In cyber-crime, Seattle has earned a distinction it’d rather not have – the No.1 riskiest online city in 2010. That’s according to Norton from Symantec.
The antivirus company teamed up with research firm, Sperling’s BestPlaces, to determine the locales the deem the most-susceptible to Internet crime. But tech-savvy Seattle atop the list of the most-perilous cities?
Maybe the list is accurate and maybe it isn’t. A leading cyber-security expert, Stan Stahl, Ph.D., questions the data.
“While some of the factors used in assessing ‘risk’ would seem to appropriate, my bottom line was expressed best by G.K. Chesterton: ‘It’s not that they don’t know the answer. It’s that they don’t even know the question’,” says Dr. Stahl, a noted Internet security expert in Los Angeles (www.citadel-information.com).
A Norton press release states its list of cities was developed as a result of the cyber-attack data compiled by Norton and other factors. The top five: Seattle, Boston, Washington, D.C., San Francisco, and Raleigh.
The Norton data criterion includes these six categories:
1. The cyber-crimes data from Symantec Security Response:
- Number of malicious attacks
- Number of potential malware infections
- Number of spam zombies
- Number of bot infected computers
- Level of Internet access
2. Expenditures on computer hardware and software
3. Wireless hotspots
4. Broadband connectivity
5. Internet usage
6. Online purchases
Missing from this list, Dr. Stahl says, are things that would serve to mitigate risk, such as:
- Number of information systems security professionals in the city
- Average number of information security professionals per 1,000 computers and per company
- Percentage of computers who connect to hotspots using a VPN (virtual private network).
- Percentage of companies ISO27001 certified (ISO refers to international organization standardization)
- Numbers of CISSPs (certified information systems security professionals), CISMs (Certified Information Security Managers), etc.
- Percentage of businesses/homes with professionally managed firewalls
“By itself, expenditures may mean little or nothing since one large supercomputer can cost the same as zillions of P and actually lower risk,” explains Dr. Stahl. “There’s also the question of what ‘risk’ means when applied to a city, as opposed to an individual or an organization.”
So, it’s a question of what he calls “meaningful mathematics,” – everything is relative.
“My risk goes up or down as the total number of bot infected or spam zombie computers goes up or down; it doesn’t really matter if they happen to be in my own town or somewhere else [more or less true, but not quite since a bot net or spam zombie in Africa poses less of a risk than a bot net in America],” he adds. “In this situation, my risk is my risk; it doesn’t meaningfully transfer to my city.”
Norton’s list of the alleged most-vulnerable cities:
3. Washington, D.C
4. San Francisco
13. Las Vegas
14. San Diego
15. Colorado Springs
20. San Jose
23. Kansas City
24. New York
29. Virginia Beach
30. Los Angeles
33. St. Louis
37. Oklahoma City
41. San Antonio
45. Long Beach
46. Fort Worth
49. El Paso
Again, based on the expertise of Dr. Stahl, if you live in one of the listed cities, you don’t necessarily have to worry. My thanks to him – he’s been very gracious with his analysis for many years.
From the Coach’s Corner, here are recent Biz Coach articles featuring his expert opinions:
- How to Protect Yourself from the Internet Crime Wave
- Strategic Planning: List of Informative Web Sites
- Web Security Checklist and Warning about Mobile Banking
- 5 Safety Measures to Thwart Mounting Social-Network Attacks
His security blog: http://citadelonsecurity.blogspot.com/