With a third of the world’s population now on the internet and billions of devices interconnected via myriad wireless and wired networks, the risks of so-called cyber attacks are more apparent than ever. Espionage, denial-of-service, malware and so-called cyber war and terrorism represent significant risks to individuals, corporations, institutions and governments at various levels.
Writing in the International Journal of Management and Decision Making, researchers in Germany have proposed a novel approach to network protection that could reduce the risk of cyber attack by rewarding those organisations that bolster the security on their networks to prevent the spread of malware and other problems. Because internet and computer-based systems today communicate more and more with one another, mostly as anonymous partners, they are becoming increasingly vulnerable to cyber harassment and cyber attacks, the researchers explain.
Annette Hofmann of the University of Hamburg and Hidajet Ramaj of the Humboldt-Universitaet zu Berlin explain that international or national agreements could be used to build coordinative reward systems and to subsidise high-exposure organisations. Improving network security on vulnerable sites and systems would, they suggest, hinder the rapid spread of malicious software that is commonly used to create bot-nets for attacking corporate and other networks. Because internet and computer-based systems today communicate more and more with one another, mostly as anonymous partners, they are becoming increasingly vulnerable to cyber attacks.
The researchers explain that currently, only some parties invest in protection against cyber attack, which adds to their costs, but benefits them in terms of their own protection and has some benefit to the entire community. With a reward system in place everyone from small-town travel agents to multinational credit card companies could become involved with a scaled reward system that reduces those overhead proportionately and benefits the community as a whole to a much greater extent by motivating them all to ensure that their systems are secure.
The team adds that, formal contractual agreements between different parties that specify their data and information exchange and other interactions would also have to be implemented to reduce inefficiency and improve network protection. “Such agreements may serve to commit the parties to their cyber risk protection strategy,” the team concludes.
“Interdependent risk networks: the threat of cyber attack” in Int. J. Management and Decision Making, 2011, 11, 312-323