Your shout: cybercrime, ageism and business continuity

Have your say at

Have your say at







Cybercrime must be brought into the open

Simon Perry, vice-president, security strategy, Computer Associates

Although the attempted theft of £220m from Japanese bank Sumitomo was foiled by the police (Computer Weekly, 22 March), it highlighted how woefully inept our legislation is at protecting us from the threats posed by cybercriminals.

This week saw the introduction in the US Senate of anti-spyware legislation - a welcome development. Yet here in the UK, the Computer Misuse Act continues to flounder despite the efforts of the All Party Parliamentary Internet Group. Astounding in its audacity, the attack on Sumitomo was not a one-off but a warning to us all - criminals are behind a large percentage of cyber attacks, and no one is immune.

To defend ourselves from the activities of cybercriminals requires recognition at European Union level and beyond that such crimes will not be tolerated. More severe deterrents, such as longer sentences and the ability to seize cybercriminals' assets, must be put in place. The National Hi-Tech Crime Unit and Interpol must be given the resources to ruthlessly pursue offenders, regardless of national boundaries or the cost associated with prosecuting these organised and sophisticated gangs.

But legislation and law enforcement can only do so much. Although legislation provides a framework to pursue and punish offenders, technology provides the basis for prevention at the front line and the means for collecting digital forensic data that may be used as evidence during an investigation and subsequent trial.

We have a responsibility as IT professionals to work together to build security architectures that have the ability to provide law enforcement agencies with the evidence they need to prosecute cybercriminals. Parliament has a responsibility to ensure that the legislative framework and investigatory resources exist to pursue and punish offenders.

Only by addressing and bringing out into the open the activities of cybercriminals can we as an industry devise solutions to ensure that the cyber attacks of the future are defeated and reliance on the internet as a backbone for economic growth can continue with confidence.

CV experiment shows ageism in IT industry

James Rothenberg, IT systems architect

I read with some doubt your article "Prepare for an ageing workforce by 2020" (Computer Weekly, 22 March) because having posted my CV to several job sites and agencies, I have had little or no response from them, to the point that when I chase individuals I am fobbed off.

This led me to conduct an experiment: I kept my CV exactly the same (degree and HND in computing, four years' experience, etc), but I changed my age from 40 to 29.

Boom! Seven messages arrived within 24 hours promising to place me within a week. "Please use our agency," "Your skills are in high demand," etc.

So my point is, although your article may calm older IT professionals' ageism fears, the truth is that agencies, CIOs and IT directors who set employment criteria obviously have a very different mindset.

My view is that "older" IT staff, may well have to work into their late sixties, but it will have to be at Asda or B&Q, which seem to value the older employee and their superior work ethic.

Continuity plans must address the mundane

Keith Tilley, UK managing director, SunGard Availability Services

The latest Business Continuity Institute research (Computer Weekly, 22 March) did not highlight anything new in terms of the drivers behind business continuity spending, but it raised the question of how businesses are approaching continuity planning and why the measures they put in place are not addressing all potential threats.

Protecting your company against downtime, whether driven by the fear of IT failure or terrorism, requires the same provision. All that changes is the motivation behind it. You still need to identify weaknesses and put in place comprehensive business continuity plans.

By undertaking an impact analysis and risk assessment, organisations can identify mission-critical business functions and how soon these functions need to be up and running. This will ensure that the appropriate measures are put in place to guarantee the availability of different functions during a crisis. Of course, for those 25% of organisations that do not test the plans they have put in place, this certainty of ability to recover in after an incident will be severely eroded.

The attack on the World Trade Center caused organisations to focus on terrorism as a driver for business continuity spending. But the reality is, as our own statistics show, that terrorism accounts for very few problems (3%). It is mundane incidents such as software or hardware failures (67%) or power outages (16%) which are most likely to cripple a business.

Send your letters to
[email protected]

Read more on Managing IT and business issues