Computer Crime Research Center


Cybercrime takes back seat to brand as CSO priority

Date: April 23, 2008
By: Martin Veitch

Despite the escalating levels and sophistication of cyber crime, survey finds that harm to brand is the most unwelcome prospect for security bosses

Reputational damage is top of mind for information security leaders again. According to a global survey of more than 7,500 security professionals, 71 per cent said that avoiding harm to brand was their top priority, ahead of other hot topics, such as maintaining customer data privacy, controlling identity theft, and protection against breaches of laws and regulations. The study was conducted by researcher Frost &Sullivan on behalf of security professional certification group ISC2.

Howard Schmidt, a former White House security advisor, said the future of security lies in it being baked into systems, networks and processes. “Security is starting to be built into the infrastructure,” he said. “Before, it was like buying a car and having to buy the brakes separately. We’ve truly passed a tipping point.”

Schmidt added that consolidation in the sector was aiding that process with deals in the last couple of years, such as EMC buying RSA Security and Symantec combining with Veritas.

He also empathised with those who call for the restoration of a unit dedicated to tackling computer crime. “There’s this question of ‘should hi-tech be subsumed into some other organisation?’ Although I agree that consolidation is good within the industry, I think it’s a bit premature for public agencies. They should have a concentrated unit because otherwise they have to compete for resources.”

Louis Gamon, regional director of the Information Systems Security Association, was critical of the government and “how little it pays any attention to cyber crime. There’s a belief that it’s small beer, peanuts, but we’re losing more money in e-crime than to the drugs cartels.”

However, Schmidt cautioned that definitions of the nature of computer “crime” need care. “The perception is sometimes one of someone with sunglasses directing things from a Rolls-Royce when you use the term ‘organised crime’,” he said, noting that often groups of miscreants have no association with Mafia-type organisations or terrorism.

Nealon also said that social networking threats remain a concern. “Security used to be mainly technology then process, so you would have a technology control such as anti-virus or intrusion-detection, and a process such as patching and updating. Now it’s the people aspect of the job that is hardest to control. Look at what Kevin Mitnick [notorious US cyber criminal] did. He was very charming and compromised systems through people.”
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo