HP Labs is leading new research that will help organisations make more accurate predictions about impending cyber attacks so they can improve the effectiveness of their IT security.

As cyber attacks become more common so the need for more effective IT security products and services is growing. Even new government legislation designed to make businesses take IT security more seriously, and global regulations demanding more secure practices in the workplace, cannot prevent expensive and damaging security breaches.

One of the greatest challenges is that it has become extremely difficult to predict where and when an attack will take place. There is currently no scientific approach to accurately predicting cyber crime. Until there is a better way to determine the when, where and how of online criminal activity, the commercial world will remain at risk.

The project

Most attempts to tackle cyber crime tend to look at either the technological or the human factors. A few focus on social or economic variables. None bring everything together coherently to identify a more holistic approach to solving the problem.

The Trust Economics project, funded by the Technology Strategy Board, is the first serious attempt to address the economic, scientific, human and technological factors responsible for analysing security threats.

Expected results

Working with its partners, HP Labs will design unique modelling software that will increase the accuracy with which organisations can understand the effects of IT security attacks and where best to deploy their defensive resources. This will enable them to minimise security breaches rather than respond to them as they occur, reducing the ultimate cost of an attack, and protecting their reputation with customers.

Part of the project will be to ensure that organisations also have adequate tools and techniques to educate staff on how best to protect the valuable data they handle. These include:

• Ways to help employees place a true economic value on the information they access – to encourage a need to protect it as if it were their own personal information.
• Methods for increasing employee understanding of why they need to protect computer passwords as a way to prevent security threats from within the company – often referred to as the ‘insider threat’.
• Support for developing company security policies to ensure IT security is taken more seriously.

‘The Technology Strategy Board has brought industry and academia together to work on improving IT security to benefit the economy.’