Cybercrime -- An Epidemic
Also: How Argonne Labs got users to help clean up network security.
Team CYMRU, a group dedicated to improving the security of the Internet, take a look at cybercrime from the criminal’s perspective
Their insightful view is that criminals know they can operate with relative impunity, and do so frequently, often boasting in public of their prowess and success. Their conclusion: "Thwarting or diminishing the incidence of online crime will come through the nearly ubiquitous creation of carefully considered policy and its proper global application."
Once again, it's not a pretty picture. But there’s certainly no question that a lack of reporting, cooperation and stiff penalties is feeding the problem.
How Argonne Labs Did an About-Face on Cybersecurity
In 2001, the U.S. Energy Department’s largest research facility, Argonne National Laboratory, had an abysmal cybersecurity track record. According to a NetworkWorld interview with Communications Infrastructure Department Manager Scott Pinkerton, Argonne was able to "turn the ship around" within a year. The hardest and most important component of that turnaround, says Pinkerton, was user education.
column was originally published in our weekly Security
Watch newsletter. To subscribe, click here.
As Pinkerton explains, Argonne was bereft of adequate security devices like firewalls and VPN appliances, but these measures were not difficult to implement. Alone, however, they were also not enough to reverse the failing audits.
Through an on-going, year-long process of "town hall meetings" with their employees -- mostly scientists -- Argonne revamped its user training programs and instituted mandatory yearly training reviews. This, Pinkerton believes, had the biggest overall impact.
User education is never easy, but by implementing a change in the user culture, such as annual training reviews, it becomes possible to make the education task easier. No doubt, we all know that there are "many ways to skin a cat" when it comes to security solutions; equally, it isn’t terribly hard to find new ways to restate old educational adages. By keeping these issues fresh in the minds of users, you stand a better chance that users remember the best practices when they confront an insecure option.
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.