A computer’s vulnerability to malware infections is affected by technological and human factors. Technological factors include computer hardware, operating systems and applications, while human factors are related to the person using the computer, such as their computer expertise or safety habits. National policy could impact these factors and reduce the rate of malware infection, but there is little evidence or agreement on what exactly has an effect This lack of understanding and disagreement is a problem for cybersecurity policy makers.
Lévesque et al. assessed the risk factors related to malware infections in multiple countries. They determined country infection rates using data from millions of systems running a malware cleaner tool that scans Windows systems for infections. The researchers looked at the influence of factors related to economics, education, technology and cybersecurity on each country’s malware infection rate. The Microsoft Malicious Software Removal Tool (MSRT) scans for and cleans specific malware infections. Microsoft randomly samples 10% of all machines running the MSRT on Windows XP, Vista, 7, 8 and 8.1., providing data on over one hundred million machines. Only systems without dedicated anti-virus software were selected for this study in order to avoid results biased by different anti-virus products. Gross Domestic Product (GDP) and Gross Domestic Product per capita by purchasing power parity (GDP-PPP) were used to measure a country’s economic status against data from the International Telecommunications Union indicating national technology development.
There are better indicators of malware infection rates than economic activity. Education, technological infrastructure and cybersecurity investment seem to have a more consistent impact on malware infection rates. Internet connection quality seemed to influence the rate of malware infections. High broadband speed was associated with fewer infections in highly developed countries but more infections in newly industrialized countries. Individual security investment, such as the percentage of anti-virus protected machines, as well as global cybersecurity measures also seemed to protect against malware infections.
Investment in economic development may not directly impact malware infection rates. It appears that investment in education along with information and communication technology infrastructure may be more effective. However, technological and user education advancements affect countries of different socio-economic statuses differently. Therefore, to maximise the effectiveness of policy change, it is important for decision-makers to keep socio-economics in mind when investing in these protective factors.
Investment in education along with information and communication technology infrastructure may be more effective than economic development in reducing malware.