Security pros call for more real-world data

Private sector challenged to balance 'security and obscurity'.
Global cybersecurity experts have called for businesses to share their experiences with researchers and the public sector in a bid to improve regulations and the online environment.

Belgian think-tank Security and Defence Agenda (SDA) this week reported on its survey of 250 cybersecurity practitioners in 35 countries and an additional 80 academics and professionals (pdf).

It ranked Australia in the middle of the surveyed countries – below Israel, Estonia, Sweden, the US, UK, and Germany – in terms of how well the Government could protect it against cyber attacks.

Report authors called for more collaboration between the government, industry and private companies, holding up the Dutch model of a collaborative Cyber Security Council last year.

The Council comprises members from the government, police, universities and companies like IBM and Rabobank, acting as what SDA called a “cyber-exchange” for discussing and translating issues into regulations.

SDA highlighted “the private sector’s privacy dilemma”, where companies were challenged to balance commercial secrecy with the benefits of sharing information.

“The private sector ... has valuable ‘real-life’ experience of cyber-attacks,” report authors wrote, quoting a researcher from the Technical University of Darmstadt.

“The problem is that companies are reluctant to talk about these; they aren’t keen to reveal vulnerabilities to competition or to consumers, and they also have data privacy rules to contend with.”

While some states in the US – also commended by the SDA – require companies to disclose instances of data loss to the public, no such laws exist in Australia at present.

According to Ballarat City Council IT manager Annie Dejong, the relative secrecy around private sector breaches in Australia should put more of a responsibility on public sector organisations to share their experiences.

“The value of being a public organisation is we can and should talk about this, so others learn,” Dejong told iTnews last year.