We could all do with talking more

In Information Security ByTeam Acumin / 30th August 2012

There’s something to be said about good communication, whether it’s an after work chat on the crazy wages of football stars, an enlightening exchange of tweet with someone across the world on press privacy in a digital age, or a networking meeting to discuss the latest happenings in the information security and risk management industry.

It’s always good to talk, whether you’re the individual imparting your expertise on some of the pioneering ideas you have with regards to penetration testing, or whether you’re an audience member, completely enthralled by an interesting and revelatory discussion on new models of business continuity and disaster recovery.

Human thirst for knowledge, though attainable through an autodidact orientation, is often best in a collaborative environment, ideas bouncing between different minds, the result being unintended outcomes that enlighten.

Bearing all that in mind, we find it odd then that new research from the European Network and Information Security Agency (ENISA) has found that many organisations and individuals across the continent not only are unaware that they have been the victim of cyber crime, but don’t report it.

The consequence of this is a sort of fictitious environment where the actual reality of the cyber crime landscape is not as it seems. Because there’s a gap of knowledge, no coherent system of reporting, what we think we know is decidedly lacking.

“Lack of transparency and lack of information about incidents makes it difficult for policy makers to understand the overall impact, the root causes and possible interdependencies,” the authors of the report state, highlighting the problems this lack of uniformity leads to.

“It also complicates the efforts in the industry to understand and address cyber security incidents. And finally, it leaves customers in the dark about the frequency and impact of cyber incidents.”

This is in spite of the fact that in recent years, many countries, not just Europe specific, but all around the world, have stepped up their game with their efforts against cyber crime, recognising it as a big challenge to keeping order.

However, where they have fallen short is in talking to one another, keeping each other informed of when they’ve experienced major cyber crimes, and letting other European nations know of advancements they’ve made.

The reason it is important to have cross-nation rapport is pretty self-evident. We live in a global world, where movement across borders, especially in Europe, is the norm where organisations have bases in many countries. Moreover, cyber crime doesn’t care for boundaries. It can happen anywhere in the world and have an international impact.

If, as ENISA notes, there is a common approach to tackling such crimes, a uniformed approach in their reporting, and constant dialogue between experts in respective European nations, you’re already well on your way of addressing the current gaps in knowledge and denting the success of fraudsters. Otherwise we’re always going to be losing.

“Reliable and secure internet and electronic communications are now central to the whole economy and society in general,” the report said. “Cyber security incidents can have a large impact on individual users, on the economy and society in general.”

Humans are supposed to be social creatures. Let’s get talking.