Executive Summary - Background
Spurred by the prevalence of always-on, high-speed connections, the Internet has become a powerful tool for enhancing innovation and productivity. The increasing dependence on the Internet and other communication networks, however, means the Internet has also become a popular and efficient way to distribute computer viruses and other types of malicious software.
An Overview of Malware
Malware is a general term for a piece of software inserted into an information system to cause harm to that system or other systems, or to subvert them for use other than that intended by their owners.
Malware can gain remote access to an information system, record and send data from that system to a third party without the user’s permission or knowledge, conceal that the information system has been compromised, disable security measures, damage the information system, or otherwise affect the data and system integrity.
Malware Attacks: Why, When and How?
The numerous types of malware can be used separately or in combination to subvert the confidentiality, integrity and availability of information systems and networks. Likewise, a range of different attacks can be conducted to reach different goals, such as denying access to critical information systems, conducting espionage, extorting money (e.g. ransom), or stealing information (e.g. ID theft). Malware can also be used to compromise authenticity and non-repudiation, or conduct attacks on the Domain Name System (DNS).
Malware: Why Should We Be Concerned?
The growth of malware, and the increasingly inventive ways in which it is being used to steal personal data, conduct espionage, harm government and business operations, or deny user access to information and services, is a potentially serious threat to the Internet economy, to the ability to further egovernment for citizen services, to individual’s online social activities, and to national security.
Cybersecurity and Economic Incentives
The past five years have witnessed the emergence of comprehensive efforts to improve the security of information systems and networks. A recent survey by the OECD (2005a) demonstrates that governments have developed national policy frameworks, as well as partnerships with the private sector and civil society, to combat cybercrime. Measures include Computer Security Incident Response Teams (CSIRTs), raising awareness, information sharing and education.
Survey of Market Participants
Participants in the Internet ecosystem are confronted with malware in different ways; their responses are motivated by the specific incentives under which they operate. To better understand these incentives and their effects, a qualitative field research project was designed. In the course of 2007, the research team conducted 41 interviews with 57 respondents from a broad cross-section of organisations. (For more information on the research design and the interviewees, please see the list at the end of this chapter and Annex B.)
The Market Consequences of Cybersecurity
The preceding chapter reported on the efforts and incentives of a variety of Internet market participants. It indicated a number of market-based incentive mechanisms that contribute to enhanced security but also other instances in which decentralised actions may lead to sub-optimal outcomes. A pressing question is: Are participants in the information and communication markets responding adequately to malware, or are improvements possible? Pointing to a variety of reports that show increases in malicious attack trends, one might conclude that markets are not responding adequately. Our analysis revealed a more nuanced picture.
The Role of End Users, Business and Government
Malware affects individuals, business and government in different ways. All those participants can play a role in preventing, detecting, and responding to malware with varying levels of competence, resource, roles and responsibilities, as called for in the OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security (the "OECD Security Guidelines"). Better understanding the roles and responsibilities of the various participants in relation to malware is important to assessing how to enhance the fight against malware.
What Is Already Being Done?
Better understanding of the nature, successes and limitations of ongoing action by communities more specifically involved in fighting malware is also important to assessing how to enhance prevention of, and response to, malware.
Possible Next Steps
This book has only begun to lay the foundation for understanding the malware phenomenon and how it is evolving. Further work in many areas could and should be done to reach a better understanding. Fighting malware is complex and would benefit from more comprehensive measurement, coordination and policy solutions. While many ongoing initiatives are contributing important resources to combating malware, there remain a number of areas for improvement.
Add to Marked List