User education and better collaboration between all members of the industry is the key to tackling cyber-crime, according to Microsoft's chief security advisor in EMEA.
Roger Halbheer told vnunet.com at the TechEd IT Forum in Barcelona that Microsoft's latest biannual Security Intelligence Report shows a drop-off in operating system-level attacks and in an increase in hackers targeting application vulnerabilities.
However, Halbheer warned that vulnerabilities in the user mean that attacks are shifting from technology to social engineering.
The security chief pointed to an increase in phishing attacks of around 500 per cent in the past six months, as well as targeted Trojans which increased by 150 per cent.
Halbheer said that the key to tackling the increasing tide of cyber-crime is to work with different parties to raise awareness, and to track down and prosecute the criminals.
"Microsoft is working with Interpol to get the bad guys, because it is not enough just to protect yourself. We have to increase the cost to the criminals, including the possibility of being sent to jail," he said.
Law enforcement agencies are facing challenges in trying to break these rings of cyber-criminals, but Halbheer believes that there is increasing understanding of the crimes and the way these organisations operate.
But there are legal issues that hamper international investigations, including inconsistent legislation and differing definitions across different countries.
Collaboration between the public and private sectors is also necessary, Halbheer stressed.
Research shows that countries with closer partnerships between government and business suffer fewer attacks because companies are more comfortable turning to the government for assistance and guidance.
Halbheer added that user education is key to tackling many of these security issues and is the joint responsibility of corporations, government and the media.
It is imperative to provide a unified message to users, be they at home or in the workplace, about the dangers of poor security and the simple steps that can be taken to effectively counter these threats.
"This is not a product message that needs to pushed, but rather a practice message to make sure that users take steps such as installing an antivirus program and making sure a firewall is turned on," said Halbheer.
The focus on user education needs to be on children and teenagers, according to Halbheer, who believes that internet security should be taught in schools to ensure that the principles are ingrained from an early stage.
However, Halbheer highlighted a major hurdle in that children often know more about these issues than their parents or teachers, turning the traditional teaching model upside down.
"Parents need a new approach to raising their kids. They need to show interest, be part of the life of the child and try to understand what is going on rather than pulling the plug, because that would be the worst possible thing, " he said.
Halbheer acknowledged that teachers, in particular, are being burdened with more and more work.
"They have to do sex education, Aids prevention, cultural education and so on, and now internet security needs to be added in there as well. It may be too much. It is a question of how you bring that into the life of the kids and the parents," he said.
Cultural and economic differences can also hinder progress particularly in third world countries that are fighting poverty and disease. Trying to preach a message of internet security is often ignored as irrelevant.
"This will take time. I would love to see a broad silver bullet but it does not seem to exist. Every move is a tiny step, but the tiny steps add up," Halbheer concluded.
TechEd 2007: Security should be taught in schools
By Staff Writers on Nov 15, 2007 7:20AM