Sergey Nivens - Fotolia

Security industry welcomes City of London Police cyber initiative

The security industry has welcomed plans to fight cyber crime in the heart of London using a community-based approach, but says more investment in cyber security skills is required

The City of London Police has launched an initiative to fight cyber crime in the Square Mile in an attempt to secure businesses operating there against cyber attacks. 

Dubbed Cyber Griffin, the initiative will see specially trained officers lead a series of community-focused exercises. These will include threat briefings and incident response training.

The initiative is focused on businesses in the City and aims to reach those with very little knowledge of cyber-enabled crime threats, all the way up to individuals who hold IT security and risk roles.

As cyber crime increases, and more online attacks are launched on UK businesses than ever before, officers in the force’s Cyber Crime Unit decided a community-based approach was needed. 

City of London Police commissioner and national policing lead for economic crime, Ian Dyson, said: “As criminals working in cyber space become more sophisticated, it’s important we all have at least basic skills to combat those that seek to do us harm. 

“Through this initiative, the police and industry can work together to share skills and knowledge to protect ourselves from this evolving crime.”

Cyber Griffin is aimed at providing updates and threat briefings, incident response exercises and advisory groups.

The threat briefings will be provided free of charge and designed to build basic defender skills in key areas for individuals from all levels of business. The briefing will enable officers to deliver the latest updates in intelligence and members of the business community to network with each other and share their experiences. 

“As criminals working in cyber space become more sophisticated, it’s important we all have at least basic skills to combat those that seek to do us harm”
Ian Dyson, City of London Police

Officers will deliver three different levels of incident response, all of which will provide insight into police decision-making. The exercises will cover a basic response right up to an expert response for more senior members of business.

The advisory groups will be made up of a wide range of experts from industry and the private sector, capable of providing valuable insight to less experienced members of the business community. Police officers will select people from businesses with dedicated threat intelligence and experience in cyber security to act as a problem-solving group for other businesses without such skills. 

Sergeant Charlie Morrison, who will lead the Cyber Griffin team, said: “Although cyber criminality challenges traditional policing as we know it, we are now more capable than ever to tackle the problem.

“However, it’s imperative we work with our local community to do this, especially in such a unique area as the City of London, which is full of businesses that have the potential to be the target for a cyber attack.

“Cyber criminals specialise in looking for the weak spots in our security. Cyber Griffin therefore is about basics done well. Through briefings, incident response drills and expert guidance, the aim is to get the fundamentals right every time. In this case the best offence is a good defence,” he said.

Read more about cyber crime

James Hadley, CEO and founder of Immersive Labs, welcomed the initiative, saying it was encouraging to see the City of London take a proactive stance towards cyber security. 

“A resilient cyber strategy is fundamental for the Square Mile to ensure business as usual. However, this can only be achieved via continuous improvement through identifying weaknesses and upskilling staff in order to plug the skills gap within an organisation.”

Tim Helming, director of product management at DomainTools, also welcomed the move, saying that the City of London Police’s involvement with the UK’s economy through the Square Mile put it in a unique position where it could make a real difference, leading the way in encouraging the UK’s largest financial institutions to protect themselves from the dangers of malicious actors online.

“Cyber crime is now so organised and widespread that it is more than capable of affecting an organisation’s bottom line, reputation and, in the case of financial institutions within the Square Mile, the UK’s economy as a whole. Any attempts to stop this happening should be encouraged and supported.”

“Although cyber criminality challenges traditional policing as we know it, we are now more capable than ever to tackle the problem”
Charlie Morrison, City of London Police

However, Bill Evans, senior director at One Identity, said although the structure and aims of the initiative were sound, the cyber security capabilities of UK police forces needed much greater investment.

“According to a Parliament Street Policy paper, UK police have spent £1,320,341 training 39,438 officers in the past three years. That’s about £33 per police officer, or about £11 per police officer per year, and I can tell you that £11 a year does not a cyber security expert make.

“What’s needed is investment on par with the magnitude of the threat. This includes a national, coordinated effort where the resources of government – including police forces – the intelligence community and security professionals from the private sector coordinate activity to share information and best practices to defend the data of the citizenry,” he said.

Parliament Street recommends:

  • The establishment of a national police cyber strategy to enable security specialist companies to provide an agreed standard of training for all officers and staff across the country.
  • An increase in the recruitment of officers with existing cyber skills.
  • That police forces work closely with schools, colleges, universities and private companies to ensure a pipeline of highly skilled workers are encouraged to join the police.
  • Sharing of key security training services with other police forces.

Read more on Hackers and cybercrime prevention