deepagopi2011 - Fotolia

Business has critical role in fighting cyber crime, says report

The National Crime Agency is calling for a stronger collaboration between business and law enforcement to fight cyber crime in the light of a report produced with private sector partners

Business has a critical role in tackling cyber crime, according to a report produced by the UK National Crime Agency (NCA) and the Strategic Cyber Industry Group (SCIG) representing the private sector.

The Cyber Crime Assessment 2016 outlines the immediate threat to UK businesses from cyber crime, and is the first cyber crime assessment produced jointly by the NCA and industry partners.

An effective response to cyber crime, the report said, requires collaborative action from government, law enforcement, industry regulators and, critically, business leaders.

“Only by working together across law enforcement and the private sector can we successfully reduce the threat to the UK from cyber crime,” the report said.

The NCA believes a stronger partnership with private sector business is necessary in light of the fact that the accelerating pace of technology and criminal cyber capability development is currently outpacing the UK’s collective response to cyber crime.

“In the longer term, the National Cyber Security Centre (NCSC), to be opened in October, will support closer collaboration between stakeholders, but something has to be done right now,” said Jamie Saunders, director of the NCA’s National Cyber Crime Unit (NCCU), which leads the UK’s response to cyber crime, working in partnership with police forces, regional organised crime units and international law enforcement partners to share intelligence and disrupt cyber criminals.

“When organisations contact the NCSC for help, they will be invoking law enforcement support because we will be sitting in the middle of the triage [process],” he told Computer Weekly.

Cyber security is a team effort

This is further underlined by the report, which said cyber crime is a threat of such magnitude, complexity and fluidity that neither businesses nor law enforcement will be able to meet the challenges alone.

“What is needed is a partnership approach to mitigating threats and identifying and disrupting criminals. Closer working between law enforcement and business to identify and arrest serious ‘upstream’ cyber criminals will protect businesses, stop future attacks and reduce the threat,” the report said. “Cyber crime response should therefore be treated as a strategic priority and include a stronger public-private partnership to investigate, report and combat cyber crime.”

“What is needed is a partnership approach to mitigating threats and identifying and disrupting criminals”
Cyber Crime Assessment 2016

A stronger anti-cyber crime partnership, the report said, should build on existing intelligence-sharing initiatives, including sector-based information-sharing forums and the government’s Cyber-security Information Sharing Partnership (CiSP), but should go further in encouraging and enabling the reporting of cyber crime.

The call to arms, said Saunders, is for business to work with law enforcement to pursue the cyber criminals behind the attacks to either put them behind bars or to disrupt their operations.

So far, he said, the focus has mainly been on hardening defences, which has to continue. “But we need to support that with a much more robust approach to disruption and upstream intelligence.”

For this reason, Saunders said he disagrees with those who say attribution does not matter and that it is all about defence and resilience.

There has to be a strong emphasis on attribution, he said, because a purely defensive stance means cyber criminals will just come back repeatedly to try their luck.

International cyber criminals present serious threat to UK businesses

The report shows that cyber crime activity is growing fast and evolving, with the threats from distributed denial of service (DDoS) and ransomware attacks increasing significantly in 2015.

The skills and sophistication of international crime groups, the report said, make them the most competent and dangerous cyber criminals targeting UK businesses.

According to the NCA, the most advanced and serious cyber crime threat to the UK is the direct or indirect result of a few hundred international cyber criminals, who target UK businesses to commit highly profitable, malware-facilitated fraud.

Data breaches are the most common cyber crimes committed against businesses, and the NCA estimates that cyber crime costs the UK economy billions of pounds a year.

The importance of reporting cyber attacks

Under-reporting continues to obscure the full impact of cyber crime in the UK, the report said. This hampers the ability of law enforcement to understand the operating methods of cyber criminals and most effectively respond to the threat.

The NCA is urging businesses to view cyber crime not only as a technical issue, but also as a board-level responsibility, and to make use of the reporting paths available to them, sharing intelligence with law enforcement and each other.

Under-reporting continues to obscure the full impact of cyber crime in the UK

Saunders said he hoped business leaders, as well as those charged with information security, would take note of the report’s contents and think seriously about how they could improve their defences and help law enforcement in the fight against cyber crime.

Directors of businesses have an important role in addressing the under-reporting of cyber crime, and they should challenge their business management teams to go beyond compliance with minimum cyber security standards to ensure that rapidly evolving cyber security and resilience challenges are addressed and the threat to the UK is reduced, the report said.

Cyber crime should always be reported to Action Fraud, said Saunders, although he said the current systems were currently being upgraded. Action Fraud can be contacted on 0300 123 2040 or at www.actionfraud.police.uk, and where there are viable lines of inquiry cases will be referred to police forces for action.

The most serious cases, however, he said will be directed to the NCA, which will work with individual police forces, regional organised crime units, the NCSC once it is up and running and other partners within government to determine the most appropriate response.

Saunders said the NCA was also working with a pilot group to test the processes aimed at enabling businesses to share information through the Information Gateway provisions in Section 7 of the Crime & Courts Act 2013.

This allows the NCA to receive information on an intelligence-only basis, relevant to the exercise of its statutory purpose, namely the investigation and disruption of serious crime. Any information received through this route will be subject to “restricted” handling to facilitate the protection of business confidentiality.

Businesses interested in finding out more about “intelligence basis” information sharing with the NCA should contact [email protected].

Read more about collaboration between business and law enforcement

Read more on Hackers and cybercrime prevention