Information security has grown from being a small subset of IT to now being something of critical importance, not just to organizations but also to industries, economies and nations. As we become more and more dependent on the Internet, and computers control more and more of our daily lives, they also become a bigger risk to the stability of our businesses, economies, and our critical network infrastructure.
These risks have been recognized by governments around the world. US President Barack Obama has stated that “the cyber threat to our nation is one of the most serious economic and national security challenges we face.” Jonathan Evans, head of the UK’s secret service MI5, highlighted in July 2012 that the online threat to the United Kingdom was comparable to that posed by terrorists and said there were "industrial-scale processes involving many thousands of people lying behind both state sponsored cyber espionage and organized cybercrime".
Yet despite all this rhetoric about computer security, there is still a lack of clear leadership on how to deal with the problem. Various countries have published their cyber security strategies, yet many have not shown any evidence of implementing those strategies in any demonstrable manner. We have seen individuals appointed as cyber security advisor (or tsar) positions in a number of countries, who then quickly resign and cite the lack of resources and support as obstacles to fulfilling their roles effectively.
The Convention on Cybercrime was one of the first treaties developed to enable an international legal framework to deal with online criminal acts. However, since its adoption by the Committee of Ministers of the Council of Europe in 2001, only thirty of the forty seven countries who have signed the agreement have actually ratified it and made it law.
Many businesses are also failing to tackle this important issue. Not a day goes by that we don’t hear about another company suffering a security breach. Many of these breaches are avoidable, as shown by Verizon’s Data Breach Investigations Report, which highlights that of the breaches investigated in 2012 nearly 97% of them were avoidable using simple controls.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.