E-crime strategy is long overdue

While the general public has been distracted by issues such as the spread of pornography on the web and the rise of spam, attacks...

While the general public has been distracted by issues such as the spread of pornography on the web and the rise of spam, attacks on corporate IT systems receive much less attention. This week the spotlight was turned on the cost of computer crime, which was estimated to be more than £1.1m per organisation in figures released by the National Hi-Tech Crime Unit. Among those suffering financial fraud, the average cost rose to £2.9m.

The figures also reveal that more than 80% of businesses have experienced a high-tech crime in the past year. Every category of crime, from virus attacks to financial fraud and criminal use of the internet, is on the increase. In addition, concerns about hackers exchanging information on how to exploit a flaw in Windows 2000, coming so soon after the leak of part of the Windows 2000 and NT4 code, combined to make this week particularly difficult for those in charge of corporate IT security.

Help was supposed to be at hand from the government through the launch of a national strategy on computer crime. It had been expected that home secretary David Blunkett would release details of a strategy that would co-ordinate the activities of government, business and law enforcement agencies. The news that the national strategy has been delayed comes at a time when the threats to IT systems are becoming larger and more complex, and those perpetrating security breaches are getting more sophisticated in their methods. The government expects to be in a position to announce details of the national strategy in late spring, but as the Hi-Tech Crime Unit figures reveal, IT users cannot afford to delay improvements to their security strategy.

Part of the solution is not to rely on security products alone to protect systems but to think about the organisation as a whole and where the vulnerabilities lie. A risk assessment will identify those areas most vulnerable to attack and where the bulk of security measures need to be deployed. It is then up to organisations to develop security policies and ensure that all staff adhere to them. In a world where increasing deployment of XML and web services will mean that suppliers and customers are sharing more information within networks, securing data can only become more important.

The issue of security is too important to be left to either businesses or law enforcement agencies and a national strategy is needed now more than ever. Let's hope that when the government announces its strategy it is wide-ranging enough to tackle the problem effectively and concentrate resources on reducing the impact of high-tech crime.

United we stand, divided we fall >>

Read more on IT legislation and regulation