#Twisted CyberSecurity

On the web, personal information can be as valuable a currency as cash. Citizen’s attitudes towards the privacy of their personal information are evolving and as a result unwittingly making the challenge greater. Increasingly, the definition of privacy is changing. Where once privacy meant not revealing information unless to a trusted third party, in the social media world information is willingly shared, but privacy concerns relate to how that information is used once shared.

Much cybercrime relies on the fact software is bug-ridden or contains flaws in its design. There is a clear need and opportunity for greater industry cooperation, standardisation and testing of software products to reduce the opportunity for hackers.

We have already seen examples of alleged international cyber-attacks, such as that on Estonia, and UK security services warning businesses of rampant cyber espionage originating in the Far East. We all know that, at some level, everybody is prying and spying on everybody else’s cyber presence. Many experts see a future cyber war to be inevitable – so why don’t we try to prevent it before it happens?

 An agreement of an international cyber peace treaty whereby signatories would agree that their infrastructure would not be used, or allow it to be used, for cyber-attacks. This proposal requires discussion at the highest forums. On the internet a state is not defined by its weapons or politics, but by its laws and regulations. Without a common base level of data protection and computer misuse legislation, there will always be territories that provide a safe haven for cyber criminals and hackers. Involvement in key global trade bodies should be dependent on an acceptance of such regulation.

Organised cyber criminals have realized that it is easier to steal $1 from a million people, than to steal $1m from one person. But in many cases, the response from law enforcement does not reflect the problem. One person complaining to the police about losing $100 through cyber-crime, or the theft of personal identity information, is rarely sufficient to elicit a response. In the UK, for example, police have delegated responsibility for small-scale cyber-crime reporting to the banks. How well are co-ordinated attacks spotted? Are trends and patterns sufficiently analysed? If one person loses $1m, the police response would be broad and well-co-ordinated. If a cyber-crook made a million from a million individuals, would they ever be caught?

Banks and law enforcers need to co-ordinate better, and reporting of crimes by individuals affected needs to be simpler and better policed. Too many individuals don’t bother because they don’t believe they will be helped. Perhaps social media techniques could be used to “crowd source” reports of theft or fraud? But in general, there needs to be a better relationship between individual and law enforcement to ensure adequate protection and detection of organised, widespread but individually low-level cyber-crime.