Speak up to beat cybercriminals

Hats off to the police National Hi-Tech Crime Unit for foiling the £220m attempted e-raid on Japanese bank Sumitomo Mitsui in the...

Hats off to the police National Hi-Tech Crime Unit for foiling the £220m attempted e-raid on Japanese bank Sumitomo Mitsui in the City of London.

Its success, based on painstaking investigation and international police co-operation, thwarted an audacious robbery and made a welcome change from the normal diet of doom and gloom that surrounds IT security.

The Hi-Tech Crime Unit and Sumitomo's own security staff first became aware of the attempted theft last October. Since then they were able to set a trap for the criminals and warn financial institutions in the City to be on their guard.

They were also able to allow the bank to continue its day-to-day business seemingly unhindered while the honey pot was baited.

This is an important point for any organisation that finds itself the victim of cybercrime or fears it is under attack.

The police have long complained that organisations that are the victims of computer crime are reluctant to come forward for fear an investigation will cripple their business as the police seize servers and PCs as evidence.

On the other hand, businesses have repeatedly complained that the police lack the skills and resources to properly investigate cybercrime.

The operation which came to light last week shows the importance of reporting cybercrime - even if it seems insignificant compared to the size of the attempted heist at Sumitomo. It provides a model of the sort of police practice an organisation can expect if it calls in the cybercops.

It also provides an opportunity to revisit IT security policy and justify spending - whether it is the police asking for more resources for their computer crime teams, or the IT department of a medium-sized engineering factory asking for the resources to implement and manage an intrusion detection system.

IT security spending is generally driven by fear - fear of the damage hackers can do to an organisation and fear of failing to comply with the demands of regulators - but fear alone will not impress the board.

If IT departments can come up with a balanced risk analysis to present to the board, they will, in the aftermath of the police success at Sumitomo, get a more than usually sympathetic hearing.

Read more on IT risk management