Cybercrime Update. Are criminals winning the technology battle?

A report into cybercrime in the UK has said that criminal cyber capability currently outpaces this country’s response to cybercrime.

In the first cybercrime report to be published by the National Crime Agency (NCA) the organisation calls for stronger collaborative working between government, law enforcement and business to cut crime.

The report says that cybercrime is not only rapidly increasing and but also evolving with the threats from Distributed Denial of Service (DDoS) and ransomware attacks increasing significantly in 2015.

The NCA believes the most advanced and serious cybercrime threat to the UK stems from a few hundred international cyber criminals who have targeted UK businesses to commit highly profitable malware-enabled fraud.

Although the most serious threat comes from international crime groups the majority of cyber criminals have relatively modest technical capability. However, their attacks are becoming increasingly sophisticated because of the growing online criminal marketplace which provides easy access to advanced and bespoke tools and expertise. This allows the less skilled cyber criminals to exploit a range of vulnerabilities.

Technological advances, including the widespread use of anonymisation tools, and constantly improving criminal operating methods have made many corporate cyber security tools and basic procedures insufficient to protect corporate networks. Criminal adoption of encryption has also become a challenge for law enforcement when tackling specific threats.

Last year the Office of National Statistics (ONS) included cybercrime in the annual Crime Survey for England and Wales for the first time. The ONS estimated that there were 2.46 million cyber incidents and 2.11 million victims of cybercrime in the UK during 2015.

Data breaches are the most common cybercrimes committed against businesses and the NCA estimates they cost the UK economy billions of pounds every year. One problem is that under-reporting obscures the full impact of cybercrime in the UK. This shortfall in reporting hampers the ability of law enforcement to understand the operating methods of cyber criminals and effectively respond to the threat.

The NCA is urging businesses to view cybercrime not only as a technical issue but as a board-level responsibility and to make use of the reporting paths available to them.