Janet Willams.

According to Schmidt, collaboration between law enforcement and business is vital in the fight against cyber-criminals inflicting financial losses on an unprecedented scale.

IT security professionals must ensure that knowledge of cyber-criminal methods is passed on to all users of IT in their organisations.

"IT end-users should be able to identify potential cyber-threats and know how to respond to them," said Schmidt.

Many businesses tell employees what to do if there is a breakdown in production processes, he said, but few give guidelines on how to protect company information.

Even fewer organisations provide easy ways for user to report suspected e-crime to keep defences at the highest possible level.

Schmidt is one of three panellists who will discuss how best to meet the growing cyber-criminal threat at Infosecurity Europe 2009 at Earls Court in London on 30 April.

Infosec 2009: an essential guide for IT professionals >>



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.