Which is better prepared to cope with cybersecurity issues, Europe, the United States or Africa?
According to Microsoft's new Security Intelligence Report (.pdf), the global impact of policies concerning cybersecurity can affect how different countries are able to cope with cyberattacks worldwide, and future policies has to take issues including demographic predictions into account.
Published by Paul Nicholas, senior director Security at Microsoft Trustworthy Computing, Aaron Kleiner and Kevin Sullivan, the report, titled "Measuring the Impact of Policy on Global Cybersecurity," focuses on how changing global demographics and the rising numbers of online users are an important factor in creating and enforcing protective policies.
According to the report, current projects indicate that internet users will double by 2020 to four billion worldwide. The largest boost in the population of online users is expected to come from China, India and Africa.
Based on data from the report, the researchers found that countries with the lowest malware infection rates were "significantly more likely" to be included within treaties such as the Council of Europe Cybercrime (CoE) -- a common protocol to deal with cybercriminals -- or voluntary Codes of Conduct including the London Action Plan (LAP), which is an international cybersecurity enforcement network. Although the report notes that involvement in these kinds of schemes obviously doesn't protect a country against cyberattacks automatically, it does say that inclusion reduces the risk of malware infection rates, perhaps due to being more prepared and informed about the latest threats.
Out of the highest-performing countries, 43 percent were located in Western Europe. Countries with the lowest cyber risks had on average more access to PCs per capita than those lowest on the list, as well as "higher health expenditure per capita, regime stability, and greater broadband penetration."
The data also found that countries with the highest levels of cyber risks also had high rates of piracy. Microsoft says that high piracy rates have been partially fuelled by the increase into emerging markets, and the commercial value of such pirated software was worth $63.4 billion in 2011.
The report says that these countries also often have low literacy rates, broadband penetration and high crime per capita -- and in addition, malware infection rates may be up to three times higher than the best-performing countries. Fewer than ten percent of these countries -- mainly based in the Middle East and Africa -- have signed codes of conduct or treaties on cybercrime.
As the number of online users rises, governments need to take a closer look at how current policies will be able to cope. The team hopes that by understanding factors that impact cybersecurity situations -- going beyond education and evolving technology -- and also considering worldwide policies and socio-economic factors may result in not only predicting a country's cybersecurity performance, but simply understanding what works to protect users, and what doesn't.
As the shift in online user demographics continues, Microsoft argues that this will drive necessary policy initiatives. Although the bulk of cybersecurity treaties and codes of conduct are currently based in countries including the U.S. and U.K., as more people gain online access in emerging markets, global-scale initiatives will have to be sensitive to these changes.
Recently, Microsoft partnered with security firm Symantec known as the Bamitel botnet. Able to take control of hundreds of thousands of computers and infecting them with malware, hijacked browsers were redirected in order to lead them to use search engines present on websites that Bamitel chose.
A complaint, filed by Microsoft in an Alexandria, Virginia-based court, says that millions of dollars were taken away from advertisers due to the malware. According to Bloomberg, estimated infection rates since 2010 have reached between 1.2 and 1.4 million computers.