Cybersecurity is of crucial importance to the UK, and policing it is up to all of us. Mark Lewis reports
Many people have said that Richard Granger, head of IT in the NHS, has the toughest job in UK IT. Len Hynds might beg to differ. As the head of the UK's National High-Tech Computer Crime Unit, it is Hynds' job to police UK cyberspace. Even with the support of government and the user community, this would be no easy task. Without it, it becomes nigh on impossible.
The issue of security shows no sign of improving. Only three months ago, the Slammer virus wreaked havoc worldwide, delivering a timely reminder of the ability of a lone scripter to disrupt business globally. Hynds makes it clear in our exclusive interview that we will only start to tackle the problem when all stakeholders pool information and collaborate on finding solutions.
Any readers who think focusing on security in their own organisation is a matter of choice would do well to digest the opinions of David Griffiths and Yag Kanani, partners at Clifford Chance and Deloitte & Touche, respectively. Widening corporate governance requirements mean IT professionals now have a duty of care to ensure secure systems.
Of course, users alone cannot solve the problem of security. Government policy makers must establish a clear framework for change. Liz Warren provides a route map for tackling security by extrapolating lessons from the US government's adoption of a national strategy on cybersecurity.
A lesson that emerges from this week's security special report is that we all have a role in securing our places of work and, by extension, UK plc. End-users need to stop opening suspect e-mails; those responsible for corporate security need to wise up fully to their responsibilities; and government and law enforcement agencies need to create a means of stopping hackers and others from compromising systems, and prosecute them successfully when they do.
This year's Infosecurity Europe show in London will be bursting with clever tools and good ideas for keeping our systems secure. Now the onus is on us to implement them.
Security by numbers
Average number of cyberattacks per company, per week - 30
Source: Symantec Internet Security Report, Q3/Q4 2002
Percentage of UK companies not adopting wireless technologies owing to security fears - 75%
Proportion of users who choose a common password where possible - 81%
Source: NTA Monitor
Proportion of global SMEs only updating antivirus software once a week - 42%
Source: Sophos Antivirus
Number of UK businesses without disaster recovery provisions in place - 360,000
Source: TDM Group
Proportion of employees who have divulged their password to at least one person - 71%
Number of employees who would report a stranger using a PC in their office - 4%
Predicted proportion of e-mail crossing office networks in 2003 that is spam - 50%
Source: Aberdeen Group
Proportion of respondents with no idea if their firm has a security policy - 56%
Percentage of corporate e-mail that is non-work related - 35%
Source: Waterford Technologies
Percentage of major financial institutions in the City of London not reporting cybercrime due to corporate reputation fears - 67%