Sophos Cloud Optix
It’s great to be a part of the US’s National Cyber Security Awareness Month (NCSAM) again this year.
Back in the good old days of 2006, the Australian government was becoming increasingly aware of the growing risk of cybercrime, and in conjunction with like-minded organisations such as Sophos, the Australian Cyber Security Awareness Week was born.
Originally with only a handful of partners and schools, this week has become a serious event in 2013 with over 1,400 partners, including around 700 schools.
Then, in 2011, the New Zealand government launched its Cyber Security Awareness Week to coincide with its Australian counterpart. Sophos was again a member of the steering committee.
One great component of the Australian week has been the distribution of the Budd:e Cyber Security education package, which help students from years 3 and 9 adopt safe and secure online practices.
It is interesting to contrast the US ‘month’ with the ANZ ‘week’. A very serious but amusing colleague here at Sophos pointed out that “awareness just for the week or month is a bit like a ‘quit smoking afternoon’ being just a few hours when you don’t smoke, when it should be the point in time where you start never smoking again.”
Earlier this month I was fortunate to be able to present at the Singapore government’s conference – Govware – which has a strong affinity to Cyber Security Awareness Month. Governments all over the world are now engaged in similar events.
Given the global nature of the problem, with criminals possibly based in every country and utilising hijacked servers (zombies or botnets) based randomly around the world, it is clear why no single country can own this.
Bringing together all the fine work of governments will be increasingly important to us all. No one entity owns the problem but we all own elements of the solution.
I believe that a key set of players in this fight must be the global providers of security products as, by our nature, we are not constrained by borders in the way national governments are.
Every day, SophosLabs finds over 250,000 new examples of malware from all over the world and then provides this protection to our global customers – this is a clear example of the span of reach that multinational companies have.
So it seems to me that cooperation between both the public and private resources for good is a good way to ensure we’re not outflanked by the bad guys.
Cross-country prosecution is often difficult due to a general fragmentation of effort, the challenge of borders and uncertain legislation. Allowing this to continue will increase the power of the criminals and make the future problem even greater.
To again draw on the smoking analogy – every day you continue smoking makes giving up harder.
No one country alone can win this battle, nor can one security provider. We all need to play our part. Wherever we are, let’s get behind our governments’ efforts.
Image of passport stamps courtesy of Shutterstock.
Cyber criminals have no borders, so neither should we
Are you sure?????????
Yes indeed! …BUT….
How did we get into this situation?
Essentially we now have an IT security industry that even Bruce Schneier states clearly "should NOT exist!" and which, by any measure, is now ridiculously large! (Just check the size and reach of the RSA conference and exhibition each year). The ICT industry, totally unregulated, has produced products, systems and services with little regard to inherent and "built-in" security from the start of design, e.g. just look at the original documents for Microsoft's "Palladium" / NGSCB project, the reasoning behind the development of SELinux, etc.!
Why, for example, can ANY application layer program do anything at the root/kernel level? ( We stopped that with B2 systems 30 years ago!)
Government must STOP blaming the user and the customer, which seems to be the main theme of security week here and month in the USA, and just as in most over economic sectors introduce appropriate legislation, preferably on an international cooperative basis, to REQUIRE the industry to offer systems that – well – are safe and secure for its customers – just like cars, just like pharmaceuticals, just like air transport. just like – well – just about everything!
I have yet to see anything from these "weeks/months" that addresses the REAL problems that can only be answered by the industry itself. Let's put blame where it belongs – on the suppliers of insecure products, systems and services never meant to be connected to a global Internet!