lolloj - Fotolia
Security industry welcomes cyber crime’s inclusion in official stats
The security industry welcomes the inclusion of cyber crime statistic in official crime reports to highlight the size and nature of the threat
The security industry has welcomed the inclusion of cyber crime in the latest crime survey for England and Wales by the Office for National Statistics (ONS).
According to the latest report, there were 5.8 million incidents of cyber crime and fraud in the 12 months up to March 2016, affecting one in 10 people in England and Wales.
Just over half of the fraud incidents were cyber related, with 28% of these being non-investment fraud relating to online shopping or computer service calls. Some 68% of computer misuse crimes were related to malware and 32% were from unauthorised access to personal information including hacking.
However, the ONS cyber crime and fraud figures are an estimate, as specific questions relating to cyber crime were only added to the survey in October 2015 following a field trial.
“Headline estimates will include these offences for the first time in January 2017 once the questions have been asked for a full 12 months,” the report said.
According to the report, there were 4.5 million crimes reported in the period, excluding the 3.8 million cyber-related fraud incidents and 2 million compute misuse offences.
But the ONS said it would be incorrect to assume that once the figures are combined in the next report that the overall crime figure will double.
“This is the first time we have published official estimates of fraud and computer misuse from our victimisation survey, and ONS is leading the world in doing this. Together, these offences are similar in magnitude to the existing headline figures covering all other crime survey offences,” the ONS said.
“However, it would be wrong to conclude that actual crime levels have doubled, since the survey previously did not cover these offences. These improvements to the crime survey will help to measure the scale of the threat from these crimes, and help shape the response.”
Security should be top of board’s agenda
The IT security industry welcomes the fact that the ONS will be including online crime in its future crime reports, said Rober Norris, director enterprise and cyber security, Fujitsu UK and Ireland.
“There are daily news headlines reporting on the wealth of organisations that have fallen victim to a cyber attack, something made worse by the fact that only 44% of companies have basic security processes in place,” he said.
According to the ONS, cyber crime now makes up 40% of all recorded criminal incidents. “This highlights how important the battle against cyber crime has become,” said Norris.
“Through the inclusion of online crime in ONS crime reports, this further supports the requirement for all organisations to realise the severity and seriousness of cyber crime and the need for all to take up arms to fight it,” he said.
“Organisations need to put security at the top of the boardroom agenda to implement the right technology to protect themselves and their employees.”
According to Norris, the technical capabilities of cyber criminals continue to outpace the UK’s ability to deal with cyber threats.
“If we are to counter this, we must collaborate to share intelligence and counter the threats. If we don’t, we will never succeed in getting ahead and the ONS figure will continue to rise,” he said.
Inclusion of cyber crime in survey will create awareness
Piers Wilson, head of product management at Huntsman Security, said while the figures appear dramatic, the fact that cyber crime is now included in regular crime figures can only be a good thing.
“Over time, we will be able to get an increasingly realistic picture of the extent of such crimes, and also a greater awareness on how to identify and ultimately defeat them,” he said.
For the majority of organisations, Wilson said the main two lessons to take from these statistics are the rapid evolution of cyber crime, and the number of threats that any individual or organisation will face.
“With attackers able to constantly modify their attacks for a particular target, or come up with entirely new ways to steal data or commit fraud, organisations cannot simply assume that they will be able to spot known attacks before they can cause damage,” he said.
“Instead, organisations need to be alert for the signs of completely unknown or insider attacks that could have already breached their defences, and react before they can cause significant damage.”
The 5.8 million cases of fraud and computer misuse reported by the ONS, said Wilson, are only the tip of the iceberg.
“There will be many more incidents that either weren’t recognised at all, or weren’t recognised as cyber crime. Against such a large number of threats, organisations must be able to trust that they won’t be overwhelmed attempting to identify and triage against every potential threat as it appears,” he said.
“Instead, security teams must be focused on those threats that pose the greatest risk, with likely false alarms and other warnings eliminated.
“Automated systems – that can identify potentially threatening behaviour on the system and ensure analysts only have to deal with those that pose a real threat – will be critical to ensuring organisations don’t become just another crime statistic.”
Crime evolves to become more productive
Stephen Love, European security practice lead at IT services firm Insight, said the ONS report highlights the need for greater awareness around how to defend against cyber crime.
“For businesses, it is imperative that they put an emphasis on cyber security due to the inevitability of malicious hacks. To address this issue, we need to increase understanding and collaboration between organisations to make it easier for them to protect their business from the threat of online attacks,” he said.
“Ultimately, with cyber attacks becoming more frequent, organisations must view them as a major crime and implement the necessary steps to defend against it.”
David Emm, principal security researcher at Kaspersky Lab said investment tends to flow into areas where it will be most productive, and crime is no different.
“With so much financial activity moving online, criminals have capitalised on this by moving their activity into the cyber world,” he said.
But Emm said the lines are sometimes blurred, with some scams including both online and real-world activity, such as scam telephone calls to trick the caller into giving criminals remote access to their computer.
“We all need to be aware of the cyber security threats being carried out around us, with more attempts than ever to steal money, personal information or to extort money by holding our data captive,” he said.
“It is vital that people use a reliable internet security system on all connected devices, apply security updates as soon as they become available, download software only from trusted sources and be cautious about email and other messages that include attachments and links – even if they appear to come from friends.
“Using strong passwords, applying caution when using public Wi-Fi networks, not revealing too much information about ourselves online and regularly backing up personal data should be as intrinsic as locking the doors of your house and keeping valuables out of sight,” Emm added.
User awareness will help tackle cyber crime
Nick Mothershaw, ID and fraud expert at Experian, said while there are government initiatives underway to tackle fraud, it is largely down to organisations to take care of themselves and the people they service.
There are significant differences in the size of loss and quality of fraud management across business sectors, he said.
“Resilience to fraud can only be tackled from the grass-roots up, so it’s up to each organisation to not only manage fraud as a loss factor, but to overcome it by treating fraud prevention as a growth opportunity,” said Mothershaw.
The growth of the internet of things (IoT) makes the development of improved fraud prevention systems hugely important, he said, as fraudsters remain innovative and people need to be vigilant in the protection of their identity.
“The shift to consumer-centric digital identities, where a person re-uses a single, strongly verified digital identity to access many different online services, will help combat ID theft. However, it will also undoubtedly introduce different types of fraud attack that we must be prepared to defend against,” said Mothershaw.
Organisations must be in state of constant readiness
Experian’s Annual Fraud Indicator 2016 said fraud could be costing the UK economy up to £193bn a year, with phishing attacks up by 21% in 2015 and were estimated to cost the UK more than £280m.
Sundeep Tengur, banking fraud solutions and financial crimes specialist at SAS, said fraud is an insidious problem that challenges all businesses in the UK and around the globe.
“For far too long, fraud has been viewed as a victimless crime. On the contrary, it is continually being used by criminals for monetary gain and to fund a wide spectrum of illegal activities, including drug dealing, human trafficking and even the funding of terrorism. Sadly, many of the victims are among the most vulnerable members of our society,” he said.
Fraudsters are becoming increasingly sophisticated and often hide inside complex networks, said Tengur, where they employ “mules” to do their bidding.
“Those networks are often hard to detect as they contain fraudulent activity as well as legitimate and compliant transactions,” he said.
“Also contributing to the rising velocity of fraud is the proliferation of online services and the anonymity those digital channels provide to consumers.
“For example, when making insurance claims, it’s easy to inflate the value of a damaged or stolen item or to add a few additional items to the claim, therefore resulting in what’s often referred to as ‘soft fraud’,” he added.
Tengur said organisations must be in a constant state of readiness and need a multi-layered and pragmatic strategy to curb this threat.
“It is critical that organisations adopt a holistic approach that encompasses data management and fraud detection, as well as robust policies and strict internal governance to ensure that their exposure to fraud is brought down to a minimum,” he said.
Read more about cyber crime
- The chief of the Metropolitan Police Service’s fraud squad Falcon admits the Met’s policing of online fraud and cyber crime has not been good enough in the past.
- Co-operation with business in the private sector is an increasingly important element in fighting crime, according to UK, US and EU law enforcement officers.
- The Metropolitan Police should appoint a senior officer to ensure the whole force is prepared to tackle online crime, says a London watchdog.