Today Microsoft released a special edition of its Security Intelligence Report (SIR) titled "Linking Cybersecurity Policy and Performance."
The report examines the relationship between quantitative indicators about a country or region -- such as computers per capita, broadband penetration and whether the country or region had adopted certain public policies to advance cybersecurity -- and the rate of malware infections as measured by computers cleaned per mile (CCM) by the Malicious Software Removal Tool (MSRT). Through this examination, the report aims to improve our understanding of whether a region's cybersecurity performance is consistent with other regions at a similar level of development and public policy maturity. Based on this comparison, we can better identify the steps that policymakers can take to improve their region's cybersecurity.
One of the correlations identified in the report had to do with piracy. The report found that a region's piracy rate had a strong relationship to its actual cybersecurity performance, as measured by CCM. In particular, regions with high piracy rates also had high rates of CCM, and likewise, regions with low piracy rates also had low rates of CCM. This is also consistent with the findings in our Microsoft Security Intelligence Report Volume 13 (SIRv13).
In the feature story for SIRv13, we provided data that showed a relationship between malware and deceptive downloads. The report indicated that cybercriminals are increasingly disguising malware as popular software to lure enthusiastic bargain hunters to download and execute their malicious code and become infected. Preying on people's desire to share and find the best deals is not a new social engineering tactic but has become increasingly popular over time. With that in mind, it's not surprising to see higher rates of piracy in areas with the highest malware infection rates.
In addition to reducing the piracy rate, regions with strong cybersecurity performance were significantly more likely to have signed international treaties, such as the Council of Europe's "Convention on cybercrime" (CoE), or voluntary codes of conduct, such as the London Action Plan. While membership in CoE or LAP alone will not reduce cyber risk, there are steps regions often take to prepare for membership that significantly help to reduce risk. These steps include having a common policy environment for cybercrime and establishing methods of international cooperation that can evolve with the changing threat landscape. Reducing piracy can be an important element of this process.
Of course, these are just some of the correlations contained in the report. I encourage you to download the report today and learn more about what national indicators correlate to a region's malware infection levels.
-Enrique Gonzalez
MMPC