The team behind Trustworthy Computing at Microsoft has published a special edition of their Security Intelligence Report which addresses the impact of social, economic and technical factors on the rate of malware worldwide.

Around the globe, societies are becoming increasingly dependent upon information and communications technology (ICT) which is driving rapid social, economic, and governmental development. Yet with this development, new threats to digital infrastructures have emerged.  It is therefore critical that nations understand the factors that contribute to cybersecurity at a national level so they can plan for developing their nation’s digital potential. With this in mind, Microsoft recently released a set of recommendations for developing national cybersecurity strategies. Every country faces unique cybersecurity challenges. Understanding the factors that contribute to these challenges is critical, especially for developing nations. Notably, the benefits and risks of technological development are not always shared equally. By analyzing malware infection rates in selected countries, this paper highlights the disproportionate challenges that many countries face in the earlier stages of modernizing their information and communications technology. In addition, it identifies the social, economic, and technological factors that are critical to enhancing cybersecurity, and offers a set of recommendations for countries seeking to improve it

The 20 page paper makes seven key recommendations for governments to consider when establishing national policy related to information and communication technology:

  1. Develop a risk-based approach. Assess risk by identifying threats, vulnerabilities, and consequences, and then manage it through mitigations, controls, costs, and similar measures.
  2. Set priorities. Adopt a graduated approach to criticality, recognizing that disruption or failure are not equal among critical assets or across critical sectors.
  3. Coordinate threat and vulnerability warnings. The strategy should recommend that government and the private sector partner to create a threat-and-vulnerability warning model.
  4. Build incident-response capabilities. Establish incident-response practices for the most critical and significant cybersecurity incidents.
  5. Educate the public. Developing a knowledgeable, sophisticated cybersecurity work-force is critical to reducing national cybersecurity risk.
  6. Invest in research and technology. A research and technology agenda to promote advances in cybersecurity, cryptography, applied mathematics, and related fields is critical.
  7. Think globally. Integrate international standards to the maximum extent possible, keeping the goal of harmonization in mind wherever possible.

Read more at the sources below.

Source: The Cybersecurity Risk Paradox (Microsoft on the Issues)

Source: The Cybersecurity Risk Paradox- Measuring the Impact of Social, Economic, and Technological Fact (Microsoft Security Blog)

Download: Cybersecurity Risk Paradox Report (Microsoft Download Center)