Infosecurity Europe bucks economic recession, as does cybercrime

If the Infosecurity Europe show is a barometer of economic health, then it looks as if the security industry is in good shape. Cybercriminals, however, are looking strong, too.

 For news and interviews, check out's coverage of Infosecurity Europe 2009.

LONDON -- If the Infosecurity Europe show is a true barometer of economic health, then it looks as if the security industry is in good shape, and bucking the recession. The show, which took place in London last week, attracted 12,445 visitors over three days, a 5% increase from the 2008 attendee numbers, and exhibitors reported brisk trade from people with real requirements to meet.

The growing threat of organised cybercrime cases was the conference's main focus, but exhibitors reported that the main drive among prospective purchasers still appeared to be regulatory compliance, whether it is PCI DSS for those handling credit card data, or the new Code of Connection (CoCo) that all local authorities and public-sector bodies will need to meet before September in order to connect to the government's secure extranet.

While exhibitors on the show floor were keen to demonstrate value to suit tighter budgets, there was little sign of any new technological breakthroughs. One analyst, Graham Titterington of Ovum, a research firm acquired by Datamonitor plc in 2006, described the general level of technology as "incremental," and pointed out that biometric devices were notable by their absence.

The conference sessions spent much time looking at the culprits -- the cybercriminals -- and how to prevent, punish and prosecute. In an opening keynote speech, former Home Secretary David Blunkett bemoaned a general lack of government awareness of cybercrime, and poor coordination between the plethora of different agencies and bodies that are supposed to be dealing with the problem.

A later session on e-crime featured Howard Schmidt, a previous advisor on cybersecurity at the White House and a former FBI agent. He said cybercriminals were able to avoid detection often by stealing small amounts from millions of people. "Who is going to report the theft of a pound or a dollar?" he asked. "It's only the most brazen criminals who boast of their exploits who risk getting caught."

But Schmidt noted that at least in the U.S., the authorities have a better chance of assessing the true level of crime and cybercrime cases through the Internet Crime Complaints Center, a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center, where victims can easily report an e-crime. In the U.K., by contrast, the promised National Fraud Reporting Centre, an organization pushed by the Attorney General's Office for England and Wales (AGO) to report fraud trends, has yet to materialise.

A member of the audience brought a personal perspective to the problem. Steve Howorth, a detective constable with the recently formed Police Central e-crime Unit (PCeU), explained why so little is done. "I am one of just two intelligence officers at PCeU, and the other one is a detective who is still learning the subject," he said. "We badly need to recruit an analyst as well, but we don't have the budget."

He called on members of the audience to lend any kind of help they could offer in order to help the PCeU do its job. But there was also some good news related to the crime unit's efforts: the PCeU had recently notched up a major success in early April with the arrest of nine people allegedly involved in an online banking scam that aimed to use Trojan malware to defraud banks. The investigation was done with active collaboration of bank security professionals.

Read more on Security policy and user awareness