Lords calls for overhaul of current UK Internet security practices

The House of Lords science and technology committee has released a report calling for a overhaul of current UK Internet security practices.

The report admits that e-Crime stats are hard to quantify, but a recent report by McAfee and analyst firm Datamonitor found that: 50% of businesses believed that it would cost over $100,000 (£50,968) to notify their customers of a data breach that exposed personal information and 30% believe that a major breach could potentially put them out of business.

Greg Day, security analyst for McAfee commented on the Lords report: “Full disclosure is a positive step in the long term as it provides customers with the confidence that they will be informed should their personal information be breached/lost. Equally [it] adds pressure to businesses to ensure that they have the appropriate security measures in place to prevent data breaches occurring to them. Short term consumers may see an increase in breaches as full disclosure takes effect. It would be important to educate them that this is not a sign of things getting worse, but more visibility of what is and has already been happening behind closed doors.”

With regard to the liability of security vendors, Day said: “It would be very difficult to hold vendors responsible for breaches, as it really comes down to how solutions are implemented. You would have to ask, ‘Did they have it configured correctly, updated and maintained?’ Every business has different IT security requirements depending on their business and IT footprint. A security vendor supplies businesses with the tools,but it is down to the business to use them correctly.”

The reports recommendations include:

The introduction of a central web-based e-crime reporting system

Creation of security breach notification laws

The potential for IT security vendors to be held liable for security breeches

Review of the current system that online fraud to be reported directly to banks also recommends the introduction of legislation and hold banks liable for losses as a result of online fraud

Improve protection since the NHTCU was subsumed by SOCA