The G20 summit is coming up this weekend in China. Apparently some senators in the US have asked President Obama to make Cyber securithy a topic at the summit. This would be great if they were going to look at this from a security standpoint. But I fear that what they are talking about is encouraging world leaders to increase their cyber budget for security agencies. Also to make it easier for the agencies to chase suspects across world borders. The problem with this approach is that it does nothing for the actual security of companies’ networks. There are so many hackers out there that the time spent chasing one or a group of hackers is almost futile. Futile in the fact that in the time spent chasing the hacker(s) 1 or more others will exploit the same vulnerability.
How if the leaders make it a priority as well to invite companies large and small to a meeting. Encourage the companies to increase their budgets for hardware, software and man power to secure their networks. Encourage them to hire security specialists to do penetration testing on their networks. Who will then provide a report of what needs to be done to secure the networks. Encourage them to seek systems to educate all employees on computer, internet, and email practices to keep them safe. Encourage the companies to offer bug bounty programs so outside hackers will report exploits instead of using them. All actions that will secure their networks and cut down on things like email viruses and phishing. This will have a real impact on the companies, employees and customers they serve. Governments might consider offering a program to smaller companies that just aren’t able to increase their budget in this way.
It would be nice for an effort to be made that makes things better for everyone. More secure systems will lead to less economic loss. Companies will make more profits and provide better services to customers. Customers will face less losses and chances of identity theft. Educating employees will also have the benefit of that education extending beyond the workplace. Employees can spread their knowledge to friends raising the level of online security knowledge overall.
I know I’m a dreamer but one can hope right?