The U.S. and U.K. are relatively well prepared for cyber attacks, compared to many other developed nations, but everyone has more work to do, according to a new cyber security study from McAfee and Security & Defence Agenda (SDA).
The report, which ranks 23 countries on cyber security readiness, gives no countries the highest mark, five stars. Israel, Sweden and Finland each get four and a half stars, while eight countries, including the U.S., U.K., France and Germany, receive four stars. India, Brazil and Mexico ranked near the bottom.
[ Also on InfoWorld: Why Internet crime goes unpunished. | Windows 7 is making huge inroads into business IT. But with it comes new security threats and security methods. InfoWorld's expert contributors show you how to secure the new OS in the "Windows 7 Security Deep Dive" PDF guide. ]
No country is ahead of cyber attackers, said Phyllis Schneck, CTO of the public sector for McAfee. The bad guys are "faster and swifter" than the good guys, she said.
Cyber criminals don't have to wrestle with legal and policy questions and freely share information with each other without worrying about competitive issues, she said. "We're up against an adversary that has no boundaries, and we have to go to meetings and write reports to put data together," Schneck added. "We're at a huge disadvantage."
SDA, a cyber security think tank in Brussels, interviewed 80 cyber security experts for the report and surveyed an additional 250. Fifty-seven percent of survey respondents said they believe a cyber arms race is happening, and 36 percent said they believe cyber security is more important than missile defense. Nearly half, 45 percent, said cyber security is as important as border security.
A common theme among the cyber security experts was a need for real-time global information-sharing about cyber -threats. cyber -experts have long called for the better sharing of information among companies and between private businesses and government, Schneck said, but the report opens up the idea of new global agreements -- short of difficult-to-approve treaties -- that can lead to information sharing.
Countries can work together to establish information-sharing "rules of the road," Schneck said. "While you can't have a free for all -- just throw it all out there -- there should be a way to take the most egregious information and make it actionable by a man on a machine."
Companies are worried about endangering their customers, lowering their stock prices and other problems that come from sharing too much information, she added. "I think every rational person on the planet would agree that, if you put all our information together, we get a better threat picture," she said. "By the time we figure out the crumb that we can share, it's no longer even valuable."
But real-time information sharing is one way legitimate groups can gain an advantage over cyber attackers, Schneck said. "That's what the adversary cannot do," she said. "The adversary does not own the network infrastructure; the good guys do. They can't do anything real time, as far as putting data together, we can."
In the country rankings, cyber security experts interviewed for the report praised U.S. efforts, including the creation of a U.S. White House cyber security czar last year. In recent years, the U.S. government has focused more on cyber security, they said.