All the latest UK technology news, reviews and analysis


Fight against cyber crime requires greater understanding of human weaknesses

30 May 2012
businessman-at-computer

Businesses need to get better at understanding the human behaviours that let cyber threats proliferate, if they are to improve their defences, according to the former head of the GCHQ's London office.

Speaking at a Westminster eForum event in London on Wednesday, John Bassett, who headed up GCHQ's London office between 2004 and 2007 and now works as an associate fellow on cyber security for RUSI, said this was an issue on which he was trying to improve understanding.

"Cyber security is based on networks and data but it is really about people. We are quite good at technical solutions. But understanding humans in cyber space? We have much less insight," he said.

"I'm getting academics in socials sciences and human behaviour together with computer scientists in Oxford next month to talk to each other."

Bassett explained that some of the key issues that require further insight relate to the motivations of the attackers and what causes those within organisations to be duped by attacks, but also making people understand how to make themselves safer online.

"There's a perception that people take more risks on the internet than they do in real life, but we don't know the nuances of that. It's important we understand the mindset of potential victims, of ordinary people and why they behave differently online," he said.

The issue of education was also raised by the European managing director of IT certification and security firm ISC², John Colley, who said it was important children were brought up to understand the risks of using computers.

"The first time a student enters a chemistry lab they are taught about how to use it safely, but with computers they are told nothing. They are just left to use it, but this needs to change," he said.

However, Henry Harrison, the technical director at BAE System's Detica division said that he was "sceptical" education and understanding human behaviour would ever prove enough to protect those online.

"I think the reality is that it's too difficult to understand what the risks are. The fact is the IT professionals don't know what the risks are. And until the IT systems we expect people to use help people understand the risk environment we are working in, it's impossible [to educate people]."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth
About

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Government
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
23%
14%
4%
15%
32%
12%

Popular Threads

Powered by Disqus
Galaxy S5 vs iPhone 5S vs Nexus 5 showdown

Galaxy S5 vs iPhone 5S vs Nexus 5

We speed test three of the most popular smartphones

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Senior Desktop Engineer / Desktop Engineer

Senior Desktop Engineer / Desktop Engineer – The Kent...

IT Service Support Analyst

The Health and Care Professions Council (HCPC) is a regulator...

Senior Analyst Programmer (Application Development) X2

Senior Analyst Programmer (Application Development) X2...
To send to more than one email address, simply separate each address with a comma.