IT systems under threat

Before joining Symantec, Ward was seconded to the UK Cabinet Office, where he co-authored a report on encryption and law enforcement. In 1999 he helped to set up the Office of the E-envoy. He joined the Ministry of Defence in 1982 as a security specialist.

VNU: How do you think the security concerns of companies have changed over the past 12 months?

Jeremy Ward: It is possible to discern three trends over the past year. Concerns about viruses have been heightened by the increase in intensity and number of more sophisticated attacks being launched – Code Red and Nimda, for instance. Concerns about credit card fraud have risen among firms trading online.

And there has been a stronger realisation of the difficulty and complexity of information security management, with a consequent willingness to consider outsourcing. There has also been a general rise in the awareness of security since 11 September, and a willingness to look again at business continuity planning and disaster recovery.

Have any significant new threats surfaced that might require a shift in emphasis from law enforcement agencies?

It’s probably true to say that no wholly new types of threat have emerged. Cyber crimes fall into the same categories as traditional ones: fraud, blackmail and criminal damage, for example. The internet just enables them to be committed against more people, in more places, more quickly.

By their nature, online crimes are harder to detect, prevent and prosecute. What has come to the fore in recent months is the threat of cyber terrorism.

What implications does the online terrorist threat have for governments and other organisations?

All cyber crime is international, and must therefore be tackled internationally. But cyber terrorism, because of its threat potential, demands a response that is different in kind and intensity. Detecting and preventing it requires that law enforcement agencies share and analyse data on an unprecedented scale. This has significant implications for civil liberties.

This year, the government launched the National Hi-Tech Crime Unit to investigate and prevent computer crime.

Is the strategy to improve the technical capability of law enforcement agencies to investigate internet crime a good one?

Yes. The NHTCU strategy is fine in principle, but there has to be concern over three issues: co-operation with agencies working in similar areas; the level of support from individual police forces particularly over the release of appropriate manpower resources; and co-operation with industry, where much-needed expertise often resides.

Do you agree with claims that the NHTCU is under funded?

The NHTCU is aware of the security issues. Tackling them effectively is a matter not so much of money, but of joined-up thinking and high-level impetus.

Are companies now more aware of the need to protect their systems?

Nearly all firms have people who know of the importance of information security risk management. But they lack an understanding at board level of how failure to manage risk in this area affects their business. As soon as the word ‘information’ crops up, the chief executive and chief financial officer kick the problem straight into the lap of the IT department. This has got to change.

Related reading