Business owners, cyber security experts and individuals all have a role to play in reducing the cyber crime that is costing billions globally, according to UK home secretary Amber Rudd.
“In the same way that shops protect themselves from burglary with locks, alarms and security guards, I expect businesses to take equivalent precautions digitally,” she told the CyberUK 2018 conference in Manchester attended by more than 2,000 specialists from across government, industry and law enforcement.
Similarly, the home secretary said when customers trust a company with their data it should be kept safe by putting in place strong cyber security measures, personal cyber security needs to be something which staff at all levels are taught about, and businesses making internet-connected products should factor cyber security into the design.
“It sounds really obvious, but we must all remember to install the latest software and app updates and to use strong passwords. All of these seemingly small things can really make a difference.
“And if you have cyber skills, then my plea is that you’re generous with them. There’s valuable technical cyber expertise in the private sector which can be harnessed by law enforcement in the fight against cyber crime,” said Rudd.
At the heart of the wide-ranging speech, the home secretary announced the allocation of £50m in the next year to bolster cyber capabilities within law enforcement.
This includes £9m to enable UK law enforcement to tackle those who use the anonymity of the dark web, £5m to be invested in local and regional policing to help set up dedicated cyber crime units in every police force in England and Wales, and funding to develop a new national training programme for police, as previously reported by Computer Weekly.
She also announced plans to run the UK’s first live national cyber crime exercise to test the response of security and intelligence agencies, police and first responders, in the event of a large-scale cyber incident.
Underlining the scale of the cyber crime threat, Rudd said nearly 7 in 10 large businesses have been affected, with an average cost of £20,000 per business. “Some breaches leave companies on their knees. Cyber breaches are serious, costly and disruptive.”
On a positive note, the home secretary highlighted some recent successes of UK law enforcement against cyber criminals, including the conviction of Essex based Goncalo Esteves for selling criminals services to get around antivirus software; the conviction of a Manchester gang for selling more than £800,000 worth of drugs on the dark web; and the conviction of Matthew Falder, a prolific paedophile operating on the dark web.
Increase in malicious cyber attacks
Over the past year, Rudd said there has been a “significant increase” in the scale and severity of malicious cyber activity globally.
“We have been clear that we will not tolerate this. We know that there are several established, capable states seeking to exploit computer and communications networks to gather intelligence, personal information and intellectual property from the government, military, industrial and economic targets to advance their strategic goals,” she said.
Although hostile states, groups and individuals are using cyber tools to commit crimes, to project power, to intimidate their adversaries, and to influence and manipulate societies in a manner which makes definitive attribution difficult, Rudd said the UK has started identifying those responsible.
“We called out Russia for meddling in elections. We called out Russia again for the destructive NotPetya cyber attack of June 2017. And we called out the North Korean actors known as the Lazarus Group for the WannaCry ransomware campaign,” she said.
“Chairing the first ever cyber COBR after the incident really brought home to me how damaging attacks like these can be and how important cybersecurity is. It was sobering to learn that the National Audit Office’s conclusion was that the NHS could have avoided the crippling effects of the ‘relatively unsophisticated’ Wannacry ransomware outbreak with ‘basic’ IT security.”
In the past six months, Rudd revealed that the National Cyber Crime Centre (NCSC) has responded to 49 incidents associated with Russian cyber groups, some of which have hundreds of potential victims.
“Russian actors have systematically targeted the UK among others, expanding the number of sectors targeted, in addition to the energy, telecoms and media sectors that the prime minister highlighted last November,” she said.
“That’s why I am the first home secretary to have regular cyber briefings with the NCSC and the NCA. Because in the same way that I check in with MI5 and counter-terrorism policing to make sure I know everything there is to know about the terrorist threat, I want to know all I can about the cyber threat too.”
Vowing to ensure government will continue to “tighten the net” on the “cowardly keyboard warriors” and those who wage state-sponsored cyber warfare, Rudd said the government will not allow the internet, which can be such a powerful force for good, to become a “place where evil can fester”. She added that the government cannot do it alone, however, reiterating her call for everyone to play their part.
Call for collaboration
Responding to questions from the media, Rudd said engaging strongly with Europol will be important going forward in light of the fact that the UK cyber threat intelligence capability is widely admired internationally.
“It is my commitment to ensure that as we leave the European Union, we do have arrangements with organisations like Europol to ensure that we continue to keep this country safe. Being able to share data across boundaries is incredibly important in terms of cyber crime as well as any other crime,” she said.
Asked whether the just-announced funding was adequate considering the economic impact of cyber crime, Rudd said the funding comes after “substantial” investment in online skills and protection.
“We have Action Fraud and we have Cyber Aware, but this funding is particularly focused on ensuring that every police force has the necessary skills because we recognise the scale of the growth of online crime,” she said.
“At the moment, only 30% of police forces have the required skills to address the need of the victims. I want to make sure we reach 100%.”
Asked about the significance of the newly announced GCHQ site planned for Manchester, Rudd said it reflects the fact that the government is investing more and that it wants to grow the UK’s cyber capability and to make more facilities available and have the best expertise at scale to counter the cyber threat.
Commenting on the Facebook-Cambridge Analytica data exploitation scandal, Rudd said: “Facebook has some questions to answer, and I hope that both companies will engage with the inquiry that the information commissioner has already started.”
The home secretary went on to say that she believes there is a sea change taking place in terms of the public’s awareness of what is happening with their personal data and what they are trading for their free access to social media sites.
“I also think that social media sites like Facebook and other major [service providers] like Google have been taking many more steps than they have in the past in terms of engaging with what needs to be done to clean up their sites.
“When I called last year for the Global Internet Forum to Counter Terrorism to make sure that the terrorist material was taken down, everybody scoffed at me, to start with. But, actually, they did set it up and demonstrated that they are doing it,” she said, adding that social media sites are waking up to the fact that they do have much more of a responsibility to ensure illegal activity does not take place online.
Read more on Hackers and cybercrime prevention
Government funds charity campaign to warn big tech over the risks of encryption to children
Cops seize criminal VPN used by ransomware gangs
Towards Joined Up Action on On-line Harms, Fraud and Cybersecurity
Government puts Facebook under pressure to stop end-to-end encryption over child abuse risks