Microsoft’s cyber-security report rethinks the global web landscape

Here’s a question for you. Which continent is better prepared to cope with cyber-security issues, the United States, Europe or Africa? Well, Microsoft believes that Western Europe is best equipped to deal with the problems, closely followed by the United States. Unfortunately the developing world lags far behind, and that could have security implications for all of us.

According to Microsoft’s new Security Intelligence Report the global impact of policies concerning cyber-security can affect how different countries are able to cope with cyber-attacks worldwide, and future security policies will have to take issues like demographic predictions into account. The report, entitled “Measuring the Impact of Policy on Global Cyber-security” focuses on how changing global demographics and the rising numbers of online users are an important factor in creating and enforcing protective security policies. According to the report’s authors, Paul Nicholas, senior director Security at Microsoft Trustworthy Computing, Aaron Kleiner and Kevin Sullivan of George Washington University’s Homeland Security Policy Institute, current projections indicate that internet users will double by 2020 to four billion worldwide, with the greatest percentage of online users expected to come from China, India and Africa.

Based on data from the report, the researchers found that countries with the lowest malware infection rates were significantly more likely to be included within treaties like the Council of Europe Cybercrime, a common protocol to deal with cyber-criminals, or voluntary Codes of Conduct like the London Action Plan, which is an international cyber-security enforcement network. Although the report argues that involvement in these kinds of schemes obviously is no guarantee of automatic national protection against cyber-attack, it notes that inclusion within such treaties does reduce the risk of malware infection rates, because signatories to these treaties are more prepared and better informed about the latest threats.

Statistics demonstrate that 43 percent of the highest-performing countries were located in Western Europe. Unsurprisingly the countries with the lowest cyber risks generally had greater access to PCs per capita than those lowest on the list, as well as higher health expenditure per capita, regime stability, and greater broadband penetration. What isn’t particularly surprising is that the study also found that the countries with the highest levels of cyber risks also had high rates of piracy. According to Microsoft, high piracy rates have been partially fuelled by the increase in PC shipments to emerging markets: the commercial value of such pirated software was worth $63.4 billion in 2011.

The report also says that these at-risk countries often have low literacy rates, low broadband penetration and high crime per capita. Malware infection rates in these countries could potentially be up to three times higher than the best-performing countries. Fewer than ten percent of these countries, based mainly in the Middle East and Africa, have signed codes of conduct or treaties on cybercrime.

Microsoft is urging governments to take a closer look at how current policies will be able to cope as the number of online users rises. The report’s authors hope that by understanding those factors that have a direct impact on potential cyber-security situations, in other words, factors over and above education, socio-economic factors and the evolution of technology, governments will not only be able to predict a country’s cyber-security performance, but also be able to appreciate what works to protect users, and what doesn’t. As the shift in online user demographics continues, Microsoft argues that this will drive necessary policy initiatives. Although the bulk of cyber-security treaties and codes of conduct are currently based in countries including the U.S. and U.K, global-scale initiatives will have to be sensitive to these changes as more people gain online access in emerging markets.

If your organisation would like help with security reviews, penetration testing or web security solutions from Barracuda Networks, Check Point, Alien Vault and Netwrix, please contact Krypsys on 0845 474 3031 or [email protected].