A new Microsoft report has found a strong correlation between levels of economic development and the security of information infrastructure.
The report, Linking Cybersecurity Policy and Performance (pdf), was authored by Microsoft’s Global and Security Strategy and Diplomacy (GSSD) team.
The reports' authors use statistical analysis based on the number of times the company’s Malicious Software Removal Tool – distributed to Windows users via Microsoft Update – was run, and the number of malicious applications it cleared.
The paper comes up with a metric it dubs CCM to measure the level of exposure to cyber security risk. The paper outlines the statistical calculations used to arrive at its conclusions.
According to the authors, the MSRT tool is run around 600 million times per month, providing a strong statistical basis for drawing conclusions about malware infections.
“This represents a large proportion of the global personal computer install base, making the results a reasonable proxy for overall cybersecurity levels,” they wrote.
The paper indicates there are strong correlations between countries adopting measures such as international treaties like the Council of Europe Convention on Cybercrime and voluntary codes of conduct like the London Action Plan, and the levels of malware infection.
The authors, however, are careful to point out the statistical tools used are imperfect. The measurement index they adopted, called CCM, does not measure and report important cybersecurity outcomes, including actual damage caused by infections, they wrote.