Don't let them get away with it. Help beat e-crime with a quiet word to the National High-Tech Crime Unit, says Malcolm Hutty.
Organised crime is continuing to use distributed denial of service attacks in an effort to extort money from e-businesses. If this happens to your organisation, there are ways you can help stop the criminals.
The focus in tackling e-crime should be to provide appropriate resourcing and training for law enforcement agencies and their technical support, such as computer forensic scientists. As business relies ever more on its IT systems, so it also depends heavily on a highly-skilled and manpower-intensive police response to criminal attacks.
The government's E-crime Framework Strategy is expected soon and a review of the Computer Misuse Act is likely to follow. But there is no legislative panacea to such problems. In particular, we should avoid recurrent but dangerously counter-productive ideas such as requiring all IT security advisers to be licensed.
Industry bodies, such as Linx, can lobby for high-tech crime to be given a higher priority. However, IT directors of businesses hit by e-crime have to work with what is available today.
The National High-Tech Crime Unit has been particularly aware of the needs and concerns of businesses hit by e-crime.
Traditionally, reports of crime are made by way of an on-the-record complaint. This triggers a police investigation and can be used as evidence. Companies are often wary of publicising security breaches or attacks on their key business systems. As a result, many firms choose not to report criminal activity against them.
So the NHTCU has developed a Confidentiality Charter to try to make businesses feel more comfortable about reporting criminal attacks on their IT security. This is designed to enable firms to provide information, or simply to seek advice, without fear that their confidential business details will subsequently be disclosed.
In particular, e-crime can now be reported purely for intelligence purposes, rather than for investigation and evidence.
This helps the NHTCU:
- In its other investigations
- To take action to disrupt criminal activity, protecting you and others even when a prosecution cannot be brought
- To scale the problem - critical when seeking budget increases.
E-crime attacks often come from a small number of organised crime groups already under investigation. Even a little extra intelligence can help, and thanks to the Confidentiality Charter it can be provided by businesses unwilling to make a complaint on the record.
IT directors will determine whether the NHTCU is given the basic intelligence it needs to work effectively.
What do you think?
Is the NHTCU effective in tackling cyber-crime? Tell us in an e-mail >> ComputerWeekly.com reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.
Malcolm Hutty is regulatory officer at internet service provider body Linx