Cyber attacks grow in prominence each and every day; in fact, 2017 was
the worst year to-date for data breaches, with the number of cyber
incidents targeting businesses nearly doubling from 2016 to 2017.
In a research done by University of British Columbia - Sauder School of Business like a month or two ago, it was found out that according to their study, publicizing a firm's security levels may strengthen security over time. The research quantified the security levels of more than 1,200
Pan-Asian companies in order to determine whether increased awareness of
one's security levels leads to improved defense levels against
cybercrime.
The researchers conducted a randomized field experiment on organizations in Hong Kong, China, Singapore, Macau, Malaysia and Taiwan -- which were chosen for their significant economic development as well as rapid adoption of technologies. The experiment evaluated each organization's preparedness against two distinct security issues: spam emissions and phishing website hosting.
Spam usually consists of unsolicited bulk messages sent out by compromised "zombie" computers controlled by cyber attackers, while phishing refers to fraudulently obtaining sensitive information, such as passwords and credit card details for malicious reasons.
The researchers developed and assigned an information security score, similar to the idea of Moody's and Standard and Poor's credit ratings, to each organization. The score can be used as an indicator of each organization's security vulnerabilities.
The study found that when cyberattacks were less likely to
directly harm a company, organizations were unlikely to prioritize
security improvements. Firms were more likely to fix issues related to
spam emails originating from their compromised computers, but failed to
act when they were found to host phishing websites on their servers.
Most of the firms with phishing websites are actually hosting service
providers.
Sadly, web hosting service companies hosting phishing pages usually don't have enough incentives to crack down on the phishing pages.
Eventually, the best policy to figure out at this moment are the words of Sherlock Holmes:
it's so overt it's covert.
No comments:
Post a Comment