BY Richard Summerfield
The war on cyber crime in the UK is going badly, according to a new report from the National Crime Agency. In its 'Cyber Crime Assessment 2016', released in collaboration with a number of industry partners, the The NCA acknowledges that it is falling behind cyber-criminals in many respects.
Cyber criminality is not only becoming more prevalent, but also increasingly sophisticated. The capabilities of cyber criminals are rapidly outstripping both law enforcement agencies and companies operating in the private sector. Techniques including DDoS attacks and ransomware increased significantly in 2015, and the majority of these attacks can be traced back to a few hundred international cyber criminals. The NCA tracked 2.46 million ‘cyber incidents’ in 2015, including 700,000 cases of fraud.
The report highlights that cyber criminals of all kinds, from "international serious organised crime groups" to hacktivists, have been targeting both UK businesses and individuals, emboldened by "the growing online criminal marketplace, which provides easy access to sophisticated and bespoke tools and expertise, allowing these less skilled cyber criminals to exploit a wide range of vulnerabilities".
In light of the heightened security risk posed by cyber criminals, the NCA has called on organisations to step up their defences and to work more closely with law enforcement agencies, the government, industry regulators and business leaders to fight back against attackers. If cyber criminals are to be defeated, it will require companies to overcome the stigma attached with reporting cyber attacks. The UK government has pledged £1.9bn to help develop and deliver a national defence response and strategy over the next five years.
However, these efforts may be hindered by the chronic under-reporting of cyber breaches by UK firms. According to the NCA, under-reporting is a major issue, particularly given that companies are not required to notify regulators if they have been subject to a data breach or a cyber attack.
Under reporting has, according to the report, obscured the full impact of cyber crime in the UK, and impaired the efforts of law enforcement agencies that have been struggling to understand the operating methods of cyber criminals and are attempting to respond to the threats they pose. Only by working together will the public and private sectors in the UK be able to turn the tide.