Security guru warns of cyberpolice shortage

Howard Schmidt, who used to advise the US president on cybersecurity, wants a concerted push to raise the public's awareness of the issue
Written by Dan Ilett, Contributor

Howard Schmidt, former cybersecurity advisor for the White House, has claimed there aren't enough trained police officers in the world to tackle cybercrime effectively.

Speaking at the e-Crime Congress in London on Wednesday, Howard Schmidt, who is also the chief security strategist for auction site eBay, warn delegates that the issue needs to be addressed as cybercrime becomes more prevalent.

"One thing that is very prevalent is that there aren't enough investigators to handle all the cases coming through," said Schmidt.

Schmidt gave the example of his son, a computer-crime policeman in the US state of Arizona, whose department has an eight-month backlog of work.

In the light of the attempted online robbery of Sumitomo Mitsui Bank, Schmidt said it was easier and less risky for criminals to steal small amounts of money from a variety of people that to thieve a large amount from one big firm.

"No one's going to rob a bank for a million dollars," he said. "Not when they can rob a million people for a dollar. If you think of the normal mindset of a criminal, if it is hard, risky and takes too much time to do something, it's better to go somewhere else."

Detective Superintendent Mick Deats, deputy head of the National Hi-Tech Crime Unit, said on Tuesday it was harder to catch Internet criminals who steal smaller amounts of money.

To combat individual online theft, Schmidt advocated the use of basic security tools — antivirus, anti-spam, anti-spyware software and a firewall. Since doing this himself at home, he said, "I've had no phishing emails."

Schmidt urged UK delegates to consider a US neighbourhood-watch-like campaign, where the government there is distributing 17,000 DVDs to police forces for a public awareness scheme on IT security.

He added that vendors were selling technology, such as voice-over-IP services, without security functions enabled, and that this should be thought about before deployment.

Editorial standards