Posted by: Kevin Sullivan, Principal Security Strategist, Trustworthy Computing

This morning we released a new special edition of the Microsoft Security Intelligence Report entitled The Cybersecurity Risk Paradox: Impact of Social, Economic, and Technological Factors on Rates of Malware Last year, we released a special edition to the Microsoft Security Intelligence Report titled Linking Cybersecurity Outcomes and Policies, which described specific ways that social and economic factors affect cybersecurity development worldwide. Today we are releasing a follow-up study that builds on the earlier learnings of that study.  In this article, I want to share a bit background on this study.

Our research integrates malware infection data in selected countries taken from the Microsoft Security Intelligence Report into a cybersecurity development model derived from 34 international socioeconomic statistics, such as GDP per Capita and Regime Stability.

The model created for Linking Cybersecurity Policy and Performance created three distinct clusters of countries:

  • Maximizers are countries with effective cybersecurity capabilities that outperform the model expectations.
  • Aspirants are countries that are on a par with the model and are still developing cybersecurity capabilities.
  • Seekers are countries with higher cybersecurity risk that underperform on model expectations. Seeker countries are generally those with developing economies and lower levels of technological development.

From 2011 to 2012, we found that global malware rates are actually trending down, but not evenly around the world. Among the 105 countries analyzed, malware prevalence decreased an average of 23.3 percent. However, the average decrease among Seeker countries was only 3.7%. This prompted us to look into what factors influence change in malware rates from year to year, especially among Seeker countries.

Figure: Comparison of malware rates between 2011 and 2012. Countries above the divider line saw an increase in malware. These countries were disproportionately identified as Seekers.  Malware infection is measured using a metric called Computers Cleaned per Mille (CCM)—the number of computers cleaned for every 1,000 executions of the MSRT. For example, if the MSRT is executed 50,000 times in a particular location in the first quarter of the year and removes infections from 200 computers, the malware infection rate for that period is 4.0 (200 ÷ 50,000 × 1,000). Lower CCM numbers equate to lower rates of malware infection.

With the supposition that national development metrics can predict the prevalence of malware, and that in general rates of malware infection are declining, we sought to understand why some countries showed greater improvements in malware prevalence while others did not. To explore this question, we created a new predictive model that attempted to explain the changes in malware prevalence between 2011 and 2012 by looking at the 34 developmental metrics previously found to predict the level of malware.

Our model showed that decreases in malware rates are associated with countries that have more mature institutional stability and greater economic and technological development. When we looked at Seeker countries, we saw that regime stability and regulatory quality were most effective in predicting changes in malware rates.

Interestingly, the model found a paradox that stems from the modernization of information and communications technology.   While increased Internet access and more mature technological development is correlated with improvement in cybersecurity at the global level, it has the opposite effect among countries with developing economies and lower levels of technological development.  For example, as Broadband Penetration increases, Maximizers (countries that are more technologically mature) experience a decrease in malware, while Seeker countries (that are less technologically mature) experience an increase in malware.

To explain this effect, we hypothesize that there exists a tipping point in digital maturity after which increased technological access ceases to encourage the growth of malware and begins to reduce it. Although countries most in need of cybersecurity gains may experience early struggles in their digital journey, they can eventually come to enjoy positive outcomes, including the innumerable benefits of greater development.  Microsoft urges governments to consider policies that support continued growth in technological sophistication, access, and security, and as a crucial first step, to adopt a national cybersecurity strategy.  The conclusion of the study features a set of policy recommendations, including the adoption of a national cybersecurity strategy.

I encourage you to download The Cybersecurity Risk Paradox here.  Also, my colleague Paul Nicholas has a post discussing the policy aspects of this research on the Microsoft on the Issues blog here