This week the UK government launched the Cyber Street programme to improve the cyber security of UK residents and SMEs. This is complemented by a Cyber to the Citizen initiative from the BCS – (The UK Chartered Institute for IT).
The background to this is the continuing concern that most cyber-crime is opportunistic and could be prevented if people consistently took simple measures. For example UK GCHQ estimates that 80 per cent of all cybercrime could be prevented by basic cyber hygiene measures, saving the UK economy billions of pounds annually. The campaign aims to increase the percentage of individuals and Small to Medium Enterprises (SMEs) consistently adopting ten or more cyber security behaviours (out of 17 for individuals and 14 for SMEs.
These behaviours include:
- Install and keep up to date Anti-Virus Software
- Use strong passwords
- Only download from trusted websites or organizations
- Beware of phishing emails
- Review and protect business information
The study upon which this initiative is based found that only 10% of SMEs consistently applied these behaviours and it is estimated that the Cyber Street programme will provide measureable benefits based on improving this by 5 percentage points.
This fits with KuppingerCole’s view that the main information security risks are still related to human weaknesses. The root causes can be categorized as malice, misuse and mistake. Malice includes activity by organized criminals outside of the organization as well as actions by insiders who may hold a grudge or who are being blackmailed. Misuse is where people with legitimate access to information use that information in inappropriate ways for example through curiosity. Mistake is where people leak information through inattention or carelessness.
Sometimes it seems that the only people who value your information and are those who want to steal it. People would not treat money with the same disregard that they treat their IT systems and the data they hold. Our view is that what is required is better information stewardship which is based on the idea that a good steward takes care of property that is not his or her own. It is important that everyone understands that they individually are responsible for the security of the information they hold, the IT systems they run and the consequences of data being mishandled.
This is an interesting initiative on the part of the UK government supported by the BCS. We hope that is will be successful in developing a cyber-aware culture and reduce opportunistic cyber-crime.