Incident Response, TDR

Awareness combats profit-driven attacks

There's no question about it: the malware industry is booming. Every day, computer users are bombarded with news of severe data breaches, the rapid growth of online fraud and identity theft, and spyware that invades privacy and compromises security.

Cybersecurity has come a long way from the not-so-distant days when hacking was solely about wreaking havoc on the internet for fun and fame. Today's hackers forego the glory that those of the past have craved, in favor of one thing and one thing only: profit.

But even as the online security industry adapts to combat these purveyors of profit, cybercrime continues to grow more organized, professional and targeted than ever before. As malware creators earn increasing profits, they turn around and release more sophisticated trojans, botnets and socially engineered attacks.

Today, anyone with an internet connection is in danger of falling prey to spyware and malware. The staggering statistics speak for themselves. Recent studies show that as many as 90 percent of U.S. home computers have been infected with spyware.

Crime is often explained by the presence of three factors: motivation, opportunity and the lack of capable guardians. While malware's monetary payload will continue to be a motivator, the second two factors show us a brighter side – ways to offset this growing problem.

As more and more people embrace the internet - whether for shopping, socializing, or business - there is an increasing opportunity for online crime to creep in to our new cyber way of life. One critical way to counter this is through computer user awareness. Educating users on using and updating security software, as well as the current threats and online dangers, is key to lowering the opportunity that malware has to siege PCs. If consumers are prepared for what they will encounter, they are less susceptible to fall for online tricks.

In terms of guardianship, policing the web has never been an easy task. However, legislation from different parts of the world has attempted to punish the perpetrators out there on the web, and to curb the spread of malware.

In the United States, recent steps in this direction have included two pieces of legislation, the I-Spy (Internet Spyware Prevention) Act and The Spy Act (Securely Protect Yourself Against Cyber Trespass), both proposed in order to protect consumers from having their private information transmitted through spyware. While the European Union, as well as individual countries, already has computer crime legislation in place, Europe has also seen an increased push to create more consequential legislation.

Still, passing timely, comprehensive legislation to address rapidly changing security issues is difficult, and there are certainly obstacles in the way, such as working across borders to locate malware authors and purveyors.

How else can we expect to combat rising cybercrime rates and make the online environment safer for computer users? Consensus-building within the industry and creating alliances aimed at promoting cybersecurity are effective means to accomplish this.

Two groups leading the way are the Anti-Spyware Coalition (ASC) and Cyber Security Industry Alliance (CSIA). The ASC is an organization, consisting of leaders in the anti-spyware industry and public interest groups, dedicated to the spyware battle by establishing standard processes, definitions and best practices across the spyware industry. CSIA is indefatigable in their mission to shape public policy around cyber security, with a focus on influencing the government, both the U.S. and E.U., to pass legislation that ultimately affects and punishes malware culprits and protects individual rights.

While computer security companies like ours focus on creating proactive solutions to protect consumers, we must also work to promote change on a social level. All guardians of online privacy and safety – governments, the anti-spyware industry, advocacy groups and everyday PC users – are pivotal to invoke change in cybersecurity.

-Jason King is chief executive officer of Lavasoft

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.