June 17, 2009
Email and Messaging Security News of the World
Quite a bit of international email security, online security and social media news of interest today with important goings on including the release of the UK's "Digital Britain" report, a ruling that impacts blogger privacy in Britain and, in his first interview as US "Cybersecurity Czar," Philip Reitinger talks to Agence France-Presse about botnets and the global market in malware.
Security and "Digital Britain"
Yesterday, the UK issued a wide-ranging 245-page report called "Digital Britain" that covers a wide variety of online/digital initiatives being undertaken by the UK government. The report calls for many things including universal broadband access in the UK by 2012, new regulations against digital piracy and a three year plan to boost access and participation online by Britons from all walks of life. (BBC has a good overview here.)
While the report itself devotes an entire chapter to security issues (ranging from the global to the desktop), our managing director in the UK, David Stanley, noticed that there was a distinct lack of commentary in the report on end-user education about security concerns and he noted that bridging the digital divide in the UK - while a noble cause - needs to take security into account:
"While the Government should be applauded for its desire to get every UK citizen online, I fear its approach to doing so will leave a lot to be admired, and plenty to be concerned about.
Will this digital migration be managed responsibly with every household walked through the security measures they need to have in place in order to surf the web in safety? Or will speed and best intentions leave security a hostage to fortune?
Criminals will target anyone with a computer and an internet connection but the less security savvy that person, the more attractive a victim they become. The Government needs to ensure children, parents and the public in general are crystal clear on responsible and safe computer use.
Out of a 200-plus page report, a mere 394 words are dedicated to online child security. Even this section focuses on what protection methods are already in place. Education must be stepped up and security measures overhauled if we are to reduce the amount of online crime and internet misuse.
Simply flooding the web with more vulnerable people will be a recipe for disaster, unless you happen to be a cyber-criminal."
It’s easy to make a statement of intent that looks good politically, what we need to see is education underpinning any investment, so we can move towards a safe and more secure digital future.
No More Blogger Anonymity in UK?
Also out of the UK, the Times Online reports on a British High Court ruling that essentially says that bloggers who "operate behind the cloak of anonymity have no right to keep their identities secret." The case in question is about a blog called NightJack, which provided an insider's view of police work, apparently including details from actual investigations and prosecutions. The Times has the details of this case, which are quite interesting. On the issue of blogger privacy, the article says:
In the first case dealing with the privacy of internet bloggers, the judge ruled that Mr Horton had no “reasonable expectation” to anonymity because “blogging is essentially a public rather than a private activity”.
To bring this back to enterprise online security, this ruling creates a situation similar to electronic communications in US enterprises, where employees need to remember that email, IM and HTTP transmissions that use an enterprise's systems are always subject to monitoring, scanning, archiving and review -- and for good reason. Readers interested in such topics will want to read my Outbound Email and Data Loss Prevention in Today's Enterprise report for more statistics and insights about email and workplace privacy, regulatory compliance and related security issues.
US Cybersecurity Chief to French Press: The Trade in Botnets and Malware is a Real Threat
Philip Reitinger, the new head of the US National Cybersecurity Center gave his first interview in that capacity with French press agency AFP today, noting that malware - and the botnets that are commonly used to spread it - represents an "underground market economy" that poses a "risk to national government capabilities." You can read the entire article here.
One point that Reitinger makes, that echoes something that Proofpoint spokesfolk point out repeatedly, is how malware has evolved from a nuisance to a powerful tool used by organized crime:
"Everyone thought of hackers as sort of curious kids that sat in their room and banged on the computer late into the night with their pizza boxes and, you know, they were just out there to make a name for themselves.
Cracking is very different now, the threats have become much more sophisticated.
The hackers, who used to worry about making a name for themselves by putting graffiti on 100,000 systems, now want to attack one system and get specific information from it, or attack 50 systems and get credit card information."
We'll be tackling the topic of the latest botnet threats in next month's live Proofpoint webinar, so stay tuned for details! You can keep up with the latest Proofpoint webinars by subscribing to our Proofpoint Webinars RSS Feed.
Links:
BBC: Digital Britain at-a-glance (also the PDF of the full Digital Britain report)
Times Online: Ruling on NightJack author Richard Horton kills blogger anonymity
