RSS Alerts

Share

More services

Related Links

Top 5 Stories

News

Infosecurity Europe: Lord Erroll calls for greater punishment for cybercrime

28 April 2009

Lord Erroll stole the limelight, and the audience’s attention on the ‘Who got caught out the last 12 months’ keynote panel at the Infosecurity Europe show in London, 28 April 2009, by calling for greater penalties and repercussions for cybercrime.

 

Chaired – ironically – by head of security and business continuity for HMRC, Jeff Brooker, who began by assuring the audience that “HMRC doesn’t count as getting caught out, because the breach was more than twelve months ago”, the panel also consisted of Dan Blum, senior vice president and principal analyst, Burton Group, and Julia Harris, head of information security at the BBC.
 
Lord Erroll told delegates that without doubt, we are experiencing huge increase of risk due to the tough economic climate. “Are there incentives not to commit e-crime?” he asked, shortly concluding that there are not, and that more regulation is called for. “E-crime punishment is not heavy enough – the information commissioner (ICO) needs greater powers, the role is there to protect us. Perhaps the ICO should even have power to lock e-criminals up”.  
 
Moving on to the subject of ID cards, Lord Erroll highlighted his concern for “the potential misdirection” that a huge centralised database could create. “The ID card creates a single point of potential failure, which in turn creates more pain for the victim”.
 
“I’m not sure that it’s useful to attach a single number or name [ID card] to a human being” said Lord Erroll. “I can certainly see the potential dangers outweighing the good”. Speaking honestly, he continued “It’s dangerous to hand over that much control. In fact, I think the whole thing is ‘dead dodgy’. I’m certainly against an ID card that can be used to check up on what we’re doing”.
 
Julia Harris, head of information security with the BBC spoke of the restrictions of education. “You need to make it easy to be secure, and not give your users any choice. No matter what you educate them, they’ll click on any link they see – especially those that pander to their ego. Business pressures will result in people breaking policy” Harris said.
 
“The information security industry is more likely to survive this recession than the last one – whereas security used to be seen as an overhead, it’s now becoming known as a necessary evil”.
 
Harris’ advice for avoiding becoming one of the many companies “that get caught out” included “moving controls closer towards the data. Don’t trust your internal network any more than the internet”. Automate controls for programmers to run their code, and watch what’s going out onto your website, Harris continued.
 
‘What’s the secret for convincing senior management to invest in information security?’ one audience member asked Harris. “The fear that they’ll end up on the front page of the Daily Mail is enough to make security an easier sell” replied Harris. “Reputation is very important”.
 
Dan Blum, senior vice president and principal analyst, Burton Group, analysed that “we’ve all been caught out by this new information society. In this information world, we don’t have absolute secrecy”.
 
 
 
 

 

This article is featured in:
Compliance and Policy  • Data Loss  • Public Sector  • Security Training and Education

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012