Cyber-crime man's wakeup call

By PAUL BRISLEN

He used to present top-secret briefings to the United States President on the threats of cyber-crime.

Now internet security expert Richard Clarke has a message for businesses - stop treating security as a cost and start using it as a point of difference.

Clarke, who was appointed US President Bill Clinton's cyber-security adviser and also served under George W. Bush, is in New Zealand talking to businesses about security and says more can be done to prevent hackers and terrorists.

"A number of companies are using their cyber-security to sell more products instead of shoving it in a back room and treating it as a cost-centre," he said.

Internet providers such as US giant AOL and banks such as CitiBank were seeing results from marketing their security.

"CitiBank gets people to use their online banking service by convincing them their identity is safer with CitiBank."

Clarke said banks were a prime example of a business that should make more of its online security.

"Only 30 per cent of bank customers use online banking. Why? Because they're worried about security. Yet banks can make such a huge saving by getting customers to bank online."

Clarke said a typical teller transaction would cost around $2 but an online transaction only 5c.

"That's an instant profit of $1.95 every time someone uses your service.

"Why wouldn't you convince people to move over there?"

Clarke, who since leaving the Government has gone on to lambast Bush's security record, said Governments needed to get serious about online security.

"It's illegal to buy a car without seatbelts or airbags these days. But it's perfectly okay for internet providers to sell broadband connections without firewalls.

"That's something Governments should be mandating if providers don't get their acts together."

Clarke said users were astonished when they did install a firewall to discover just how many probes and attempted infiltrations were taking place.

"It quickly becomes so annoying that you switch off the notifications, but those probes were taking place just as often before you switched on the firewall as after."

He said in today's world users should not just be concerned with the traditional hacker trying to break into their systems.

"The hackers used to try to do it just to prove they can. These days organised crime is hiring hackers to extort money out of businesses and it's working."

Clarke points to companies that want to avoid any negative publicity over a break-in so they pay the hackers off, hire consultants and start spending on security measures.

"Brand damage is huge for these companies. Negative publicity will kill them."

As for terrorists, Clarke said they certainly made use of the internet but not as a weapon.

"It's mostly communications, recruitment and propaganda. If they do hack a website it's usually to propagandise, not to damage websites or data."