Could security learn from the World of Warcraft?

Individuals, businesses and governments need to be empowered with the ability to share the responsibility of security, which could combat threats and reduce cost.

This is according to findings from IBM's Security and Society Global Innovation Outlook (GIO), a series of worldwide sessions between tech leaders, government officials and security industry experts.

New security strategies needed to be created against the bad guys who have so far been much more successful in following the network effect', where the harmfulness of a single threat was exponentially proportional to the number of people exposed to it.

Criminals had used this principle, creating strong and speedy networks. Evidence of this was in zero-day attacks' where most browser-related online exploits occurred within 24 hours of the vulnerability being disclosed.

The findings from the sessions urged the security industry to combat the threat by evolving from typical wall-based security to community-based security - where online groups policed themselves, sensing and responding to threats where needed.

Gunter Ollman, chief security strategist at IBM, said it was easy to be sceptical about self-policing, but it could be more appealing than being monitored by governments or law enforcement agencies.

He has an example of the system used in World of Warcraft, where players assigned each other rankings based on reputation and the amount they have contributed.

He said: "If someone insists on being disruptive and not playing by the rules, they will find themselves quickly ostracised by the group.

"There are even organised "vigilante" groups that will track down chronic abusers of the rules, regardless of changes in their in-game identities, and publicly post records of their behaviour as a warning to others."

He added: "Once you build up a bad reputation, it becomes very hard to escape it."

However some advocates of the idea still had doubts.

"I like the idea of community-based security and having many eyes and ears," said Hiroshi Maruyama, director of IBM's Tokyo Research Laboratory. "But can we trust a community? Do they have real wisdom? Or are they just a mob?"

Also on IT PRO, ten reasons why World of Warcraft is better than Second Life.