|
|
|
|
|
|
|
|
|
|
|
|
|
|
More capital and greater commitment needed for cyber-security in a world where identity theft is costing the public $100 billion a year
FCW.com reported on an important security discussion this week, with experts warning that attacks on computer systems will continue to escalate and become a public trust issue until governments, industry and other organizations implement and enforce better security policies and invest more money and employees in cybersecurity.
|
|
|
|
|
|
Eugene Spafford, a computer sciences professor at Purdue University, painted a grim picture during a teleconference hosted by the National Association of State Chief Information Officers (NASCIO). He said information security research has been underinvested in and national and international law enforcement have few resources and employees to fight cybercrime.
Organised crime increasingly from Eastern Europe and Africa is responsible for data breaches. Cybercriminals have resorted to extortion, demanding money in exchange for not erasing an agencys or organisations data or instituting denial-of-service attacks. They employ people to write spyware, botnets and other types of surreptitious software that hide in computers and capture keystrokes and other data, Spafford said.
The cost of identity theft exceeds $100 billion annually, he said.
Yet the US federal government does not seem to regard the issue with urgency, opines Spafford. Homeland Security Department officials have yet to fill an assistant secretary for cybersecurity and telecommunications position created last fall, and DHS budget for information security research is less than 1 percent of the agencys budget, he said. More money is spent to keep cigarette lighters off airplanes than to address the fundamental problems of information security, he added.
Earlier this year, NASCIO and the Metropolitan Information Exchange released a joint survey that shows state governments have varying degrees of technologies, policies, education, budgets and staffing regarding cybersecurity. State officials previously said they would like better guidance and cooperation with federal officials on the matter.
Spafford, who also runs Purdues Center for Education and Research in Information Assurance and Security (CERIAS), said agencies and organisations havent kept pace with good security measures as they have moved into telecommuting and wireless environments and have begun using new technology such as voice over IP. He revealed that 20 new software vulnerabilities and 50 new malware types are reported daily.
The pharmaceutical industry has done a good job of securing data, he said, adding that he heard the adult entertainment and online gambling industries also manage cybersecurity well.
|
|
|
|
| Back to News Menu... |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
