Government alone cannot effectively fight cybercrime

Government alone cannot effectively fight cybercrime

Summary: Difficulties in keeping pace with cybercriminals and increasing amount of sensitive data make security tools still necessary for improved security posture, alongside law enforcement.

SHARE:

Security spend on antivirus should not be limited in favor of more law enforcement due to difficulties keeping up with cybercriminals and the large amount of sensitive data, note security watchers, who advise a holistic allocation of resources to budget, international laws and education.

While detection and enforcement need to be "dramatically improved", cybercrime is often conducted in jurisdiction where timely extradition, trial and punishment in a cost-effective manner are difficult and, hence, ineffective as a deterrent, noted Mark Bower, vice president of Voltage Security.

The criminals know this and exploit the situation, operating at arm's length of the law, he added. As such, the public should not expect too much of governments regarding how fast they react to cybercrimes, how operations should be funded to detect and respond to such activities, and how law enforcement keep up with the innovation criminals have access to, Bower explained.

At the same time, there is also too much high-risk information available in government systems so it will not be wise to reduce expenditures on technical information, he added.

Nick Hayes, senior researcher of security and risk at Forrester Research, agreed reducing spend on ensuring proper technical information was a bad idea. Technical tools can enhance an organization's security posture and increase visibility into their network, he explained.

However, Hayes maintained technical tools are only "a piece of the cybersecurity puzzle"--an organization need a holistic program which utilizes all forms of prevention, detection, and enforcement to most effectively prevent threats in today's world.

The University of Cambridge, approached by U.K.'s Ministry of Defense, conducted a cybercrime study last month which revealed the country spent almost £640 million (US$993 million) on cybercrimes but less than £10 million (US$15.5 million) on cybercrime law enforcement.

"Some police forces believe the problem is too large to tackle," Ross Anderson, the study's lead author told the BBC in a report. "In fact, a small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase anti-virus software."

Not focus on balanced budgets but policies
When organizations try to calculate their security budgets, they often struggle to measure the potential impact and likelihood of a security breach, noted Andrew Rose, principal analyst of security and risk at Forrester Research.

At a government level, this becomes almost impossible to quantify, he added.

Cybercriminals inhabit regions across the globe which makes policing and apprehending them a challenging proposition, Rose reiterated.

Governments therefore should consider more than just prevention, detection and recovery from cyberattacks, and also focus on building national and international laws which can deal with attackers as well as political influence to manage the situation should it transpire the attack is a fellow nation state, he suggested.

He added that a national level of protection from cyberattacks will be heightened when all critical sectors such as banking, utilities, legal and manufacturing practiced self-protection and shared information about threats and attacks.

Rose said: "This isn't an issue that can be solved just with technology. Governments need to invest in education and awareness at board level to ensure the industry is aware of the risks and acting appropriately."

Topics: Security, Data Management, Government, Legal

Ellyne Phneah

About Ellyne Phneah

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • This article should read: Government cannot effectively fight cybercrime

    All that we have built has been through market action and individual effort, a massive decentralized effort, we cannot allow the government to come in and suck the life out of it. Their goal is money and control same as it ever has been. The tech industry is the only area of the economy that is currently showing signs of life and they can't wait to strangle it under the guise of safety. When the government invests in something, the price rises and the quality falls, that is the nature of government. We have to push back against this or the technology market will suffer the same massive distortions and stagnant growth as the other areas of the economy such as the health and financial sectors. God help us all.
    Protector
  • Government alone

    The one principle that seems to escape experts is: take one down, many more fill the spot.

    Darpa is currently working on a program with "Mudge" (those of us that have been around for a while know who he is) on a system that generates false documents in hopes of flooding the system with disinformation in an attempt to catch leaks of sensitive information. This is to cause doubt as to wether the attacker had gleaned any REAL, discernable classified information becuase they don't know what is true and what isn't.
    http://www.wired.com/dangerroom/2011/11/darpa-trap-wikileaks/

    It's just really ironic that at a time when nuclear weapons and cyber security are the 2 biggest threats on the planet and IT jobs are becomming scarce. I live in #20 of the 20 worst states in america for IT jobs right now according to the article last week. I have never once worked for or consulted for a business that has ANYONE that even checks their own networks security. Never. Companies need to start taking a more active approach to securing their own networks instead of just constantly complaining about being hacked. Take away the playground and they will find somewhere else to go...
    Nate_K
  • Wow

    like Rebecca responded I am alarmed that people able to make $7688 in a few weeks on the computer. have you seen this webpage(Click on menu Home more information) http://goo.gl/pE0hp
    SchwartzEdith