Behavioural, sociological and psychological factors must be studied
From Mr Roberto Tavano.
Sir, Malicious software like Stuxnet and now Duqu understandably prompt questions of who or what is next? (“Spying program infects industrial sites”, FT.com October 19.)
With the Stuxnet code available for anyone to find online, it is perhaps inevitable that a similar virus has emerged. The important thing for businesses is to adapt their security practices to deal with these increasingly frequent and complex viruses.
At a country, organisational and even an individual level, the most serious problem influencing our ability to defend ourselves is our reaction to breaches. Many incidents go unreported, as government and businesses alike are not eager to advertise their weaknesses.
Two key areas need to be addressed if we are all to erect a strong defence in the developing cyberwar: collaboration and education.
First, everyone needs to be willing to share information about attacks on their infrastructure. UK foreign secretary William Hague has called a summit in London next month in an attempt to help improve the flow of information between governments. If we can reach the stage where we can pick one area where there is common ground, we can begin to form a consensus on best practice going forward.
We also need to educate businesses and individuals alike to ensure we invest in researching the behavioural, sociological and psychological factors that motivate hackers and cybercriminals. By understanding those who are designing and releasing viruses such as Duqu, we can build a framework to counter their activities. We need to ensure the “digital natives” who have grown up with the internet put their cyberskills to positive rather than malicious use.
It is imperative that organisations recognise the need for new security measures to fight this battle, including employees’, customers’, and partners’ access to applications and data. This is starting to emerge in business-driven cybersecurity models and represents the best opportunity to combat those who aim to exploit the cyberspace in which we operate.
Roberto Tavano, Vice-President, Unisys, London EC2, UK
Copyright The Financial Times Limited 2011