Security education: Too little too late

What is government doing to educate end users about online threats such as viruses and spyware? Not enough, says Simon Moores, and the efforts that are underway did not appear soon enough.

"You don't want to open that Pandora's box, because you never know what Trojan horses will leap out" --Prime Minister Ernest Bevin

It's now over three years since the government started to recognise that it needed to address the problem of consumer internet safety. In fact, to be accurate, you can add another 18 months between the slow dawning of recognition and actually being told that the wheels were in danger of falling off if they continued to sit on their own hands and leave the matter in the hands of industry.

"The problem," said one highly placed civil servant during a meeting at the first eCrime Congress in London, "is that the Treasury won't give us any money and we're unlikely to get any budget until April of next year."

'Next year', by the way, was 2004.

Now more than halfway through 2005, a public-private partnership aimed at reducing cyber crime, originally called Project Endurance, has reappeared as a safety campaign called Get Safe Online. It's focused on improving internet security for small business and consumers.

Don't mistake me, this is a good thing but it was supposed to have been launched in October of last year and I have to ask how many millions of pounds have been lost or identities stolen as a consequence of internet-related crime while attempts were made to find a budget from private sector partnership. In this case, the generosity of Dell, eBay, HSBC, Lloyds TSB, Microsoft and Yell will match a £150,000 grant from the government.

In October, one or even four years late, depending on how you view it, a www.getsafeonline.com website will be launched with government and business support. The site will offer expert advice in plain English on how to fight viruses, spyware and phishing-driven identity theft.

More than 15 million people now have broadband internet access. The value of the internet economy to the Treasury continues to grow rapidly with ecommerce sales in 2003 alone worth around £40bn, according to the ONS.

Meanwhile, the cost of computer-related crime in 2004 grew to £2.4bn, according to the National Hi-tech Crime unit (NHTCU) survey, which reveals only the tip of a much larger iceberg because there's no true figure on what it costs consumers (such as the £350 I lost once due to eBay fraud).

Startled into action by news that 25 per cent of the world's remotely controlled PCs are found in Britain, government has managed to find £150,000 to contribute to a campaign that it should have taken responsibility for several years ago. I'll quote the then e-Envoy Andrew Pinder, speaking at a New Statesman-sponsored roundtable exactly two years ago, when I put it to him that with rapid broadband adoption, we were facing a significant problem ahead.

"Things are actually a lot better than they were three years ago. There's a lot more ecommerce happening on the internet. All our surveys say that people are more confident about using the net than they were three years ago. More people are doing a lot more transactions online, and we are not seeing significantly increased fraud," said Pinder.

Pinder continued: "Let's stop saying, 'There's no leadership, it's all terrible, it's far worse than it was'. There needs to be a proper debate about what should be done. To throw everything back into the lap of the government and say, 'Until government does something, it isn't going to get any better' - that's a load of cobblers."

Get Safe Online, then, is a last ditch effort to turn back a tsunami which everyone apart from government could see coming years ago. In some respects, there's an analogy with the threat from domestic terrorism; in both cases there's a refusal to face the facts mitigated by a small amount of furious activity once it's too late to remedy the problem.

Like the threat from terrorism, most of us are only too aware of the risks presented by internet crime but it may be a little too late, with more than half the population now online, to launch a campaign and for government to present the impression that the matter is now under proper control. It's not. It never was and four years too late, Pandora's box will not be closed that easily.