IT security professionals need to educate themselves about cyber-criminal methods and share the knowledge with end-users, says Howard Schmidt, former US national cyber-security advisor.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The best way of getting the know-how they need is to work with law enforcement officers, said Schmidt, president and chief executive of the UK-based international Information Security Forum (ISF).
Traditional IT security defences are becoming less effective against cyber-attacks that are increasing rapidly in technical sophistication, cyber-crime investigators report.
More than half (62%) of security professionals polled for the 2009 eCrime Congress survey said not enough resources were dedicated to finding security vulnerabilities.
IT security professionals can identify and prioritise weaknesses in their defences accurately only if they share intelligence with those investigating cyber-crime, said Schmidt.
Feedback from business will also help crime fighters with future investigations by providing valuable information on cyber-attacks.
This type of collaboration is one of the key initiatives of the UK's e-crime programme, led by Metropolitan Police Service deputy assistant commissioner Janet Willams.
According to Schmidt, collaboration between law enforcement and business is vital in the fight against cyber-criminals inflicting financial losses on an unprecedented scale.
IT security professionals must ensure that knowledge of cyber-criminal methods is passed on to all users of IT in their organisations.
"IT end-users should be able to identify potential cyber-threats and know how to respond to them," said Schmidt.
Many businesses tell employees what to do if there is a breakdown in production processes, he said, but few give guidelines on how to protect company information.
Even fewer organisations provide easy ways for user to report suspected e-crime to keep defences at the highest possible level.
Schmidt is one of three panellists who will discuss how best to meet the growing cyber-criminal threat at Infosecurity Europe 2009 at Earls Court in London on 30 April.