Cyber-security's dirty little secret: It's not as bad as you think
According to 'research' using 'relatively poor data'
New research from the Global Commission on Internet Governance has reached a surprising conclusion: cyberspace is actually getting safer.
The report [PDF] starts from a simple enough premise: while we are constantly told that incidents of cyberattacks and online security threats are increasing, are they growing relative to the expanding size of the internet?
In other words, while 10 homicides in a small town of 1,000 is terrifying, 100 in a city of 10 million would be considered low. The number of killings in the city is still 10 times the number of killings in the town.
Having pulled data on the number of domain names from dot-com operator Verisign, volume of online activity from Cisco, and search activity from Google, author Eric Jardine, then mapped a wide variety of cybersecurity issues onto the expanding internet and found that things are actually getting better.
"Six [of the 13] normalisations point to a situation where the absolute numbers show a deteriorating situation while the normalized numbers actually show that things are getting better," the report reads. "In another six of the tests, both numbers show the situation is improving, but the normalized numbers usually indicate that things are getter better sooner and faster compared to the absolute numbers."
Jardine took a wide range of data points in his calculations:
- Number of internet users
- Number of email users
- Number of broadband subscriptions
- Number of smartphones
- Number of domain names
- Number of websites
- Volume of data flows
- Volume of mobile data
- Annual number of Google searches, and
- Internet's contribution to GDP
Then he selected 13 different measures of cybersecurity, including:
- New vulnerabilities
- Malicious web domains
- Zero-day vulnerabilities
- New browser vulnerabilities
- … and a range of costs, such as detection, response, lost business etc
Most striking was the issue of botnets, which has become a bête noir in terms of cybersecurity and DDoS attacks but, according to Jardine, is on the definite downslope, falling both in terms of absolute numbers and more significantly when you consider the number of people getting online.
He put this fall down to the fact that "people have become more conscious of the danger of having their computer commandeered for nefarious purposes and have taken steps (such as the use of anti-virus software or being more careful about sites visited) to prevent its occurrence."
He also noted that there has been a "more concerted and coordinated international effort by law enforcement agencies and private companies, such as Microsoft, to take down existing botnet networks and operators."