The U.S. and U.K. are relatively well prepared for cyberattacks, compared to many other developed nations, but everyone has more work to do, according to a new cybersecurity study from McAfee and Security & Defence Agenda (SDA).
The report, which ranks 23 countries on cybersecurity readiness, gives no countries the highest mark, five stars. Israel, Sweden and Finland each get four and a half stars, while eight countries, including the U.S., U.K., France and Germany, receive four stars. India, Brazil and Mexico ranked near the bottom.
No country is ahead of cyberattackers, said Phyllis Schneck, CTO of the public sector for McAfee. The bad guys are "faster and swifter" than the good guys, she said.
Cybercriminals don't have to wrestle with legal and policy questions and freely share information with each other without worrying about competitive issues, she said. "We're up against an adversary that has no boundaries, and we have to go to meetings and write reports to put data together," Schneck added. "We're at a huge disadvantage."
SDA, a cybersecurity think tank in Brussels, interviewed 80 cybersecurity experts for the report and surveyed an additional 250. Fifty-seven percent of survey respondents said they believe a cyber arms race is happening, and 36 percent said they believe cybersecurity is more important than missile defense. Nearly half, 45 percent, said cybersecurity is as important as border security.
A common theme among the cybersecurity experts was a need for real-time global information-sharing about cyber-threats. Cyber-experts have long called for the better sharing of information among companies and between private businesses and government, Schneck said, but the report opens up the idea of new global agreements -- short of difficult-to-approve treaties -- that can lead to information sharing.
Countries can work together to establish information-sharing "rules of the road," Schneck said. "While you can't have a free for all -- just throw it all out there -- there should be a way to take the most egregious information and make it actionable by a man on a machine."
Companies are worried about endangering their customers, lowering their stock prices and other problems that come from sharing too much information, she added. "I think every rational person on the planet would agree that, if you put all our information together, we get a better threat picture," she said. "By the time we figure out the crumb that we can share, it's no longer even valuable."
But real-time information sharing is one way legitimate groups can gain an advantage over cyberattackers, Schneck said. "That's what the adversary cannot do," she said. "The adversary does not own the network infrastructure; the good guys do. They can't do anything real time, as far as putting data together, we can."
Sign up for CIO Asia eNewsletters.