Britain's security mandarins are going through the motions. Awareness is not going to dent an issue while the technology is at fault
Four in ten UK computer users still don’t install security software on PCs or mobile devices despite the dangers they face from cybercrime, a new media campaign launched by the National Crime Agency’s (NCA) National Cyber Crime Unit (NCCU) has decided to remind people.
The warning is the latest attempt by the NCCU and the Government’s Cyber Streetwise campaign, launched in January, to underscore the serious dangers faced by consumers in the online world.
According to May’s Office of National Statistics (ONS) figures, 10,731 people in the UK reported falling victim to malware in 2013, undoubtedly an under-estimate of the true scale of infection because few bother to report such incidents to the police.
This also reported that thirty-seven percent didn't automatically install security software on all their digital devices, with 13 percent even turning of off. More than half weren’t regularly installing updates for vulnerable programs.
“For the minority who leave themselves unprotected, not downloading and updating their security software can be very costly,” said NCCU director, Jamie Saunders.
“Through the National Cyber Security Programme, we have dedicated £860 million over five years to make the UK one of the most secure places in the world to go online."
After advertising the latest campaign through the mainstream TV, radio and newspaper media, at least people can’t say they aren’t being warned. The problem is that beating consumer cybercrime is more complicated than reminding people of risk or politely suggesting they install security software.
There is no longer any serious argument that security software - read antivirus - is an adequate defence. As for updating, on Windows that quickly becomes an almost full-time job. Data breaches, meanwhile, have undermined the confidence people feel in the system because they are essentially defenceless against the incompetence of large firms.
Why should people break sweat defending their data when many large, well-resourced enterprises don’t seem able to?
The bulk of the UK computer-using population have never heard of the NCCU, the NCA or even Cyber Streetwise - the latter will probably never publish any figures on the level of engagement it has forged with the public. Too often top-down warnings sound as if they’re preaching to the converted.
It will be argued that doing something, anything, is always better than doing nothing but education is not a quick enough fix.
It's not an easy sitation for the NCCU or the Government but you’d hope they don’t fall into the complacent assumption that the occasional media blitz will fix a problem that is caused by poor software engineering.
The Government and its agencies remain alergic to saying anything too prescriptive because that would amount to interference in a market that has succeeded in inventing desirable products that also happen to have turned into crimeware platforms.
It could pragmatically recommend that people who don't need it remove the hopelessly vulnerable Java from their computers (do you run Minecraft?), or consider using non-Windows computers for online banking, or even demand that search providers bettter police the sometimes malicious searches they happily deliver inside browsers, but that's not going to happen. People are supposed to figure all this out for themselves.
Instead, what we get is advice that is so general it becomes almost meaningless. It's like throwing an orange at a gorilla as a gesture of defiance. As long as the Government persists in seeing Internet security as being primarily about naive and lax user behaviour, we will be stuck in this loop for the duration.